213ATI Launchpad0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
223iDuba Personal FireWall0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 3LDM0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
215Power2GoExpress0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
213RemoteControl0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
222Start WingMan Profiler0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5Steam0  0011HKEY_CU\Run0 25From Valve, for net games39http://www.absolutestartup.com/startup/1
212WebCamRT.exe0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5ccApp0  0011HKEY_LM\Run0  2??39http://www.absolutestartup.com/startup/1
2 3ISC0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
210ISC_UpDate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
213New Autostart0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214QD FastAndSafe0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214WMC_AutoUpdate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
212yahoo! &maps0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 8PowerBar0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310RecordNow!0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
316Sonic RecordNow!0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310SpySweeper0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 5Steam0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
316TransparentIcons0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 9TransTask0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8Tweak-XP0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8farstone0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 9pdfSaver30  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
312PestPatrolCL0  0011HKEY_LM\Run0 90PestPatrol 4.4.4, Computer Associates International, Inc.. PestPatrol command line scanner39http://www.absolutestartup.com/startup/1
312screen miner0  0011HKEY_LM\Run0 70Screen Miner, screen capture tool, capture full screen, capture window39http://www.absolutestartup.com/startup/1
3 8SiS Tray0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 6UC_SMB0  0011HKEY_LM\Run0 81Name:, UC_SMB. Filename:, ucstart.exe. Description:, Part of IBM Update connector50www.bleepingcomputer.com/startups/UC_SMB-5915.html0
3 8Driver320  0019HKEY_LM\RunServices0101This entry has information about the driver32.exe file and whether or not it should be allowed to run57www.bleepingcomputer.com/ startups/driver32.exe-9053.html0
113MISAggregator0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
119windows auto update0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
126Shortcut to LAFNSlipstream0  0025StartUp menu\Current user0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
312$sys$cor.sys0 12$sys$cor.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
328Plug and Play Device Manager0 18$sys$DRMServer.exe1 00376Added by the Sony/XCP DRM security software. This service is part of the digital rights management system utilized on certain Sony CDs.  If you remove this service, you may no longer be able to play certain CDs from Sony on your computer.br /br /If you have this service, then there is a good chance you also have the Sony XPC DRM rootkit.  Use the removal instructions below.54http://www.bleepingcomputer.com/forums/topic34904.html0
1 8$sys$drv0 12$sys$drv.exe1 00249Added by the Backdoor.Ryknos Trojan backdoor that attempts to utilize the SecurityRisk.First4DRM security risk to hide itself on the compromised computer.  It also adds a registry key at HKEY_CURRENT_USERWkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj76http://www.sarc.com/avcenter/venc/data/backdoor.ryknos.html#technicaldetails0
110$sys$crash0 18$sys$sonyTimer.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 17$sys$sos$sys$.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 20$sys$WeLoveMcCOL.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
1 8$sys$cmp0 11$sys$xp.exe1 00156Added by the Troj/Stinx-F backdoor Trojan.  Troj/Stinx-F may be stealthed on an infected system by exploiting Sony DRM (Digital Rights Management) software.56http://www.sophos.com/virusinfo/analyses/trojstinxf.html0
213%cmpmixtitle%0 11%cmpmixstr%1 00 48Possibly related to C-Media Mixer Control panel? 01
1 5Ctykd0 27%Malware path and filename%2 00 35Added by the TSPY_SMALL.SN spyware.96http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FSMALL%2ESN&VSect=Td0
1 7PAV.EXE0  8%Number%1 00 67Added by the  KITRO.D (or ARGEN.A) WORM! %Number% can be any number77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
214DumpFaultCheck0  8%system%1 00197Added by the W32/Scanbot-A worm and IRC backdoor.  Though this infection adds these entries, they have no effect on your computer other than open the %System% folder.  You can remove these entries.57http://www.sophos.com/virusinfo/analyses/w32scanbota.html0
129SystemWideHook for Windows NT0 14%WinHook32.exe1 00 28Added by the MYDOOM.AC WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ac@mm.html0
1 6alkasr0 41ÎäÒíÑ.exe1 00 28Added by the BALKART TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.balkart.html0
1 9(default)0 25¡¡NOTEPAD.EXE1 00 42Added by the Troj/Vaq-A Trojan downloader.54http://www.sophos.com/virusinfo/analyses/trojvaqa.html0
116Web Event Logger0 31<8 random characters>.dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79FEACFF-FFCE-815E-A900-316290B5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
1 7newname0 30<application executable>2 00 36Added by the Troj/Drsmartl-S Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartls.html0
1 7Proc1120 37<File name of the dropped file>2 00 31Added by the WORM_IXBOT.A worm.88http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FIXBOT%2EA&VSect=T0
111DllLoader320 20<filename>.exe1 00 43Added by the Troj/Bdoor-QD backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorqd.html0
111GlobalSCAPE0 20<filename>.exe1 00132Added by the W32/Rbot-AYM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaym.html0
1 9DTInstall0 21<filename.>.dll1 00 35Added by the Troj/Small-ALM Trojan.58http://www.sophos.com/virusinfo/analyses/trojsmallalm.html0
115Hutley-Spieluhr0 20<filename.exe>1 00 43Added by the Troj/Shpiel-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojshpiela.html0
1 6NAVNet0 26<Name of Executable>2 00 75Added by the Troj/Small-FR Trojan.  The filenames and locations are random.57http://www.sophos.com/virusinfo/analyses/trojsmallfr.html0
1 6winabc0 24<ORIGFILENAME>.DLL1 00 82Added by the Troj/Lineage-PN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagepn.html0
113Virus Cleaner0 32<original Trojan filename>2 00 33Added by the Troj/Delta-E Trojan.56http://www.sophos.com/virusinfo/analyses/trojdeltae.html0
1 9NTupdater0 37<path to a renamed Mirc client>2 00 44Added by the Troj/Digarix-D backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojdigarixd.html0
1 4Safe0 26<path to Trojan EXE>2 00 97Added by the Troj/Banker-DT password stealing Trojan aimed primarily at users of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdt.html0
111WheelsMouse0 22<path to Trojan>2 00 48Added by the Troj/SocksPr-D proxy server Trojan.58http://www.sophos.com/virusinfo/analyses/trojsocksprd.html0
1 8Win_BooT0 22<Path to Trojan>2 00 53Added by the Troj/Banker-GI password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankergi.html0
1 8WinShell0 20<path to worm>2 00 52Added by the W32/Fanbot-B mass-mailing and P2P worm.56http://www.sophos.com/virusinfo/analyses/w32fanbotb.html0
1 9Devicewin0 41<pathname of the Trojan executable>2 00 36Added by the Troj/Banker-AEV Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankeraev.html0
112kernel32.dll0 41<pathname of the Trojan executable>2 00 33Added by the Troj/Zlob-AP Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobap.html0
118Microsoft Redirect0 41<pathname of the Trojan executable>2 00 52Added by the Troj/Banker-FW Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerfw.html0
1 8msresear0 41<pathname of the Trojan executable>2 00 34Added by the Troj/Weasyw-B Trojan.57http://www.sophos.com/virusinfo/analyses/trojweasywb.html0
1 9Rapdyleys0 41<pathname of the Trojan executable>2 00 35Added by the Troj/QQPass-AD Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassad.html0
1 7MSPRO320 39<pathname of the worm executable>2 00 31Added by the W32/Hiberi-B worm.56http://www.sophos.com/virusinfo/analyses/w32hiberib.html0
113Winsocket log0 29<random characters>.exe2 00 50Added by the Troj/Sdbot-AKF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojsdbotakf.html0
112SysTray.Exys0 42<random filename with DLL extension>2 00 97Added by the Troj/Slogger-D Trojan.br /br /Uses CLSID: b{7368D5FC-6F5C-4f5b-B964-E67214F67852}/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerd.html0
1 6DER0050 23<random filename>2 00 43Added by the Troj/Hackvan-B Trojan rootkit.58http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 7Idoneus0 23<random filename>2 00 31Added by the MSIL.Idonut virus.72http://www.sarc.com/avcenter/venc/data/msil.idonut.html#technicaldetails0
118Msn Update SUPPORT0 23<random filename>2 00 48Added by the W32/Rbot-BPS worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbps.html0
114Service Screan0 23<random filename>2 00132Added by the W32/Rbot-BAC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbac.html0
1 8Telnet240 23<random filename>2 00133Added by the W32/Rbot-ARD worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotard.html0
113Win Prosess0r0 23<random filename>2 00 48Added by the W32/Rbot-BIT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbit.html0
1 6XRW0050 23<random filename>2 00  058http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 8DBGA0EEG0 27<random filename>.dll2 00119Added by the W32/Doxpar-D password-stealing network worm.br /br /Uses CLSID: b{6C7F7D05-2430-7FA8-28C5-2F9036BF28AF}/b.56http://www.sophos.com/virusinfo/analyses/w32doxpard.html0
1 7eTunnel0 27<random filename>.exe2 00 43Added by the Troj/Meteor-E backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojmeteore.html0
124Windows Firewall Monitor0 27<random filename>.exe2 00 40Added by the Troj/Proxy-AX proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxyax.html0
1 6wuauon0 27<random filename>.exe2 00 43Added by the Troj/Bdoor-MC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormc.html0
1 4st3i0 27<random filename.dll>2 00 33Added by the Troj/Hasum-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojhasuma.html0
1 6angnan0 27<random filename.exe>2 00 31Added by the W32/Bobax-DB worm.56http://www.sophos.com/virusinfo/analyses/w32bobaxdb.html0
122eMCryT Sh3ars Panagers0 27<random filename.exe>2 00132Added by the W32/Rbot-AWI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawi.html0
128MICROSFT RAMA UPDATE SUPPORT0 27<random filename.exe>2 00132Added by the W32/Rbot-ASM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasm.html0
120Microsoft Anti-Virus0 27<Random Filename.exe>2 00 49Added by the W32/Kassbot-O worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32kassboto.html0
1 7Proc9920 27<random filename.exe>2 00 47Added by the W32/Ixbot-C worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbotc.html0
112Google Earth0 23<random name>.pif2 00132Added by the W32/Rbot-AXK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxk.html0
112SysTray.Exiv0 18<random>.dll1 00106Added by the Troj/Slogger-F backdoor Trojan.br /br /Uses CLSID: b(2963ECFC-4E5C-2f3b-B334-D67434FC72E0)/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerf.html0
113System32Check0 18<random>.exe1 00 57Added by the Troj/Chast-A backdoor and keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojchasta.html0
1 6VSSTAT0 18<random>.exe1 00 47Added by the W32/Gobot-N worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32gobotn.html0
116Web Event Logger0 18<random>.exe1 00102Added by the Backdoor.Berbew.D backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.d.html#technicaldetails0
111nethost.exe0 26<randomfilename>.exe1 00 42Added by the Troj/Perda-J backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdaj.html0
126Windows Overlay Components0 26<randomfilename>.exe1 00 34Added by the Troj/Agent-JK Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentjk.html0
113Apoint System0 25<Trojan Executable>2 00 35Added by the Troj/Banker-WK Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerwk.html0
1 4cppc0 25<Trojan executable>2 00 80Added by the Troj/VB-NV Trojan.  This trojan pretends to be a Half-Life 2 crack.54http://www.sophos.com/virusinfo/analyses/trojvbnv.html0
1 8FindHack0 25<Trojan executable>2 00 34Added by the W32/Kelvir-BA Trojan.57http://www.sophos.com/virusinfo/analyses/w32kelvirba.html0
1 6HATAPE0 25<Trojan executable>2 00 35Added by the Troj/Banker-QF Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerqf.html0
1 8msapps320 25<Trojan executable>2 00 35Added by the Troj/Banker-IS Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeris.html0
113office_update0 25<Trojan executable>2 00 36Added by the Troj/Dloader-ZB Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderzb.html0
114PHIME2OO2ASyst0 25<Trojan executable>2 00120Added by the Troj/DBdoor-B backdoor Trojan.  This filename for this trojan can be change to one specified by the hacker.57http://www.sophos.com/virusinfo/analyses/trojdbdoorb.html0
112SmartTesting0 25<Trojan executable>2 00 45Added by the Troj/Ranck-DO http proxy trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdo.html0
1 7taskbar0 25<Trojan executable>2 00 42Added by the Troj/Perda-I backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdai.html0
1 7zzzsoft0 25<Trojan executable>2 00 34Added by the Troj/QQRob-AD Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqrobad.html0
1 9aaprotect0 23<Trojan Filename>2 00 36Added by the Troj/Bancban-MJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanmj.html0
1 4Tspy0 23<Trojan Filename>2 00 43Added by the Troj/TSpy-B keylogging Trojan.55http://www.sophos.com/virusinfo/analyses/trojtspyb.html0
1 7MSSever0 27<Trojan Filename.exe>2 00 50Added by the Troj/PWS-CW password-stealing Trojan.55http://www.sophos.com/virusinfo/analyses/trojpwscw.html0
1 7Myfault0 18<Trojan.exe>1 00 34Added by the Troj/Ranck-DJ Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdj.html0
014CQSCP2P SERVER0 15<unknown>1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
0 8CQSCP2PS0 15<unknown>1 00  0 01
0 8V128IITV0 15<unknown>1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
228AccuWeather.com® Desktop0 15<unknown>1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0 15<unknown>1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0 15<unknown>1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0 15<unknown>1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0 15<unknown>1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0 15<unknown>1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0 15<unknown>1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0 15<unknown>1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0 15<unknown>1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0 15<unknown>1 00 26Related to an Iomega drive 01
2 5TGCMG0 15<unknown>1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0 15<unknown>1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0 15<unknown>1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
3 9EDRestore0 15<unknown>1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0 15<unknown>1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
323SMS Win9x Message Agent0 15<unknown>1 00 63This program assigns a user to a Systems Management Server site 01
111Bonzi Buddy0 15<unknown>1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0 15<unknown>1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
117Content connector0 29<various filenames.exe>2 00 34Added by the Troj/Dialer-Y dialer.57http://www.sophos.com/virusinfo/analyses/trojdialery.html0
125Microsoft Moniter Control0 21<worm filename>2 00 48Added by the W32/Rbot-BAX worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbax.html0
110[not used]0 27øb.Ýoç1 00138Added by the Backdoor.Beasty.D backdoor.  This backdoor listens on port 666.br /br /Uses CLSID: b{54AD0222-BB51-31EF-BBFA-06AA12E6115C}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.beasty.d.html0
114vbs.ipnuker@mm0 29(original worm file name).vbs2 00 23Added by the  VBS.Nukip70http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7windowz0 29(original worm file name).vbs2 00  070http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7bcnswsx0 14(path to file)2 00 47Added as result of a  Ranck-AJ trojan infection57http://www.sophos.com/virusinfo/analyses/trojranckaj.html0
1 4ibin0 35(Pathname of the Trojan executable)2 00 26Added by the  Troj/Perda-C56http://www.sophos.com/virusinfo/analyses/trojperdac.html0
118virus removal tool0 35(pathname of the Trojan executable)2 00 27Added by the  Troj/Tometa-B57http://www.sophos.com/virusinfo/analyses/trojtometab.html0
1 5clock0 20(various file names)2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
1 9romahere20 34************.exe [* = random char]2 00 55SuperSpider hijacker - a CoolWebSearch parasite variant44http://doxdesk.com/parasite/SuperSpider.html0
1 9romahere30 34************.exe [* = random char]2 00  044http://doxdesk.com/parasite/SuperSpider.html0
115Control handler0 33***********.exe [* = random char]2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122Network Security Guard0 32**********.exe [* = random char]2 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
125WindowsRegKey upd4te2d4te0 31*********.exe [* = random char]2 00 26Added by the RBOT.XQ WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.XQ0
1 4sr640 13********. exe2 00 27Adware, as yet unidentified 01
1 8rate.exe0 30********.exe [* = random char]2 00 19Unidentified adware 01
116ms window update0 33******.exe (* = random character)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
1 8Narrator0 28******.exe [* = random char]2 00 30Transponder/VX2 related adware 01
1 3web0 28******.exe [* = random char]2 00 41Added by a variant of the EASTO.A TROJAN!78http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp0
111pnpsvc_lock0 29******.exe [* = random digit]2 00 16Browser hijacker 01
1150utlook express0 33*****.exe (where * = random char)2 00 31Added by the  W32/RBOT-CC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcc.html0
122outlook express config0 33*****.exe (where * = random char)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113cyberfree.exe0 26****.dat [* = random char]2 00 19Unidentified adware 01
127Microsofts Security Manager0 29****.exe [**** = random char]2 00 28Added by the RBOT-WH TROJAN!55http://www.sophos.com/virusinfo/analyses/w32rbotwh.html0
118microsoft software0 31****.exe E255 [* = random char]2 00 40Added by an unidentified WORM or TROJAN! 01
118Win32SystemMonitor0 25***.exe [* = random char]2 00 16Browser hijacker 01
1 7Nero.ma0 29***.exe [*** = 2 to 3 digits]2 00 28Added by the JONBARR.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.jonbarr.d@mm.html0
224Description of Shortcuts0  5*.exe1 00227* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) 01
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
1 5ccapp0  4.EXE1 00 31Added by the  W32/RBOT-LJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
111Gray_Pigeon0  4.exe1 00111Added by the Troj/GrayBrd-EH backdoor Trojan.  This infection also creates the file c:\windows\temp\8e4ds4.dll.59http://www.sophos.com/virusinfo/analyses/trojgraybrdeh.html0
1 9supernova0  4.exe1 00 91Added as a result of the SURNOVA (or SUPOVA) VIRUS! <filename>.exe is the chosen name78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
111Search Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 23//find.naupoint.com</a>1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
011com servoce0  2/a1 00  0 01
211com servoce0  2/a1 00  044http://www.esafe.com/esafe/default.asp?cf=tl0
110search.vbs0  2/a1 00  8Hijacker 01
4 6vs.vsn0  2/a1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
1 8WinTools0  5/boot115HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
324EPSON Stylus Photo RX5000 22/M Stylus Photo RX500"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
114WinMsgServices0  5?.exe1 00169Added by the  Troj/Kelebek-G.  This file is added to the Windows system folder.  The name of the filename is the ASCII character 255 which corresponds to an empty space.58http://www.sophos.com/virusinfo/analyses/trojkelebekg.html0
013Coupon Offers0  2??1 00  2?? 01
0 6Devlog0  2??1 00  2?? 01
0 6Dosbat0  2??1 00  0 01
0 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
0 5Vinny0  2??1 00  2?? 01
010Web Search0  2??1 00  0 01
011WRECK GUARD0  2??1 00  2?? 01
224AccuWeather.com® Desktop0  2??1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0  2??1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0  2??1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0  2??1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0  2??1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0  2??1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0  2??1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0  2??1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0  2??1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0  2??1 00 26Related to an Iomega drive 01
2 5TGCMG0  2??1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0  2??1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0  2??1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
311AAAKeyboard0  2??1 00  0 01
3 7Avxnews0  2??1 00  2?? 01
314CQSCP2P SERVER0  2??1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
3 6Devlog0  2??1 00  2?? 01
3 6Dosbat0  2??1 00  0 01
3 9EDRestore0  2??1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0  2??1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
3 7mfgboot0  2??1 00  2?? 01
3 6Qdsafe0  2??1 00  2?? 01
3 8ScanFile0  2??1 00  0 01
323SMS Win9x Message Agent0  2??1 00 63This program assigns a user to a Systems Management Server site 01
3 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
3 5Vinny0  2??1 00  2?? 01
310Web Search0  2??1 00  0 01
311WRECK GUARD0  2??1 00  2?? 01
111Bonzi Buddy0  2??1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0  2??1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
113[random name]0 12??anregw.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??chost.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
2 5Vgwxi0 12??erinit.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 12??erinit.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??ool32.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??oolsv.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 3Fek0 11??oolsv.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0  9??rss.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??rvices.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??xplore.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 7Seibctd0 12??xplore.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 11?hkntfs.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
114?ekio Startups0 12?nksvc32.exe1 00167Added by the W32/Agobot-OV WORM/IRC backdoor. ? is a random character. It will kill processes, record keystrokes, allowing unauthorised access to enable other actions.57http://www.sophos.com/virusinfo/analyses/w32agobotov.html0
113[random name]0 10?ttrib.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116@liberamovilespt0 16@liberamovilespt1 00 46Added by the Dialer.UDIS premium adult dialer.72http://securityresponse.symantec.com/avcenter/venc/data/dialer.udis.html0
1 8@tour_ww0 15@tour_ww[1].exe1 00 21Adult content dialler 01
131Windows System Security Monitor0 22[4 random letters].exe2 00 32Added by the W32.Pinkton.A worm.74http://www.sarc.com/avcenter/venc/data/w32.pinkton.a.html#technicaldetails0
1 4Nvid0 22[8 random charachters]2 00 19Unidentified adware 01
116Web Event Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.B backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.b.html#technicaldetails0
115WebEvent Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79ECA078-17FF-726B-E811-213280E5C831}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
123anti-virus product sync0 47[AN UNPRINTABLE CHARACTER][3 CHARACTERS]log.exe2 00 32Added by the  W32.Kedebe.D(AT)mm76http://securityresponse.symantec.com/avcenter/venc/data/w32.kedebe.d@mm.html0
137Remote Procedure Call (RPC) Activator0 19[Currently unknown]2 00 43Added by the Troj/Fiserv-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfiserva.html0
1 7NSystem0 17[downloaded file]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7hxadsec0 17[executable name]2 00 36Added by the Troj/AdClick-AP trojan.59http://www.sophos.com/virusinfo/analyses/trojadclickap.html0
1 6fsdsft0 11[file name]2 00 40Added by the Backdoor.Ranky.S  Backdoor!77http://www.sarc.com/avcenter/venc/data/backdoor.ranky.s.html#technicaldetails0
113winupdatefiv_0 11[file name]2 00 37Added by the W32/Combra-C email worm.56http://www.sophos.com/virusinfo/analyses/w32combrac.html0
1 6SYDNEY0 11[file path]2 00 24Added by the SYNEY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.syney@mm.html0
1 7Systray0 14[filename.exe]1 00 19Winfavorites adware80http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
113Configuration0 10[filename]1 00 27Added by the SDBOT-ML WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotml.html0
114JavaUpdate0.070 10[filename]1 00 28Added by the JUPDATE TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html0
115LoadWindowsFile0 10[filename]1 00 65Added by the DELF.B TROJAN! where [filename] is the infected file76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.b.html0
115Locator Service0 10[filename]1 00 30Added by the AGOBOT-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotky.html0
117LowVersionSupport0 10[filename]1 00 28Added by the LASTRAS TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastras.html0
1 6Mantis0 10[filename]1 00 27Added by the MANTIBE VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.mantibe.html0
112MatrixScreen0 10[filename]1 00 33Added by the MATRIXSCREEN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.matrixscreen.html0
129Microsoft Java Windows Update0 10[filename]1 00 26Added by the RBOT-DZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdz.html0
1 5Myapp0 10[filename]1 00 26Added by the FATEE.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fatee.b.html0
1 7NavScan0 10[filename]1 00 27Added by the OBSORB TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 3OLE0 10[filename]1 00 39Added by the STAWIN or TARNO.D TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stawin.html0
1 5putil0 10[filename]1 00 28Added by the LDPINCH TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.html0
1 7Scanreg0 10[filename]1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
1 6User320 10[filename]1 00 29Added by the NETTRASH TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nettrash.html0
110UserSystem0 10[filename]1 00 49CoolWebSearch SmartSearch variant - also see here53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111VideoDriver0 10[filename]1 00 30Added by the GSPOT20.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A0
114Windows Update0 10[filename]1 00 82Added by the  NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites73http://securityresponse.symantec.com/avcenter/venc/data/trojan.norio.html0
1 9GustavVED0 14[filename].exe1 00 28Added by the OPASERV.H WORM!66http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
112Service Host0 14[filename].exe1 00 27Added by the TORVEL.B WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel.b@mm.html0
113System Update0 14[filename].exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
116Windows Explorer0 14[filename].exe1 00144Added by the SDBOT TROJAN! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 5cAgOu0 14[filename].hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
1 6ZaCker0 14[filename].PIF1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
1 8AddClass0 19[Installation_Path]1 00 32Added by the STARTPAGE.F TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html0
1 8Internal0 18[month number]</a>2 00 32Added by the FORTNIGHT.D TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.d.html0
1 9enbrowser0 14[name of file]2 00 22WINBO adware component60http://www.symantec.com/avcenter/venc/data/adware.winbo.html0
1 2c70 14[name of worm]2 00 35Added by the  W32.MEDIAKILL.A WORM!66http://www.symantec.com/avcenter/venc/data/w32.mediakill.a@mm.html0
1 6Update0 20[original file path]2 00 26Added by the LYNDEGG WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lyndegg.html0
1 7TSystem0 19[original filename]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7File0_00 16[path of Trojan]2 00 47Added by the Troj/Dloader-OR trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
137Anti-Virus Update Scheduler V1.39.12R0 14[path to .exe]2 00 12Added by the27Troj/Fireby-A proxy TROJAN!0
1 7Caesvrn0 14[path to .exe]2 00142Added by the Troj/Ranck-CQ.  This infection sits on a randomly selected TCP port between 1025 and 9997, awaiting contact by a remote attacker.57http://www.sophos.com/virusinfo/analyses/trojranckcq.html0
1 5ccApp0 14[path to .exe]2 00 50Added by the W32/Rbot-LJ WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
112Client Agent0 14[path to .exe]2 00 12Added by the110Troj/PPdoo0
113DllExecutable0 14[path to .exe]2 00 12Added by the15W32/VB-SP WORM!0
1 9fasdqwdwq0 14[path to .exe]2 00 12Added by the101Troj/Ranc0
1 5imgit0 14[path to .exe]2 00 36Added by the  Troj/Banker-CG TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankercg.html0
1 8loader320 14[path to .exe]2 00 42Added by Troj/Domcom-D downloading TROJAN.57http://www.sophos.com/virusinfo/analyses/trojdomcomd.html0
1 9msproject0 14[path to .exe]2 00 12Added by the21Troj/Sdbot-TF TROJAN!0
110OpenMstart0 14[path to .exe]2 00 34Added by the Dial/Switch-E DIALER.57http://www.sophos.com/virusinfo/analyses/dialswitche.html0
1 8PornoTop0 14[path to .exe]2 00  8Added by60Troj/Delf-RX, and will be found in the Program Files folder.0
119Srv32 spool service0 14[path to .exe]2 00  8Added by16Troj/Dloader-LB.0
118SunJavaUpdateSched0 14[path to .exe]2 00 36Added by the  Troj/Banker-AU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerau.html0
1 4GDAX0 18[path to backdoor]2 00 28Added by the RANKY.K TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.k.html0
114winupdateconn_0 13[path to exe]2 00 31Added by the W32/Combra-A WORM.56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
111WinUpgrader0 13[path to EXE]2 00 20Added by the trojan.57http://www.sophos.com/virusinfo/analyses/trojagentdz.html0
2 7Printer0 14[path to file]2 00 29Added by the LOWTAPER TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lowtaper.html0
1 9_Hazafibb0 14[path to file]2 00 25Added by the ZAFI.B WORM!86http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=PE_ZAFI.B0
1132thousandbuck0 14[path to file]2 00 28Added by the RANKY.L TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.l.html0
1 8Band-Aid0 14[path to file]2 00 28Added by the RANKY.O TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.o.html0
110dm_service0 14[path to file]2 00 34Added by the  MITGLIEDER.P TROJAN!67http://www.symantec.com/avcenter/venc/data/trojan.mitglieder.p.html0
1 7DSAcass0 14[path to file]2 00 28Added by the RANKY.M TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.m.html0
113Login Service0 14[path to file]2 00 27Added by the MIGMAF TROJAN!52https://www.europe.f-secure.com/v-descs/migmaf.shtml0
1 6MsgApi0 14[path to file]2 00 29Added by the DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
1 7MSSGisg0 14[path to file]2 00 28Added by the RANKY.N TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.n.html0
1 7REEGRUN0 14[path to file]2 00 30Added by the SECDROP.AI TROJAN79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI0
112ShellCommand0 14[path to file]2 00 29Added by the REMCON-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremcona.html0
1 6sysser0 14[path to file]2 00 25Added by the RAHACK WORM!58http://www.symantec.com/avcenter/venc/data/w32.rahack.html0
1 7Taskmgo0 14[path to file]2 00 30Added by the BANCBAN-T TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancbant.html0
1 9tjstartup0 14[path to file]2 00 29Added by the TJSERV.C TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.tjserv.c.html0
123Windows Taskbar Manager0 14[path to file]2 00 30Added by the PROTORIDE.B WORM!63http://www.symantec.com/avcenter/venc/data/w32.protoride.b.html0
110winupdate_0 14[path to file]2 00 32Added by the  W32.COMDOR.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.comdor.a@mm.html0
113winupdateconn0 14[path to file]2 00 32Added by the  W32/COMBRA-A WORM!56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
1 9WinXP fix0 14[path to file]2 00 28Added by the RANKY.P TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.p.html0
1 5lsass0 19[path to lsass.exe]2 00127Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
1 7ansjava0 26[path to mirc application]2 00 50Added by the W32/Randon-AN worm and IRC backdoor..57http://www.sophos.com/virusinfo/analyses/w32randonan.html0
1 4smss0 18[path to smss.exe]2 00126Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
3 5PPSVC0 26[path to Spyware.PCPolice]2 00116Added by the PC Police surveillance program. This program should be uninstalled if it was not installed by yourself.60http://www.sarc.com/avcenter/venc/data/spyware.pcpolice.html0
136357aa41a-b7a8-4632-a27d-5b980b25cf430 21[path to svchost.exe]2 00 30Added by the  SMALL-AQ TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallaq.html0
111winlogon32_0 18[PATH TO THE WORM]2 00 36Added by the W32.Mailbancos@mm worm.78http://www.sarc.com/avcenter/venc/data/w32.mailbancos@mm.html#technicaldetails0
1 45p4m0 16[path to Trojan]2 00 35Added by the Troj/Litebot-C Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotc.html0
117Connectivity Tool0 16[path to trojan]2 00 48Added by the Troj/Litebot-E IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebote.html0
1 5CTime0 16[path to trojan]2 00 28Added by the HTTPDOS TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.httpdos.html0
113Floppy Master0 16[path to trojan]2 00 31C:\WINDOWS\helloworld.exebr //b 01
1 6Irwftp0 16[path to trojan]2 00 30Added by the BANCOS.CR TROJAN!108http://uk0
1 7mdetect0 16[path to trojan]2 00 27Added by the SPABOT TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.spabot.html0
1 5msbsc0 16[path to trojan]2 00 72Added by the Troj/Banker-DF password-stealing trojan of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdf.html0
1 9Mspatch690 16[path to trojan]2 00 26Added by the MPROX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mprox.html0
1 5mssvc0 16[path to trojan]2 00 24Added by the PSK TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.psk.html0
123Network Host Controller0 16[path to trojan]2 00 28Added by the WHISPER TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.whisper.html0
110NTP Server0 16[path to trojan]2 00 28Added by the RANKY.F TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.f.html0
1 5rngmf0 16[path to trojan]2 00 28Added by the RANKY.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.c.html0
1 8Services0 16[path to trojan]2 00 33Added by the  METEORSHELL TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.meteorshell.html0
1 5Spool0 16[path to trojan]2 00 28Added by the RANKY.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html0
1 7svchost0 16[path to trojan]2 00126Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html0
1 9ValidData0 16[path to trojan]2 00 28Added by the RANKY.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.h.html0
1 7windows0 16[path to trojan]2 00 27Added by the AIMWIN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aimwin.html0
111Windows NNT0 16[path to trojan]2 00 28Added by the RANKY.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.e.html0
112WindowsSetup0 16[path to trojan]2 00 26Added by the EZBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ezbot.html0
111WindUpdates0 16[path to trojan]2 00 29Added by the AGENT.BF TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF0
1 6WINSYS0 16[path to trojan]2 00 29Added by the GOLDPLAY TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.goldpay.html0
1 6winzip0 16[path to trojan]2 00 42Added by the BANCOS.G or BANCOS.K TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.g.html0
1 4x3yy0 16[path to trojan]2 00 28Added by the TANNICK TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.tannick.html0
1 8yyyyyyyy0 16[path to trojan]2 00 30Added by the MUMUBOY.B TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/trojan.mumuboy.b.html0
1 5Zen.A0 16[path to trojan]2 00 29Added by the ZOOMEN-A TROJAN!57http://www.sophos.com/virusinfo/analyses/perlzoomena.html0
130[Ephemeral 2.x] by TreeHugger,0 14[path to worm]2 00 55Added by the LEMOOR.A WORM! where "x" represents 3 or 473http://securityresponse.symantec.com/avcenter/venc/data/w32.lemoor.a.html0
113ACCDEFRAGINFO0 14[path to worm]2 00 26Added by the DARBY-O WORM!55http://www.sophos.com/virusinfo/analyses/w32darbyo.html0
1 3AHU0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 7Cekirge0 14[path to worm]2 00 27Added by the KERGEZ.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html0
119DLL Service Manager0 14[path to worm]2 00 29Added by the RPCBOT.F TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.f.html0
1 8Explorer0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
110ICQ Center0 14[path to worm]2 00 25Added by the RANDIN WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
117InterceptedSystem0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 6Msgmgr0 14[path to worm]2 00 27Added by the BABYBEAR WORM!63http://www.symantec.com/avcenter/venc/data/w32.babybear@mm.html0
115NAV Live Update0 14[path to worm]2 00102Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec66http://www.symantec.com/avcenter/venc/data/w32.hllw.deborms.c.html0
1 6Nocana0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
1 8rundll320 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 8rundll640 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
115svcwinprocess320 14[path to worm]2 00 26Added by the UPERING WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.upering.worm.html0
1 6Systry0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 7Systryt0 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 9WinKernel0 14[path to worm]2 00105Added by the a href"http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.htmlPLEA VIRUS!82http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.html<a href=0
111Winres32vis0 14[path to worm]2 00 26Added by the THRAX.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A0
112ControlPanel0 50[path] cmd32.exe internat.dll, LoadKeyboardProfile2 00 21Awmcash.biz foistware 01
113print sharing0 39[path] hidden32.exe [path] explorer.exe2 00 89Added by the ZCREW.B TROJAN! Note - this is not the valid Windows Explorer (explorer.exe)81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.b.html0
254[System Mechanic Professional Update [Incinerator.dll]0 26[path] Incinerator.dll</a>2 00124System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again41http://www.iolo.com/sm/4pro/tutorials.cfm0
3 9BelNotify0 39[path] NPBelv32.dll, RunDll32_BelNotify2 00320BelTech enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service34http://www.belarc.com/BelTech.html0
114DATABASE MySql0 35[path] repcale.exe [path] beird.exe2 00 41Added by a variant of the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
116NBT System alias0 35[path] repcale.exe [path] beird.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
119System Restore Data0 35[path] repcale.exe [path] beird.exe2 00 28Added by the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
1 9boarddata0 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
113element furth0 35[path] repcale.exe [path] palsp.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112installs sp20 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112PrinterSpool0 35[path] RESTORE.EXE [path] SPOOL.EXE2 00 30Added by the ALADINZ.K TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html0
110Protection0 40[path] runtask.exe [path] protection.exe2 00 44Added by a variant of the AGENT.3.AU TROJAN! 01
1 7svchost0 16[path] SETUP.EXE2 00 25Added by the SETCLO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html0
1 7MEDIA320 28[pathname of the executable]2 00 35Added by the Troj/PurScan-Z trojan.58http://www.sophos.com/virusinfo/analyses/trojpurscanz.html0
112Root_Machine0 35[pathname of the Trojan executable]2 00 87Added by the Troj/Bancban-DP password-stealing trojan for customers of Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbandp.html0
1 7spoolax0 35[pathname of the Trojan executable]2 00 33Added by the Troj/Perda-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdad.html0
1 6stdlib0 35[pathname of the Trojan executable]2 00 51Added by the Troj/Perda-E password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdae.html0
124Windows Standard Securty0 26[random 3 letter filename]2 00 31Added by the W32/Rbot-ALF worm.56http://www.sophos.com/virusinfo/analyses/w32rbotalf.html0
1 6KavSvc0 24[random 6 char filename]2 00 81Qoologic downloader trojan variant using random file names (examples: nzkklz.exe) 01
121Startup Configuration0 26[random 6 letter filename]2 00145Added by the W32/Rbot-ARV worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotarv.html0
112SysTray.Excn0 24[random 8 character dll)2 00 97Added by the Troj/Cozdoor-C Trojan.br /br /Uses CLSID: b{1722ECFF-4356-4f5b-B534-E67294FE75E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoorc.html0
112SysTray.Exsh0 24[random 8 character dll]2 00105Added by the Troj/Cozdoor-D bacdoor Trojan.br /br /Uses CLSID: b{1768ECFC-4F5C-4f5b-B134-D67294FC78E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoord.html0
1 6Legacy0 19[RANDOM CHARACTERS]2 00 46Added by the Backdoor.Eparssa backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.eparssa.html#technicaldetails0
1 9WinNetDDE0 23[random characters].exe2 00 24_blankNETDEPIX.B TROJAN! 01
114Internet Agent0 14[random CLSID]2 00 12Added by the116Troj/PPdoo0
1 9*ms setup0 18[random file name]2 00 52Virtumondo adware,  also known as the  VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
113agent browser0 18[random file name]2 00 42Added by the PPdoor.M-bdr backdoor TROJAN! 01
128microsoft security gmanagers0 18[random file name]2 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
127microsoft security panagers0 18[random file name]2 00  043http://vil.nai.com/vil/content/v_100454.htm0
115voltage manager0 18[random file name]2 00 32Added by the  W32.DREFFORT WORM!60http://www.symantec.com/avcenter/venc/data/w32.dreffort.html0
1 9NetDDEipx0 22[Random file name].exe2 00 36Added by the Trojan.Netdepix Trojan.93http://securityresponse.symantec.com/avcenter/venc/data/trojan.netdepix.html#technicaldetails0
113AOL Messenger0 17[random filename]2 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7ara-key0 17[random filename]2 00 26Added by the ANTINNY WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.antinny.html0
120Avril Lavigne - Muse0 17[random filename]2 00 26Added by the AVRIL-A WORM!55http://www.sophos.com/virusinfo/analyses/w32avrila.html0
1 9bbdjmrxcX0 17[random filename]2 00135Added by the Troj/Ranck-AX proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckax.html0
111bdffefqes320 17[random filename]2 00134Added by the Troj/Ranck-Z proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckz.html0
1 7Bmsnwss0 17[random filename]2 00135Added by the Troj/Ranck-BK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbk.html0
1 5Bnexe0 17[random filename]2 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 5ccApp0 17[random filename]2 00 91Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 7ctfmonn0 17[random filename]2 00134Added by the Troj/Ranck-O proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancko.html0
1 7Danton*0 17[random filename]2 00 51Added by the DANTON TROJAN! where * = random number76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.danton.html0
1 7dfasack0 17[random filename]2 00135Added by the Troj/Ranck-BE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbe.html0
1 4down0 17[random filename]2 00 52OADER.BG" target=_blankDLOADER.BG trojan downloader! 01
118educational writer0 17[random filename]2 00 26Added by the RBOT-LZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlz.html0
1 7ffeqOME0 17[random filename]2 00135Added by the Troj/Ranck-AR proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckar.html0
1 6fqxsbk0 17[random filename]2 00135Added by the Troj/Ranck-BS proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbs.html0
116halloween stream0 17[random filename]2 00135Added by the Troj/Ranck-AY proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckay.html0
110hpsysconf10 17[random filename]2 00 41Added by a variant of the VIVIA.A TROJAN!106http://de0
118ICQ Lite Messenger0 17[random filename]2 00231Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory 01
115IO System Debug0 17[random filename]2 00 21Added by Backdoor.Bla63http://www.sarc.com/avcenter/venc/data/backdoor.bla.trojan.html0
121ist service uninstall0 17[random filename]2 00 23ISTBar parasite related53http://sarc.com/avcenter/venc/data/adware.istbar.html0
1 7JVM0.120 17[random filename]2 00119Trojan downloaded with possible backdoor functionality.  Found in the Windows system directory with a random file name. 01
1 9kern64dll0 17[random filename]2 00 28Added by the TARNO.J TROJAN!63http://www.symantec.com/avcenter/venc/data/pwsteal.tarno.j.html0
121LoadOrderVerification0 17[random filename]2 00 27Added by the TRON.A TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A0
1 9MicroLoad0 17[random filename]2 00 24Added by the DARBY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.darby.html0
121Microsoft Corporation0 17[random filename]2 00 42Added by various VIRUSES, WORMS & TROJANS! 01
120Microsoft Diagnostic0 17[random filename]2 00 27Added by the ACEBOT TROJAN!47http://www3.ca.com/virusinfo/Virus.asp?ID=115320
119Microsoft IT Update0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Microsoft Locals 3320 17[random filename]2 00 26Added by the RBOT-KU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotku.html0
112Microsoft LV0 17[random filename]2 00 35Added by the Troj/Bdoor-BDL trojan.58http://www.sophos.com/virusinfo/analyses/trojbdoorbdl.html0
126Microsoft Security Manager0 17[random filename]2 00108Added by the W32/Rbot-TU worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbottu.html0
114Microsoft Tray0 17[random filename]2 00 28Added by the DELF.BZ TROJAN!43http://www.vsantivirus.com/back-delf-bz.htm0
123Microsoft Update Loader0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft Update Machine0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
135Microsoft UpToDate Driver (32-bits)0 17[random filename]2 00254Added by the W32/Rbot-ZV worm.  When this infection starts it connects to an IRC server where it waits for remote commands to execute.  It also installs a file call c:\a.bat which is used to stop certain antivirus, antispyware, and firewall applications.55http://www.sophos.com/virusinfo/analyses/w32rbotzv.html0
1 9Microsong0 17[random filename]2 00134Added by the Troj/Ranck-A proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.59http://www.sophos.com/virusinfo/analyses/trojranckbota.html0
112Monitor Test0 17[random filename]2 00134Added by the W32/Sdbot-NC worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnc.html0
1 7MS-HTML0 17[random filename]2 00 31Added by the LATINUS.15 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.150
1 8MSKCES320 17[random filename]2 00 27Added by the CLONER TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html0
1 7msmsgss0 17[random filename]2 00134Added by the Troj/Ranck-S proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancks.html0
1 8Msn Home0 17[random filename]2 00134Added by the Troj/Ranck-W proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckw.html0
1 6mswspl0 17[random filename]2 00 29Added by the SMALL.IQ TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ0
1 9nssysconf0 17[random filename]2 00 28Added by the VIVIA.A TROJAN!106http://de0
1 8nsysconf0 17[random filename]2 00 36Added by the Adware.ZioCom.C adware.59http://www.sarc.com/avcenter/venc/data/adware.ziocom.c.html0
1 6NTServ0 17[random filename]2 00134Added by the Troj/Ranck-P proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckp.html0
114NVidia Drivers0 17[random filename]2 00134Added by the Troj/Ranck-R proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckr.html0
1 6PlanCx0 17[random filename]2 00135Added by the Troj/Ranck-CE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckce.html0
1 5qbotd0 17[random filename]2 00 27Added by the BOTTEN TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html0
1 8qffecdas0 17[random filename]2 00135Added by the Troj/Ranck-BF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbf.html0
113RealVNC Setup0 17[random filename]2 00134Added by the Troj/Ranck-V proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckv.html0
113RSPC Driver D0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Sav320 17[random filename]2 00 56Added by the W32/Famus-G WORM! File found in c:\recycled55http://www.sophos.com/virusinfo/analyses/w32famusg.html0
123support-reverse-smileys0 17[random filename]2 00 35Added by the Troj/Litebot-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotd.html0
110svchosts320 17[random filename]2 00134Added by the Troj/Ranck-L proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckl.html0
1 7sws.exe0 17[random filename]2 00 33Haldex type adult content dialler74http://securityresponse.symantec.com/avcenter/venc/data/dialer.haldex.html0
117Symantec Autoscan0 17[random filename]2 00133Added by the  W32/Rbot-AJO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotajo.html0
1 7SysData0 17[random filename]2 00135Added by the Troj/Ranck-BA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckba.html0
118System CPL manager0 17[random filename]2 00108Added by the W32/Rbot-SR worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsr.html0
113System Update0 17[random filename]2 00 38Added by the KORGO.W or KORGO.X WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
111System-Tray0 17[random filename]2 00 29Added by Backdoor.BladeRunner64http://www.sarc.com/avcenter/venc/data/backdoor.bladerunner.html0
1 7TaskReg0 17[random filename]2 00 24Added by the CBLAD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A0
1 8tkaskqjw0 17[random filename]2 00135Added by the Troj/Ranck-CA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckca.html0
1 5Trayz0 17[random filename]2 00105Added by the Troj/Bdoor-JG backdoor Trojan.br /br /Uses CLSID: b(F5B7D0BE-5f02-4211-96DB-386DFA244900)/b.57http://www.sophos.com/virusinfo/analyses/trojbdoorjg.html0
1 6UpdSys0 17[random filename]2 00 23Added by the BJ TROJAN!53http://hq.mcafeeasap.com/dispVirus.asp?virus_k=1000570
1 8vadeinst0 17[random filename]2 00135Added by the Troj/Ranck-CF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckcf.html0
111VCbvnczsxcX0 17[random filename]2 00135Added by the Troj/Ranck-AK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckak.html0
1 9vcxcxvxcX0 17[random filename]2 00135Added by the Troj/Ranck-AQ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaq.html0
114vDGDGvvsa dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AV proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckav.html0
122vDSAGGQEvbA ASDAS dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckat.html0
113Video Process0 17[random filename]2 00 26Added by the RBOT-LM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlm.html0
110vxcxcvfck.0 17[random filename]2 00135Added by the Troj/Ranck-AZ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaz.html0
1 9vXCXssdss0 17[random filename]2 00135Added by the Troj/Ranck-BO proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbo.html0
1 7Wdqvsst0 17[random filename]2 00135Added by the Troj/Ranck-BT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbt.html0
111Web Service0 17[random filename]2 00 40Added by the Trojan.Admincash infection!60http://www.sarc.com/avcenter/venc/data/trojan.admincash.html0
111Win32system0 17[random filename]2 00 24Added by the DDV.B WORM!70http://securityresponse.symantec.com/avcenter/venc/data/vbs.ddv.b.html0
117Windows Compliant0 17[random filename]2 00 26Added by the RBOT-IR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotir.html0
116Windows ExpIorer0 17[random filename]2 00132Added by the W32/Rbot-AKO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotako.html0
120Windows Media Player0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
127Windows Media Player Update0 17[random filename]2 00 26Added by the RBOT-ET WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotet.html0
121Windows Media SP.2.370 17[random filename]2 00 28Added by the LEMIR.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.c.html0
110Windows NT0 17[random filename]2 00134Added by the Troj/Ranck-M proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckm.html0
124Windows Security Service0 17[random filename]2 00132Added by the W32/Rbot-ALV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalv.html0
120Windows Socketheader0 17[random filename]2 00 47Added by the W32/Ixbot-A worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbota.html0
122Windows Update Checker0 17[random filename]2 00 24Adware downloader trojan 01
117Windows Update V60 17[random filename]2 00 26Added by the RBOT-KT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkt.html0
119WindowsRegistration0 17[random filename]2 00 26Added by the RBOT-NO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotno.html0
124WindowsRegKey Autoupdate0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120WindowsRegKey update0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinManage0 17[random filename]2 00135Added by the Troj/Ranck-KH proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckh.html0
1 9zonealarm0 17[random filename]2 00132Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running 01
1 9(default)0 21[random filename].exe2 00 27Added by the BLACKMAL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html0
1 5Kadoc0 21[random filename].exe2 00 29Added by the  Staprew TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.html0
119Mickey Mouse Cereal0 21[random filename].exe2 00 28Added by the RANKY.Q TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html0
111RSPC Driver0 21[random filename].exe2 00 26Added by the RBOT-SN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsn.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
1 7W32Load0 21[random filename].scr2 00 25Added by the CASPID WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.caspid.html0
127AIM Instant Message Cookies0 18[random filenames]2 00134Added by the W32/Rbot-AFV worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafv.html0
121Norton Antivirus 7.0a0 18[random filenames]2 00 39Added by the Troj/Perda-B trojan proxy.56http://www.sophos.com/virusinfo/analyses/trojperdab.html0
117Internet Explorer0 20[random letters].dll2 00115Added by the Troj/Proxma-A proxy and backdoor Trojan.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.57http://www.sophos.com/virusinfo/analyses/trojproxmaa.html0
146Iamnacho On Irc. MusicIrc.com Is a Homosexual!0 13[random name]2 00134Added by the W32/Randex-T worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randext.html0
110Ndpldaemon0 13[random name]2 00 44Added by the W32/RpcSdbot-A backdoor trojan.58http://www.sophos.com/virusinfo/analyses/w32rpcsdbota.html0
119Windows ASN Service0 13[random name]2 00134Added by the W32/Agobot-TC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32agobottc.html0
117Internet Explorer0 17[RANDOM NAME].dll2 00102Added by the Backdoor.Berbew.T backdoor.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.berbew.t.html0
118HDAudio Driver 1.00 17[random name].exe2 00 44Added by the Troj/Teadoor-D backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoord.html0
1 5xserv0 17[random name].exe2 00 34Added by the Troj/Stumpy-A trojan.57http://www.sophos.com/virusinfo/analyses/trojstumpya.html0
1 6center0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor30 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor50 19[random name]32.exe2 00 26Added by the BOFRA.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.d@mm.html0
1 8Reactor60 19[random name]32.exe2 00 26Added by the BOFRA.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.c@mm.html0
1 8Reactor70 19[random name]32.exe2 00 26Added by the BOFRA.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.b@mm.html0
1 8Reactor80 19[random name]32.exe2 00 26Added by the BOFRA.E WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 8Reactor90 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 5Rhino0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
112MSN 9.0 Plus0 12[random.exe]1 00132Added by the W32/Rbot-ALY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaly.html0
1 6asfqft0  8[random]1 00 12Added by the107Troj/Ranc0
1 2BD0  8[random]1 00241The a href=http://www.sophos.com/virusinfo/analyses/trojagentcm.html"Troj/Agent-CM backdoor TROJAN will first place DC.EXE in the Temporary folder, then modify   HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure automatic startup. 01
114BIOS XP Loader0  8[random]1 00143Added by the W32/Rbot-IC trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotic.html0
1 9bluestart0  8[random]1 00 35Added by Troj/Dloader-IR, a TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderir.html0
111CacheLoader0  8[random]1 00171Troj/Dloader-IX will download the [random] file to the Windows folder, sub-folder "Cache". That done, it moves to "Security iGuard.exe", found in the Program Files folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderix.html0
1 3DI20  8[random]1 00 24Added by Troj/Dloader-IK59http://www.sophos.com/virusinfo/analyses/trojdloaderik.html0
111Disk Keeper0  8[random]1 00 99Added by the a href"http://www.sophos.com/virusinfo/analyses/trojsmallve.html"Troj/Small-VE TROJAN! 01
1 6eProxy0  8[random]1 00 29Added as a new service by the85Troj/Daemoni-AL TROJAN, using a displayname of Microsoft Security Subsystem Provider.0
1 7Expatch0  8[random]1 00 54Added by the Troj/PWSLmir-G TROJAN to steal passwords.58http://www.sophos.com/virusinfo/analyses/trojpwslmirg.html0
113Floppy Master0  8[random]1 00 68Added by the Troj/Zonit-E TROJAN to send spam using other computers.56http://www.sophos.com/virusinfo/analyses/trojzonite.html0
120Generic Host Process0  8[random]1 00147http://www.sophos.com/virusinfo/analyses/trojciadoorh.html"Troj/Ciadoor-H TROJAN adds the file, enabling an attacker remote access to the computer. 01
1 7JVM0.140  8[random]1 00 44Added by the Troj/Teadoor-B backdoor TROJAN!58http://www.sophos.com/virusinfo/analyses/trojteadoorb.html0
1 8LanGuard0  8[random]1 00  1. 01
1 5lk3h10  8[random]1 00 65Added by the Troj/Mosuck-G TROJAN into the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojmosuckg.html0
135Microsoft (C) HTML Application host0  8[random]1 00139Added by the W32/Rbot-YB WORM/IRC backdoor, this file will allow termination of processes by way of a remote attacker using an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotyb.html0
117Microsoft DirectX0  8[random]1 00 59A variant of the Rbot WORM/IRC backdoor will add this file.55http://www.sophos.com/virusinfo/analyses/w32rbotdp.html0
113Microsoft IIS0  8[random]1 00 43Added by the WORM variant, W32/Francette-Q.59http://www.sophos.com/virusinfo/analyses/w32francetteq.html0
139Microsoft Internet Acceleration Utility0  8[random]1 00 34Added by the Troj/Agent-BM TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbm.html0
120Microsoft PCHealth320  8[random]1 00 90The Troj/Nice-A TROJAN will log keystrokes using this file, and submit the data via email.55http://www.sophos.com/virusinfo/analyses/trojnicea.html0
1 6minimo0  8[random]1 00141A backdoor Trojan, it can log keypresses, capture screen and webcam images, steal files, provide a remote command shell and download updates. 01
1 3msn0  8[random]1 00 55Added by the Troj/Bancban-BG TROJAN to steal passwords.59http://www.sophos.com/virusinfo/analyses/trojbancbanbg.html0
118NT Virtual Machine0  8[random]1 00110Added by Troj/Agent-BV,  a network WORM with backdoor Trojan functionality found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32scaerbota.html0
110nvviddrv320  8[random]1 00143Added by the W32/Rbot-HT trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotht.html0
1 6qgqqft0  8[random]1 00 12Added by the21Troj/Ranck-BX TROJAN!0
1 7reg_run0  8[random]1 00 35Added by the Troj/Banker-BQ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbq.html0
121Regisry Configuration0  8[random]1 00143Added by the W32/Rbot-IY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.98http://www.google.com/url?sa=U&start=1&q=http%3A//www.sophos.com/virusinfo/analyses/w32rbotiy.html0
1 6RunWin0  8[random]1 00 36Added by the Troj/Banker-BN  TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbn.html0
115Service Manager0  8[random]1 00 34Added by the Troj/Migmaf-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojmigmafg.html0
1 8Services0  8[random]1 00 35Added by the Troj/Agent-BV  Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentbv.html0
1 8sixtysix0  8[random]1 00120Troj/LowZone-R  TROJAN is responsible for a file found in the Windows folder that will reduce IE security zone settings.58http://www.sophos.com/virusinfo/analyses/trojlowzoner.html0
1 3sox0  8[random]1 00 91Added by the Troj/Proxyser-G  to start a SOCKS4 proxy server on a randomly-chosen TCP port.59http://www.sophos.com/virusinfo/analyses/trojproxyserg.html0
1 7sVideo20  8[random]1 00 54Added by Dial/Switch-D , a TROJAN premium-rate dialler57http://www.sophos.com/virusinfo/analyses/dialswitchd.html0
111taskmrg.exe0  8[random]1 00 74Added by Troj/Bancban-BN, a TROJAN that attempts to steal banking details.59http://www.sophos.com/virusinfo/analyses/trojbancbanbn.html0
1 7uFnV32i0  8[random]1 00 45Added by the Adware.Envolo Adware downloader.57http://www.sarc.com/avcenter/venc/data/adware.envolo.html0
1 4upme0  8[random]1 00 12Added by the37W32/Rbot-TH WORM/IRC backdoor trojan!0
114USB controller0  8[random]1 00 39Troj/Miewer-A, a TROJAN, adds the file!57http://www.sophos.com/virusinfo/analyses/trojmiewera.html0
1 4usbn0  8[random]1 00115Added by the Troj/Hogil-B  Trojan.  This infection adds various links to porn sites in your Desktop and Start Menu.56http://www.sophos.com/virusinfo/analyses/trojhogilb.html0
1 9vadseinst0  8[random]1 00 34Added by the Troj/Ranck-CM Trojan!57http://www.sophos.com/virusinfo/analyses/trojranckcm.html0
1 3vb60  8[random]1 00 12Added by the37W32/Rbot-TD WORM/IRC backdoor trojan!0
1 5Verif0  8[random]1 00 12Added by the17W32/Nopir-B WORM!0
1 6WebRun0  8[random]1 00  8Added by12Troj/Bube-K.0
1 8Win32DLL0  8[random]1 00 12Added by the17W32/Woned-A WORM!0
114Window service0  8[random]1 00 12Added by the128W32/Rbot-AC0
117Windows update 320  8[random]1 00 12Added by the38W32/Rbot-ADG WORM/IRC backdoor Trojan!0
1 9winreg_320  8[random]1 00 36Added by the Troj/Bancban-BY TROJAN!59http://www.sophos.com/virusinfo/analyses/trojbancbanby.html0
1 9WXcmeinst0  8[random]1 00156Added by Troj/Ranck-CD, a backdoor TROJAN! It will chose a TCP port in the range 10000-49999 to notify a remote web server on that port using a web request.57http://www.sophos.com/virusinfo/analyses/trojranckcd.html0
1 6XpAspy0  8[random]1 00 72Added by Troj/Delf-WH, a TROJAN! It will be found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/trojdelfwh.html0
1 8xpsystem0  8[random]1 00114Added by Troj/Krepper-M,  a TROJAN! It will be found in a subfolder of the Windows system folder named "services".58http://www.sophos.com/virusinfo/analyses/trojkrepperm.html0
1 4xset0  8[random]1 00 12Added by the14Troj/Bdoor-HT.0
1 4mxb20 12[RANDOM].exe1 00 31Added by the W32.Maniccum worm.73http://www.sarc.com/avcenter/venc/data/w32.maniccum.html#technicaldetails0
1 4klop0 11[random]exe1 00 48Added by the Troj/Dloader-WA downloading Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwa.html0
1 7TempCom0 16[randomname].com1 00 24Added by the TRAXG WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.traxg@mm.html0
130[Ephemeral 2.5] by TreeHugger,0 16[randomname].exe1 00 31Added by the W32/Lemoor-C worm.56http://www.sophos.com/virusinfo/analyses/w32lemoorc.html0
118HDAudio Driver 2.00 18[randomstring].exe1 00 35Added by the Troj/Teadoor-E trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoore.html0
1 7Litebot0 24[Trojan executable name]2 00 35Added by the Troj/Litebot-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebota.html0
1 7CSRSWIN0 17[trojan filename]2 00 32Added by the WINSHELL.50 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html0
1 5CSRSX0 17[trojan filename]2 00 34Added by the WINSHELL.50.B TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.b.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 3lar0 17[trojan filename]2 00 27Added by the ROXY.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.c.html0
112Ntech.patchs0 17[trojan filename]2 00 28Added by the LEMIR.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.g.html0
1 7Service0 17[trojan filename]2 00 29Added by the KAITEX.E TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html0
111Disk Master0 13[trojan name]2 00 44Added by the DISTER TROJAN! - a spam relayer76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dister.html0
1 9*WinLogon0 13[trojan path]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 9*WinLogon0 38[trojan path] ren time:[random number]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 7MSSGisg0 14[unidentified]1 00126Added by the Troj/Ranck-BI TROJAN, it will allow an unauthorized attacker to route HTTP traffic through the infected computer.57http://www.sophos.com/virusinfo/analyses/trojranckbi.html0
1 8SySPower0 22[Unknown at this time]2 00 46Added by the Troj/SpyAgen-G keylogging Trojan.58http://www.sophos.com/virusinfo/analyses/trojspyageng.html0
126Network Devices Controller0 18[unknown filename]2 00 90Added by the Backdoor.Alnica backdoor.  Listens on port 6667 awaiting a remote connection.59http://www.sarc.com/avcenter/venc/data/backdoor.alnica.html0
1 5__ZF50 14[unknown name]2 00 46Added by the W32.Erkez.F@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.erkez.f@mm.html#technicaldetails0
142Activating the notepad common used library0  9[unknown]1 00 39Added by W32/Codbot-G, a WORM/backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotg.html0
1 7msnmsgy0  9[unknown]1 00 80Added by the Troj/Banker-EQ password-stealing trojan targetting Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankereq.html0
114Network Client0  9[Unknown]1 00 35Added by the Trojan.Boxed.C Trojan.75http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.c.html0
122Network Client Monitor0  9[unknown]1 00 35Added by the Trojan.Boxed.B Trojan.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.b.html#technicaldetails0
1 7PNP FIX0  9[unknown]1 00132Added by the W32/Rbot-AKQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakq.html0
110Search.vbs0  9[unknown]1 00  8Hijacker 01
110SFTRANSFER0  9[unknown]1 00 50Added by the Backdoor.Brakkeshell backdoor Trojan.81http://www.sarc.com/avcenter/venc/data/backdoor.brakkeshell.html#technicaldetails0
130SSDP Discovery Service Locator0  9[unknown]1 00 43Added by the Troj/Pndoor-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojpndoora.html0
1 9worknote10  9[unknown]1 00 29Added by the W32.Meetot worm.71http://www.sarc.com/avcenter/venc/data/w32.meetot.html#technicaldetails0
4 6VS.VSN0  9[unknown]1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
126Vaganza-XPloit-[User Name]0 15[User Name].exe2 00 32Added by the W32.Gavgent.A worm.74http://www.sarc.com/avcenter/venc/data/w32.gavgent.a.html#technicaldetails0
118Visual Element FX50 20[various file names]2 00 30ClearStream Accelerator adware73http://www.spyany.com/program/article_spw_rm_ClearStream_Accelerator.html0
1 5clock0 19[various filenames]2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
116MicrosoftWindows0 19[various filenames]2 00 46MagicSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PrivateNet0 19[various filenames]2 00 34Premium rate adult content dialler 01
115SystemEmergency0 19[various filenames]2 00 46SmartSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 5wingo0 19[various filenames]2 00 27Added by the BAGLE-AU WORM!56http://www.sophos.com/virusinfo/analyses/w32bagleau.html0
115CSRS Windows NT0 15[various names]2 00 43Added by the Backdoor.WinShell.50 backdoor.98http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html#technicaldetails0
1 9SNInstall0 15[various names]2 00 35Added by the Troj/Spyhoax-A trojan.58http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html0
131Vanquish Autoloader v0.1 beta100 15[various names]2 00 39Added by the Hacktool.Vanquish rootkit.78http://securityresponse.symantec.com/avcenter/venc/data/hacktool.vanquish.html0
111Winport.com0  9[various]1 00135Added by the Backdoor.Acropolis backdoor.  The name of the backdoor is Acropolis 1.0. It listens on ports 32791, 45673 for connections.62http://www.sarc.com/avcenter/venc/data/backdoor.acropolis.html0
1 7REGMSYS0 18[variousnames.exe]1 00138Added by the Troj/LowZone-AX Trojan. Some common filenames for this infection are active.exe, mqzx.exe, klanp.exe, urba.exe, and sope.exe.59http://www.sophos.com/virusinfo/analyses/trojlowzoneax.html0
110LiveUpdate0 24[Windows username]05.exe2 00 28Added by the LINEAGE TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lineage.html0
1 9AlevirOld0 15[worm filename]2 00 28Added by the OPASERV.G WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G0
1 9BrasilOld0 15[worm filename]2 00 28Added by the OPASERV.P WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P0
1 6G001230 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
126Microsoft Security Panager0 15[worm filename]2 00132Added by the W32/Rbot-ANL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanl.html0
1 9RavTimeXP0 15[worm filename]2 00 27Added by the WULLIK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 8RavTimXP0 15[worm filename]2 00  076http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 4rdvs0 15[worm filename]2 00 27Added by the  ULTIMAX WORM!90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&amp;VSect=T0
1 9ScrSvrOld0 15[worm filename]2 00 26Added by the OPASERV WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html0
111Services0040 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 9SpeedBoss0 15[worm filename]2 00 29Added by the OPASERV.AD WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html0
1 9Supernova0 15[worm filename]2 00 38Added by the SURNOVA (or SUPOVA) WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
1 7Win2Drv0 15[worm filename]2 00 25Added by the WINTOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.worm.html0
1 8Srv32Old0 19[worm filename].PIF2 00 28Added by the OPASERV.J WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html0
122Microsoft Windows DHCP0  8___r.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
133Microsoft Synchronization Manager0 13___synmgr.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
330Microsoft Broadband Networking0 13_18be6784.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
317AutpPilot Control0 11_294823.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
314active Printer0 13_644366bb.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
111_accwiz.exe0 11_accwiz.exe1 00 52Added by the Troj/Certif-N password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifn.html0
4 5AVPCC0 10_avpcc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5Swf320 11_backup.exe1 00 25Added by the SYMTEN WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.symten@mm.html0
115[Various Names]0  9_ctcp.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
123Bron-Spizaetus-5118REPM0 17_default32142.pif1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
110[not used]0 12_huytam_.exe1 00 52Added by the Ssearch.biz and a-search.biz hijackers. 01
110[not used]0 11_Kerne1.exe1 00 82Added by the Troj/Lineage-AN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagean.html0
113MEAOI Service0 10_meaoi.exe1 00227Added by the W32/Tilebot-AM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. This infection also creates a Rootkit file in order to hide itself called %System%meaoi.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotam.html0
110_ntrdlhost0 14_ntrdlhost.exe1 00 53A downloader TROJAN, Troj/Dloader-JV, adds this file.59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
117_ntrrescueservice0 10_ntrrs.exe1 00 37Added by the  TROJ/DLOADER-JV TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
138(randomly chosen existing folder name)0 10_setup.exe1 00 27Added by the  W32/Antinny-L57http://www.sophos.com/virusinfo/analyses/w32antinnyl.html0
1 7sqlsrvd0 12_sqlexec.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
121MS SQL Server Moniter0 12_sqlsrvd.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
111_System_Run0 13_svchost_.exe1 00 81Added by the Troj/Lineage-Z password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagez.html0
1 9_tdiserv_0 12_tdicli_.exe1 00 33Added by the  W32.TDISERV.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.tdiserv.a.html0
1 8windll320 10_WIN32.EXE1 00 31Added by the  LEGMIR.AQ TROJAN!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LEGMIR.AQ&VSect=T0
1 9_x-Finder0 13_x-Finder.exe1 00 61Disconnects and redials an ISP modem to an adult content site 01
1 8^`d}qZxu0 12~`d}qzxu3zYF1 00 34Added by the GAOBOT.GEN!POLY WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html0
1 9(default)0  6~~.exe1 00 47Added by the Troj/DownLdr-QR Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdownldrqr.html0
1 8Regcheck0 11~CAB001.EXE1 00 48Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A0
3 7ZeroAds0  101 00107ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually36http://zeroads.com/flash/default.asp0
1 9Zonavirus0  101 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 6begins0  50.exe1 00 61Added by the W32/Mytob-HE mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobhe.html0
1 5solid0  50.exe1 00 49Added by the WORM_MYTOB.PP worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EPP&VSect=T0
411AVGUARD.EXE0 1200000069.EXE125StartUp menu\Current user0111Windows XP/2000/XP Guard Service 6.29.00.03, H+BEDV Datentechnik GmbH. Antivirus Service for Windows XP/2000/NT39http://www.absolutestartup.com/startup/1
3 8000StTHK0 12000StTHK.exe1 00160Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) 01
3 8000StTHK0 12000StTHK.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1170050726-007-i32-10 210050726-007-i32-1.exe1 00 29Added by the  Troj/Bancban-EC59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
3 900THotkey0 1300THotKey.exe1 00 87For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. 01
3 900THotkey0 1300THotkey.exe111HKEY_LM\Run0 50TOSHIBA THotkey 6, 0, 2, 0, TOSHIBA Corp.. THotkey39http://www.absolutestartup.com/startup/1
115vbs_auto_update0 120548656X.vbs1 00 28Added by the   VBS/Gormlez-A57http://www.sophos.com/virusinfo/analyses/vbsgormleza.html0
1 80mcamcap0 120mcamcap.exe1 00 40Added by the Troj/Cosiam-H proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamh.html0
114OpenGL Drivers0 110penGLD.exe1 00 47Added by the W32/Yimp-A Instant Messaging worm.54http://www.sophos.com/virusinfo/analyses/w32yimpa.html0
112Yahoo! Pager0  11111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 1@0  21%1 00 12Added by the21W32/Protorid-AD WORM!0
110Rundll32_80  51.dll1 00 38Added by the Adware.BrowserAid adware.61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
1 51.bat0  51.exe1 00 36Added by the Troj/Banload-LK Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloadlk.html0
1 51.exe0  51.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
1 8SysStart0  51.exe1 00 38Added by the Adware.ZenoSearch adware.61http://www.sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 9WinUpdate0 10100089.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0  910010.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9ASDPLUGIN0 12100171be.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 9ASDPLUGIN0 12100176br.exe1 00 69Added by a variant of the  ASDPLUG adult content premium rate dialer!58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 6load320  91111a.exe1 00 28Added by the DUMARU.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html0
1151111swapmgr.exe0 151111swapmgr.exe1 00 43Added by the Troj/Bdoor-IC backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdooric.html0
2 5Watch0 151200UBWATCH.EXE1 00  2?? 01
32112Ghosts Popup-Killer0 1112popup.exe1 00 2112Ghosts Popup-Killer36http://12ghosts.com/ghosts/popup.htm0
120windowsregkey update0 1716winupdate32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113180adsolution0 17180adsolution.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 5180ax0  9180ax.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 8spyclean0 181ClickSpyClean.exe1 00126The application "1 Click Spy Clean" is using a database that was stolen from  SpybotS&D A Rogue anti-spyware program see  note171 Click Spy Clean0
122ni.uwfx5_0001_n57m21120  81D7C.tmp1 00 25This is WinFixer Malware. 01
112HELLBOT TEST0 121hellbot.exe1 00 38Added by the W32/Mytob-BC worm/trojan.56http://www.sophos.com/virusinfo/analyses/w32mytobbc.html0
1 41on10  81on1.exe1 00 21Adult content dialler 01
3 91st Clock0 181stClock.exe -tray225StartUp menu\Current user01111st Clock 3.0, Green Parrots Software. 1st Clock - add date, alarms, atomic time and more to your taskbar clock39http://www.absolutestartup.com/startup/1
1101t34rd.exe0 131t34rd.exe /k215HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
217One Touch Monitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~20 101tou~2.exe1 00  0 01
215OneTouchMonitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
1 52.exe0  52.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
11820050726-007-i32-10 2220050726-007-i32-1.exe1 00 57Added by the Troj/Bancban-EC information stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
1102006Server0  82006.exe1 00 44Added by the Troj/Feutel-DA backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelda.html0
1 3DI20  627.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 82kadiras0 122kadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
3 92wSysTray0 142portalmon.exe1 00 92a target="_blank" href="http://www.2wire.com/home/index.html"2Wire Homeportal user interface 01
0 8gramdate0  92Stop.exe1 00  2?? 01
3 92Tray.exe0  92tray.exe111HKEY_CU\Run0 79ImageConverter Plus 6, 3, 6, 0, fCoder Group International. ImageConverter Plus39http://www.absolutestartup.com/startup/1
115[Various Names]0 10321102.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
124windows runtime proccess0 1232RUNdll.exe1 00 28Added by the  SDBOT.QW WORM!83http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.QW0
1 5winXP0  633.exe1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
115[Various Names]0  934763.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 437210  83721.bat111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
119Win32 USB2.0 Driver0  7386.exe1 00 27Added by the IRCBOT.D WORM!55http://sarc.com/avcenter/venc/data/pf/w32.ircbot.d.html0
4 83capplnk0 123capplnk.exe1 00 24US Robotics Modem driver 01
2 83cdminic0 123CDMINIC.EXE1 001033Com DMI (DynamicAccess uD/uesktop uM/uanagement uI/unterface) Agent associated with 3Com network cards 01
2123ComDMIAgent0 123CDMINIC.EXE1 00  0 01
0 83CM Link0 113cmcnkw.exe1 00  2?? 01
4 83c1807pd0 273cmlink.exe 3cpipe-3c1807pd2 00 603Com WinModem driver. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
4 73Cmlink0 123CmlinkW.exe1 00164For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
1 73D Text0 113D Text.scr2 00 27Added by the  JERMY.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.jermy.a.html0
3193D!Turbo Experience0 123D!Turbo.exe122StartUp menu\All users0 53MSI3D Application 1, 0, 0, 1, . MSI3D MFC Application39http://www.absolutestartup.com/startup/1
1 83d_sound0 123d_sound.exe1 00115Added by the Troj/Riados-A Trojan that attempts a distributed denial of service (DDoS) attack against www.riaa.com.57http://www.sophos.com/virusinfo/analyses/trojriadosa.html0
3193Deep Control Panel0 123DeepCTL.EXE1 00115From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games34http://www.colorific.com/index.htm0
4103dfx Tools0 113dfxCmn.dll1 00132Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards 01
2173dfx Task Manager0 113dfxMan.exe1 00 87System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start - Programs 01
4123dfxv2ps.dll0 123dfxv2ps.dll1 00116Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards 01
3173DLabsHelperDemon0 123dldemon.exe1 00365Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled 01
3173DLabsHelperDemon0 213dldemon.exe nowakeup2 00  0 01
0303Dlabs Taskbar Display Manager0 103DLman.exe1 00 723DLabs graphics driver related.  System Tray access to display settings? 01
4 93ware 3DM0  73dm.exe1 00 63Monitors status of the disk array on 3ware IDE RAID controllers 01
4113DMouse.EXE0 113DMouse.EXE1 00 33Dritek System Inc. 3D Mouse drive 01
315Primax 3D Mouse0 123dmoused.exe1 00 56Enables the scroll button on the Primax 3-D Scroll mouse 01
3113DNADesktop0 173dnasys.exe -open211HKEY_LM\Run0 613DNA Desktop Controller 1, 0, 0, 1, . 3DNA Desktop Controller39http://www.absolutestartup.com/startup/1
3103qdctl.exe0 103qdctl.exe1 00194Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ 01
3 3pmc0  849XL.exe111HKEY_CU\Run0 34PMClient 3.01.0001, The Edge Tech.39http://www.absolutestartup.com/startup/1
2114cOqtqs.exe0 114cOqtqs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310WheelMouse0 104DMAIN.EXE1 00154Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide 01
1 9Messenger0  7514.exe1 00 37Added by the Trojan.Esteems.D Trojan.94http://securityresponse.symantec.com/avcenter/venc/data/trojan.esteems.d.html#technicaldetails0
1105-2-46-1120 145-2-46-112.exe1 00 55Adult content pop-up dialler. Removal instructions here292http://groups.google.com/gro0
1 5putil0  85845.exe1 00 84Added by the Backdoor.Zinx backdoor. This backdoor listens on ports 14728 and 24759.77http://securityresponse.symantec.com/avcenter/venc/data/pf/backdoor.zinx.html0
119Windows USB Service0  7666.exe1 00 12Added by the38W32/Mytob-AW WORM/IRC backdoor trojan!0
1 3pmc0  7764.exe1 00 21Adult content dialler 01
1 57VGAV0  97VGAV.exe1 00 81Part of the Adware.Winpup infection.  File is found in the Windows system folder. 01
115[various names]0  880d0.exe1 00115MediaMotor/Popuppers adware variant. Names spotted include 80d0, SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
11480xFire daemon0 1180xFire.exe1 00111Added by the W32/Tilebot-BK worm and IRC backdoor.  This also infects your computer with the rootkit rdriv.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotbk.html0
1 881pl96k80 1281pl96k8.exe111HKEY_LM\Run0 134, 0, 2, 3, .39http://www.absolutestartup.com/startup/1
1 7TempCom0  98746D.com1 00 43Added by the W32/Traxg-H mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32traxgh.html0
1 8887sfNY40 12887sfNY4.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 17896588AppInit.DLL1 00 94Added by the Troj/LegMir-BI Trojan.  This infection also creates the  %WinDir%896588.dll file.58http://www.sophos.com/virusinfo/analyses/trojlegmirbi.html0
413Initialize8x80 128x8_init.exe1 00 83Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay 01
1 8KAZAACuf0  191 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
2 7Apwheel0  89019.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
4 89xadiras0 129xadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
216DXM6Patch_9811160  1A1 00108Microsoft(R) Windows NT(R) Operating System 4.71.1015.0, Microsoft Corporation. Win32 Cabinet Self-Extractor 01
1 1a0  5a.exe1 00110Commercials file that registers itself in the system registry and redirects IE to a certain commercial website 01
1 7shellos0  8A+++.exe1 00 42Added by the WIN32.VB.AV keylogger TROJAN! 01
1 3a1g0  7a1g.exe1 00 35Added by the Troj/Agent-ACR Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentacr.html0
1 5load=0  7a1g.exe1 00 25Added by the ATAK.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.b@mm.html0
3 7a&sup2;0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a˛ 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 9a-squared0 11a2guard.exe1 00  0 01
3 9a-squared0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a˛ 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 2a˛0 11a2guard.exe1 00  027http://www.emsisoft.com/en/0
3 7ADSL_A20 11A2Installed1 00 78Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. 01
433Aureal A3D Interactive Audio Init0 11A3dInit.exe1 00 80For Aureal based 3D soundcards. A3D sound features won't work with this disabled 01
3 7A4Proxy0 11A4Proxy.exe1 00 87Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites47http://www.findincontext.com/a4proxy/review.htm0
3 9WindowsFZ0 11A5281300.so111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9windowsfz0 11A5281300.so1 00 49Variant of the SmitFraud alias  FAKEALE-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakealec.html0
111popuppers650 11a64sddd.exe1 00 24Popuppers adware variant77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
111popuppers650  8a65d.exe1 00162Popuppers delivers popup ads to your computer. The file is found in the Windows folder. It also adds media-motor.net and popuppers.com to your trusted sites list. 01
114windows update0  7aaa.exe1 00 91Added by the Troj/Singu-Y Trojan.  This infection also creates the file c:\windows\aaa.cfg.56http://www.sophos.com/virusinfo/analyses/trojsinguy.html0
2 8AAACLEAN0 12AAACLEAN.INF1 00  2?? 01
1 4Heps0  8aaea.exe1 00 67Unknown malware. Located in %userprofile%\Application Data\aaea.exe 01
3 3AAK0  7aak.exe1 00140Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"30http://www.anti-keylogger.net/0
1 8AANYVKCF0 12aanyvkcf.exe1 00105Added by the Adware.Safesearch.B  Adware. This infection redirects certain pages to ones that it desires.63http://www.sarc.com/avcenter/venc/data/adware.safesearch.b.html0
133Microsoft Synchronization Manager0  9aapie.exe1 00134Added by the W32/Sdbot-OZ worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoz.html0
1 4Noha0  8aasd.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116Microsoft Update0 10aaupdt.exe1 00 26Added by the RBOT-RQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrq.html0
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe1 00 29ABBYY FineReader OCR software45http://www.abbyy.com/finereader7/?param=286030
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe111HKEY_LM\Run0 65FineReader 7.0.0.620, ABBYY (BIT Software). ABBYY Community Agent39http://www.absolutestartup.com/startup/1
1 4FILE0 11abcdefg.exe1 00 46Added by the W32.Kelvir.DD MSN messenger worm.74http://www.sarc.com/avcenter/venc/data/w32.kelvir.dd.html#technicaldetails0
1 6System0 11abcdefg.exe1 00 31Added by the W32/Harwig-B worm.56http://www.sophos.com/virusinfo/analyses/w32harwigb.html0
1 8BT0000350 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000360 13abcdefg23.exe1 00  054http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000370 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8abcdefgh0 12abcdefgh.exe1 00 68Malware - detected by  Panda antivirus as the DOWNLOADER.EPJ TROJAN!51http://www.pandasoftware.com/products/titanium2005/0
115[Various Names]0 10ABCXYZ.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 6abiteq0 10abiteq.exe1 00 96Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds. 01
115Service Drivers0  7abl.exe1 00133Added by the W32/Sdbot-YX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyx.html0
216Album Fast Start0 10ABMTSR.EXE1 00 50Scanner software, not required for scanner to work 01
1 4ABox0  8ABox.exe1 00 74Added by the Troj/Abox-A Trojan!  The file is found in the Windows folder. 01
112Abrada win320 14abradaload.dll1 00 52Added by the Troj/Dermon-G password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojdermong.html0
3 8ABREGMON0 12ABregmon.exe111HKEY_LM\Run0 54Registry Monitor 1, 0, 0, 1, ArcaBit. Registry Monitor39http://www.absolutestartup.com/startup/1
115[Various Names]0  9abrek.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
118active bit station0  7abs.exe1 00 32Added by the  W32.MYTOB.BZ WORM!63http://www.symantec.com/avcenter/venc/data/w32.mytob.bz@mm.html0
318PCBackup Scheduler0 15ABScheduler.exe111HKEY_LM\Run0 83Alohabob Job Scheduling Agent 6, 0, 0, 0, Eisenworld. Alohabob Job Scheduling Agent39http://www.absolutestartup.com/startup/1
1 4ABsr0  8absr.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
2 3abu0  7abu.exe111HKEY_LM\Run0 33abu Application 1, 0, 0, 1, . abu39http://www.absolutestartup.com/startup/1
314AbyssWebServer0 11abyssws.exe1 00 16Abyss web server29http://abyss.sourceforge.net/0
3 6CCWC7a0  6ac.exe1 00 64Moleculesoft Cache, Cookie & Windows Cleaner Ver. 7 - auto clean39http://www.moleculesoft.se/index2b.html0
1 4Osus0  8acao.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
216acbtnmgr_x63.exe0 16AcBtnMgr_X63.exe122StartUp menu\All users0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
326Lexmark X73 Button Manager0 16AcBtnMgr_X73.exe111HKEY_LM\Run0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
412AcBtnMgr_Xxx0 16AcBtnMgr_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Manager0 16AcBtnMgr_Xxx.exe1 00  0 01
3 3acc0  7acc.exe1 00102Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"53http://www.voicecallcentral.com/#advanced_call_center0
0 5AOLCC0 11ACCAgnt.exe1 00 74AOL ISP software related, file located in a "AOL Computer Check-Up" folder 01
310Accelerate0 14accelerate.exe1 00170Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection55http://www.webroot.com/wb/products/accelerate/index.php0
310Accelerate0 17accelerate.exe /S2 00 304.0.1, Webroot Software, Inc.. 01
313accessmanager0 13AccessMgr.exe1 00230Part of SmartPipes  SecureSite software - "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"40http://www.smartpipes.com/SecureSite.htm0
120Windows Task Manager0 23ACCOUNT_DETAILS.DOC.exe1 00 28Added by the QUATERS.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.quaters.a@mm.html0
3 7AcctMgr0 11AcctMgr.exe1 00246Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities—all from the safety of your own PC44http://www.symantec.com/sabu/sysworks/basic/0
3 7AcctMgr0 20AcctMgr.exe /startup211HKEY_LM\Run0 85Norton Password Manager 2004.1.406, Symantec Corporation. Password Manager Controller39http://www.absolutestartup.com/startup/1
111accwizz.exe0 11accwizz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
111MeuPrograma0 11accwizz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 8accwizzz0 12accwizzz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
112accwizzz.exe0 12accwizzz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 9system xp0 15acdsee demo.exe2 00 26Added by the SALGA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html0
0 8Ace bows0 12Ace bows.exe2 00  2?? 01
3 8acergoto0 12AcerGoto.exe1 00179Acer Computer "Goto Drive"  Cold Swap Driver -  a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer. 01
417AspireTimeMachine0 11acertmb.exe1 00189System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry 01
1 5necix0 13aceyukujy.exe1 00 89Added by W32/Sdbot-UE, a WORM/IRC backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotue.html0
3 8aclntusr0 12AClntUsr.exe1 00 42Altiris  AClient Service Windows Tray Icon42http://www.cdg-group.com/go.exe?prodid=2990
312AmazingClock0 10AClock.exe111HKEY_CU\Run0 65Amazing clock 1.2.beta, Kukushkin A. S.. Amazing clock executable39http://www.absolutestartup.com/startup/1
110AclService0 10AclService1 00 84C:\Windows\System32\aclservice.exe, and C:\Windows\Downloaded Program Files\acl.inf. 01
326Lexmark X73 Button Monitor0 17ACMonitor_X73.exe111HKEY_LM\Run0 46ACMonitor 1, 0, 0, 0, Silitek Corp.. ACMonitor39http://www.absolutestartup.com/startup/1
413ACMonitor_Xxx0 17ACMonitor_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Monitor0 17ACMonitor_Xxx.exe1 00123Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
310ACMService0 14ACMService.exe1 00109Added by the Spyware.ACM surveillance software.  Uninstall this software if it was not installed by yourself.72http://securityresponse.symantec.com/avcenter/venc/data/spyware.acm.html0
0 9aauclient0 14ACNUpdater.exe1 00 53Appears to be related to software from  Accenture.com56http://www.accenture.com/xd/xd.asp?it=enweb&xd=index.xml0
313Acombo3dmouse0 12Acombo3d.exe1 00 71Mouse driver - required if you use non-standard Windows driver features 01
1 6Aconti0 10aconti.exe1 00 21Adult content dialler 01
3 8acoustic0 12acoustic.exe1 00112Control panel program for Philips  Acoustic Edge soundcard. Not required unless changed settings aren't retained198http://www.consume0
31042 AC Plug0 20acplug.exe -tray -on225StartUp menu\Current user0 752, 0, 4, 29,  iOpus Software GmbH. 42 Always Connected Plug (AC-Plug)  V2.039http://www.absolutestartup.com/startup/1
114Adobe Reader320 12Acrord32.exe1 00 48Added by the W32/Rbot-BLC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotblc.html0
221Acrobat Assistant 7.00 12Acrotray.exe111HKEY_LM\Run0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2004121400, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
219Assistant d'Acrobat0 12acrotray.exe122StartUp menu\All users0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2003102300, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
317Acrobat Assistant0 12ACROTRAY.EXE1 00190Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation 01
135adobe acrobat distiller application0 12acrotray.exe1 00 34Added by the  W32.RANDEX.DFJ WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.dfj.html0
329Atheros Configuration Service0  7acs.exe1 00 64Possibly part of the Atheros 802.11b/g WiFi connectivity driver. 01
413AolAcsDaemon10  8Acsd.exe1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
118AlfaCleanerService0 12ACServer.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
327autocad startup accelerator0 13acstart16.exe1 00 91Preloads some libraries that are used by  AutoCAD in order to make the software load faster67http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=51272130
327AutoCAD Startup Accelerator0 13acstart16.exe122StartUp menu\All users0 61AutoCAD 16.1.63.0, Autodesk, Inc. AutoCAD Startup Accelerator39http://www.absolutestartup.com/startup/1
1 5acsuc0  9acsuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119DyFuCA Active Alert0 12actalert.exe1 00 32Adult content dialler - see here57http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html0
127microsoft boot system cfg320 12actboost.exe1 00 32Added by the  W32.Bropia.R WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.r.html0
125Windows boot system cfg320 12actboost.exe1 00 38Added by W32/Forbot-G, a network WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotgl.html0
3 8activity0  9actik.exe1 00 90ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!67http://www.symantec.com/avcenter/venc/data/spyware.activitykey.html0
311ActionAgent0 15actionagent.exe1 00202A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client. 01
115[Various Names]0 13ActionScr.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
120kernel system daemon0 13ACTIVAT0R.exe1 00 28Added by the RANDEX.AW WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aw.html0
210Activation0 14Activation.exe1 00 23Part of Microsoft Money 01
216MoneyStartUp10.00 14Activation.exe1 00 53Part of MS Money 2002. Available via Start - Programs 01
312online cdrom0 15Active acid.exe2 00  2?? 01
1 7ATITech0 10Active.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
122MS Decryption Software0 10active.exe1 00 27MediaTickets adware variant51http://www.spywareguide.com/product_show.php?id=8130
1 8ACTIVEDS0 12ACTIVEDS.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
210ActiveEyes0 14ActiveEyes.exe1 00 30ActiveEyes from TFI Technology53http://www.tfi-technology.com/products.htm#ActiveEyes0
310ActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
317HPGamesActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
323hplaptopgamesactivemenu0 14ActiveMenu.exe1 00260Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case 01
310ActivePlus0 14activeplus.exe1 00 68Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)35http://hot.activebuddy.com/catalog/0
313Active shield0 16Activeshield.exe1 00177Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"34http://www.securitystronghold.com/0
1 6Roam040 11ActiveX.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
3 8ActMaker0 12ActMak25.exe1 00196ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer34http://www.789987.com/products.htm0
311ACTNSTA.EXE0 11ACTNSTA.EXE1 00 68Believed to be a system tray utility for an Accton ethernet adapter.40http://www.accton.com/homepage/index.htm0
3 3ACU0  7acu.exe1 00 66ACU 2.4.0.71, Atheros Communications, Inc.. Atheros Client Utility 01
3 3ACU0  7ACU.exe1 00 45Atheros wireless Client Utility For HP Compaq38http://www.nus.edu.sg/winzone/atheros/0
3 7acu_qsb0  7ACU.exe1 00 45Atheros wireless Client Utility For HP Compaq38http://www.nus.edu.sg/winzone/atheros/0
3 3ACU0 14ACU.exe -nogui2 00 67ACU 4.1.0.132, Atheros Communications, Inc.. Atheros Client Utility 01
314Ad Blocker Pro0 18Ad Blocker Pro.exe2 00 32Ad Away popup and banner remover 01
310AD2KClient0 14AD2KClient.exe1 00190Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
318Iomega Active Disk0 14AD2KClient.exe111HKEY_LM\Run0 53AD2KClient 1, 0, 0, 2, Iomega Corporation. AD2KClient39http://www.absolutestartup.com/startup/1
214Adaware Bootup0 12ad-aware.exe1 00  040http://www.lavasoft.de/software/adaware/0
1 8Ad-aware0 12Ad-aware.exe1 00162Ad-aware from Lavasoft. Checks your PC for &quot;Spyware&quot; which reports back your internet activities to &quot;base&quot;. Available via Start -&gt; Programs40http://www.lavasoft.de/software/adaware/0
114Adaware lptt010 11adaware.exe1 00224Variant of the  RapidBlaster parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not the valid Lavasoft Adaware49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Adaware ml097e0 11adaware.exe1 00186Variant of the  RapidBlaster parasite (in a &quot;Aimaol&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin lptt010 11adaware.exe1 00174Variant of the  RapidBlaster parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin ml097e0 11adaware.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
117Lavasoft Ad-Aware0 12Ad-Aware.exe1 00 93Added by the RBOT-SO WORM! Note - this is not the popular Ad-aware spware/adware removal tool55http://www.sophos.com/virusinfo/analyses/w32rbotso.html0
2 8Ad-Aware0 15Ad-Aware.exe +c2 00  0 01
111Browser Pal0 10adblck.exe1 00 31BrowserAid/BrowserPal foistware47http://www.doxdesk.com/parasite/BrowserAid.html0
3 9AdBlocker0 13AdBlocker.exe111HKEY_LM\Run0 583B Ad Blocker Pro 1.00, 3B Software Inc. 3B Ad Blocker Pro39http://www.absolutestartup.com/startup/1
124Micro$oft Windowz Update0 13ADBlockXp.exe1 00 49Added by the W32/Sdbot-AJR worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotajr.html0
2 6XemiCo0  7ADC.EXE1 00 98XemiComputers a target="_blank" href="http://www.xemico.com/adc/index.html"Active Desktop Calendar 01
323Active Desktop Calendar0  7ADC.exe111HKEY_CU\Run0103Active Desktop Calendar Application 4, 8, 0, 0, XemiComputers ltd.. Active Desktop Calendar Application39http://www.absolutestartup.com/startup/1
1 8AddClass0 12AddClass.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 8AdDelete0 12AdDelete.exe1 00 27Banner advertisment blocker 01
111AdDestroyer0 15AdDestroyer.exe1 00308Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code 01
1 110  9addit.exe1 00130Added by the W32/Sdbot-RI worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotri.html0
0 8addproxy0 12addproxy.exe1 00 26Related to Adobe Photoshop 01
2 9audiodeck0  9ADeck.exe1 00127ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items. 01
3 9AudioDeck0 11ADeck.exe 1211HKEY_LM\Run0 64ADeck Application 5, 9, 0, 6, VIA Technologies, Inc.. Audio Deck39http://www.absolutestartup.com/startup/1
113ad-eliminator0 17ad-eliminator.exe1 00 92Spyware remover of dubious repute - see this  list of non-recommended anti parasite software38of dubious repute - see this  <a href=0
3 3ADG0  7ADG.exe1 00 28SoundBlaster Audigy related? 01
2 7ADGJdet0 11ADGJDet.exe1 00 78Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection 01
213Jet Detection0 11ADGJDet.exe1 00  0 01
213Jet Detection0 11ADGJDet.exe111HKEY_LM\Run0 57HdPhDetector Application 1, 0, 2, 0, . Creative JetDetect39http://www.absolutestartup.com/startup/1
4 6Adiras0 10Adiras.exe1 00 22ADSL USB modem related 01
3 8AdKiller0 21AdKiller.exe /StartUp211HKEY_LM\Run0 89AdKiller Daemon 1.00.0015, Infocrackes Software 2000, Inc.. The Best Free PopUp Ad Killer39http://www.absolutestartup.com/startup/1
131Popup and Advertisement Killers0 13adkillers.exe1 00 48Added by the W32/Rbot-DDH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddh.html0
1 7version0 10adl_dh.exe1 00 25DealHelper adware related60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
319NewsStand.Scheduler0 12ADLSched.exe111HKEY_CU\Run0 76ADLSched 2.8.2.0, NewsStand, Inc.. NewsStand Reader Media Download Scheduler39http://www.absolutestartup.com/startup/1
1 7svchost0 11ADMAGIC.EXE1 00124Added by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.smibag.worm.html0
120Admanager Controller0 12AdManCtl.exe1 00134This is a WindUpdates variant.  You can uninstall it from Add/Remove Programs.  It is found in C:\Program Files\Admanager Controller\. 01
115Admilli Service0 15AdmilliServ.exe1 00 26Windupdates adware variant81http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx0
1 6Remote0 15adminClient.exe1 00 79Added by the Backdoor.Gapin backdoor. This infections listens on TCP port 1039.58http://www.sarc.com/avcenter/venc/data/backdoor.gapin.html0
113Administrator0 17Administrator.exe1 00 44Added by the Troj/GrayBrd-B Trojan backdoor.58http://www.sophos.com/virusinfo/analyses/trojgraybrdb.html0
118ADM Library Loader0 12admlib32.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 5AWMON0 14Ad-Monitor.exe1 00 21F-Secure_Anti-Spyware38http://www.f-secure.com/products/fsas/0
311admtray.exe0 11admtray.exe1 00 33Related to  Acer Inc. Destop tray23http://global.acer.com/0
310Ad Muncher0 11ADMUNCH.EXE1 00184Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications25http://www.admuncher.com/0
319Go!Zilla Ad Muncher0 15AdMunch.exe /bt211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Adobe Gamma Loader0 22Adobe Gamma Loader.exe2 00231Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine 01
1 5Adobe0  9Adobe.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
4 6dlmMgr0 24AdobeDownloadManager.exe1 00260This is Adobe's download manager that allows for resuming of partially complete downloads from their site.  If you want the program to continue downloading you need to keep this entry.  When it has completed downloading it will remove itself from the registry. 01
416Adobe LM Service0 14Adobelmsvc.exe1 00306This is Adobe's license management service that is used to make sure you are not using a pirated copy of their software.  It does this by examining your hardware on your computer and asking you to reregister if this changes.  This can not be disabled as it will reenable when you use one of their products. 01
1 8adobemgr0 12adobemgr.exe1 00 38Added by the  Trojan.Adclicker TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html0
119adobe photoshop 7.00 18AdobePhotoshop.exe1 00122Added by a variant of the  W32/SDBOT WORM! - NOTE: Do NOT confuse with the  Adobe photo editing software of the same name!43http://vil.nai.com/vil/content/v_100454.htm0
1 6AdobeA0 10adobes.exe1 00 29Added by the FLOOD.BA TROJAN!43http://vil.nai.com/vil/content/v_100373.htm0
2 9updateMgr0 33AdobeUpdateManager.exe AcRdS7_0_0211HKEY_CU\Run0 74Adobe Update Manager 3.0, Adobe Systems Incorporated. Adobe Update Manager39http://www.absolutestartup.com/startup/1
015Ad Online Guide0 17adonlineguide.exe1 00  2?? 01
1 3adp0  7adp.exe1 00 70Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc 01
111ATM Control0  8adpn.exe1 00 24Added by the MMS.A WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&amp;VSect=T0
1 4aapp0  6adprot1 00 24AdBlaster adware variant 01
1 6adprot0 10adprot.exe1 00  0 01
4 8adpu160m0 12adpu160m.sys1 00 65Added by Nero Burning Rom program. Needed to properly burn files. 01
1 7updater0 15adservernow.exe1 00 18AdServerNow adware79http://securityresponse.symantec.com/avcenter/venc/data/adware.adservernow.html0
3 9ADService0 13ADService.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
3 7AdsGone0 11adsgone.exe1 00  0 01
3 7AdsGone0 11Adsgone.exe1 00 24AdsGone - pop-up stopper23http://www.adsgone.com/0
1 7SyncMon0 14adslcomdos.exe1 00 78Added by the a href=http://www.sophos.com/virusinfo/analyses/trojclunkya.html"30Troj/Clunky-A backdoor trojan.0
313ADSLConnector0 23ADSLConnector.exe /auto225StartUp menu\Current user0 70Conector Speed UOL 1, 0, 1, 0, Universo Online S/A. Conector Speed UOL39http://www.absolutestartup.com/startup/1
4 4ADSS0  8ADSS.exe1 00225ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied22http://www.johnru.com/0
1 9adstartup0 13Adstartup.exe1 00 22Adlogix adware variant51http://www.spywareguide.com/product_show.php?id=7910
116AdStatus Service0 14AdStatServ.exe1 00 22Unknown adware/malware 01
216Subtract the Ads0  9AdSub.exe1 00 62Removes adverts from web pages. Although useful - not required 01
310AdSubtract0  9AdSub.exe1 00 51AdSubtract 3.0 3.0, IinterMute inc.. AdSubtract 3.0 01
310AdSubtract0  9adsub.exe1 00147AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start - Programs26http://www.adsubtract.com/0
110adtech20050 14adtech2005.exe1 00 62Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus. 01
110adtech20060 14adtech2006.exe1 00 53Identified by Kapersky as Trojan-Clicker.Win32.VB.kc. 01
115adtools service0 11AdTools.exe1 00 26Windupdates adware variant27http://www.windupdates.com/0
213ADQuickAccess0 10Adtray.exe1 00112After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 01
110Adult_Chat0 14Adult_Chat.exe1 00 21Adult content dialler 01
111Adult_Chat10 15Adult_Chat1.exe1 00  0 01
1 6AdultX0 10AdultX.exe1 00 34Adult content dialler and hijacker 01
3 9ADUserMon0 13ADUserMon.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
1 7aduxlqj0 11aduxlqj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9[unknown]0  9ADVAP.EXE1 00127Added by the W32/SdBot-W worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32sdbotw.html0
1 6Advapi0 10Advapi.exe1 00 30Added by the NETDEVIL.12 WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.120
1 8advapi320 18advapi32.exe -auto211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
220Advanced Tools Check0 10ADVCHK.EXE1 00141Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget 01
2 6ADVCHK0 10ADVCHK.EXE1 00  0 01
220Advanced Tools Check0 10ADVCHK.EXE111HKEY_LM\Run0 97Norton AntiVirus 8.00.61, Symantec Corporation. Norton AntiVirus Advanced Tools Integrity Checker39http://www.absolutestartup.com/startup/1
120advanced tool checks0 11advchks.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8advmon320 12advmon32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
124[random 12 digit number]0 12advpack1.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
126advanced protection system0 11advpsys.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3adw0  7adw.exe1 00 74Added by the Troj/AdClick-BK Trojan!  File is found in the Windows folder.59http://www.sophos.com/virusinfo/analyses/trojadclickbk.html0
2 5load=0  9adw30.exe1 00102After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95 01
312Adware Agent0 16adware agent.exe2 00 26Adware Agent popup blocker58http://www.topshareware.com/Adware-Agent-download-4866.htm0
311adwarealert0 15AdwareAlert.Exe1 00118Spyware remover  of dubious repute  -  see the  SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites39of dubious repute  -  see the  <a href=0
311AdwareAlert0 21AdwareAlert.Exe -boot211HKEY_LM\Run0 47AdwareAlert 3.06.0002, AdwareAlert. AdwareAlert39http://www.absolutestartup.com/startup/1
112AdwareDelete0 16adwaredelete.exe1 00 61Rogue antispyware application that is installed with malware. 01
334AdwareFilter Background Protection0 16adwarefilter.exe122StartUp menu\All users0 50Adware Filter 2, 3, 8, 0, PCSafe.com. AdwareFilter39http://www.absolutestartup.com/startup/1
210Adware Spy0 13AdwareSpy.exe1 00 86Bogus adware remover, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
118Adwarz Spy Remover0 10ADWARZ.EXE1 00 49Added by the W32/Spybot-EV worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32spybotev.html0
3 8Ad-watch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
3 5AWMON0 12Ad-Watch.exe1 00  040http://www.lavasoft.de/software/adaware/0
316Lavasoft Adwatch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
1 5AWMON0 12Ad-Watch.exe1 00 59Ad-Aware SE 3.2, Lavasoft Sweden. Ad-Watch System Protector 01
116Lavasoft Adwatch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
1 5AWMON0 12Ad-Watch.exe111HKEY_LM\Run0 59Ad-Aware SE 3.2, Lavasoft Sweden. Ad-Watch System Protector39http://www.absolutestartup.com/startup/1
1 4aebq0  8aebq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312Aeiwlsta.exe0 12Aeiwlsta.exe1 00 42IBM High Rate Wireless LAN Adapter driver. 01
210SharkEject0 11AEJCT32.exe1 00136Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required 01
2 8AELaunch0 12AELaunch.exe1 00 68Audio Applications Launcher for the Philips  Acoustic Edge soundcard182http://www.consum0
320active email monitor0  9aem25.exe1 00153Active_Email_Monitor checks multiple accounts for email,  serves as a SPAM filter and can also protect you from harmful items that can be sent via email.31http://www.vicman.net/emailmon/0
1 9AERVICESN0 13AERVICESN.exe1 00 32Added by the W32/Randon-AO worm.57http://www.sophos.com/virusinfo/analyses/w32randonao.html0
213aexagentlogon0 20AeXAgentActivate.exe1 00105Altiris Agent transmits information about your machine for the purpose of asset management and deployment22http://www.altiris.com0
123microsoftz turn control0  8aexl.exe1 00 29Added by the  SDBOT.BCO WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCO&VSect=P0
3 8NSHelper0 22aexnsinstallhelper.exe1 00 91Altiris Express Notification Server Install helper - monitors integrity of the installation 01
3 9AeXSWDUsr0 13AeXSWDUsr.exe1 00 43Altiris Express NS Client Manager software.23http://www.altiris.com/0
1 5aeydt0  9aeydt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Adobe Filter Platform0 19afilterplatform.exe1 00 26Added by the RBOT-OP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotop.html0
1 6afmymk0 10afmymk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5Agent0  9Agent.exe1 00170Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start - Programs24http://www.cyberlink.com0
2 9LookNMeet0  9Agent.exe1 00 24LooknMeet dating service47http://217.22.55.178/rdl/lnm_v4.3/nl/index.html0
116Backdoor.NuAgent0  9agent.exe1 00 43Added by the Troj/Agent-DP backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojagentdp.html0
1 8agentsvr0 12agentsvr.exe1 00239Malware, detected by  Kaspersky antivirus as AdWare.Monker.a - NOTE:  do NOT confuse with the Microsoft Agent Server application of the same name as described  here - the legitimate file will always be located in the WindowsMsagent folder.36http://www.kaspersky.com/personalpro0
110[not used]0 14Agentsvr32.exe1 00104Added by the Troj/Dropper-BA dropper Trojan.br /br /Uses CLSID: bE7CCDB6E-AE6D-11cf-96B8-444553540000/b.59http://www.sophos.com/virusinfo/analyses/trojdropperba.html0
1 9RavUptets0 11agetlke.exe1 00 35Added by the Troj/QQPass-AK Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassak.html0
1 9RavUpteni0 14agetlktsyr.exe1 00 35Added by the Troj/QQPass-CJ Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpasscj.html0
1 8RavUptkt0 12agetlktz.exe1 00 35Added by the Troj/QQPass-AJ Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassaj.html0
1 7RavUpfs0 12agetltfs.exe1 00 35Added by the Troj/QQPass-AL Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassal.html0
3 8AgfaCLnk0 12AgfaCLnk.exe1 00162For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive 01
1 3agp0  9agp32.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
2 6acpart0 12agpart11.exe1 00 34Program for finding trucks on-line 01
219Creative AGP Wizard0 10agpwiz.exe1 00 33Part of Creative's BlasterControl 01
313QuickPassword0 12agquickp.exe1 00 69Smart card-based authentication and digital signature client software 01
313Forget Me Not0 12AGRemind.exe1 00 57Calendar reminder part of American Greetings® CreataCard® 7#FF00000
3 8AGRSMMSG0 12AGRSMMSG.exe111HKEY_LM\Run0109Agere SoftModem Messaging Applet 2.1.25 2.1.25 02/14/2003 11:58:58, Agere Systems. SoftModem Messaging Applet39http://www.absolutestartup.com/startup/1
211AGSatellite0 15AGSatellite.exe1 00107Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start - Programs 01
1 8AGSeyApp0 12AGSeyApp.exe1 00 32Added by the  GoldenEye SPYWARE!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.goldeneye.html0
1 6agypdk0 10agypdk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7Aha154x0 11aha154x.sys1 00 51Adaptec SCSI driver installed by Microsoft Windows. 01
3 4ahfp0  8ahfp.exe1 00313Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
3 7ahfprog0  8ahfp.exe1 00313Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
115control handler0 11ahjinst.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 5AHNSD0  9AhnSD.exe1 00 89AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis48http://home.ahnlab.com/english/product/01_1.html0
2 5AHNUE0  9AHNUE.exe1 00  2?? 01
1 4ahnx0  8ahnx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7AHQInit0 11AHQInit.exe1 00 64AHQInit Application 1, 0, 0, 0, Creative Technology Ltd. AHQInit 01
2 7AHQInit0 11ahqinit.exe1 00147Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required 8#AudioHQ0
2 6AutoEA0 10Ahqrun.exe1 00189For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ 01
2 7AudioHQ0  9AHQTB.EXE1 00 57AudioHQ 1.4.0, Creative Technology Ltd.. Creative AudioHQ 01
2 7AudioHQ0  9Ahqtb.exe1 00133For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -&gt; Programs 01
3 8AudioHQU0 10AHQTBU.EXE111HKEY_LM\Run0 58AudioHQ 1.13.0, Creative Technology Ltd.. Creative AudioHQ39http://www.absolutestartup.com/startup/1
110ahui32.exe0 10ahui32.exe1 00 52Added by the Troj/Certif-M password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifm.html0
1 7aiasxwa0 11aiasxwa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7aic78u20 11aic78u2.sys1 00 58Added by Microsoft for the Adaptec SCSI hardware profiles. 01
4 7aic78xx0 11aic78xx.sys1 00 34Added by Microsoft for SCSI drives 01
4 5load=0 12AICLIENT.EXE1 00141Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system32http://www.tangram.com/index.htm0
338Another Internet Explorer Popup Killer0  9aiepk.exe1 00 40Another IE Popup Killer - pop-up stopper56http://www.fadsoft.com/Another%20IE%20Popup%20Killer.htm0
3 5aiepk0 10aiepk2.exe1 00 40Another IE Popup Killer - pop-up stopper56http://www.fadsoft.com/Another%20IE%20Popup%20Killer.htm0
1 3aIg0  7aIg.exe1 00 33Added by the Troj/Proxy-H trojan.56http://www.sophos.com/virusinfo/analyses/trojproxyh.html0
1 8msvchost0  7aig.exe1 00 35Added by the Troj/Aimbot-BC Trojan.58http://www.sophos.com/virusinfo/analyses/trojaimbotbc.html0
1 5Lsass0  9aight.exe1 00 36Identified as Trojan.Proxy.Agent.FB. 01
1 8aikkcrej0 12aikkcrej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112AIM reminder0 16AIM reminder.exe2 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
2 3AIM0  7aim.exe1 00142AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start - Programs 01
131Advanced Interactive Multimedia0  7aim.exe1 00 44Identified as trojan.downloader.(small).xxx. 01
1 3Aim0  7aim.exe1 00135Added by the W32/Sdbot-BFX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotbfx.html0
115aim quick start0  7Aim.exe1 00 50Added as result of a  W32/Forbot-BB worm infection57http://www.sophos.com/virusinfo/analyses/w32forbotbb.html0
121aol instant messanger0  7aim.exe1 00 26Added by the  W32/Sdbot-YT56http://www.sophos.com/virusinfo/analyses/w32sdbotyt.html0
2 3AIM0 21aim.exe -cnetwait.odl211HKEY_CU\Run0 75AOL Instant Messenger 5.9.3690, America Online, Inc.. AOL Instant Messenger39http://www.absolutestartup.com/startup/1
3 3aim0  8AIM+.exe1 00 81AIM_plus a free add-on to AOL's Instant Messenger for Windows from Big-O Software30http://www.big-o-software.com/0
127AOL Instant Messenger 7.2130 11aim9283.exe1 00133Added by the W32/Sdbot-ZF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotzf.html0
113AIM95 Startup0  9aim95.exe1 00 30Added by the  AGOBOT.AEE WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEE0
120Configuration Loader0  9aim95.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
113aimaol lptt010 10aimaol.exe1 00176Variant of the  RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113aimaol ml097e0 10aimaol.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
1 8aimb.exe0  8aimb.exe1 00129Added by the Spyware.IMSurfSentinel surveillance program.  If you did not install this on your machine then you should remove it.66http://www.sarc.com/avcenter/venc/data/spyware.imsurfsentinel.html0
1 6wkssvc0 13AIMClient.exe1 00 50Added by the W32/Tilebot-DP worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdp.html0
2 4Star0  8aime.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
313AgenteADSL_150 27AimExDll.exe AimGestA.dll 8211HKEY_LM\Run0 71Aplicación AimExDLL 1, 5, 2, 2, Telefónica I+D. Aplicación MFC AimExDLL39http://www.absolutestartup.com/startup/1
211AimingClick0 15AimingClick.exe1 00 79AimingClick from AimingTech. Web searching tool. Available via Start - Programs46http://www.aimingtech.com/aimingclick/home.htm0
110Aim Plugin0 13aimplugin.exe1 00 47Added by the W32/Guap-F instant messenger worm.54http://www.sophos.com/virusinfo/analyses/w32guapf.html0
124Aol Configuration Loader0 10aimsng.exe1 00 12Added by the38W32/Sdbot-XE WORM/IRC backdoor trojan!0
212AIMWDInstall0 16AIMWDInstall.exe1 00240Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
1 6aipndj0 10aipndj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
422D-Link Air USB Utility0 10AirCFG.exe1 00 35D-Link wireless PCI adapter related 01
418D-Link Air Utility0 10AirCFG.exe1 00 35D-Link wireless PCI adapter related 01
418D-Link Air Utility0 10AirCFG.exe1 00 72Wireless LAN Monitor 3, 1, 5, 30626, D-Link. D-Link Wireless LAN Monitor 01
1 7aircity0 11aircity.exe1 00 19Unidentified adware 01
1 8ethernet0 10airftp.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
416d-link airplus g0 11AirGCFG.exe1 00 37D-Link Airplus Wireless Router driver 01
416D-Link AirPlus G0 11AirGCFG.exe1 00 72Wireless LAN Monitor 3, 3, 1, 50329, D-Link. D-Link Wireless LAN Monitor 01
338D-Link AirPlus G Configuration Utility0 11AIRPLUS.exe122StartUp menu\All users0 57D-Link AirPlus G 1, 0, 0, 0, D-Link. WLAN Adapter Utility39http://www.absolutestartup.com/startup/1
414D-Link AirPlus0 11AirPlus.exe1 00 20WLAN Adapter Utility 01
321Media Manager Indexer0 11AIRSVCU.EXE1 00284Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database. For more information see here79http://www.cug.edu.cn/fwzn/wlzx/wlfw/vid/USINGVID/0-7897/0-7897-0762-4/ch09.htm0
3 6Ajanda0 10Ajanda.EXE111HKEY_LM\Run0 33Ajandam 2.00.0001, Akýllý Ajanda.39http://www.absolutestartup.com/startup/1
1 7ajjcgym0 11ajjcgym.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Advertising Killer0 11Akiller.exe1 00 24AKiller - pop-up stopper64http://www.buypin.com/menu.php?group=1&page=akiller&lang=english0
3 7AKiller0 11akiller.exe1 00 40BuyPin Advertising Killer - popup killer40http://sourceforge.net/projects/akiller/0
317Ardamax Keylogger0  7akl.exe1 00113Added by the Spyware.Ardakey.B keylogger. This program should be uninstalled if it was not installed by yourself.61http://www.sarc.com/avcenter/venc/data/spyware.ardakey.b.html0
133Microsoft Synchronization Manager0  6al.exe1 00 32Added by the OPTXPRO.132 TROJAN!93http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_OPTXPRO.1320
3 7ala.exe0  7ala.exe1 00117Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer33http://www.softheap.com/lock.html0
1 5alaog0  9alaog.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313Alarm Manager0 13Alarm.app.exe1 00 93Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop 01
312AlarmWatcher0 16AlarmWatcher.exe1 00 88Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. 01
3 9LaunchApp0 11Alaunch.exe1 00 35Acer Launch tool utility on laptops23http://global.acer.com/0
012alcfdmonitor0 12ALCFDRTM.EXE1 00 92RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? 01
010alcfdrtm160 14ALCFDRTM16.com1 00 92RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? 01
1 6Alchem0 10Alchem.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 6Alcmtr0 10ALCMTR.EXE1 00109Realtek AC97 Audio - Event Monitor 1.6.0.2, Realtek Semiconductor Corp.. Realtek Azalia Audio - Event Monitor 01
1 6alcmtr0 10ALCMTR.EXE1 00213Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers 01
3 7Alcohol0 11Alcohol.exe1 00 56Alcohol 120% - CD/DVD emulation/writing/copying software41http://www.alcohol-software.com/index.php0
315Alcohol Autorun0 11Alcohol.exe1 00 56Alcohol 120% - CD/DVD emulation/writing/copying software41http://www.alcohol-software.com/index.php0
2 7AlcWzrd0 11ALCWZRD.EXE1 00181RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one 01
2 7AlcWzrd0 11ALCWZRD.EXE111HKEY_LM\Run0 73ALCWZRD 1.1.0.19, RealTek Semicoductor Corp.. RealTek AlcWzrd Application39http://www.absolutestartup.com/startup/1
311AlcxMonitor0 12ALCXMNTR.EXE111HKEY_LM\Run0 93Realtek Audio - Event Monitor 1.5, Realtek Semiconductor Corp.. Realtek Audio - Event Monitor39http://www.absolutestartup.com/startup/1
111AlcxMonitor0 12Alcxmntr.exe1 00208Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers 01
312PC Alert III0  9alert.exe1 00119MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock 01
1 6Alevir0 10Alevir.exe1 00 55Added by the OPASERV.A or OPASERV.F or OPASERV.G WORMS!57http://www.sophos.com/virusinfo/analyses/w32opaserva.html0
2 5Alexa0  9Alexa.exe1 00219Alexa Toolbar &quot;is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing&quot;. Available via Start -&gt; Programs65http://download.alexa.com/alexa65/startpage.html?p=Dest_W_g_40_L10
111AlfaCleaner0 15AlfaCleaner.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
317ALFY Accellerator0 12AlfyAC~1.exe1 00  2?? 01
333Application Layer Gateway Service0  7alg.exe1 00211Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.  This can be disabled if you are not using Internet Connection Sharing or the built-in Windows firewall. 01
110AppGateway0  7alg.exe1 00 48Added by the W32/Rbot-BCB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcb.html0
133Application Layer Gateway Manager0  7alg.exe1 00 50Added by the W32/Tilebot-EU worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboteu.html0
139Windows System Service Framework (WSSF)0  7alg.exe1 00152Added by the Troj/Rootkit-AA worm and IRC backdoor. When started, this infection connects to a remote IRC server where it waits for commands to execute.59http://www.sophos.com/virusinfo/analyses/trojrootkitaa.html0
118Networking Service0  8alg2.exe1 00 48Added by the W32/Rbot-BDT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbdt.html0
124Microsoft ALG32 Protocol0  9alg32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9SystUphes0 12algesetp.exe1 00 35Added by the Troj/QQPass-AM Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassam.html0
133Application Layer Gateway Service0  8algs.exe1 00 32Added by the W32.Linkbot.M worm.74http://www.sarc.com/avcenter/venc/data/w32.linkbot.m.html#technicaldetails0
132Application Layer Gateway System0 10algsys.exe1 00 48Added by the W32/Rbot-DDF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddf.html0
1 4ALGU0  8ALGU.EXE1 00 39Added by the Troj/CWS-I Trojan dropper.54http://www.sophos.com/virusinfo/analyses/trojcwsi.html0
1 7bandook0  7ali.exe1 00 35Added by the  TROJ/EXEMAS-B TROJAN!57http://www.sophos.com/virusinfo/analyses/trojexemasb.html0
225Alias SketchBook Snapshot0 12ALIASS~2.EXE1 00 43Screen-capture utility for Alias Sketchbook 01
319SketchBook Snapshot0 19AliasSketchSnap.exe122StartUp menu\All users0 68Alias SketchBook Pro 1.0.3, Alias Systems. Alias SketchBook Snapshot39http://www.absolutestartup.com/startup/1
115[Various Names]0 11AliceSD.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
133Microsoft Synchronization Manager0  9alien.exe1 00133Added by the W32/Sdbot-MV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmv.html0
4 6AliIde0 10aliide.sys1 00 54ALi mini IDE Driver provided by Acer Laboratories Inc. 01
4 9ALiSndMgr0 12ALiSndMg.exe1 00 21ALi AC97 Sound driver 01
1 8BootsCfg0 15All Users.vbs %2 00 47Added by the VBS.Spiltron@mm mass-mailing worm.93http://securityresponse.symantec.com/avcenter/venc/data/vbs.spiltron@mm.html#technicaldetails0
2 9allercalc0 13AllerCalc.exe1 00128AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually.38http://www.allersoft.com/allercalc.htm0
3 7allSnap0 11allSnap.exe1 00140allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop48http://members.rogers.com/ivanheckman/index.html0
213AllTracksGone0 17alltracksgone.exe1 00471AllTracksGone lets you clear your tracks.  It deletes files stored on your computer.  For example, the web pages you've visited are stored in your URL History.  Images you've seen on your computer are stored in a cache file.  There are many other files that AllTracksGone can "clean".   From one simple interface, you can have AllTracksGone clear your computer of unnecessary files on a regular basis. Normally located in C:\Program Files\AllTracksGone\alltracksgone.exe.28http://www.alltracksgone.com0
021AOL Instant Messenger0  7AlM.EXE1 00 99That is an L between the A and M, the start up location is wrong for AIM. What does this relate to? 01
319AcerNotebookManager0 13almxptray.exe1 00 82System Tray access on some Acer Notebooks to give faster access to system settings 01
319AcerNotebookManager0 13almxptray.exe111HKEY_LM\Run0 122.0.6, Acer.39http://www.absolutestartup.com/startup/1
3 8Alogserv0 12Alogserv.exe1 00372From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up 01
3 6alpass0 10ALPass.exe1 00 23ALPass password manager44http://www.altools.net/Default.aspx?tabid=620
120alogrithm link queue0  7alq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
4 7Alerter0 10alrsvc.dll1 00125This service is used to notify selected computers and users of alerts from programs.  This service is started by svchost.exe. 01
0 6ALServ0 10ALServ.exe1 00 34Altec Lansing AMS speaker related. 01
3 5AISys0  9alsys.exe1 00128Added by the Spyware.ActivityLog surveillance software.  This program should be uninstalled if it was not installed by yourself.63http://www.sarc.com/avcenter/venc/data/spyware.activitylog.html0
112alexatoolbar0  7alt.exe1 00 51Reported as Hijacker.Delf.eb by ewido anti-malware. 01
314AltoMB_service0 13AltoMBsrv.exe1 00125Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management28http://www.altosoftware.com/0
111altpayments0 15AltPayments.exe1 00 45Reported by  Symantec as Adware.WeirdOnTheWeb81http://securityresponse.symantec.com/avcenter/venc/data/adware.weirdontheweb.html0
120notification utility0 12altpayV2.exe1 00 51Reported by  Ewido_Security_Suite as Adware.WeirWeb24http://www.ewido.net/en/0
216ASUS Live Update0  7ALU.exe1 00 49ALU Application 1, 0, 0, 1, . ALU MFC Application 01
216asus live update0  7ALU.exe1 00 50ASUS Live Update utility - reportedly not required 01
3 8ALUAlert0 13ALUNotify.exe1 00116Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis 01
316AlwaysOnTopMaker0 20AlwaysOnTopMaker.exe1 00120Always On Top Maker - utilty to enable an application to always be displayed &quot;on top&quot; of others on the desktop43http://www.fadsoft.com/AlwaysOnTopMaker.htm0
217Action Manager 320  8AM32.exe1 00 142, 60, 0, 0, . 01
217Action Manager 320  8am32.exe1 00136Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -&gt; Programs 01
310CA-AMAgent0 11amagent.exe1 00355Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting47http://www3.ca.com/Solutions/Product.asp?ID=1940
111AmazingTens0 15AmazingTens.exe1 00 34Premium rate adult content dialler 01
314intelapmclient0 12amclient.exe1 00 45LANDesk  Management_Suite software component.37http://www.landesk.com/Products/LDMS/0
1 4Aaou0  8amee.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
410[not used]0 10aminit.dll1 00 60Used by the Altiris® Application Metering Solution software.52http://www.altiris.com/products/applicationmetering/0
4 4Amon0  8AMON.EXE1 00 45Monitoring part of Eset's NOD32 virus-scanner34http://www.nod32.com/home/home.htm0
4 8Amonitor0  8amon.exe1 00 22Tiny Personal Firewall44http://www.tinysoftware.com/home/tiny2?la=EN0
310WheelMouse0 12AMOUMAIN.EXE1 00 99A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features46http://www.a4tech.com/a4techenglish/index.html0
310WheelMouse0 12Amoumain.exe111HKEY_LM\Run0 67A4Tech iWheelWorks Mouse Driver 7.46.0.0, A4Tech Co.,Ltd.. Amoumain39http://www.absolutestartup.com/startup/1
122accessmedia p2p loader0 10amp2pl.exe1 00 51My AccessMedia toolbar related,  stealth installed! 01
4 6amsint0 10amsint.sys1 00 42AMD SCSI/NET Controller Added by Microsoft 01
3 4amsn0  8amsn.exe1 00 41aMSN P2P client - can be started manually55http://amsn.sourceforge.net/modules.php?name=About_Amsn0
3 4AMSN0  8amsn.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
117lnternet Explorer0 12AMSNDMGR.EXE1 00 90Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I"84http://http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html0
113Clock_Manager0 10amsngr.exe1 00 79Added by the A href="http://www.sophos.com/virusinfo/analyses/trojsdbotxm.html"39Troj/Sdbot-XM WORM/IRC backdoor trojan!0
115winsock2 driver0 11AMSNMGR.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
113WinDynManager0 11amsnmsg.exe1 00121Added by the W32/Sdbot-IA worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotia.html0
111msn service0 13amsnmsgrs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 5amuvd0  9amuvd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5amxph0  9amxph.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4amyi0  8amyi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113Bar Ding lolt0 10Analiz.exe1 00 26Added by the RBOT-RP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrp.html0
212Utopia Angel0  9Angel.exe1 00 37Calculator for the online Utopia game31http://games.swirve.com/utopia/0
1 7ISEXEng0 11angelex.exe1 00173This file is associated with adware. It is known to download and install other spware and adware on to your computer. This service should definitely be stopped and disabled. 01
1 8animalss0 12animalss.exe1 00 49Added by the W32/Agobot-VE worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotve.html0
242Animated Weather Satellite and Radar v2.1a0 38Animated Satellite and Radar v2.1a.exe225StartUp menu\Current user0 45DesktopX Widget 1, 0, 0, 1, . DesktopX Widget39http://www.absolutestartup.com/startup/1
1 4Xuab0 11anlmdox.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
013AnnotateCheck0 12AnnCheck.exe1 00 40Genius Wizard Pen Tablet driver related. 01
213Announcements0 12Annclist.exe1 00163MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
231Microsoft Announcement Listener0 12Annclist.exe1 00  0 01
2 7Anntext0 11Anntext.exe1 00 39Caere Pagekeeper text annotation server 01
324anonymizer_spywarekiller0 19AnonAntiSpyware.exe1 00 36Anonymizer Spyware Killer; see  here40http://www.anonymizer.com/spywarekiller/0
327Trace ZapperAnonymousServer0 12AnonSurf.exe111HKEY_LM\Run0 88Trace Zapper Anonymous Surfer 3, 0, 0, 2, TraceZapper.com. Trace Zapper Anonymous Surfer39http://www.absolutestartup.com/startup/1
327anonymizer total net shield0 11AnonTns.exe1 00 28Anonymizer  Total_Net_Shield117http://www0
111Will I Ever0 10anqbse.exe1 00 12Added by the38W32/Sdbot-TK WORM/IRC backdoor trojan!0
1 5avqra0 10anqmfn.exe1 00153Added by the Troj/Sdbot-BV backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotbv.html0
2151-Click Answers0 11answers.exe122StartUp menu\All users0 67Answers 1.0 (build 84), GuruNet Corporation. 1-Click Answers Client39http://www.absolutestartup.com/startup/1
1 9HideStyle0 21Ante Browse Trust.exe2 00123IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files 01
1 5virus0  8Anti.exe1 00 35Added by the  WIN32.SEENBOT.O WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=421850
1 9Yahoo20000  8Anti.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9anti_troj0 13anti_troj.exe1 00 36Added by the Troj/BagleDl-AH Trojan.59http://www.sophos.com/virusinfo/analyses/trojbagledlah.html0
117auto__antiav__key0 14antiav_exe.exe1 00 98Added by the Troj/BagleDl-AA Trojan.  This infection also creates the file %System%antiav_dll.dll.59http://www.sophos.com/virusinfo/analyses/trojbagledlaa.html0
4 9AntiCrash0 13AntiCrash.exe1 00 92Programs that stays resident in memory and attempts to stop your applications from crashing. 01
411!!!AntiHook0 12AntiHook.exe1 00 52Installed by the AntiHook malware protection system.42http://www.infoprocess.com.au/AntiHook.php0
320Anti-keylogger check0 11antikey.exe1 00 79Anti-keylogger - protects against keylogger programs monitoring your keystrokes31http://www.anti-keyloggers.com/0
318Anti-keylogger 6.00 27Anti-keylogger.exe /autorun211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
320AntiWindowsMessenger0 13AntiMsMsg.exe1 00111Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory49http://fileforum.betanews.com/detail/1069500643/10
3 9AntiPopUp0 13AntiPopUp.exe1 00 33AntiPopUp for IE - pop-up stopper38http://www.webknacks.com/antipopup.htm0
112AntiSpam Pro0 15AntiSpamPro.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 5ppass0 11Antispy.exe1 00162AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"59http://www.antivirus-program.com/antivirus_program/antispy/0
111microsoft640  9antiv.exe1 00 24Added by the SOBER WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html0
1 3Zi50 20AntiVirus Update.exe2 00 46Added by the W32.Erkez.G@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.erkez.g@mm.html#technicaldetails0
320Anti-Spyware Blocker0 14Anti-Virus.exe122StartUp menu\All users0 42AntiVirus 1, 0, 0, 1, AntiVirus. AntiVirus39http://www.absolutestartup.com/startup/1
120anti-spyware blocker0 14Anti-Virus.exe1 00191Anti-Spyware Blocker by  Your-Soft , bogus "Spyware remover" - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "anti-spyware blocker"25http://www.your-soft.com/0
116AntiVirus Update0 13AntiVirus.exe1 00143Added by the W32/Rbot-HY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothy.html0
113AntiVirus.exe0 13AntiVirus.exe1 00143Added by the Troj/Banker-CAA banking Trojan.  If you are infected with this Trojan it is advised that you change your online banking passwords.59http://www.sophos.com/virusinfo/analyses/trojbankercaa.html0
111antivirus320 13antivirus.exe1 00173html" target=_blankSPYBOT.KAI networm worm.  This worm infects other computer through file sharing networks and connects to an IRC server where it waits for remote commands. 01
2 9Eac_rnvdl0 21ANTIVIRUS_INSTALL.EXE1 00  2?? 01
111antivirus320 15antivirus32.exe1 00 39Added by the W32.Opanki.P network worm.73http://www.sarc.com/avcenter/venc/data/w32.opanki.p.html#technicaldetails0
127Windows Anti-Virus Built 320 15AntiVirus32.exe1 00 27Added by the SDBOT-BG WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotbg.html0
113antivirusgold0 17AntivirusGold.exe1 00 73Malware masquerading as an antivirus - also installs the  Winnook TROJAN!69http://www.bleepingcomputer.com/startups/intel_system_tool-10422.html0
4 5AnVir0  9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
418AnVir Task Manager0  9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
3 8anvshell0 12anvshell.exe1 00194System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel - Display Properties - Advanced as well as the System Tray shortcuts toolbar 01
3 8anvshell0 12anvshell.exe111HKEY_LM\Run0 81ASUS nVidia Series Shell 1.00.00, AsusTeK Computer Inc.. ASUS nVidia Series Shell39http://www.absolutestartup.com/startup/1
113NvCplDaemon320 14anvshell32.exe1 00 31Added by the Troj/VB-XU trojan.54http://www.sophos.com/virusinfo/analyses/trojvbxu.html0
3 6AnyDVD0 10AnyDVD.exe1 00193AnyDVD is a driver, which descrambles DVD-Movies automatically in the background. This DVD appears unprotected and region code free for all applications and the Windows operating system as well37http://www.slysoft.com/en/anydvd.html0
1 5aoacn0  9aoacn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 4ugon0 12aockstrs.exe1 00  2?? 01
2 4Lcer0  8aoco.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5aogsd0  9aogsd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121AOL Instant Messengar0  7aol.exe1 00 12Added by the39W32/Agobot-FN worm/IRC backdoor trojan.0
214AOL Fast Start0 10AOL.EXE -b2 00154This allows AOL to load in the background when your computer starts.  This make the program launch quicker when you want to use it, but uses up resources. 01
214AOL Fast Start0 10AOL.EXE -b211HKEY_CU\Run0 61America Online 9.02.000, America Online, Inc.. America Online39http://www.absolutestartup.com/startup/1
124Microsoft AOL32 Protocol0  9aol32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
413AolAcsDaemon10 11AOLACSD.EXE1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
117AOL 9.0 Optimized0 13AOLCLIENT.EXE1 00 82Added by the Backdoor.Spyboter.A Trojan!  File found in the Windows system folder.66http://www.sarc.com/avcenter/venc/data/pf/backdoor.spyboter.a.html0
2 9AOLDialer0 11AOLDial.exe1 00 69AOL ISP software dialer - can be activated through a desktop shortcut 01
2 9AOLDialer0 11AOLDial.exe111HKEY_LM\Run0 81AOL Connectivity Service 3.0.0.1, America Online. AOL Connectivity Service Dialer39http://www.absolutestartup.com/startup/1
2 6AolFix0 10AolFix.exe1 00211Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL&nbsp; to run correctly. Not seen much any more and should only run once 01
125Aol Instant Messenger Fix0 10aolfix.exe1 00134Added by the W32/Sdbot-ABJ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotabj.html0
011HostManager0 18AOLHostManager.exe1 00 41In a Program FilesCommon FilesAOL folder. 01
311HostManager0 18AOLHostManager.exe111HKEY_LM\Run0 75AOL Service Libraries 1.0.0.6, America Online, Inc.. AOLHostManager Service39http://www.absolutestartup.com/startup/1
121aol instant messenger0 10aolmsg.exe1 00 29Added by  W32.Kelvir.AL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.al.html0
113AOL Messenger0 12aolmsngr.exe1 00 27Added by the SDBOT-JF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotjf.html0
118aol services hosts0 20aolserviceshosts.exe1 00 40Added by an unidentified WORM or TROJAN! 01
111AolSoftware0 15aolsoftware.exe1 00 50Added by the W32/Tilebot-CL worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcl.html0
322AOL Spyware Protection0 19AOLSP Scheduler.exe2 00 32AOL's spyware protection program 01
322AOL Spyware Protection0 19AOLSP Scheduler.exe211HKEY_LM\Run0 46AOLSP Scheduler 1, 0, 0, 78, . AOLSP Scheduler39http://www.absolutestartup.com/startup/1
119AOLSPYWAREREMOVER320 23AOLSPYWARECLEANER32.EXE1 00 49Added by the W32/Spybot-HJ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32spybothj.html0
228America Online *.* Tray Icon0 11aoltray.exe1 00126Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -&gt; Programs 01
228America Online 9.0 Tray Icon0 18aoltray.exe -check222StartUp menu\All users0 60America Online 9.00.001, America Online, Inc.. AOL Tray Icon39http://www.absolutestartup.com/startup/1
420AOL TopSpeed Monitor0 12aoltsmon.exe1 00183This program is used by AOL's web acceleration technology which supposedly helps to make web browsing faster.  This is most important for those users who still access AOL via dial-up. 01
3 8ccWasher0 13aolwasher.exe1 00200Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL 01
1 6Aornum0 10aornum.exe1 00107Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware79http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf0
1 8aosrfmkr0 12aosrfmkr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7AO Tray0 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
2 6AOTray0 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
1 8aoyssrll0 12aoyssrll.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ap9h4qmo0 12ap9h4qmo.exe111HKEY_LM\Run0 134, 0, 0, 4, .39http://www.absolutestartup.com/startup/1
4 6Apache0 10apache.exe1 00 93This is the Apache Web Server.  If this is running on your machine, you should know about it.21http://www.apache.org0
322Monitor Apache Servers0 17ApacheMonitor.exe1 00125Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start - Programs 01
4 8apc_tray0 12apc_tray.exe1 00124Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure 01
1 6apd1230 10APD123.exe1 00 47Added by the Troj/Dloadr-JT downloading Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrjt.html0
222adobe photo downloader0 12apdproxy.exe1 00 89From  Adobe_Photoshop_Album not to be terminated unless suspected to be causing problems.21http://www.adobe.com/0
1 5API320  9api32.exe1 00 29Added by the IRCBOT-B TROJAN!57http://www.sophos.com/virusinfo/analyses/trojircbotb.html0
1 6APIMon0 11apimonx.exe1 00 40Added by the TIBSER.A downloader TROJAN! 01
110apisvc.exe0 10apisvc.exe1 00 42Added by a variant of the  Lamebot TROJAN!43http://vil.nai.com/vil/content/v_116121.htm0
124Windows API Control Task0 12apitsk32.exe1 00153Added by the W32.Mytob.HI@mm worm. When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.76http://www.sarc.com/avcenter/venc/data/w32.mytob.hi@mm.html#technicaldetails0
3 3apl0  7APL.exe1 00 20Sage_Software's_ACT!51http://itdomino.act.com/act.nsf/docid/20041291011280
0 8Apmsrv9x0 12APMSRV9X.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 9AlpsPoint0 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
3 6Apoint0 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
3 6Apoint0 10Apoint.exe111HKEY_LM\Run0 91Alps Pointing-device Driver 6.0.2.180, Alps Electric Co., Ltd.. Alps Pointing-device Driver39http://www.absolutestartup.com/startup/1
1 5Prein0 38APP****.tmp [* = random char or digit]2 00 19Unidentified adware 01
120[executed file name]0  7App.exe1 00 25Added by the WAXPOW WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.waxpow.worm.html0
1 5Prein0  9app4F.tmp111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114ApPache System0 11ApPache.exe1 00 49An RBot WORM/IRC backdoor variant adds this file.55http://www.sophos.com/virusinfo/analyses/w32rbotyp.html0
113micro process0 11appconf.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7appconn0 11appconn.exe1 00 25Added by the CARGAO WORM!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.cargao.html0
115security center0 14AppControl.exe1 00 23Added by the  SDBOT.CFT86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CFT&VSect=T0
311AppExtender0 12AppExtCB.exe1 00100Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received67http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f0
113Configuration0 11apphost.exe1 00 38Added by W32/Sdbot-VP, a network WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotvp.html0
1 9appis.exe0  9appis.exe1 00 29Added by the AGENT-BC TROJAN!68http://pestpatrol.com/PestInfo/t/trojandownloader_win32_agent_bc.asp0
221Shortcut to AppleDock0 13AppleDock.exe122StartUp menu\All users0 30Y'z Dock 0, 8, 3, 0, Y'z@Home.39http://www.absolutestartup.com/startup/1
138{64ba30a2-811a-4597-b0af-d551128be340}0 11appmagr.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{64ba30a2-811a-4597-b0af-d551128be340}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
115[Various Names]0 19AppMasterCenter.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 7AppMgmt0 11appmgmt.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
3 7AppPlus0 11AppPlus.exe1 00249AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"29http://www.appplusonline.com/0
3 9atspooler0 13AppsTraka.exe1 00 88AppsTraka keystroke logger/monitoring program - remove unless you installed it yourself!68http://www.symantec.com/avcenter/venc/data/spyware.desktopscout.html0
1 5appuq0  9appuq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123AutoLoaderAproposClient0 11aprload.exe1 00 37Added by the Spyware.Apropos spyware.59http://www.sarc.com/avcenter/venc/data/spyware.apropos.html0
123Autoloaderaproposclient0 25Apropos_Client_Loader.exe1 00 19AproposMedia adware45http://doxdesk.com/parasite/AproposMedia.html0
014ENSApServer2_00 12APSERVER.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 8AEZBProc0 11aptezbp.exe1 00203IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions 01
4 5Apvxd0 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 8Apvxdwin0 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 8APVXDWIN0 15APVXDWIN.EXE /s211HKEY_LM\Run0 73Panda Antivirus Aplication 4.12.3, Panda Software International. ApVxdWin39http://www.absolutestartup.com/startup/1
4 7Apwheel0 11Apwheel.exe1 00 32Wheel support for an Alps mouse  01
1 6apycxt0 10apycxt.exe1 00 21Unidentified malware! 01
116aq3helperstartup0 12AQ3HEL~1.EXE1 00 76ScreenScenes "Aquatica Water Worlds"  screensaver.  Comes with  GAIN spyware21Aquatica Water Worlds0
1 7aqadcup0 11aqadcup.exe1 00 22Backdoor.Agent.bg worm71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
111aqadcup.exe0 11aqadcup.exe1 00 27Added by the AGENT.BG WORM!71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
1 4aqhm0  8aqhm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7epixowu0 13aqiyutyvo.exe1 00128Added by the W32/Sdbot-UG worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotug.html0
1 6aqkqmd0 10aqkqmd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Ubg0  7Aql.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7aqmxhqv0 11aqmxhqv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Aqujyjax0 12aqujyjax.exe1 00 12Added by the117W32/Sdbot-0
1 7Archive0 11archive.exe1 00 29Added by the Troj-Dloader-GH.59http://www.sophos.com/virusinfo/analyses/trojdloadergh.html0
323shortcut to email saver0 12archiver.exe125StartUp menu\Current user0 85Outlook Express Email Saver 5.01.0055, MazePath Software. Outlook Express Archive Pro39http://www.absolutestartup.com/startup/1
2 4ares0  8ares.exe1 00246Ares is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
2 4ares0 11Ares.exe -h2 00 50Ares for windows 1.9, Ares Development Group. Ares 01
2 8areslite0 12AresLite.exe1 00259Ares Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
1 3Bmq0  7Ari.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
123Network Control Manager0  9aries.sys1 00 34Added by the Sony/XCP DRM Rootkit.54http://www.bleepingcomputer.com/forums/topic34904.html0
1 7Aritima0 11aritima.exe1 00 25Added by the ARITIM WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.aritim.html0
219Access Ramp Monitor0 11armon32.exe1 00433Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again 01
220AccessRamp Monitor010 12ARMon32a.exe1 00681From a visitor &quot;Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service.&quot; 01
2 9armor2net0 13Armor2net.exe1 00190Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is considered a rogue anti-spyware app, not recommended see  here52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
118Shedule Connection0 11arpo412.exe1 00101Added by the W32/PPdoor-R worm.  This worms spreads via network shares protected with weak passwords.56http://www.sophos.com/virusinfo/analyses/w32ppdoorr.html0
110MS-Connect0  7arr.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
1 9MS-RunKey0  7arr.exe1 00 27MS-Connect dialler/hijacker 01
124windows security service0  9arrdt.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Win320 11arsetup.exe1 00 36Added by the WIN32.SPAZBOX.A TROJAN! 01
115Windows Monitor0 11arsetup.exe1 00  0 01
3 6ArsSGO0 10ArsSGO.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 6Artera0 12arteraui.exe1 00132Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance27http://www.arteraturbo.com/0
112AdRoarUpdate0 12ARUpdate.exe1 00 21AdRoar adware updater74http://securityresponse.symantec.com/avcenter/venc/data/adware.adroar.html0
215AccessRampLAN010 12ARUpld32.exe1 00683Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 01
1 4arvx0  8arvx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5aryli0  9aryli.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311activespeed0  6AS.exe1 00 41Ascentive  ActiveSpeed Internet Optimizer98http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html0
311ActiveSpeed0  9AS.exe -b2 00 49ActiveSpeed 3.01.0392, Ascentive LLC. ActiveSpeed 01
011gear511.exe0 12AS00_Gear5111 00245Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. is it at all required? 01
4 3asc0  7asc.sys1 00 73AdvanSys SCSI Controller Driver created by Advanced System Products, Inc. 01
4 8asc3350p0 12asc3350p.sys1 00 45Added by Microsoft, AdvanSys SCSI Card Driver 01
4 7asc35500 11asc3550.sys1 00 39SCSI host adapter provided by Microsoft 01
116Microsoft Update0  9ascdl.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
120Configurations Asclt0  9asclt.exe1 00133Added by the W32/Sdbot-MX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmx.html0
1 9REMOVE ME0  9asclt.exe1 00135Added by the W32/Randex-FC worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32randexfc.html0
128Windows Configuration Loader0  9asclt.exe1 00134Added by the W32/Sdbot-OA worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoa.html0
116LoadPowerProfile0 10ASDAPI.EXE1 00130Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cabro.html0
213ASE Scheduler0 17ASE Scheduler.exe2 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
233aluria\&#039;s spyware eliminator0  7ASE.exe1 00176Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see  here and  here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
228aluria\'s spyware eliminator0  7ASE.exe1 00176Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see  here and  here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
312allseeingeye0  7ase.exe1 00238All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions."34http://www.fortego.com/en/ase.html0
3 8RunAlert0 12AService.exe1 00199a target="_blank" href="http://www.msi.com.tw/program/products/pro_index.php"MSI MOtherboard PC Alert III - MSI motherboard monitoring software. Only required if you &quot;overclock&quot; your system 01
315Spyware Scanner0 14AseScanner.exe1 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
124(random 12 digit number)0 12asferror.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 6msnmsg0  9asgag.exe1 00 57Adware trojan - probably  CoolWebSearch parasite related.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
133Microsoft Synchronization Manager0 10asgard.exe1 00 27Added by the SDBOT.PH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PH0
4 8ashAvast0 12ashAvast.exe1 00 24Part of  Avast antivirus21http://www.avast.com/0
4 6avast!0 11ashDisp.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
4 6avast!0 11ashDisp.exe111HKEY_LM\Run0 59avast! Antivirus 4, 6, 0, 0, . avast! service GUI component39http://www.absolutestartup.com/startup/1
1 5ASHLT0  9Ashlt.exe1 00 35Adware - leads back to an ad server 01
4 8ashMaiSv0 12ashmaisv.exe1 00 51Part of Avast! anti-virus software - E-mail scanner35http://www.alwil.com/en/default.asp0
4 6Avast!0 11ashserv.exe1 00 26Avast! anti-virus software35http://www.alwil.com/en/default.asp0
418avast! Web Scanner0 12Ashwebsv.exe1 00 16Avast! antivirus42http://www.avast.com/eng/avast_4_home.html0
122windows task scheduler0 11asijdie.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 5load=0 11asistat.exe1 00 45Status monitor for an NEC SuperScript printer 01
3 3ASK0  7ASK.dll1 00126Added by the Spyware.StealthKeylog surveillance software.  If this program was not installed by yourself you should remove it.65http://www.sarc.com/avcenter/venc/data/spyware.stealthkeylog.html0
1 3asl0  9Aslru.exe1 00 53Added by the Troj/Bancos-CU password-stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbancoscu.html0
324Absolute StartUp monitor0  9ASMon.exe1 00 56Absolute Startup - startup monitor from F-Group Software42http://www.fgroupsoft.com/Absolutestartup/0
324Absolute StartUp monitor0  9ASMon.exe111HKEY_LM\Run0 79Absolute Startup Monitor 4, 1, 0, 1, F-Group Software. Absolute StartUp monitor39http://www.absolutestartup.com/startup/1
113ASNFTP daemon0 11AsnFtpd.exe1 00134Added by the W32/Tilebot-AX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotax.html0
211Vortex Tray0 12asp4setp.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12asp4setp.exe1 00  0 01
2 8asp4tray0 12asp4tray.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12asp4tray.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel 01
110nvsv32.exe0 11asr_fnt.exe1 00 30Added by the  WOOTBOT.GE WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GE&VSect=P0
2 8assdll320 12assdll32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
218ExciteAssistantEXE0 13ASSISTANT.EXE1 00160With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open 01
110[not used]0 12assistse.exe1 00 33Added by the Troj/Bravo-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojbravoc.html0
1 8assistse0 12ASSISTSE.EXE1 00 33CnsMin (Chinese_Keywords) related47http://www.pestpatrol.com/PestInfo/C/CnsMin.asp0
1 8assistse0 12assistse.exe111HKEY_LM\Run0 52yahoo AssistSetting 1, 0, 0, 3, yahoo. AssistSetting39http://www.absolutestartup.com/startup/1
110[not used]0 14assistseex.exe1 00 35Added by the Troj/LegMir-BW Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirbw.html0
110Associates0 14Associates.exe1 00 85Added by the Troj/Lineage-BT information stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagebt.html0
1 3AST0  3AST1 00 48Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS! 01
1 3ast0  7AST.exe1 00 20AutoStarter parasite44http://doxdesk.com/parasite/AutoStartup.html0
1 6AStart0  6AStart1 00 26Added by the VB.AH TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530683220
3 6ASTART0 10astart.exe1 00149ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
316ASUS TweakEnable0 10astart.exe1 00130Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
4 7Avast320 12Astart32.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
2 6asTray0 10Astray.exe1 00113Voyetra Audio Station - part of Voyetra's  Ultimate MP3 &amp; CD Manager. MP3 and digital music jukebox/organizer42http://www.voyetra.com/site/products/ump3/0
2 5Astro0  9Astro.exe1 00 48Checks for updates to Quicken on a system reboot 01
314Quick Controls0 16Astrotoolbar.exe1 00 49Gateway Astro Screen and Sound Controls tray icon 01
1 4asus0  8asus.exe1 00337Added by the W32/Rbot-OC trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers. This infections logs your keystrokes to a file in your %System% folder called msreg.dll.55http://www.sophos.com/virusinfo/analyses/w32rbotoc.html0
124Asus Motherboard Utility0  8asus.exe1 00 50Added by the W32/Tilebot-ET worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotet.html0
210ASUS Probe0 12AsusProb.exe1 00100ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area 01
111asvhost.exe0 11asvhost.exe1 00 36Added by the  Troj/Icedoor-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojicedoora.html0
211AutoSpell 50 12ASWATC32.EXE1 00 25AutoSpell - spell checker28http://www.spellchecker.com/0
2 5ASWDP0  9ASWDP.exe1 00141MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market51http://www.stevejacksonre.com/mls_pulse_sign_up.htm0
1 5ASWnk0  9aswnk.exe1 00 21Adult content dialler 01
310ActiveTime0 12AT.exe -m -b211HKEY_CU\Run0 36ActiveTime 4.00.0037, Ascentive LLC.39http://www.absolutestartup.com/startup/1
1 8atapidrv0 12atapidrv.exe1 00122Added by the W32/Spybot-SL worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32agobotsl.html0
1 5ATAPl0  9ATAPl.EXE1 00 23Added by W32/Agobot-RH.57http://www.sophos.com/virusinfo/analyses/w32agobotrh.html0
214Atari Launcher0 14Atari icon.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
324The Easy Bee&#039;s Hive0 12ATCEgSvr.exe1 00183The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence 01
319The Easy Bee's Hive0 12ATCEgSvr.exe1 00183The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence 01
312MicroDialler0 14atdialler1.exe1 00115Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered65https://www.freeserve.com/time/anytimereg/migration/?redirect=int0
1 7igamatu0 11atecaca.exe1 00 28Added by the  IRCBOT.R WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.R&VSect=P0
3 5Athan0  9Athan.exe1 00112Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world61http://www.islamasoft.co.uk/products/athan/athansoftware.html0
212@Hoc Toolbar0  9AtHoc.exe1 00 86One-click activated browsing toolbar used by various web-sites. See here for more info62http://siliconvalley.internet.com/news/article.php/3531_4799510
223Switchboard.com Toolbar0  9AtHoc.exe1 00 75Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com27http://www.switchboard.com/0
3 6AtiCwd0 12Ati2cwad.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 12Ati2cwad.exe1 00  0 01
3 8Ati2cwxx0 12Ati2cwxx.exe1 00134For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it  01
3 8atipolab0 12ati2evae.exe1 00 92ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks 01
3 8ATIPOLAB0 12ati2evxx.exe1 00204ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
3 7ATIPOLL0 12ati2evxx.exe1 00204ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
2 8Ati2mdxx0 12Ati2mdxx.exe1 00 64For ATI video cards. System Tray access to display mode changing 01
313ATIModeChange0 12Ati2mdxx.exe1 00 89System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager 01
313ATIModeChange0 12Ati2mdxx.exe111HKEY_LM\Run0 70ATI 2D Component 4.13.3, ATI Technologies, Inc.. ATI 2D Mode component39http://www.absolutestartup.com/startup/1
3 6AtiPTA0 12Ati2ptxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA0 12Ati2ptxx.exe1 00  0 01
3 8atiptaxx0 12Ati2ptxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings 01
3 8ATISmart0 12ati2s9ag.exe1 00160ATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings 9SMARTGART0
4 9ATI Smart0 12ati2sgag.exe1 00273This Windows service is used at system boot up to check for system compatability and stability issues for ATI video cards. Also responsible for setting the AGP settings the video card will use.  Unless this is causing a problem we recommend you leave this set as automatic. 01
116ATI VIDEO REGKEY0 11ati2vid.exe1 00 27Added by the SDBOT.UR WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR0
1 7rxres320 11ati2vid.exe1 00143Added by the W32/Rbot-FL trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotfl.html0
118Motherboard Config0 11Ati2xxx.exe1 00133Added by the W32/Rbot-AIK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaik.html0
112aticpaxx.exe0 12aticpaxx.exe1 00102A WORM/backdoor Trojan, W32/Rbot-XP will add this, and open the PC to attack by way of an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxp.html0
3 6AtiCwd0 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 6AtiCwd0 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
113AtiDisplayDrv0 12atidrvxx.exe1 00 66Added by the W32/Rbot-VZ Worm! Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotvz.html0
216ATI DeviceDetect0 11ATIDtct.EXE1 00 91Utility meant for future use of the ATI TV WONDER™ USB 2.0 video driver and can be disabled 01
223ATI GART Set-up Utility0 11Atigart.exe1 00169Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed 01
2 6AtiKey0 12AtiKey32.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8atipatxx0 12atipatxx.exe1 00 12Added by the21Troj/Small-ED TROJAN!0
117Ati Control Panel0 12atiphexx.EXE1 00144Added by the W32/Rbot-BR trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotbr.html0
1 9aticpanel0 12atiphexx.exe1 00 46Added as result of a  AGOBOT.IL worm infection78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.IL0
3 6AtiPTA0 12Atiptaxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA0 12Atiptaxx.exe1 00  0 01
3 8atiptaxx0 12Atiptaxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 6ATIPTA0 12atiptaxx.exe111HKEY_LM\Run0 85ATI Desktop Component 6.14.10.4029, ATI Technologies, Inc.. ATI Desktop Control Panel39http://www.absolutestartup.com/startup/1
1 8atiptext0 12atiptext.exe1 00 12Added by the39Troj/Cosiam-A, a proxy TROJAN/backdoor.0
0 6AtiKey0 12atiptkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8epovohot0 10atiqik.exe1 00128Added by the W32/Sdbot-UV worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuv.html0
3 8AtiQiPcl0 12AtiQiPcl.exe1 00119Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's 01
1 6System0  9Atira.exe1 00 26Added by the KOTIRA VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.kotira.html0
114ati rage3d pro0 16AtiRage4dPro.exe1 00 33Added by the  W32/AGOBOT-OG WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotog.html0
418ATI Remote Control0  9ATIRW.exe1 00132Driver for the ATI REMOTE WONDER™ RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it44http://www.ati.com/products/home-office.html0
213ATI Scheduler0 12Atisched.exe1 00305Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -&gt; Programs -&gt; Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see 01
213ATI Scheduler0 12ATISched.EXE111HKEY_CU\Run0 64ATI Multimedia Center 9.02, ATI Technologies Inc.. ATI Scheduler39http://www.absolutestartup.com/startup/1
229ATI Task Application (Atikey)0 11Atitask.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8anything0 10ATITAX.exe1 00121Added by the W32/Forbot-DP worm.  This infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotdp.html0
220ATI Task Application0 11Atitkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
3 7atitray0 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
312AtiTrayTools0 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
124[random 12 digit number]0 12atitvo32.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 9atiupdate0 14ATIUPDATE5.EXE1 00 30Added by the DEBESKI.A TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DEBESKI.A0
1 8atiupdpl0 12atiupdpl.exe1 00 36Added by the  TROJ_SMALL.AOS TROJAN!107http://ae0
110ATIUpdater0 12atiupdxx.exe1 00125Added by the W32/Rbot-ABX. This infection connects to an IRC server on startup where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotabx.html0
1 8ativopen0 12ativopen.exe1 00 34Premium rate adult content dialler 01
3 6ATIX100 10atix10.exe1 00 46ATI Remote Wonder - PC wireless remote control44http://www.ati.com/products/pc/remotewonder/0
3 9Regx10EXE0 10atix10.exe1 00 46ATI Remote Wonder - PC wireless remote control44http://www.ati.com/products/pc/remotewonder/0
115[Various Names]0 14atl_helper.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110atlcontrol0 15atlcontrole.exe1 00 38Added by the Adware.Atlcontrol adware.61http://www.sarc.com/avcenter/venc/data/adware.atlcontrol.html0
115[Various Names]0 15ATLIEHELPER.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
219microAttuneDownload0 12atmdlusr.exe1 00 64USR (US Robotics) modem auto updater. May be a sub-set of Attune 01
110AveoAttune0 12atmdlusr.exe1 00 48Spyware - part of an automated helpdesk software 01
1 7eventss0 10atmpvc.dll1 00 45Identified as Trojan-Downloader.Win32.Delf.lh 01
321Miramar Systems, Inc.0  9atmsg.exe1 00 34Miramar PC/Mac networking software 01
2 7ATnotes0 11atnotes.exe1 00 99Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start - Programs 01
312Atomic Clock0 11AtomClk.exe111HKEY_LM\Run0 68Atomic Clock 8, 0, 0, 0, Provenio Software Corporation. Atomic Clock39http://www.absolutestartup.com/startup/1
310Atomic.exe0 10Atomic.exe1 00 79Atomic Clock Sync - synchronizes your computer's time with the NIST time server44http://www.worldtimeserver.com/atomic-clock/0
2 7Atomica0 11atomica.exe1 00195Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key23http://www.atomica.com/0
111Atomic-x27C0 15AtomicpartC.exe1 00 33c:\windows\system32\mastoer32.dll 01
310AtomicTime0 14ATOMICTIME.EXE1 00 71AtomicTime - utility that synchronizes your PC clock to an atomic clock30http://schmail.com/atomictime/0
110Atomic-x270 14Atomic-x27.exe1 00 33c:\windows\system32\mastoer32.dll 01
3 6Atrack0 10atrack.exe1 00426New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert 01
3 5Atray0  9Atray.exe1 00106Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons32http://www.divcomsoft.com/atray/0
115Distributed TLS0 11attribu.exe1 00134Added by the W32/Sdbot-OE worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotoe.html0
118AttuneClientEngine0 13attune_ce.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
120AttuneContentUpdater0 13attune_cu.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
115AttuneDiscovery0 13attune_di.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
113AttuneSystray0 13attune_st.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
1 7Attunel0 11Attunel.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
225Atualizador - Puxa Rápido0 12Atualiza.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6aTuner0 10atuner.exe1 00 52aTuner - tweak tool for GeForce based graphics cards41http://www.3dcenter.de/atuner/index_e.php0
117Microsoft Windows0  4atup1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
317Anti-Trojan-Watch0 11ATWatch.exe1 00 35Anti-Trojan Watch - trojan detector 01
3 8AT-Watch0 11ATWatch.exe1 00  0 01
315asustweakenable0 10ATweak.exe1 00 78Asus Tweaking Utility - for fine tuning the settings of your ASUS display card 01
428Aiptek Graphics Tablet (USB)0 11atwtusb.exe1 00 46USB interface for Aiptek Graphics Tablet (USB) 01
4 7atwtusb0 11atwtusb.exe1 00  0 01
1 6au.exe0  6au.exe1 00 27Added by the BEAGLE.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html0
2 8AUXXTRAY0 12au30setp.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12au30setp.exe1 00  0 01
1 4auaf0  8auaf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8AU Agent0 11AUagent.exe1 00177Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon46http://www.zilab.com/Products/Au/index_2.shtml0
4 7AUCBPNP0 11aucbnpn.exe1 00140Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot140http://www.ad0
1 8Aucompat0 12Aucompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
3 7audcntr0 11audcntr.exe113Win.ini\[Run]0 131, 0, 0, 4, .39http://www.absolutestartup.com/startup/1
1 7audcntr0 11audcntr.exe1 00 32Added by the  WIN32.GEMA TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=405740
225Telefonverbindungsmonitor0 15audevicemgr.exe122StartUp menu\All users0 93Phone Connection Monitor , Teleca Software Solutions AB. Phone Connection Monitor application39http://www.absolutestartup.com/startup/1
1 9Audiocntl0 13audiocntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 9AudioDeck0 19AudioDeck.exe  -min222StartUp menu\All users0 55AudioDeck???? 1, 0, 0, 1, . AudioDeck Microsoft ???????39http://www.absolutestartup.com/startup/1
1 8audiodrv0 12audiodrv.exe1 00 31Added by the  CRYPTER-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 8audioinf0 12audioinf.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7Printer0 12auditchk.exe1 00 48Added by the W32/Rbot-BPE worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbpe.html0
1 8nodriver0 11AUEKXRZ.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 6AUNPS20 10AUNPS2.DLL1 00 38AlwaysUpdatedNews.com parasite related 01
111Auto Update0  7AUP.exe1 00 42Added by an unididentified WORM or TROJAN! 01
110MS Updates0  8aupd.exe1 00 22Spyware web downloader 01
111AutoUpdater0 11aupdate.exe1 00 33Aupdate, Tinybar variant. Spyware44http://www.doxdesk.com/parasite/TinyBar.html0
112Auto Updater0 12aupdater.exe1 00134Added by the Troj/Sdbot-LH worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotlh.html0
410[not used]0 13AUserInit.exe1 00225Added by Curtains for Windows.  Removing this file bWILL/b cause your computer to have problems starting.  You should contact Authentium for the proper removal procedure.  Unknown as to what function it plays in this program.47http://www.authentium.com/products/curtains.htm0
1 9ASDPLUGIN0 11Austria.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 5ausvc0  9ausvc.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
314curtainssyssvc0 10AuthSL.exe1 00228Security Manager - part of a ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private. 01
316authconsolestart0 13AuthStart.exe1 00  0 01
1 5authz0  9authz.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
127autoloaderenvoloautoupdater0 22auto_update_loader.exe1 00 34Envolo/AproposMedia adware updater65http://www.securemost.com/articles/trou_3_remove_aproposmedia.htm0
316erunt autobackup0 12AUTOBACK.EXE1 00190ERUNT backup utility - when added to the user's startup folder automatically backs up the registry  each time the system boots, resulting in numerous backups that can be restored if desired.50http://www.larshederer.homepage.t-online.de/erunt/0
316ERUNT AutoBackup0 84AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
310AutoBackup0 14AutoBackup.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7Autobar0 11autobar.exe1 00 80Connect buttons on the keyboard for internet direct access, etc. on HP computers 01
310ConfigSafe0 11AUTOCHK.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
3 7autoclk0 11autoclk.exe111HKEY_LM\Run0 57autoclk Application 1, 0, 0, 1, . autoclk MFC Application39http://www.absolutestartup.com/startup/1
1 7autoclk0 11autoclk.exe1 00 28Identified as Troj.AutoClick 01
311AutoConnect0 15AutoConnect.exe111HKEY_CU\Run0 47AutoConnect 1.0.0.0, http://autoconnect.prv.pl.39http://www.absolutestartup.com/startup/1
323XTNDConnect PC - 3CmPlm0 11Autodet.exe1 00 88Component of EasySync Pro. Synchronisation between Palm PDAs&nbsp; and Microsoft Outlook15#EasySync%20Pro0
124[random 12 digit number]0 12autodisc.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
119Windows Data Server0 12autodisc.exe1 00 28Added by the SPYBOT-CB WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcb.html0
138{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}0 14autodisc32.dll1 00164A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}/b.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
2 7regedit0 11autoexe.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7AUTOEXE0 11AUTOEXE.exe1 00 12Added by the143W32/Semapi-A.0
1 6chkdsk0 12autoexec.bat1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
1 3run0 12Autoexec.com1 00 31ml" target=_blankHOLCAS.A WORM! 01
1 5lsass0 12autoexec.exe1 00 49Added by the W32/Sdbot-AFN worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotafn.html0
317Extranet AutoDial0 11AutoExt.exe1 00 53Nortel Networks Contivity Extranet Switching Software 01
232Drag&#039;n&#039;Drop_Autolaunch0 14Autolaunch.exe1 00 39Iomega HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
222Drag'n'Drop_Autolaunch0 14Autolaunch.exe1 00 39Iomega HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
222Drag'n'Drop_Autolaunch0 14Autolaunch.exe1 00 74Iomega HotBurn 1.0, Iomega Corporation. Iomega HotBurn Auto Launch Program 01
220dragndrop_autolaunch0 14Autolaunch.exe1 00 39Iomega_HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
221AutoMate Task Service0 12automate.exe1 00129Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start - Programs22http://www.unisyn.com/0
116Microsoft Update0 13automgr32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 9AutoMixer0 11AutoMix.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
1 9adstartup0 12automove.exe1 00 22Adlogix adware variant51http://www.spywareguide.com/product_show.php?id=7910
121Win32 Ms Auto Updater0 13AutomsUPD.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9Autopdate0 13Autopdate.exe1 00134Added by the W32/Rbot-AGL worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagl.html0
1 7regrunm0 15autoprotect.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 9MaxtorReg0 11AUTOREG.EXE1 00166Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of37http://www.netsizzle.net/sysagent.asp0
111TANG_INA_MO0 11AutoRun.bat1 00 46Added by the W32.Filukin.A@ mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.filukin.a@mm.html#technicaldetails0
212QBCD autorun0 11autorun.exe1 00 14Quick Books CD 01
1 7windump0 14autosearch.dll1 00 43Added by the Adware.YellowPages search bar.62http://www.sarc.com/avcenter/venc/data/adware.yellowpages.html0
3 9AutoSizer0 13AUTOSIZER.EXE1 00 76AutoSizer - utility that automatically maximizes windows when they're opened36http://www.southbaypc.com/AutoSizer/0
2 9autospell0 12autospel.exe1 00 39AutoSpell - spell checker (version 6.*)28http://www.spellchecker.com/0
221HP JetSpeed Autostart0 13AUTOSTART.EXE1 00 61Autostart executable for the old multiplayer game HP Jetspeed 01
312Tweak-XP Pro0 13autostart.exe111HKEY_CU\Run0 90Tweak-XP Pro 3.00, Totalidea Software, Germany, New Zealand. CPL Launcher for Tweak-XP Pro39http://www.absolutestartup.com/startup/1
210Auto T Bar0 12autotbar.exe1 00140If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled 01
2 8autotbar0 12autotbar.exe1 00  0 01
2 8AutoTKit0 12AUTOTKIT.EXE1 00142On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled 01
1 7autoupd0 11autoupd.exe1 00 84Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name 01
312ATTRedUpdate0 14AutoUpdate.exe1 00242Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates 01
311AutoUpdater0 14AutoUpdate.exe1 00 22PeopleonPage foistware48http://www.pchell.com/support/peopleonpage.shtml0
225Mobilt modem Update Agent0 18autoupdate_srv.exe122StartUp menu\All users0 47Alice Connect 1.40, Alice Systems AB. AUP Agent39http://www.absolutestartup.com/startup/1
112autoupdatev20 16autoupdatev2.exe1 00 44Added by the Troj/Dropper-BM dropper Trojan.59http://www.sophos.com/virusinfo/analyses/trojdropperbm.html0
1 7aux.exe0  7aux.exe1 00 25Added by the ZINS TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.zins.html0
114auxAudioDevice0  9aux32.exe1 00 23Added by the AIZU WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.aizu.html0
1 9Antivirus0  6av.exe1 00 63Added by the SINKIN TROJAN! Resets IE start page to realphx.com74http://securityresponse.symantec.com/avcenter/venc/data/trojan.sinkin.html0
122icrosof Avps32 Control0  8av32.pif1 00132Added by the W32/Rbot-AVC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavc.html0
123AVP update interface A60  8avA6.sys1 00 33Added by the Troj/Hanlo-B Trojan.56http://www.sophos.com/virusinfo/analyses/trojhanlob.html0
120sunjavasched updater0  9avamx.exe1 00 32Added by the  W32/RBOT-ABJ WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotabj.html0
1 6MSInfo0 10AVBgle.exe1 00 27Added by the NETSKY.O WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.o@mm.html0
312AvconsoleEXE0 12Avconsol.exe1 00151From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it 01
442TrustPortAntivirusDriverNotificationHelper0 10avdnax.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
420TrendMicro Antivirus0 12Aveagent.exe1 00 13Virus scanner 01
3 6TeleSA0 10AVerSA.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 4avft0  8avft.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
410AVG7_AMSVR0 12Avgamsvr.exe1 00 21AVG antivirus related23http://www.grisoft.com/0
412avgamsvr.exe0 12Avgamsvr.exe1 00 21AVG antivirus related23http://www.grisoft.com/0
4 7AVG7_CC0 19avgcc.exe  /STARTUP2 00 68AVG Anti-Virus System 7.1.0.355, GRISOFT, s.r.o.. AVG Control Center 01
4 7AVG7_CC0  9AVGCC.exe1 00119AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates23http://www.grisoft.com/0
4 7AVG7_CC0 18avgcc.exe /STARTUP211HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.318, GRISOFT, s.r.o.. AVG Control Center39http://www.absolutestartup.com/startup/1
4 6AVG_CC0 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 7avgcc320 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 7AVGCtrl0 11AVGCTRL.EXE1 00144Background task of the a target="_blank" href="http://www.hbedv.com/"AntiVir antivirus program which scans files transparently in the background 01
4 7AVG_EMC0 10AVGEMC.exe1 00  023http://www.grisoft.com/0
4 8AVG7_EMC0 10AVGEMC.exe1 00 79AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses23http://www.grisoft.com/0
4 8AVG7_EMC0 10avgemc.exe111HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.320, GRISOFT, s.r.o.. AVG E-Mail Scanner39http://www.absolutestartup.com/startup/1
4 8AVG7_EMC0 10avgemc.exe111HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.320, GRISOFT, s.r.o.. AVG E-Mail Scanner39http://www.absolutestartup.com/startup/1
411avgmsvr.exe0 11avgmsvr.exe1 00 26AVG Anti-Virus 7.0 related23http://www.grisoft.com/0
4 7avgctrl0  9AVGNT.EXE1 00  021http://www.hbedv.com/0
4 7avguard0  9AVGNT.EXE1 00 99Background task of the  AntiVir antivirus program which scans files transparently in the background25http://antivir-pe.com/en/0
4 7AVGCtrl0 14AVGNT.EXE /min211HKEY_LM\Run0100AntiVir Guard Control Program 6.30.00.01, H+BEDV Datentechnik GmbH. AntiVir Guard/XP Control Program39http://www.absolutestartup.com/startup/1
414AVG_RegCleaner0 12AVGREGCL.exe1 00111AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems23http://www.grisoft.com/0
412Avgserv9.exe0 12Avgserv9.exe1 00 35AVG antivirus background monitoring23http://www.grisoft.com/0
124Special Firewall Service0 11avguard.exe1 00 27Added by the NETSKY.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.g@mm.html0
419AVG7 Update Service0 12avgupsvc.exe1 00 75Used by the AVG 7 Antivirus program to keep your definitions up to do date. 01
4 8AVG7_Run0  8avgw.exe1 00 26AVG Anti-Virus 7.0 related23http://www.grisoft.com/0
4 8AVG7_Run0 17avgw.exe /RUNONCE2 00 57AVG Anti-Virus System 7.1.0.351, GRISOFT, s.r.o.. AVG 7.0 01
1 8avicap320 12avicap32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
124[random 12 digit number]0 12avifile5.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 6Avimgt0 10Avimgt.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Avimgt320 12Avimgt32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
4 6avinit0 12AVINIT9X.EXE1 00 25Command antivirus related47http://www.authentium.com/products/avmatrix.htm0
112VirusCheckII0 11AVIRCHK.EXE1 00 27Added by the DASMIN TROJAN!62http://www.esecurityplanet.com/alerts/article.php/1031_15721610
1 6avirex0 10avirex.exe1 00 47Added by the Troj/Dloader-NR trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloadernr.html0
2 6AVKBar0 10AVKBar.exe111HKEY_CU\Run0 431, 0, 0, 5 http://www.gdata.pl, 1, 0, 0, 4.39http://www.absolutestartup.com/startup/1
4 6avkbar0 10AVKBar.exe1 00 30GData  AntiVirusKit Anti-virus45http://www.gdata.de/trade/productview/488/16/0
316AVK Mail Checker0 10AVKPOP.EXE111HKEY_LM\Run0 55AVK 3, 0, 2, 0, G DATA Software AG. AVK POP3/IMAP Proxy39http://www.absolutestartup.com/startup/1
416avk mail checker0 10AVKPop.exe1 00 36eXtendia AVK AntiVirus email checker66http://www.boomerangsoftware.com/Products/AntiVirus/AVKProInfo.htm0
315eScan Scheduler0 11avkserv.exe1 00 25eScan antivirus scheduler45http://www.mspl.net/antivirus/escan/escan.asp0
413eScan Monitor0 13AVKWCTL9X.EXE1 00 15eScan antivirus45http://www.mspl.net/antivirus/escan/escan.asp0
4 8AvMaiSrv0 12Avmaisrv.exe1 00 51Part of Avast! anti-virus software - E-mail scanner35http://www.alwil.com/en/default.asp0
311AVMBLUEOBEX0 34AvmObex.exe -pushclient -ftpclient211HKEY_LM\Run0 201.0.8.0, AVM Berlin.39http://www.absolutestartup.com/startup/1
1 3avc0  9avmon.exe1 00 32Added by an unidentified TROJAN! 01
1 4avnt0  8avnt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 4TlcR0  7avp.exe1 00  2?? 01
1 6hagent0  7avp.exe1 00 49Added by the "Herman Agent" remote access TROJAN! 01
1 7Desktop0 30avpcc.dll,Restore ControlPanel2 00 46Added by the Troj/StartPa-ES startpage Trojan. 01
4 5avpcc0  9avpcc.exe1 00 25Kaspersky Labs anti-virus25http://www.kaspersky.com/0
1 6avpe320 10avpe32.dll1 00 22Win32/Haxdoor Variant. 01
115TCPIP2 Kernel320 10avpe64.sys1 00 37Added by the Troj/Haxdoor-AP rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorap.html0
116Win32 Usb Driver0  8AvpG.exe1 00 33Added by the  W32/FORBOT-BX WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbx.html0
1 4MyAV0 12avpguard.exe1 00 27Added by the NETSKY.J WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.j@mm.html0
4 4avpm0  8avpm.exe1 00 19Kaspersky antivirus 01
115[Various Names]0 13avpmondll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313eScan Monitor0 12AVPMWrap.EXE111HKEY_LM\Run0 61eScan for Windows 2.6, MicroWorld Technologies Inc.. AVPMWrap39http://www.absolutestartup.com/startup/1
1 4Avpr0  8avpr.exe1 00 28Added by the MYDOOM.AF WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.af@mm.html0
1 9HtProtect0 13AVprotect.exe1 00 27Added by the NETSKY.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.l@mm.html0
1119xHtProtect0 15AVprotect9x.exe1 00 27Added by the NETSKY.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.m@mm.html0
1 6avpu320 10avpu32.dll1 00 91Added by the Troj/Haxdoor-ED Trojan. The rootkit logs the keypress in the file klogini.dll.59http://www.sophos.com/virusinfo/analyses/trojhaxdoored.html0
114TCPIP Kernel320 10avpu32.sys1 00 84Added by the Troj/Haxdoor-ED. The rootkit logs the keypress in the file klogini.dll.59http://www.sophos.com/virusinfo/analyses/trojhaxdoored.html0
113TCPIP2 Kernel0 10avpu64.sys1 00 36Added by the Troj/Haxdoor-AM Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdooram.html0
122icrosoftf Avpx Control0  8avpx.exe1 00132Added by the W32/Rbot-AYN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotayn.html0
1 6avpx320 10avpx32.dll1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
1 8AVPX TCP0 10AVPX32.SYS1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
110AVPX64 TCP0 10AVPX64.SYS1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
317vzremotecommander0 12AvRmtCtr.exe1 00169Related to Sony's VAIO Zone Remote Commander. A non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. 01
111Wlan Driver0 10avscan.exe1 00 29Added by the WOOTBOT.DH WORM!109http://de0
4 9AVSCHED320 13AVSched32.exe1 00 30AntiVir anti-virus from H+BDEV21http://www.hbedv.com/0
4 9AVSCHED320 18AVSCHED32.EXE /min2 00 57AVSched32 6.32.00.00, H+BEDV Datentechnik GmbH. AVSched32 01
111avserve.exe0 11avserve.exe1 00 25Added by the SASSER WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html0
112avserve2.exe0 12avserve2.exe1 00 40Added by the SASSER.B or SASSER.C WORMS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html0
112avserve3.exe0 12avserve3.exe1 00 27Added by the SASSER.G WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html0
422McAfeeVirusScanService0 12Avsynmgr.exe1 00196From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application 01
1 9MSMcAfeee0 15Avsynmgr32e.exe1 00 27Added by the FRAMAR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.framar.html0
1 9MSMcAfeeh0 15Avsynmgr32h.exe1 00 27Added by the FRANGO TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.frango.html0
1 9MSMcAfeeS0 15Avsynmgr32S.exe1 00 39Added by the VOLAC or VOLAC.DR TROJANS!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.html0
2 6Avtray0 10Avtray.exe1 00 27Command Antivirus tray icon53http://www.command.co.uk/html/products/csav/index.cfm0
1 5Swf320 12AVupdate.exe1 00 25Added by the MERKUR WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.merkur.e@mm.html0
129AVupdate service interface X20 13avupdate2.sys1 00 44Added by the Troj/Hanlo-A downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojhanloa.html0
410AntiVir XP0  9AVwin.exe1 00 17AntiVir antivirus23http://www.free-av.com/0
3 8AVWLPSTA0 12AVWLPSTA.exe1 00352PRISM Status Tray Applet. This is a Prism wireless network applet designed to scan for wireless access points and connect to them.  It is often furnished with notebook computers featuring built-in wireless networking.  It is a very handy tool, and functionally superior in many ways to XP's equivalent interface, though much less attractive to the eye. 01
3 8AVWUpd320 12AVWUPD32.EXE1 00 48AntiVir updater. Useful, but can be run manually21http://www.hbedv.com/0
4 6avxlni0 11avxinit.exe1 00 53Anti-virus part of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
413BullGuardInit0 11AVXINIT.EXE1 00 28Part of  Bullguard antivirus25http://www.bullguard.com/0
316BullGuard Update0 11avxlive.exe1 00 88Part of  Bullguard antivirus. Leave enabled unless you manually update virus definitions25http://www.bullguard.com/0
4 7Avxlive0 11avxlive.exe1 00 34Bullguard or BitDefender antivirus25http://www.bullguard.com/0
415bitdefenderlive0 11avxlive.exe1 00 50Main program of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
1 4Surs0  8awab.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
3 6AWatch0 10Awatch.exe1 00119Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products. 01
1 6AWatch0 10Awatch.exe1 00 45ADSLWatch 3.05.09.2001, AVM Berlin. ADSLWatch 01
1 6Awatch0 10Awatch.exe1 00 32Fritz!_DSL ISP software related.73http://www.avm.de/de/Service/AVM_Service_Portale/FRITZCard_DSL/index.php30
1 5aweyj0  9aweyj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8awhost320 12awhost32.exe1 00267Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended72http://enterprisesecurity.symantec.com/products/products.cfm?productID=20
115[Various Names]0 11awinrar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6awuoea0 10awuoea.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
012awusgsta.exe0 12AWUSGSTA.exe1 00 69Reportedly related to a USB Wifi Adapter - is it required at startup? 01
1 5awvvv0  8awvvv.dl1 00 35Added by the Troj/ConHook-H Trojan.58http://www.sophos.com/virusinfo/analyses/trojconhookh.html0
3 9awxdtools0 28awxDTools.dll,awxRegisterDll1 00168AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools. (i.e.: *.cue, *.iso, *.ccd ...)34http://www.hbreitner.de/awxdtools/0
1 7sdktemp0 12axdcfasb.exe1 00 49Added by the W32/Sdbot-AGI worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagi.html0
114MSUpdateDevKit0  8axfd.exe1 00266Added by the W32/Sdbot-ZD.     When started this infection connects to an IRC server where it waits for remote commands, trying to download and run files from the internet, steal CD game keys, participate in denial-of-service (DoS) attacks and delete network shares.56http://www.sophos.com/virusinfo/analyses/w32sdbotzd.html0
1 5axuqe0  9axuqe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8axuygwvh0 12axuygwvh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ayclljh0 11ayclljh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ayrigo0 10ayrigo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213Desktop Plant0 12AZARE10S.PLT1 00102Vritual plant from here - this version is an Azalea, there are others so the filename may be different40http://www.desksoft.com/DesktopPlant.htm0
4 7azmodem0  9azexe.exe1 00 24Aztech_Labs modem driver22http://www.aztech.com/0
1 5b.exe0  5b.exe1 00 44Added by the W32/Sdbot-XK WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32sdbotxk.html0
110[not used]0  8b0ff.exe1 00 51Added by the W32/Protorid-AF worm and IRC backdoor.59http://www.sophos.com/virusinfo/analyses/w32protoridaf.html0
114System Service0 11b4db0yz.exe1 00 48Added by the W32/Rbot-CLO worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotclo.html0
3 2b90  6B9.exe1 00304FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. &quot;Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run&quot;84http://www.firetrust.com/products/benign/?PHPSESSID=b60bb4b6eb22115639c465d6f606b7880
214Babylon Client0 11Babylon.exe1 00214a href=http://www.babylon.com/"  rel="nofollow" target="_blank"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" 01
218Babylon Translator0 11Babylon.exe1 00166&quot;Babylon-Pro is a powerful information tool that instantly provides relevant information, translations &amp; conversions for any word or value you click on&quot;23http://www.babylon.com/0
218Babylon Translator0 11Babylon.exe1 00 56Babylon 4.0.5.13, Babylon Ltd.. Babylon Information Tool 01
214Babylon Client0 22Babylon.exe -AutoStart211HKEY_LM\Run0 63Babylon Client 5.0.0.78, Babylon Ltd.. Babylon Information Tool39http://www.absolutestartup.com/startup/1
1 8Services0 25back32.exe ...service.exe2 00130Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe 01
115[Various Names]0  9backd.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5runbd0 12backdrop.exe1 00 75MyBackDrop - is or bundles a  GoGotools adware variant. See  privacy_policy26http://www.mybackdrop.com/0
019CPQ BackWeb Monitor0 12BackMon2.exe1 00 57Installed by certain Compaq computers. Is this necessary" 01
115[various names]0 12backorif.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
229Timed Backups Manager Startup0 12BACKTIME.EXE1 00 29Backup Plus - backup software26http://www.backupplus.net/0
416Data Deposit Box0 10backup.exe1 00 74Required for the online backup services from the Data Deposit Box service.30http://www.datadepositbox.com/0
114Backup Service0 10backup.svc1 00 19Unidentified adware 01
012BackupNotify0 16backupnotify.exe1 00 27HP Digital Imaging related. 01
312BackupNotify0 16backupnotify.exe111HKEY_CU\Run0 181.0.1268.24163,  .39http://www.absolutestartup.com/startup/1
1 9MSbackups0 11backups.exe1 00 40Added by the Troj/Banload-TL downloader.59http://www.sophos.com/virusinfo/analyses/trojbanloadtl.html0
122system backup services0 13backups32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
214Data LifeGuard0 12BACKWE~1.EXE1 00 75Data LifeGuard diagnostic tools for Western Digital's series of hard drives 01
2 9ActivSurf0 16backweb*****.exe1 00105Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates 01
222Kodak Software Updater0 16backweb*****.exe1 00 52Software updater for Kodak Easyshare digital cameras65http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml0
215Updates from HP0 16backweb*****.exe1 00100Automatically detects an internet connection and downloads any available updates - * is random digit 01
2 7BackWeb0 11backweb.exe1 00221Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start - Programs 01
1 9hp center0 18BACKWEB-137903.exe1 00402Based upon HP's own description from here - "With the My abbr title=Hewlett-PackardHP/abbr Center, consumers have access directly from the desktop to Internet sites featuring special offers for abbr title=Hewlett-PackardHP/abbr customers ranging from personal finance and shopping to digital imaging and music" I have classified this as adware. The number may change - if yours is different let me know52http://www.hp.com/hpinfo/newsroom/press/12oct01a.htm0
215Updates from HP0 27BackWeb-137903.exe -startup222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
2 3LDM0 19backweb-8876480.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
226Logitech Desktop Messenger0 19backweb-8876480.exe1 00  0 01
2 3LDM0 19BackWeb-8876480.exe111HKEY_CU\Run0 71Logitech Desktop Messenger 1.4.50, Logitech. Logitech Desktop Messenger39http://www.absolutestartup.com/startup/1
2 8Backwork0 12Backwork.exe1 00 24Backwork trojan detector47http://www.framework.nl/backwork/eng/index.html0
3 7BACPI100 12bacpi10a.exe1 00196Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray 01
2 8bacstray0 12BacsTray.exe1 00 76BacsTray Application 6, 13, 0, 0, Broadcom Corporation. BacsTray Application 01
2 8BacsTray0 12BacsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
1 7BADDATE0 11BADDATE.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
111badgers.exe0 11badgers.exe1 00 32Added by the W32/Badgrad-B worm.57http://www.sophos.com/virusinfo/analyses/w32badgradb.html0
113badgers_s.exe0 13badgers_s.exe1 00 32Added by the W32/Badgrad-A worm.57http://www.sophos.com/virusinfo/analyses/w32badgrada.html0
225Quicken Scheduled Updates0 10bagent.exe1 00 37Quicken background downloading module 01
128Microsoft Personal Firewalls0  8bakw.exe1 00 26Added by the RBOT-KS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotks.html0
132Windows Service Pack Auto Update0 10ballin.exe1 00 40Added by an unidentified WORM or TROJAN! 01
411HorngTech4D0 11bally4d.exe1 00 25HorngTech 4D mouse driver 01
1 9WIN32SNDS0  8banc.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6Spees30 30Banda!, Podre!! and speedy.pif2 00 32Added by the W32/Opaserv-V worm.57http://www.sophos.com/virusinfo/analyses/w32opaservv.html0
221Bandwidth Monitor Pro0 25Bandwidth Monitor Pro.exe2 00113Bandwidth Monitor Pro is a utility that monitors and keeps track of the bandwidth usage of your network adapters.27www.bandwidthmonitorpro.com0
1 9banmanpro0 13banmanpro.exe1 00 36Added by the Troj/Clicker-BL Trojan.59http://www.sophos.com/virusinfo/analyses/trojclickerbl.html0
318Banpopup by Pratik0 12Banpopup.exe1 00 23Banpopup - popup killer36http://www33.brinkster.com/banpopup/0
1 7fuklbar0  7bar.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 3wow0  7bar.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 8bargains0 16bargainbuddy.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
1 8Bargains0 12bargains.exe1 00  0 01
1 8bargains0 12bargains.exe1 00  059http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
1 8BullsEye0 12bargains.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
116BullsEye Network0 12bargains.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
115[Various Names]0 10barint.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8BarTheme0 13bartent32.exe1 00133Added by the W32/Agobot-UG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotug.html0
2 9bascstray0 13BascsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
112WinSetBrowse0 19BasicUpdate.dll.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
025POS-Partnerbatchprocessor0  9BATCH.EXE1 00148VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start - Programs or a manually created shortcut? 01
325POS-Partnerbatchprocessor0  9BATCH.EXE1 00148VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start - Programs or a manually created shortcut? 01
3 5BATCH0  9batch.exe111HKEY_LM\Run0103Batch File Creation Utility 1.01.0002, Chris' Software. Batch File Creation Util. www.chrissoftware.com39http://www.absolutestartup.com/startup/1
2 9BMMMONWND0 32BatInfEx.dll,BMMAutonomicMonitor111HKEY_LM\Run0117Systčme d'exploitation Microsoft® Windows® 5.1.2600.0, Microsoft Corporation. Exécuter une DLL en tant qu'application39http://www.absolutestartup.com/startup/1
124[random 12 digit number]0 12batmeter.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
313Battery Scope0 10batmgr.exe1 00 47Monitors battery levels on a notebook/laptop PC 01
1 6BatSrv0 12batserv2.exe1 00104Added by the WORM_LOCKSKY.T mass-mailing worm.  This infetion also creates the file C:\Windows\SYSC.EXE.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FLOCKSKY%2ET&VSect=T0
315Battery Doubler0 19Battery Doubler.exe2 00159Battery Doubler can double your battery's autonomy with little to no concessions. Install Battery Doubler, unplug AC power and experience total laptop freedom!52http://www.dachshundsoftware.com/bdoubler/index.html0
310BatteryBar0 14batterybar.exe1 00 85BatteryBar - displays battery usage, and the current percentage of battery power left45http://www.nistech.com/BatteryBar/Default.htm0
310Power_Gear0 15BatteryLife.exe1 00 63Power management for all Asus notebook. Useful but not critical 01
310Power_Gear0 17BatteryLife.exe 12 00 62BatteryLife 1043, 3, 6, 15, ASUSTeK Computer Inc.. BatteryLife 01
121Critical Update Check0 13battlenet.exe1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
1 8BatzBack0 12BatzBack.scr1 00 26Added by the BACKZAT WORM!64http://www.symantec.com/avcenter/venc/data/w32.backzat.worm.html0
3 5BAUSB0  9BAUSB.exe1 00 34Boston Acoustics Audio, USB driver 01
1 7bawindo0 11bawindo.exe1 00 42Added by the BEAGLE.AR or BEAGLE.AU WORMS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ar@mm.html0
3 7Bayswap0 11bayswap.exe1 00161Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices 01
139Generic Host Process for Win32 Services0  9bazzi.exe1 00197Added by the W32/Ahker-E WORM, from an email attachment. First added to the Startup folder as BADO.EXE and MICHO.EXE, it copies itself to bazzi.exe.  Uses P2P to spread, and modifies the HOST file.55http://www.sophos.com/virusinfo/analyses/w32ahkere.html0
121Microsoft AntiSpyware0  9Bazzi.exe1 00 43Added by the W32/Ahker-J mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32ahkerj.html0
113win32 service0  9bazzi.exe1 00 27Added by the  AHKER.E WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.E&VSect=T0
3 9BBCTicker0 13BBCTicker.exe125StartUp menu\Current user0 38BBC Ticker 1, 0, 1, 7, BBC. BBC Ticker39http://www.absolutestartup.com/startup/1
113d3dupdate.exe0 11bbeagle.exe1 00 27Added by the BEAGLE.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html0
123Bron-Spizaetus-cfgmktoq0 16bbm-qotkmgfc.exe1 00 32Added by the W32/Brontok-M worm.57http://www.sophos.com/virusinfo/analyses/w32brontokm.html0
123Bron-Spizaetus-cfgmmnru0 16bbm-urnmmgfc.exe1 00 32Added by the W32/Brontok-N worm.57http://www.sophos.com/virusinfo/analyses/w32brontokn.html0
1 3Boo0  7Bbn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5bbnrk0  9bbnrk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Kernel0  8bboy.exe1 00 25Added by the MUMU.B WORM!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.B0
1 9gdagdgajs0  9bbsbw.exe1 00132Added by the W32/Sdbot-QXworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotqx.html0
2 9bbSysTray0 13bbSysTray.exe1 00159Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" 01
3 4bbui0  8bbui.exe1 00 86AOL DSL status monitor displaying a red/green icon indicating if you have a connection 01
216Broadband Wizard0  9bbwiz.exe1 00152Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start - Programs31http://www.broadbandwizard.net/0
3 3bca0  7bca.exe1 00 58BeClean Agent - registry, history, temp files, etc cleaner 01
1 150 11BCColor.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
3 8BCDetect0 12bcdetect.exe1 00184Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see 01
1 7bcfjwqw0 11bcfjwqw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 110  9BCHal.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
1 130 10BCInfo.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
4 8BCMDMMSG0 12bcmdmmsg.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
328broadcom wireless manager ui0 12bcmntray.exe1 00159Related to  Broadcom_Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems.24http://www.broadcom.com/0
1 140  9BCMon.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
4 8BCMSMMSG0 12BCMSMMSG.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
4 8BCMSMMSG0 12BCMSMMSG.exe111HKEY_LM\Run0100BCM Modem Messaging Applet  3.5.25 08/27/2003 20:04:35, Broadcom Corporation. Modem Messaging Applet39http://www.absolutestartup.com/startup/1
3 8bcmwltry0 12bcmwltry.exe1 00 50Broadcom Corporation Wireless Network Tray Applet. 01
2 4BCNT0  8bcnt.exe1 00 40AWS Weatherbug related. What does it do?39http://www.weatherbug.com/aws/index.asp0
1 4BCPC0  8bcpc.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 6bcpc_c0 10bcpc_c.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 2200 10BCPref.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
1 4Breg0  8bcre.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
111LoadDBackUp0 10BcTool.exe1 00 23Added by the GIBE WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html0
3 7BCTweak0 11bctweak.exe1 00171BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings 01
1 6bcuuyw0 10bcuuyw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Bcvsrv320 12bcvsrv32.exe1 00 48Added by the GAOBOT.BQJ or  W32/Agobot-RY worms.75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html0
2 8BCWipeTM0 12bcwipetm.exe1 00186BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed22http://www.jetico.com/0
130Spplication Layer Gateway Serv0  7BDC.exe1 00 45Added by the Troj/GrayBrd-AV backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdav.html0
1 3b3d0 20BDEsecureinstall.exe1 00348B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -&gt; Settings -&gt; Control Panel -&gt; Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the &quot;BDE&quot; directory and all its contents43http://www.kazaa.com/en/privacy/bundles.htm0
422BitDefender Live! Init0 10bdinit.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
1 7bdkrhqm0 11bdkrhqm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 6BDMCon0 10Bdmcon.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
4 6BDMCon0 10bdmcon.exe111HKEY_LM\Run0 69BitDefender 8 8.1.0.0, SOFTWIN S.R.L.. BitDefender Management Console39http://www.absolutestartup.com/startup/1
411BDNewsAgent0 12bdnagent.exe1 00 31BitDefender antivirus - updater27http://www.bitdefender.com/0
4 7BDOESRV0 11bdoesrv.exe1 00 36Bitdefender 8 antivirus and firewall55http://www.bitdefender.com/bd/site/products.php?p_id=250
110[not used]0 10Bdsf32.scr1 00 28Added by Backdoor.RemoteSOB.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.remotesob.html0
423BitDefender Scan Server0  8bdss.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
413BDSwitchAgent0 12bdswitch.exe1 00 36Bitdefender 8 antivirus and firewall55http://www.bitdefender.com/bd/site/products.php?p_id=250
1 8bdvumpdx0 12bdvumpdx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6bdwoye0 10bdwoye.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Bunx0 10beagle.exe1 00 53Added by the  W32/Lebreat-E worm and backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/w32lebreate.html0
2 9BearShare0 13bearshare.exe1 00 75BearShare file sharing client. Versions known to include spyware - see here25http://www.bearshare.com/0
2 9BearShare0 20BearShare.exe /pause211HKEY_LM\Run0 44BearShare 4.7.2, Free Peers, Inc.. BearShare39http://www.absolutestartup.com/startup/1
322beatnik internet clock0 11BeatNik.exe1 00140BeatNik_Internet_Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with the atomic clock.23http://www.somedec.com/0
114beegees update0 11beegees.exe1 00 27Added by the  W32/Sdbot-ADK57http://www.sophos.com/virusinfo/analyses/w32sdbotadk.html0
2 4BEEI0  8beei.exe1 00  2?? 01
3 8befaster0 13befaster3.exe1 00 46BeFaster internet connection optimization tool26http://www.ekremdeniz.com/0
2 4BEHL0  8BEHL.exe1 00  2?? 01
2 5BEHLO0  9BEHLO.exe1 00  0 01
2 8BELORVBI0 12BELORVBI.exe1 00  2?? 01
310Belsta.exe0 10Belsta.exe1 00171Configuration tool for Belkin wireless network cards. Required to change the card’s configuration. Is it required for correct operation once the confuiguration is changed? 01
1 4Belt0  8Belt.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
119Benadril Alert Tool0 17benadrilalert.exe1 00102Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril 01
319BackupExecScheduler0  9besch.exe1 00 32Veritas "Back Up My PC" software 01
319BestCrypt Auto Open0 22BestCrypt.exe AutoOpen222StartUp menu\All users0 65BestCrypt Application 7.11, Jetico, Inc.. BestCrypt Control Panel39http://www.absolutestartup.com/startup/1
215BestPopUpKiller0 19BestPopupKiller.exe1 00179Popup killer of dubious repute by SwankSoft.com. For more info about the company, do a search for 'SwankSoft' on this web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
215BestPopUpKiller0 28BestPopupKiller.exe /startup211HKEY_CU\Run0 66Best Popup Killer 2005.08.0019, TrustSoft, Inc.. Best Popup Killer39http://www.absolutestartup.com/startup/1
1 5BeSys0  9BEsys.exe1 00 33Added by the Adware.BeSys adware.56http://www.sarc.com/avcenter/venc/data/adware.besys.html0
117[different names]0  8Beta.EXE1 00142Added by the W32/SdBot-FQ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotfq.html0
114WINDOWS SYSTEM0  8beta.exe1 00133Added by the W32/Mytob-BE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobbe.html0
316BullsEye Tracker0 11BeTrack.exe1 00 41Bullseye - intelligent research assistant53http://www.intelliseek.com/prod/bullseye/bullseye.htm0
113System Config0  7BF3.EXE1 00134Added by the W32/Spybot-DT worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32spybotdt.html0
4 5load=0 10Bfrecv.exe1 00 20Bitware modem driver 01
1 7bftehux0 11bftehux.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7bfyykaw0 11bfyykaw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6BGInfo0 10Bginfo.exe1 00174BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more55http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml0
1 4bgjx0  8bgjx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
411BGNewsAgent0 12bgnewsag.exe1 00 27BullGuard antivirus updater25http://www.bullguard.com/0
2 7bgsmsnd0 11bgsmsnd.exe1 00 53Printer driver to generate PDF files from any program 01
318BackgroundSwitcher0 12bgswitch.exe1 00329Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available here19Desktop Slide Show.0
422Browser Hijack Blaster0 13bhblaster.exe1 00109Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings45http://www.wilderssecurity.com/bhblaster.html0
1 3Bsj0  7Bhe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6bhengd0 10bhengd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Eoj0  7Bhi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6BHOCop0 10BHOCop.exe1 00105ZDNet's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware70http://www.zdnet.com/products/stories/reviews/0,4161,2760348-9,00.html0
312BHODemon 2.00 12BHODemon.exe1 00386BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand 01
115[various names]0 11bhoserv.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
116Browser Help Svc0  8BHSV.EXE1 00132Added by the W32/Rbot-AVQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavq.html0
316bi1helperstartup0 12BI1HEL~1.EXE1 00 26Beach_Islands Screensaver.65http://www.screenscenes.com/product.html?screensaver=BeachIslands0
1 4LTM20  9bible.exe1 00 31Added by the LITMUS.203 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.2030
110[not used]0 10BIDBFn.exe1 00 30c:\windows\system32\Systen.dll 01
124[random 12 digit number]0 12bidispl2.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 4bies0  8bies.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
133This is a virus, please delete it0 15bigbadvirus.exe1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
2 6BigFix0 22BigFix.exe  /atstartup2 00 57BigFix 1, 7, 6, 0, BigFix Inc.. BigFix Client Application 01
3 6BigFix0 22BigFix.exe  /atstartup222StartUp menu\All users0 57BigFix 1, 7, 6, 0, BigFix Inc.. BigFix Client Application39http://www.absolutestartup.com/startup/1
2 6bigfix0 10BIGFIX.EXE1 00352BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog40http://www.bigfix.com/website/index.html0
1 5biknn0  9biknn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210Billminder0 22BILLMIND.EXE  -startup2 00 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder 01
210Billminder0 12Billmind.exe1 00 90Can be setup in Quicken to remind user of due payments. Available via Start -&gt; Programs 01
210Billminder0 12billmind.exe1 00 66Quicken 98 for Windows 007.000.000.000, Intuit. Quicken Billminder 01
210Billminder0 12BILLMIND.EXE1 00 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder 01
314Billminder.lnk0 21billmind.exe -startup211HKEY_LM\Run0 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder39http://www.absolutestartup.com/startup/1
1 8dashplus0 21bind software bib.exe2 00200IE Toolbar for Lop.com.  If the exe is running in your process list, end it, and delete the directory it is residing in.  This directory is most likely in your user profile application data directory. 01
3 8shareaza0 11bindata.exe1 00 27Shareaza P2P client related24http://www.shareaza.com/0
1 8bingdian0 12Bingdian.vbs1 00 24Added by the BINGD WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bingd@mm.html0
115[Various Names]0 10bingo9.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5BIOS10  9BIOS1.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 4Bios0 10Bios32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
115Terminal Update0 12biosefui.exe1 00 43Added by the Troj/PPdoor-O backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojppdooro.html0
116BIOS Net Service0 12BIOSserv.exe1 00 48Added by the W32/Rbot-BFL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfl.html0
2 7BIOVCIP0 11BIOVCIP.exe1 00  2?? 01
218title play bash up0 13Bird Live.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Blr0  7Bis.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
119Microsoft Explorer20 12bitchbot.exe1 00153Added by the Troj/Sdbot-EJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotej.html0
2 8bitcomet0 12BitComet.exe1 00 63BitComet P2P client - can be launched from Start Menu  Programs33http://www.bitcomet.com/index.htm0
2 8BitComet0 12BitComet.exe111HKEY_CU\Run0 64BitComet 0.59., www.BitComet.com. BitComet - a BitTorrent Client39http://www.absolutestartup.com/startup/1
323BitDefender_P2P_Startup0 27BitDefender_P2P_Startup.exe1 00164Bitdefender anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually52http://www.bitdefender.com/html/bd_msn_messenger.php0
121bitdefender antivirus0 16BITDEFENDERX.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
128Microsoft Windows DLLHandler0 12bitpaint.exe1 00 28Added by the SDBOT.AHG WORM!108http://uk0
1 7bjnrajk0 11bjnrajk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
217Easy-PrintToolBox0 12BJPSMAIN.EXE1 00 85A utility to launch the applications that are bundled with a Canon bubblejet printer. 01
317Easy-PrintToolBox0 19BJPSMAIN.EXE /logon211HKEY_LM\Run0 45BJPSMAIN.EXE 1, 1, 0, 0, CANON INC.. BJPSMAIN39http://www.absolutestartup.com/startup/1
1 5bkdak0  9bkdak.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8bkncbmvi0 12bkncbmvi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 8BlackICE0 10blackd.exe1 00167Internet Security System's BlackIce Firewall.  Disabling this service will make the firewall not function.  Should be found in C:\Program Files\ISS\BlackICE\blackd.exe49http://blackice.iss.net/product_pc_protection.php0
410LoadBlackD0 10blackd.exe1 00183This is the &quot;intrusion detection system&quot; of the BlackICE PC Protection (was Defender) firewall which loads independently of the &quot;user interface&quot; (BlackICE Utility)49http://blackice.iss.net/product_pc_protection.php0
222BlackICE PC Protection0 12blackice.exe1 00410Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the &quot;Startup&quot; menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD49http://blackice.iss.net/product_pc_protection.php0
216BlackIce Utility0 12blackice.exe1 00  049http://blackice.iss.net/product_pc_protection.php0
3 5blads0  9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
3 8BlockAds0  9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
3 8BlockAds0  9blads.exe111HKEY_CU\Run0 76Ad Blocker of Tweak-XP 1.17.0001, Totalidea Software. Ad Blocker of Tweak-XP39http://www.absolutestartup.com/startup/1
2 6Blanch0 10Blanch.exe125StartUp menu\Current user0 59blanch 1, 0, 0, 0, One Guy Coding. Button Launch for Win 3239http://www.absolutestartup.com/startup/1
0 7BuildBU0 11bldbubg.exe1 00  0 01
2 7bldbubg0 11bldbubg.exe1 00 25Found on a Dell machine?? 01
2 7BuildBU0 11bldbubg.exe1 00  0 01
110win32 test0 12bleatest.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
122BLMessagingIntegration0 12blengine.exe1 00 17BuddyLinks adware72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1010070
1 4Bles0  8bles.exe1 00 32Added by a TROJAN, Troj/Blesh-A.56http://www.sophos.com/virusinfo/analyses/trojblesha.html0
215ESPN BottomLine0  9bline.exe1 00388ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." 01
115[various names]0  9bling.exe1 00 26Added by the RBOT-NI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotni.html0
3 6blinkx0 10blinkx.exe1 00 39Blinkx_Desktop "Smart Folders" software34http://www.blinkx.com/overview.php0
210blinkxgate0 18blinkx.exe -gate30211HKEY_CU\Run0 41Blinkx 3, 0, 3, 0, Blinkx Limited. Blinkx39http://www.absolutestartup.com/startup/1
154t9d0qh$vůőš/²‘ĆßfC:\Program Files\ISTsvc\istsvc.exe0 10blkbos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112blockchecker0 17Block-checker.exe1 00 19BlockChecker adware67http://www.symantec.com/avcenter/venc/data/adware.blockchecker.html0
310Ad Blocker0 11blocker.exe1 00 77Ad Blocker - blocks popups, and also removes banners, image ads and flash ads20http://www.cdkm.com/0
310Ad Blocker0 11blocker.exe111HKEY_LM\Run0 29Ad Blocker 1.2.0.0, cdkm.com.39http://www.absolutestartup.com/startup/1
212BlockTracker0 16BlockTracker.exe1 00 91If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file 01
3 9blsloader0 13blsloader.exe1 00 29BellSouth ISP  Internet_Tools56https://www.fastaccess.com/content/consumer/features.jsp0
2 5spc_w0  9blspc.exe1 00 22NetZero Search related 01
1 4blss0  8blss.exe1 00 27Added by the BLARUL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.blarul.html0
2 7BLSTAPP0 11blstapp.exe1 00 59Puts access to Creative's BlasterControl in the System Tray 01
3 7BlstApp0 11BLSTAPP.EXE111HKEY_LM\Run0 76BlasterControl 3 3.00.1, Creative Technology Ltd. BlasterControl Application39http://www.absolutestartup.com/startup/1
1 120 12BlstCtrl.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
2 8blubster0 12Blubster.exe1 00 20Related to  Blubster24http://www.blubster.com/0
313AVMBlueClient0 13bluefritz.exe111HKEY_LM\Run0 40avm BlueFRITZ 1, 0, 0, 1, avm. BlueFRITZ39http://www.absolutestartup.com/startup/1
210BlueSoleil0 14BlueSoleil.exe122StartUp menu\All users0 61BlueSoleil 1, 4, 0, 1, IVT Corporation. Bluetooth Application39http://www.absolutestartup.com/startup/1
1 4BMan0  9BMan1.exe1 00 39Abcsearch.com/DealHelper adware variant 01
1 4bmkd0  8bmkd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215BookmarkCentral0 14BMLauncher.exe1 00123Bookmark Express - &quot;offers a more flexible way to manage Web site bookmarks, regardless of which browser you use&quot;31http://www.bookmarkexpress.com/0
3 7BMMLREF0 11BMMLREF.EXE1 00 40Battery Manager for IBM ThinkPad laptops 01
1 8Casdvqwa0 11bmqnzkg.exe1 00 28Added by the RANDEX.BE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.be.html0
2 5Buzme0  8Bmui.exe1 00199Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem38http://www.buzme.com/buzme/default.asp0
2 8BMupdate0 12BMupdate.exe1 00155Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install 01
1 3BMZ0  7bmz.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
1 4bnbk0  8bnbk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111Failed Test0 10BNDSDX.EXE1 00133Added by the W32/Sdbot-JS worm.  When started this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotjs.html0
1 6Bndt320 10Bndt32.exe1 00 24Added by the LACON WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lacon@mm.html0
115[Various Names]0  8bnui.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
316bo1helperstartup0 12BO1HEL~1.EXE1 00115ScreenScenes  Butterfly_Oasis screensaver.  The freeware version comes with  GAIN branded ads (pop-ups and others).67http://www.screenscenes.com/product.html?screensaver=ButterflyOasis0
316BO1HelperStartUp0 25BO1HEL~1.EXE /partner BO12 00  0 01
316bo1helperstartup0 13Bo1helper.exe1 00240ScreenScenes  Butterfly_Oasis screen saver. The freeware version comes with  GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...67http://www.screenscenes.com/product.html?screensaver=ButterflyOasis0
4 6BOC4120 10BOC412.exe1 00 54Version 4.12 of NSClean's BOClean anti-trojan software35http://www.nsclean.com/boclean.html0
1 6RegBar0 16bocaitoolbar.dll1 00 68Added by the Adware.BocaiToolbar search hijacker and popup delivery.63http://www.sarc.com/avcenter/venc/data/adware.bocaitoolbar.html0
416BOCleanautostart0 11Boclean.exe1 00 38NSClean's BOClean anti-trojan software35http://www.nsclean.com/boclean.html0
322Caddais BackupOnDemand0 10BODMon.exe1 00200Caddais BackupOnDemand - &quot;runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location&quot;43http://www.caddais.com/BackupOnDemand.shtml0
1 8bofratlc0 12bofratlc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 11Bogobot.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313BOINC Manager0 15boincmgr.exe /s225StartUp menu\Current user0 87BOINC Manager 4.25, Space Sciences Laboratory, U.C. Berkeley. BOINC Manager for Windows39http://www.absolutestartup.com/startup/1
1 6bokqrl0 10bokqrl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Rase0  8boln.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
3 8bombshel0 10BOMB32.EXE1 00163Part of McAfee Nuts &amp; Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems 01
118windowssql service0  9boner.exe1 00 29Added by the  SDBOT.XRM WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XR0
1 3boo0  7boo.exe1 00 77Adware downloader - detected by  Kaspersky antivirus as Trojan.Win32.Favadd.o36http://www.kaspersky.com/personalpro0
321Atalho para boostkit20 13boostkit2.exe125StartUp menu\Current user0 46BoostKit 2.1, Software Benefits Inc.. BoostKit39http://www.absolutestartup.com/startup/1
1 4boot0  8boot.exe1 00 25Added by the ELEM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html0
119MS-DOS Boot Service0 10Boot32.pif1 00132Added by the W32/Rbot-AMF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamf.html0
1 6KeBoot0 10Boot32.sys1 00153Added by the HaxDoor.B rootkit/backdoor Trojan.  This service is installed as a system driver and is part of the rootkit functionality of this infection.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.b.html0
1 9ccExecute0 12bootcfg1.exe1 00 31Added by the W32/Nemsi-B virus.55http://www.sophos.com/virusinfo/analyses/w32nemsib.html0
113Internat Conf0 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example  here48http://boards.cexx.org/viewtopic.php?p=2464#24640
1 6sysPnP0 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example  here48http://boards.cexx.org/viewtopic.php?p=2464#24640
1 8bootctrl0 12bootctrl.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 4xbtl0 11bootldr.exe1 00116Added by the Spyware.WSLogger surveillance software.  If you did not install this software it should be uninstalled.60http://www.sarc.com/avcenter/venc/data/spyware.wslogger.html0
110BootLoader0 14BootLoader.exe1 00 29Added by the WATERWORKS WORM!67http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html0
110BootLoader0 18BootLoader.exe.vbs1 00 29Added by the WATERWORKS WORM!67http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html0
112Boot Manager0 11bootmng.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
110bootpd.exe0 10bootpd.exe1 00200Identified by Kapersky as Trojan.Win32.StartPage.vk.  This infections hijacks popular search engines to another site and hijacks your start page to Premium Search which is a locally stored .html file. 01
114Microsoft Word0 14BootSector.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
421BootSkin Startup Jobs0 12BootSkin.exe1 00106Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens.42http://www.stardock.com/products/bootskin/0
321BootSkin Startup Jobs0 25bootskin.exe /StartupJobs211HKEY_LM\Run0 41BootSkin 1, 0, 6, 0, . Stardock BootSkin!39http://www.absolutestartup.com/startup/1
310BootStatus0 12BOOTST~1.EXE1 00178Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day.  Once you exit it, it has no more effect on resources 01
124[random 12 digit number]0 12bootvid4.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
3 8BootWarn0 12BootWarn.exe1 00838From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from “Start \ Programs \ Norton AntiVirus”. If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab – it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"60http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm0
3 8BootWarn0 15BootWarn.exe /a211HKEY_LM\Run0 76Norton AntiVirus 11.0.9, Symantec Corporation. Norton AntiVirus Boot Warning39http://www.absolutestartup.com/startup/1
122[random pair of words]0 12bopotsvr.exe1 00 88Added by the Troj/Shed-A.  This infection lowers the security settings on your computer.55http://www.sophos.com/virusinfo/analyses/trojsheda.html0
115[Various Names]0 12borlandg.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 6Boston0 10Boston.exe1 00 49Part of the Boston Acoustics USB speaker systems. 01
133Microsoft Synchronization Manager0  7bot.exe1 00 27Added by the SDBOT.IH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.IH0
124Microsoft Update Machine0  7bot.exe1 00143Added by the W32/Rbot-EI trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotei.html0
113winsockdriver0  7bot.exe1 00 49Added by the W32/Warpigs-D worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32warpigsd.html0
116Microsoft Update0 10Botnet.exe1 00 28Added by the  RBOT.AFL WORM!107http://de0
120Configuration Loader0  9botss.exe1 00144Added by the W32/Sdbot-XS network worm.  When started this infection connects to a remote IRC server where it waits for commands to be executed.56http://www.sophos.com/virusinfo/analyses/w32sdbotxs.html0
114WINDOWS SYSTEM0 10botzor.exe1 00 50Added by the W32/Zotob-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32zotoba.html0
118Bouncer RunStartup0 11bouncer.exe1 00374VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
115[Various Names]0 12BoundRec.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313VolumeCounter0 12BoVolume.exe111HKEY_LM\Run0 131, 0, 0, 0, .39http://www.absolutestartup.com/startup/1
217Windows Protectot0 10boxide.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
117windows protectot0 10boxide.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 3RVP0  7bpc.exe1 00 67Spyware included with the latest version of Grokster. Also see here89http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=4585;start=00
1 8bpcv2_re0 16bpc2_re_inst.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
212BigPondCable0 11bpcable.exe1 00 62Telstra Bigpond Cable login software - can be started manually 01
311bpcpost.exe0 11bpcpost.exe1 00204MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
1 5bpcv20  9BPCv2.exe1 00 18BroadcastPC adware48http://www.doxdesk.com/parasite/BroadcastPC.html0
424NetBackup Client Service0 11bpinetd.exe1 00 28The Netbackup backup client.53http://www.veritas.com/Products/www?c=product&refId=20
3 3bpk0  7bpk.exe1 00 131, 4, 7, 0, . 01
3 3BPK0  7bpk.exe1 00189Blazing Tools  Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove36http://www.blazingtools.com/bpk.html0
1 6bpkmxe0 10bpkmxe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
142Major Microsoft Windows Driver Boot loader0  9bpool.exe1 00 12Added by the38W32/Mytob-AL WORM/IRC backdoor trojan!0
115ContinueInstall0 14bpsinstall.exe1 00 19BrowserAid parasite47http://www.doxdesk.com/parasite/BrowserAid.html0
1 3bpt0  7bpt.exe1 00 18BroadcastPC adware48http://www.doxdesk.com/parasite/BroadcastPC.html0
2 6bcpc_c0  9bpt_c.exe115HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
1 4Breg0  9bptre.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
212Backpack UDF0 12bpudfmon.exe1 00175Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk20http://www.nero.com/0
315BigPond Toolbar0 12bpumTray.exe1 00202Telstra BigPond Toolbar - &quot;Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier&quot;42http://www.bigpond.com/helpcentre/toolbar/0
315BigPond Toolbar0 12bpumTray.exe111HKEY_LM\Run0 51BigPond Toolbar Version 1.50, Telstra. Toolbar Icon39http://www.absolutestartup.com/startup/1
1 4bqld0  8bqld.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215BurnQuick Queue0 10BQTray.exe1 00179System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
310BQTray.exe0 10BQTray.exe1 00180System Tray access to  BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
1 7bqvtkds0 11bqvtkds.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 10br0ken.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114WINDOWS SYSTEM0 11br32srv.exe1 00 48Added by the W32/Mytob-GL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobgl.html0
118Tok-Cirrhatus-19590 12br4941on.exe1 00 32Added by the W32/Brontok-N worm.57http://www.sophos.com/virusinfo/analyses/w32brontokn.html0
118Tok-Cirrhatus-27840 12br6591on.exe1 00 32Added by the W32/Brontok-I worm.57http://www.sophos.com/virusinfo/analyses/w32brontoki.html0
1 6Brasil0 10Brasil.exe1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
1 6Brasil0 10BRASIL.PIF1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
111BraveSentry0 15BraveSentry.exe1 00 60Added by the ADW_SPYSHERIFF.B rogue antispyware application.99http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FSPYSHERIFF%2EB&VSect=Td0
216ControlCenter2.00 12brctrcen.exe1 00 70Brother scanner 'Control Center' application - can be started manually 01
216ControlCenter2.00 21brctrcen.exe /autorun2 00 84ControlCenter2.0 2, 0, 8, 0, Brother Industries, Ltd.. ControlCenter2.0 Main Program 01
314Break_Reminder0 18BREAK REMINDER.exe2 00 94Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here34http://www.cheqsoft.com/break.html0
110WinUpdateB0 11breatle.exe1 00 31Added by the W32.Bratle.A worm.73http://www.sarc.com/avcenter/venc/data/w32.bratle.a.html#technicaldetails0
1 4Breg0  8breg.exe1 00101Added by the Adware.BroadcastPC.B adware/spyware.  File is found in %ProgramFiles%\Common Files\Java\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 9whitechix0 11brightx.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
415Brindys BriTray0 11BRITRAY.EXE1 00433Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH &amp; BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons &amp; menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired23http://www.brindys.com/0
313xBrotherMeCom0 11BrMeCom.exe1 00 37Related to Brother MFC-9200c printer. 01
214Status Monitor0 12BrMfcWnd.exe1 00 56Brother scanner status monitor - can be started manually 01
214Status Monitor0 38BrMfcWnd.exe Brother DCP-110C /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother FAX-2440C /STARTUP2 00  0 01
214Status Monitor0 38BrMfcWnd.exe Brother MFC-210C /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-3240C /STARTUP2 00  0 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-420CN /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 40BrMfcWnd.exe Brother MFC-5840CN /STARTUP2 00 74Status Monitor 1, 2, 0, 7, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-620CN /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
3 8brmfrmpa0 12BrmfRmPA.exe1 00105Brother resource manager - needed for a Brother MFC printer/copier/scanner and PC to properly communicate 01
050Brother Popup Suspend service for Resource manager0 12Brmfrmps.exe1 00 80Related to the Brother printer software. Is this necessary to run automatically? 01
115[Various Names]0 11Brong32.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114Bron-Spizaetus0 12bronstab.exe1 00 50Added by the W32/Korbo-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32korboa.html0
1 9StartMenu0 10browse.exe1 00 43Added by the Troj/Drowsy-C backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojdrowsyc.html0
1 8browsela0 12browsela.dll1 00 45A variant of the Trojan/Dldr.Delf.aeo Trojan. 01
124[random 12 digit number]0 12browser8.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
111browser aid0 14browseraid.exe1 00 31BrowserAid/BrowserPal foistware47http://www.doxdesk.com/parasite/BrowserAid.html0
316Browser Sentinel0 19BrowserSentinel.exe1 00161Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page. See here56http://www.unhsolutions.net/Browser-Sentinel/index.shtml0
1 7Browser0 11browsvr.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
2 9setdefprt0 12BrStDvPt.exe1 00 90Used to set a Brother MFC printer/copier/scanner as the default printer after installation 01
2 9SetDefPrt0 12BrStDvPt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
412BrSplService0 12brsvc01a.exe1 00150This file is an integral part of the Brother printer driver.  Disabling this service will disable communication between your computer and the printer. 01
112Fuck-The-IRC0  9brttm.exe1 00 76Added by the Troj/Wallop-A TROJAN/backdoor, and found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/trojwallopa.html0
111BookedSpace0 14bs2.dll,DllRun1 00 41Adware, related to the  Remanent parasite45http://www.doxdesk.com/parasite/Remanent.html0
118Microsoft Services0  9bsc32.exe1 00 29Added by the  BDOOR-AW TROJAN57http://www.sophos.com/virusinfo/analyses/trojbdooraw.html0
212B&#039;sCLiP0 10BSCLIP.exe1 00 80CD recording utility that comes with a lot of CDR/CDRW drives and isn't required 01
2 6BsCLiP0 10BSCLIP.exe1 00  0 01
2 7B'sCLiP0 10BSCLIP.exe1 00 80CD recording utility that comes with a lot of CDR/CDRW drives and isn't required 01
1 5sysbo0 11bsdue32.exe1 00134Added by the W32/Sdbot-UR trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotur.html0
3 9BellSouth0 27BsnAppCenter.exe /Scheduler211HKEY_LM\Run0 80Application Center 3, 1, 3049, 0, BellSouth. BellSouth Application Center Module39http://www.absolutestartup.com/startup/1
112Bsoft lppt010  9Bsoft.exe1 00195New variant of the  RapidBlaster parasite (in a &quot;BelmontSoft&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
3 9bs player0 12bsplayer.exe1 00 81BSplayer -  A video player used to play avi, mpg, wmv and other multimedia files.24http://www.bsplayer.org/0
114BS Mediaplayer0 10bsplyr.exe1 00248Added by the W32/Rbot-OU trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotou.html0
1 9WindowsFY0  7bsw.exe1 00133Identified as Trojan.Win32.Agent.ct. When run this file extracts a bmp file to the c:\ folder and sets it as your desktop background. 01
0 6BBDial0 16BT Broadband.exe2 00 21Part of BT Broandband 01
1 3vb60  8BT32.EXE1 00 12Added by the19W32/Wurmark-D WORM!0
328Bluetooth Connection Manager0 18BTCM.exe /minimize222StartUp menu\All users0 69Bluetooth Connection Manager 1.2.0, 3Com Corporation. BTCM Executable39http://www.absolutestartup.com/startup/1
218motive smartbridge0 18BTHelpNotifier.exe1 00205System tray icon for the Virtual Assistant from  BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required27http://www.bt.com/index.jsp0
218Motive SmartBridge0 18BTHelpNotifier.exe111HKEY_LM\Run0 94Motive System 5.8.13.asst_classic.smartbridge, Motive Communications, Inc.. Motive SmartBridge39http://www.absolutestartup.com/startup/1
127Microsoft Bluetooth Support0 11bthsupp.exe1 00131Added by the W32/Btbot-A worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32btbota.html0
0 6btinst0 10btinst.exe1 00 50Associated with an Anycom bluetooth wireless card. 01
1 4btmi0  8btmi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
317btmodemprotection0 21BTModemProtection.lnk1 00 55BT Privacy Online modem protection software,  see  here33http://www.btmodemprotection.com/0
310LoadBtnHnd0 10BtnHnd.exe1 00186Fujitsu Lifebook computers have some buttons on the case - they can be programmed to execute specified programs (like hotkeys).  The buttons can also be used as a combination lock input. 01
1 5btqhq0  9btqhq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9msimn.exe0  7btr.exe1 00 43Added by the W32/Bater-A mass mailing worm.55http://www.sophos.com/virusinfo/analyses/w32batera.html0
112f73cdc8ee94e0 12btsendto.exe1 00 46Associated with mysearchnow.com/searchbar.html 01
012btsetbootkey0 16BTSetBootKey.exe1 00 34Related to a USB Bluetooth adaptor 01
3 7BtStart0 11btstart.exe1 00 60Broadcorp (formerly WIDCOMM) Bluetooth Connectivity Software41http://www.widcomm.com/Partners/index.asp0
313Button Server0 12bttnserv.exe1 00220Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required 01
3 6bttray0 10bttray.exe1 00347System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device 01
3 6BTTray0 10BTTray.exe122StartUp menu\All users0 91Bluetooth Software 1.4.2 Build 10 1.4.2 Build 10, WIDCOMM, Inc.. Bluetooth Tray Application39http://www.absolutestartup.com/startup/1
3 6BTTray0 10BTTray.exe122StartUp menu\All users0 84WIDCOMM Bluetooth Software 1.2.2.4 1.2.2.4, WIDCOMM Inc.. Bluetooth Tray Application39http://www.absolutestartup.com/startup/1
1 9BTuihgter0 13BTuihgter.exe1 00 36Added by the Troj/Banloa-AAA Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloaaaa.html0
4 8BTUSRBDG0 12BtUsrBdg.exe1 00 60Used with a Mitsumi USB Bluetooth adaptor (and maybe others)33http://www.mitsumi.de/index4.html0
4 9BTUSRBDGF0 12BtUsrBdg.exe1 00 41Used with a Mitsumi USB Bluetooth adaptor33http://www.mitsumi.de/index4.html0
1 3BTV0  7btv.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 4BtvC0 12btvclean.exe1 00 87Added by the Adware.BroadcastPC.B adware/spyware.  File is found in %ProgramFiles%\BTV\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
417Bluetooth Service0 11btwdins.exe1 00 74Bluetooth driver/software used by many vendors and computer manufacturers. 01
1 6btyuyn0 10btyuyn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 9Buddyizer0 13Buddyizer.exe1 00112Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network 8#AIMster0
125System Buffer Application0 12buffer32.exe1 00 85Added by W32/Sdbot-UD, a WORM/backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotud.html0
318bugwatcher service0 14bugwatcher.exe1 00304Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures26http://www.bugtoaster.com/0
1 4bulk0  8bulk.exe1 00 50Added by the W32/Agobot-ACR worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32agobotacr.html0
414BullguardoptIn0 16bulldownload.exe1 00 28Part of  Bullguard antivirus25http://www.bullguard.com/0
313BullGuard 5.00 13BullGuard.exe111HKEY_CU\Run0 53BullGuard 5.02 5.0.2.0, BullGuard Software. BullGuard39http://www.absolutestartup.com/startup/1
4 2bg0 13bullguard.exe1 00 95Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster25http://www.bullguard.com/0
1 4rscn0 29bum&lt;random numbers&gt;.exe2 00 36Added by the Troj/DownLdr-LA Trojan.59http://www.sophos.com/virusinfo/analyses/trojdownldrla.html0
1 9SAHBundle0 10bundle.exe1 00 33ShopAtHomeSelect parasite related 7#FF00000
114VBundleOuterDL0 15BundleOuter.EXE1 00380VirtualBouncer 2.0 - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
115System settings0 12burndl32.exe1 00134Added by the W32/Sdbot-ZO worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzo.html0
211Scan Wizard0 10button.exe1 00102Associated with ScanWizard as supplied with Microtek scanners - see also  Scanner Detector or SDetect.19#Scanner%20Detector0
2 9ButtonKey0 13ButtonKey.exe1 00219CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut45http://www.scanace.com/en/product/product.php0
3 9Buzof.exe0  9buzof.exe1 00170Buzof from Basta Computing &quot;enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes&quot;34http://www.basta.com/ProdBuzof.htm0
1 9RNBc Test0 11bvldv32.exe1 00133Added by the W32/Rbot-AJF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajf.html0
1 7SysScan0  7bvt.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
1 6bwcaur0 10bwcaur.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116XupiterCfgLoader0 15BWCfgLoader.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
3 8LWBMOUSE0 12BWheel35.exe111HKEY_LM\Run0 368.0.0.0, . Mouse Control Application39http://www.absolutestartup.com/startup/1
1 8bwopljka0 12bwopljka.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221BitWare Print Monitor0 12bwprnmon.exe1 00 29FaxServe network fax software54http://www.accpac.com/products/communication/faxserve/0
218Service Connection0 10bwtray.exe1 00 32For Compaq PC's. Part of Backweb 01
1 6bwxddv0 10bwxddv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7bxfhmlb0 11bxfhmlb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8oeplugin0 14bxOEPlugin.exe1 00177noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text.33http://www.baxbex.com/nohtml.html0
1 7bxproxy0 11bxproxy.exe1 00 42Identified as a variant of DLOADER.Trojan. 01
316Boost XP Service0 13bxservice.exe1 00 48Boost XP from Systweak - WinXP tweaking utility 43http://www.systweak.com/boostxp/boostxp.htm0
316boost xp service0 13bxservice.exe111HKEY_CU\Run0 50BXP Service 1, 2, 7, 2, Systweak. Boost XP Service39http://www.absolutestartup.com/startup/1
1 5bxxs50  9bxxs5.dll1 00 20BookedSpace parasite44http://doxdesk.com/parasite/BookedSpace.html0
1 4bytq0  8bytq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7byxkryf0 11byxkryf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5httpd0  9c_pan.exe1 00 40Added by a variant of the DELF-A TROJAN! 01
138{29F97553-FBD6-33D1-BFC1-47A024D1875C}0  7c2c.dll1 00156Paradox.nfo, file_id.diz.  It also installs these files in the Windows system folder: c2c.dat.br /br /Uses CLSID: b{29F97553-FBD6-33D1-BFC1-47A024D1875C}/b. 01
0 6c32cs20 10c32cs2.exe1 00 91Part of the Cyber Sentinel Internet filtering software. Does anyone know if what this does?46http://www.securitysoft.com/new601/cs_home.htm0
4 7C4EBReg0 14c4ebreg.exe /q211HKEY_LM\Run0 534.82, IBM Global Services. IBM Standard Asset Manager39http://www.absolutestartup.com/startup/1
316Zone Labs Client0  6ca.exe111HKEY_LM\Run0 57EZ Firewall 4.5.554.000, Computer Associates. EZ Firewall39http://www.absolutestartup.com/startup/1
411ez firewall0  6ca.exe1 00 34eTrust  EZ_Armor Internet Security48http://www3.ca.com/Solutions/Product.asp?ID=32430
1 7JVM0.120  8caac.exe1 00 47Identified as Trojan-Downloader.Win32.Agent.jc. 01
121Microsoft Cab Manager0  7cab.exe1 00 77Added by the Troj/Delf-JJ Trojan!  File is found in the root of the C: drive.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
1 6Cabchk0 10Cabchk.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Cabchk320 12Cabchk32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
111CABCInstall0 15CABCInstall.exe1 00 30CABC content delivery software45http://www.cabc.com/product/product_main.html0
110[not used]0  9Cable.exe1 00 33Added by the W32/Cablenet-A worm.58http://www.sophos.com/virusinfo/analyses/w32cableneta.html0
2 6delcab0  8cabs</a>1 00  6??font 01
124[random 12 digit number]0 12cabview1.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
320Computer Alarm Clock0  7cac.exe111HKEY_LM\Run0 512.0.0.0, Think Art Computing.. Computer Alarm Clock39http://www.absolutestartup.com/startup/1
2 8Cacheman0 12Cacheman.exe1 00103Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up25http://www.outertech.com/0
3 8Cacheman0 12Cacheman.exe111HKEY_CU\Run0 40Cacheman 5, Outer Technologies. Cacheman39http://www.absolutestartup.com/startup/1
410CachemanXP0 14CachemanXP.exe1 00178CachemanXP is a system service designed to improve the performance of your computer by optimizing several caches, auto-recovering RAM and fine tuning a number of system settings.62http://www.outertech.com/index.php?_charisma_page=product&id=70
4 8CacheMgr0 12CacheMgr.exe1 00 30Sophos Antivirus Remote Update35http://www.sophos.com/products/sav/0
210CACStarter0 12cacstart.exe1 00 37Cash A Check - check writing software 01
3 4CADS0  8cads.exe1 00 42Cyber Sentinel internet filtering software46http://www.securitysoft.com/new601/cs_home.htm0
221ABBYY Community Agent0 10CAGENT.EXE1 00243Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the&nbsp;5.0 version of the software 01
2 6CAgent0 10CAgent.exe1 00100Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents27http://www.fine-reader.com/0
213CahootWebcard0 17CahootWebcard.exe1 00291The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details. Run manually when needed 01
1 8cailegus0 12cailegus.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Dir10  4caKe1 00 23Added by the CAKE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
1 6DlDir10  4caKe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
1 6CALC320 10CALC32.EXE1 00133Added by the W32/Spybot-EC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotec.html0
233Photo Express Calendar Checker SE0 12CalCheck.exe1 00 95Calendar Checker Application 1, 0, 0, 1, Ulead Systems, Inc.. Photo Express -- Calendar Checker 01
233Photo Express Calendar Checker SE0 12CALCHECK.EXE1 00253If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly 01
232Ulead Photo Express x.0 Calendar0 12calcheck.exe1 00279Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually. See here for disabling instructions33http://www.ulead.com/pe/runme.htm0
343Ulead Photo Express 4.0 SE Calendar Checker0 12CalCheck.exe122StartUp menu\All users0 95Calendar Checker Application 1, 0, 0, 1, Ulead Systems, Inc.. Photo Express -- Calendar Checker39http://www.absolutestartup.com/startup/1
222Calendar 200X Reminder0 12calendar.exe1 00 76Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc34http://www.jgraff.addr.com/cal.htm0
323Logo Calibration Loader0 21CalibrationLoader.exe122StartUp menu\All users0122CalibrationLoader 5.1 5, 0, 2, 168, LOGO Kommunikations- und Drucktechnik GmbH & Co. KG. CalibrationLoader 5.1 Application39http://www.absolutestartup.com/startup/1
1 4calk0  8calk.exe1 00 74The Troj/StartPa-FH TROJAN adds this to modify Internet Explorer settings.59http://www.sophos.com/virusinfo/analyses/trojstartpafh.html0
314CAPI - Monitor0 12CALLTRAY.exe122StartUp menu\All users0172ISDN CAPI call monitor                          1.10                            , EllSoft Software Development & Design                                  . CAPI call monitor39http://www.absolutestartup.com/startup/1
221Cal Reminder Shortcut0 10calrem.exe1 00 75Produces a pop-up reminder of events scheduled using the MS Office Calendar 01
2 8CamCheck0 12CamCheck.exe1 00 29NuCam camera software related34http://www.nucam.com.tw/index1.htm0
215Camera Detector0 12CAMDET~*.EXE1 00  073http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
215Camera Detector0 13Camdetect.exe1 00138ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically73http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
3 6cameno0 10Cameno.exe1 00 78Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above32http://www.spadeapps.com/cameno/0
2 7Camfrog0 22Camfrog Video Chat.exe211HKEY_CU\Run0 59Camfrog Launcher 1, 0, 0, 1, Camshare LLC. Camfrog Launcher39http://www.absolutestartup.com/startup/1
1 9L02qRgGtO0 12camiscon.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
220Creative WebCam Tray0 11CamTray.exe1 00 89Creative Cam Detector 3.60, Creative Technology Ltd. Creative Camera Launcher Application 01
220Creative WebCam Tray0 11Camtray.exe1 00 54Creative WebCam tray control - can be started manually 01
220Creative WebCam Tray0 11CAMTRAY.EXE111HKEY_LM\Run0 92Video Blaster WebCam Go 2.1, Creative Technology Ltd. WebCam Go Control launcher application39http://www.absolutestartup.com/startup/1
2 6Canada0 10Canada.exe1 00 53Known to be a dialler - but is it maliscous or clean? 01
1 9ASDPLUGIN0 10canada.exe1 00 21Malware adult dialer. 01
1 8Eac_Cnry0 10canary.exe1 00 28Added by the  CANARY TROJAN!56http://www.sophos.com/virusinfo/analyses/trojcanary.html0
2 6Canary0 14canary-std.exe1 00 68Canary monitoring program. Keylogger, monitors all computer activity 01
111CanerServer0  9caner.exe1 00 45Added by the Troj/Hupigon-ES backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigones.html0
0 6cap3on0 11CAP3ONN.EXE1 00 59Canon driver,  purpose unknown - is it required in startup? 01
220Capture Express 20000 10capexp.exe1 00 40Capture Express - screen capture utility30http://www.captureexpress.com/0
2 6Capfax0 10capfax.exe1 00223a  rel="nofollow" target="_blank" href="http://shop.bvrp.com/english/asp/default.asp?UserPrefLanguage=1&UserPrefCountry=3&UserPrefCurrency=4&UserPrefCurrentCompany=18&UserPrefUseVicom=1&id_product=86"PhoneTools fax software 01
2 6CapFax0 10CapFax.EXE111HKEY_LM\Run0 63Winfax - WinPhone 5.00, BVRP Software. Surveillance Capture Fax39http://www.absolutestartup.com/startup/1
3 6caping0 10CAPing.exe1 00 30Citibank Citianywhere software 01
242Canon PC1200 iC D600 iR1200G Status Window0 12CAPM1LAK.EXE1 00 26Canon P1200 printer status 01
4 5Capon0  9Capon.exe1 00 20Canon printer driver 01
4 5capon0 10Caponn.exe1 00 20Canon printer driver 01
2 4CApp0  8capp.exe111HKEY_LM\Run0 57capp Ó¦ÓĂłĚĐň 1, 1, 1, 9, . capp Microsoft »ý´ˇŔŕÓ¦ÓĂłĚĐň39http://www.absolutestartup.com/startup/1
011Captainhook0 15CaptainHook.exe1 00 26Part of the Novell Client. 01
1 7capture0 11capture.exe1 00 44Added by the Troj/Theef-B keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheefb.html0
310CaptureWiz0 14CaptureWiz.exe125StartUp menu\Current user0 541.0.0.0, PixelMetrics. CaptureWiz Pro application file39http://www.absolutestartup.com/startup/1
310CardMinder0 16CardLauncher.exe111HKEY_LM\Run0 71CardMinderApplication 2, 0, 30, 2, PFU Limited.. CardMinder Application39http://www.absolutestartup.com/startup/1
1 6Care200 10Care20.exe1 00 15TopMoxie adware49http://www.pestpatrol.com/PestInfo/t/topmoxie.asp0
3 8care2gtu0 12Care2GTU.exe1 00289Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it keep it 01
311CARPservice0 12carpserv.exe1 00126Associated with  Zoltrix modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example23http://www.zoltrix.com/0
311CARPService0 12carpserv.exe111HKEY_LM\Run0 62SoftK56 Modem Driver 6.02.05, Conexant Systems, Inc.. carpserv39http://www.absolutestartup.com/startup/1
110CARPserver0 14CARPserver.exe1 00 30Added by the BANKER-AN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeran.html0
113ConfiggLoader0 11cart322.exe1 00 28Added by the GAOBOT.DJ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dj.html0
1 6cartao0 10cartao.exe1 00 69Added by the  Troj/Banker-AY TROJAN, which will also use cartao2.exe.58http://www.sophos.com/virusinfo/analyses/trojbankeray.html0
1 8cas2stub0 12cas2stub.exe1 00 21CasinoClient Adaware!59http://sarc.com/avcenter/venc/data/adware.casinoclient.html0
3 7CasAgnt0 11CasAgnt.exe1 00 80Program by Extended Systems which allows you to sync your Casio PDA with your PC 01
3 9Casc'ADSL0 12CascADSL.exe111HKEY_LM\Run0141CascADSL 0.99 build 3329 release, El Cascador !!! / Hit Where It Hurts PROD.. Outil ADSL de reconnexion automatique et de statistiques trafic39http://www.absolutestartup.com/startup/1
110CAS Client0 13casclient.exe1 00 33Added by the Adware.CasinoClient.63http://www.sarc.com/avcenter/venc/data/adware.casinoclient.html0
112SettingValue0  8casd.exe1 00132Added by the W32/Sdbot-PGworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotpg.html0
110caseyvideo0 14CaseyVideo.exe1 00 27Malware causing p0rn popups 01
110caseyvideo0 29caseyvideo[*].exe [* = digit]2 00  0 01
1 8CashBack0 12cashback.exe1 00109Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch 01
229Cashsurfers Cashbar Navigator0 11Cashbar.Exe1 00159Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" 01
110cashfiesta0 14Cashfiesta.exe1 00 32CASHFIESTA.A pay-per-surf adware86http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_CASHFIESTA.A0
111Caspian-x270 15Caspian-x27.exe1 00 32Added by the W32/Katomik-B worm.57http://www.sophos.com/virusinfo/analyses/w32katomikb.html0
1 9cassandra0 13cassandra.exe1 00 85Melkosoft_Cassandra adware - also detected as a variant of the  WIN32.KREPPER TROJAN!48http://www.doxdesk.com/parasite/SuperSpider.html0
1 9winservit0  9cassl.exe1 00114This is an Rbot variant. This infection connects to an IRC server where it will await commands from a remote user. 01
1 7CasStub0 11casstub.exe1 00 32Added by the Troj/Cass-A trojan.55http://www.sophos.com/virusinfo/analyses/trojcassa.html0
1 9Diskstart0  7cat.exe1 00 18MS-Connect dialler 01
229Quick Heal On-Line Protection0 10CATEYE.EXE111HKEY_LM\Run0 55CATEYE Application 1, 0, 0, 1, . CATEYE MFC Application39http://www.absolutestartup.com/startup/1
429Quick Heal On-Line Protection0 10Cateye.exe1 00 26Quick Heal - virus scanner33http://www.quickheal.com/qh95.htm0
124(random 12 digit number)0 12catsrvps.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
412ComPlusSetup0 12catsrvut.dll1 00 22Part of Microsoft Com+ 01
119Norton Live Updater0 12Cavapsvc.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
4 6cavrid0 10CAVRID.exe1 00 21eTrust™  EZ_Antivirus156http://home.ca0
4 6CAVRID0 10CAVRID.exe111HKEY_LM\Run0128Computer Associates Antivirus  Version 11.0.6.7, Computer Associates International, Inc.. CA Antivirus Realtime Infection Report39http://www.absolutestartup.com/startup/1
4 4CAVS0  8CAVS.exe1 00 31Cheyenne (now eTrust) antivirus14http://ca.com/0
3 7VetTray0 11CAVTray.exe1 00125Computer Associates Antivirus Version 11.0.8.1, Computer Associates International, Inc.. CA Antivirus System Tray Application 01
4 8caavtray0 11CAVTray.exe1 00 21eTrust™  EZ_Antivirus156http://home.ca0
4 8CaAvTray0 11CAVTray.exe111HKEY_LM\Run0125Computer Associates Antivirus Version 11.0.6.7, Computer Associates International, Inc.. CA Antivirus System Tray Application39http://www.absolutestartup.com/startup/1
3 6caxchg0 10caxchg.exe1 00 32Used by a USB Flash card reader. 01
1 8CAZNOVAS0 12CAZNOVAS.exe1 00 26Added by the CAZNO TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cazno.html0
1 9CBACK.EXE0  9CBACK.EXE1 00 44Added by the Troj/Penta-A downloader trojan.56http://www.sophos.com/virusinfo/analyses/trojpentaa.html0
1 3Gvf0  7Cbd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6system0  8cber.exe1 00 32Added by an unidentified TROJAN! 01
1 6ICQMsn0  9cbfks.exe1 00135Added by the Troj/Ranck-AH proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckah.html0
4 7cbidf2k0 11cbidf2k.sys1 00 66CardBus/PCMCIA IDE Miniport Driver Added by Microsoft Corportation 01
1 4cbjj0  8cbjj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4cbph0  8cbph.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
211CallBumping0 10cbpopw.exe1 00  2?? 01
138Microsoft System Restore Configuration0  9CBRSS.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
3 7CBWAttn0 11CBWAttn.exe1 00 77Required for  Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
3 7CBWUser0 11CBWDial.exe1 00 99Associated with  Bitware that integrates fax, voice, pager, and data communications on your desktop53http://www.accpac.com/products/communication/bitware/0
3 7CBWHost0 11CBWHost.exe1 00 77Required for  Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
115SQConfigChecker0  6cc.exe1 00145Xupiter SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants44http://www.doxdesk.com/parasite/Xupiter.html0
3 5ccApp0  9ccApp.exe111HKEY_LM\Run0 88Client and Host Security Platform 103.0.3.8, Symantec Corporation. Symantec User Session39http://www.absolutestartup.com/startup/1
1 9ccApp.exe0  9ccApp.exe1 00143Added by the W32/Rbot-HJ trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothj.html0
119Norton Auto-Protect0  9ccApp.exe1 00170Added by the  W32.Ahker.D  WORM! **Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid  Norton_AV_2003 file with the same filename75http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.d@mm.html0
1 8Symantec0  9ccapp.exe1 00 41Added by the W32/Lebreat-A backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32lebreata.html0
4 5ccApp0  9ccApp.exe1 00  0 01
4 5ccApp0  9ccApp.exe1 00 92Part of  Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this37http://www.symantec.com/nav/nav_9xnt/0
120Antivirus Protection0 10CCapp1.exe1 00 48Added by the W32/Rbot-BMG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbmg.html0
111ServicesLog0 11ccapp32.exe1 00132Added by the W32/Rbot-AMX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamx.html0
129Symantec Configuration Loader0 11ccApp32.exe1 00 38Added by a variant of the GAOBOT WORM!83http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.hllw.gaobot.gen.html0
110HP Desktop0 11ccappms.exe1 00 12Added by the38W32/Sdbot-TG WORM/IRC backdoor trojan!0
1 6ccApps0 10ccApps.exe1 00 33Added by the W32/Kangaroo-B worm.58http://www.sophos.com/virusinfo/analyses/w32kangaroob.html0
1 6SymRun0 10ccApps.exe1 00132Added by the Troj/Kagen-A Trojan. The Trojan also creates and then opens the file kangen.doc which contains a message in Indonesian.56http://www.sophos.com/virusinfo/analyses/trojkagena.html0
112blah service0 12CCAPPS32.EXE1 00 27Added by the  RBOT.TV WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TV&VSect=P0
420CCDoctorLogonTesting0 12ccdoctor.exe1 00369Checks your system to make sure it's configured properly for running Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product52http://www.rational.com/products/clearcase/index.jsp0
4 7ccenter0 11CCenter.exe1 00 13RAV AntiVirus28http://www.ravantivirus.com/0
4 8CcEvtMgr0 12ccEvtMgr.exe1 00219Part of  Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this37http://www.symantec.com/nav/nav_9xnt/0
116nortonsantivirus0 13ccEvtMngr.exe1 00 29Added by the HZDOOR-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojhzdoora.html0
112sunjavasched0 13ccEvtMngr.exe1 00 26Added by the  W32/Sdbot-YP56http://www.sophos.com/virusinfo/analyses/w32sdbotyp.html0
112ccEvtMrg.exe0 12ccEvtMrg.exe1 00 27Added by the  RBOT.GZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GZ&VSect=T0
1 7ccfrbwl0 11ccfrbwl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ccHelp0 10ccHelp.hta1 00 14Searchq adware54http://sarc.com/avcenter/venc/data/adware.searchq.html0
1 3Kpf0  7Ccl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8ccleaner0 18ccleaner.exe /AUTO211HKEY_CU\Run0 33CCleaner 1.19.0105, CCleaner.com.39http://www.absolutestartup.com/startup/1
214CorrectConnect0 12CConnect.exe1 00 89Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available 01
3 7ccProxy0 11CCPROXY.EXE1 00206Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage 01
436Symantec Password Validation Service0 12ccPwdSvc.exe1 00 84Used by Symantec products 2003/2004 possibly to allow certain users Internet access. 01
4 8CcPxySvc0 12CCPXYSVC.exe1 00145Part of Norton's  AntiVirus 2003,  Internet Security and  Firewall products. E-mail proxy service - required for E-mail scanning and the firewall37http://www.symantec.com/nav/nav_9xnt/0
118real statics agent0 10ccreal.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
4 8ccRegVfy0 12ccRegVfy.exe1 00 89Common Client 1.0.10.006, Symantec Corporation. Common Client Registry Integrity Verifier 01
4 8CcRegVfy0 12ccRegVfy.exe1 00203Part of  Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"37http://www.symantec.com/nav/nav_9xnt/0
4 8ccSetMgr0 12ccSetMgr.exe1 00 48Part of Norton AntiVirus 2004.  What does it do? 01
120Configuration Loader0 10ccSort.exe1 00 28Added by the AGOBOT.SR WORM!84http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_AGOBOT.SR0
126Sygate Personals Firewalls0  9ccsrn.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110WINTASKMGR0  9ccsrs.exe1 00 36a Mytob WORM variant adds this file.55http://www.sophos.com/virusinfo/analyses/w32mytobn.html0
112Norton Start0 11ccStart.exe1 00134Added by the W32/Sdbot-OX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotox.html0
110ccsvit.exe0 10ccsvit.exe1 00 36Added by the Troj/StartPa-HP Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpahp.html0
1 8nortonav0 11CCUPD32.EXE1 00 40Added by an unidentified WORM or TROJAN! 01
1 8ccUpdate0 12ccUpdate.exe1 00 28Added by the AGOBOT.YS WORM!99http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.YS&VSect=T0
113Norton Update0 12ccUpdate.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
313CD Eject Tool0 17CD Eject Tool.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
111CashToolbar0 11CD_Load.exe1 00 32CashToolbar Downloader-MY adware43http://vil.nai.com/vil/content/v_126801.htm0
1 6Cydoor0 11CD_Load.exe1 00  0 01
1 6CyDoor0 11CD_Load.exe1 00 90Adware. Check here for information about Cy-Door and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
112CydoorUpdate0 11CD_Load.exe1 00  030http://www.cexx.org/cydoor.htm0
1 3cd10  7cd1.exe1 00 34Premium rate adult content dialler 01
119Auto CD-ROM Startup0 12cdaccess.exe1 00 12Added by the38W32/Rbot-AAU WORM/IRC backdoor trojan!0
118Microsoft software0 12cdaccess.exe1 00 27Added by the RBOT.ABK WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABK0
315WildTangent CDA0 33cdaEngine0400.dll",cdaEngineMain"111HKEY_LM\Run0 91Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
215WildTangent CDA0 17cdaEngine0500.dll111HKEY_LM\Run0 90WildTangent Game Loader 5.0.0.190, WildTangent, Inc.. WildTangent Automatic Update Manager39http://www.absolutestartup.com/startup/1
2 8CDANTSRV0 12CDANTSRV.exe1 00234C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually 01
1 5Cdsys0  8cdcd.sys1 00 34Added by the Troj/Agent-IA Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentia.html0
1 8Cdcompat0 12Cdcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 7cddrv320 11cddrv32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
312Hot CD Eject0 11cdeject.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Cool Desk0  9cdesk.exe1 00239Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you25http://www.shelltoys.com/0
2 5bjcfd0  7cdf.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
213CDInterceptor0  7cdi.exe1 00 48CD indexer for measuring the speed of CD players 01
112gi17288234470  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
111gi2910297020  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
111gi6811606390  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
110MS-Connect0  7cdm.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
314CD Organizer 40  7cdo.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 9SystemTra0 10CDPlay.EXE1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
312XCP CD Proxy0 15CDProxyServ.exe1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
116cdrom controller0 14cdromcntrl.exe1 00 35Added by the  TROJ/BATTRY-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojbattrya.html0
1 3cds0  7cds.exe1 00 45Added by the Backdoor.Spymon backdoor Trojan.76http://www.sarc.com/avcenter/venc/data/backdoor.spymon.html#technicaldetails0
310CDSlow 2.10 10cdslow.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
217cd storage master0 14cdstorager.exe1 00131CD_Storage_Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection.26http://www.cdstorager.com/0
224KeyStone Version Control0 15cdtpUpdater.exe111HKEY_LM\Run0 44cdtpUpdater 1.00, KeyStone Learning Systems.39http://www.absolutestartup.com/startup/1
2 6CDTray0 10CDTray.exe1 00 53On HP PCs, this is the small CD icon next to the time 01
1 6Update0 13CDUpdater.exe1 00 45Carpe Diem adult premium rate dialler related 01
3 7cadenza0 10CdzSvc.exe1 00 98Cadenza  mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices67http://www.sofotex.com/Cadenza-mNotes-Pocket-PC-download_L8061.html0
3 6CeEKEY0 10CeEKey.exe1 00269It is for Toshiba laptops and enables the use of some of the special Fn keyboard keys, such as speaker on/off, hybernate, powermanagement, etc. If not running, those keys do not function. But the utility may be manually started at any time from Start Menu/Toshiba/E-Key 01
3 6CeEKEY0 10CeEKey.exe111HKEY_LM\Run0 75EKey Application 2, 1, 0, 7, COMPAL ELECTRONIC INC.. TOSHIBA HotKey Utility39http://www.absolutestartup.com/startup/1
2 4Ceic0  8Ceic.exe1 00  2?? 01
1 7ceimwfp0 11ceimwfp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 10Celine.scr1 00 43Added by the Troj/Celine-A backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojcelinea.html0
1 9CEventMgr0  8Cell.exe1 00 45Added by the Troj/Bifrose-AK backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifroseak.html0
314control center0 10Center.exe1 00 26Related to  Asus WLAN Card20http://www.asus.com/0
324ASUS WLAN Control Center0 10Center.exe125StartUp menu\Current user0 91Wireless LAN Card Utilities 1.0.0.0, ASUSTeK COMPUTER INC.. ASUS Control Center Application39http://www.absolutestartup.com/startup/1
3 8CeEPOWER0 12cepmtray.exe1 00249Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times 01
3 8CeEPOWER0 12CePMTray.exe111HKEY_LM\Run0 78CeTray Application 1, 1, 0, 12, COMPAL ELECTRONIC INC.. CeTray MFC Application39http://www.absolutestartup.com/startup/1
126Advanced Internet Protocol0  8cerf.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
313SetecCertUtil0 12Certutil.exe1 00196Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV 01
2 3CFD0  7CFD.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
2 5BJCFD0  7CFD.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
240Corel Colleagues &amp;Contacts Reminders0 10cffrem.exe1 00131Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office43http://www.corel.com/printoffice_v1/ccc.htm0
236Corel Colleagues &Contacts Reminders0 10cffrem.exe1 00135Corel Colleagues &amp; Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office43http://www.corel.com/printoffice_v1/ccc.htm0
235Corel Family &amp;Friends reminders0 10CFFREM.EXE1 00108Corel Family & Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic67http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm0
231Corel Family &Friends reminders0 10CFFREM.EXE1 00112Corel Family &amp; Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic67http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm0
1 3cfg0  7cfg.exe1 00 41Added by the W32/Bdoor-ZAR backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32bdoorzar.html0
1 8cfgboost0 11cfgboot.exe1 00 40Added by an unidentified WORM or TROJAN! 01
117Microsoft Runtime0 12CfgDll32.exe1 00 28Added by the RANDEX.BD WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bd.html0
4 8cfgintpr0 12cfgintpr.exe1 00 61Configuration Interpreter - part of Tiny Personal Firewall V444http://www.tinysoftware.com/home/tiny2?la=EN0
112cfgmgr51.dll0  8cfgmgr511 00106A bookedspace malware variant.  It is started with this command: RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun 01
1 8cfgmgr510 12cfgmgr51.dll1 00106A bookedspace malware variant.  It is started with this command: RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun 01
2 8cfgmgr510 19cfgmgr51.dll,DllRun111HKEY_LM\Run0 91Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
113Wins32 Online0 11cfgpwnz.exe1 00 37Added by W32/Rbot-WN, a network WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwn.html0
314Printer Update0 10CFGREG.EXE1 00101Maybe a registration reminder or automatically updates drivers or application software for a printer? 01
310ConfigSafe0 11CFGSAFE.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
2 5load=0 12cfgsys32.exe1 00  2?? 01
2 6cfgwiz0 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
2 9IS CfgWiz0 10cfgwiz.exe1 00 45Norton Internet Security configuration wizard 01
210NAV CfgWiz0 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
224NAV Configuration Wizard0 10cfgwiz.exe1 00  0 01
218Norton SystemWorks0 10cfgwiz.exe1 00117Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it 01
2 9IS CfgWiz0 87cfgwiz.exe "/GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"2 00 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component 01
210NAV CfgWiz0 39CfgWiz.exe "/GUID NAV /CMDLINE "REBOOT"211HKEY_LM\Run0 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component39http://www.absolutestartup.com/startup/1
2 9IS CfgWiz0 39cfgwiz.exe "/GUID NIS /CMDLINE "REBOOT"2 00 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component 01
218Norton SystemWorks0 68cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz2 00  0 01
318Norton SystemWorks0 68cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz211HKEY_CU\Run0 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component39http://www.absolutestartup.com/startup/1
210NAV CfgWiz0 84CfgWiz.exe /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE REBOOT2 00 81Symantec Shared Components 6.0, Symantec Corporation. Symantec Internal Component 01
2 9IS CfgWiz0 86cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"2 00 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component 01
218Norton SystemWorks0 55CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}2 00 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component 01
210NAV CfgWiz0 13Cfgwiz.exe /R2 00 83Norton AntiVirus 9.00.67, Symantec Corporation. Norton AntiVirus Information Wizard 01
120Configuration Wizard0 12Cfgwiz32.exe1 00127Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C0
316TMA distribution0 10cfinst.exe1 00143Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients 01
1 7cflkcsv0 11cflkcsv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9CTMON.EXE0  9cfmon.exe1 00 34Added by the Troj/Clckr-AN Trojan.57http://www.sophos.com/virusinfo/analyses/trojclckran.html0
121Sound Sservice Driver0  9cfmon.exe1 00 26Added by a CodBot variant. 01
0 7cFosDNT0 11cFosDNT.exe1 00 30cFos DSL Modem driver related.31http://www.cfos.de/index2_e.htm0
014cFosInst_Check0 12cfosinst.exe1 00  031http://www.cfos.de/index2_e.htm0
3 9cfosspeed0 13cFosSpeed.exe1 00 13cFos_Software31http://www.cfos.de/index2_e.htm0
435warning: do not remove it! (system)0 10cfpsys.exe1 00 88Folder_Password_Protect A program that lets you set a password on folders of your choice31http://www.protect-folders.com/0
211CFSServ.exe0 11CFSServ.exe1 00109CFSServ.exe is a Toshiba Laptop utility that allows you to easily change computer settings in a quick manner. 01
311CFSServ.exe0 21CFSServ.exe -NoClient211HKEY_LM\Run0 91ConfigFree(TM) 5, 0, 0, 0, TOSHIBA. ConfigFree(TM) Search for Wireless Devices Version 5.0039http://www.absolutestartup.com/startup/1
1 5mscfs0  9cfsys.dll1 00106Added by the Trojan.Ourxin adware Trojan.  This infection will display popups on the compromised computer.74http://www.sarc.com/avcenter/venc/data/trojan.ourxin.html#technicaldetails0
1 6ctfmon0 10cftmon.exe1 00 12Added by the34Troj/Delbot-B TROJAN/IRC backdoor!0
113SFtrb Service0 11cftrb32.exe1 00 26Added by the SOBIG.D WORM!62http://www.symantec.com/avcenter/venc/data/w32.sobig.d@mm.html0
1 7SysTray0 12cfustums.dll1 00102Added by the Troj/Small-XG dropper Trojan.br /br /Uses CLSID: bd01c70ce-f7f1-4718-89d0-0285a4a8d020/b.57http://www.sophos.com/virusinfo/analyses/trojsmallxg.html0
1 3cfy0  7cfy.exe1 00 43Surfenhance.com  SearchForIt adware variant79http://securityresponse.symantec.com/avcenter/venc/data/adware.searchforit.html0
1 4cgch0  8cgch.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cgdsva0 10cgdsva.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119CGI Firewall Script0 12CGIAGENT.EXE1 00107Added by the W32/Bropia-U P2P worm.  This infection also creates the file C:\Windows\System32\fatpammy.exe.56http://www.sophos.com/virusinfo/analyses/w32bropiau.html0
225Norton Crashguard Monitor0 10cgmenu.exe1 00100Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001 01
3 8CGServer0 12cgserver.exe1 00270Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs42http://www.eicon.com/worldwide/default.htm0
115Cgtask Services0 10cgtask.exe1 00 27Added by the LALA.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.b.html0
130microsoft windows files loader0 12cgy32win.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6Cgywin0 12cgywin32.exe1 00134Added by the W32/Rbot-AEI  worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaei.html0
3 9ChamClock0 13ChamClock.exe1 00 47Chameleon Clock - system tray clock replacement30http://www.softshape.com/cham/0
216ChangeResolution0 20ChangeResolution.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117PSD Tools Channel0 13ChannelUp.exe1 00 17BuddyLinks adware72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1010070
112COMSurrogate0  8char.exe1 00 34Added by the Troj/Erazer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojerazera.html0
1 7[value]0 13charmapnt.exe1 00 53Added by the Troj/Bancos-DR password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosdr.html0
314System startup0 12charmapx.exe1 00 43Only required if using an oriental language 01
126Mapa de caracteres para NT0 13charmmpxp.exe1 00 52Added by the Troj/Bancos-KG Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancoskg.html0
011Bingo Charm0 10charms.exe1 00 84Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? 01
2 8Chatango0 12Chatango.exe1 00582Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately24http://www.chatango.com/0
2 8ChatWork0 12chatwork.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 8chcenter0 12chcenter.exe1 00 40HiJaak Professional 5.00, IMSI. chcenter 01
2 8Chcenter0 12chcenter.exe1 00 86IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"49http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
2 8Shcenter0 12chcenter.exe1 00  049http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
1 8chckntfs0 12chckntfs.exe1 00 50Added by the W32/Tilebot-EF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotef.html0
1 8chddrich0 12chddrich.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5che320 11che.ocx.vbs1 00 40Added by the WM97/Adenu-B prepend virus.56http://www.sophos.com/virusinfo/analyses/wm97adenub.html0
1 8GigaByte0 11Cheatle.exe1 00 27Added by the SHODI.B VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html0
316erecoveryservice0  9check.exe1 00157Acer Notebook related - Acer eRecovery allows the user to restore the operating system or backup the current system profile,  thus ensuring system integrity. 01
111mspaint.exe0 11check32.exe1 00 29Added by the AGENT.AH TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentah.html0
222checkcustomworksupdate0 17CheckCWupdate.exe1 00110Update checker,  part of  CustomWorks - "customize any embroidery designs to design your own unique creations"78http://www.designersgallerysoftware.com/products/product.asp?Product_ID=EDG-CW0
338WashAndGo - Cleanup of old Backupfiles0 11checker.exe1 00 29WashAndGo - temp file cleaner38http://www.abelssoft.com/washandgo.htm0
338WashAndGo - Cleanup of old Backupfiles0 18checker.exe /check2 00  0 01
310CheckIt 860 13CheckIt86.exe1 00 43Used to launch the CheckIt86 Popup blocker.69http://www.smithmicro.com/default.tpl?group=product_full&sku=C86WINEE0
122Registry Startup Check0 12checkreg.exe1 00 35Added by the Troj/RemLoad-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojremloada.html0
1 8WDNDrive0 11chgsprt.sys1 00 36Added by the Troj/Haxspy-A backdoor.57http://www.sophos.com/virusinfo/analyses/trojhaxspya.html0
138(3F143C3A-1457-6CCA-03A7-7AA23B61E40F)0  9child.dll1 00105Added by the Troj/Small-EX backdoor Trojan.br /br /Uses CLSID: b(3F143C3A-1457-6CCA-03A7-7AA23B61E40F)/b.57http://www.sophos.com/virusinfo/analyses/trojsmallex.html0
116OutPost FireWall0  9child.dll1 00105Added by the Troj/Small-ER backdoor Trojan.br /br /Uses CLSID: b(4F141CBA-1457-6CCA-03A7-7AA21B61EA0F)/b.57http://www.sophos.com/virusinfo/analyses/trojsmaller.html0
1 5eixfi0  9china.bat1 00 25Added by the WCUP.A WORM!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A0
110china11msn0 14CHINA11MSN.EXE1 00 31Added by the  W32.ENVID.O WORM!62http://www.symantec.com/avcenter/venc/data/w32.envid.o@mm.html0
2 8ChkAdmin0 12CHKADMIN.EXE1 00 79CHKADMIN Application 5.00 K1, Hewlett-Packard Company. CHKADMIN MFC Application 01
2 8CHKADMIN0 12CHKADMIN.EXE1 00129Compaq Network Management System. When running, it places an icon in the system tray titled &quot;Intelligent Manageability&quot; 01
114AdobeReaderPro0 11chkdisk.exe1 00 48Added by the W32/Rbot-BDV worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbdv.html0
110Disk check0 13chkdisk32.exe1 00 36Added by the Troj/DownLdr-IM Trojan.59http://www.sophos.com/virusinfo/analyses/trojdownldrim.html0
142Users service for disk management requests0 12CHKDSK32.EXE1 00 44Added by the Troj/Telemot-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtelemota.html0
142Disk management service for users requests0 12CHKDSK64.exe1 00 44Added by the Troj/Telemot-B backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtelemotb.html0
1 3chk0  8chke.dll1 00 48Added by the Troj/Geoload-A/a downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojgeoloada.html0
122Microsoft DLL Verifier0 11chkfile.exe1 00142Added by the W32/Rbot-AOC worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaoc.html0
211PE2CKFNT SE0 11ChkFont.exe1 00  0 01
211Pe2ckfnt SE0 11chkfont.exe1 00165Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu 01
2 7chkhbci0 11chkhbci.exe1 00 47Smart Card reader software for  Omnikey readers23http://www.omnikey.com/0
115LoadPowerScheme0 10chkreg.dll1 00  076http://securityresponse.symantec.com/avcenter/venc/data/dialer.ulubione.html0
113RegistryCheck0 10chkreg.dll1 00 50Added by the Dialer.Ulubione premium adult dialer.76http://securityresponse.symantec.com/avcenter/venc/data/dialer.ulubione.html0
311ChangeLines0 12chngline.exe1 00  2?? 01
310ChoiceMail0 14ChoiceMail.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5Choke0 16Choke.exe -blahh2 00 24Added by the CHOKE WORM!62http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html0
1 5Choke0 15Choke.exe-blahh1 00 24Added by the CHOKE WORM!62http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html0
1 7chostsv0 11chostsv.exe1 00 30Added by the BANPAES.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.c.html0
138(429F4BB8-7BF7-4152-8011-3C6F9EB7E892)0  7chp.dll1 00109Added by the Troj/Spabot-E spam mailing Trojan.br /br /Uses CLSID: b(429F4BB8-7BF7-4152-8011-3C6F9EB7E892)/b.57http://www.sophos.com/virusinfo/analyses/trojspabote.html0
1 6Zacker0 13Christmas.exe1 00138Added by the W32/Maldal-C mass-mailing worm.  This infection displays a picture of Santa with the words "From the heart, Happy new year!".56http://www.sophos.com/virusinfo/analyses/w32maldalc.html0
315ChronitelInitTV0 12CHTVINIT.EXE1 00  2?? 01
110cihost.exe0 10cihost.exe1 00 26Added by the LINST TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
121Microsoft Data Helper0 10cihost.exe1 00 47Malware, possibly a variant of the LINST TROJAN73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
1 4ciip0  8ciip.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213CIJxP2PSERVER0 12CIJxP2PS.EXE1 00157Compaq printer utility which is required in order to make the printer work correctly - &quot;x&quot; depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 01
1 6NTdhcp0 10CiKewl.exe1 00 42Added by the Troj/QQRob-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobn.html0
110[not used]0 24cinderawasih-4321427.exe1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
152Software\Microsoft\Windows\CurrentVersion\Runprocess0  9cipsn.exe1 00 86Added by the W32/Forbot-DM worm. This infection spreads using the LSASS vulnerability.57http://www.sophos.com/virusinfo/analyses/w32forbotdm.html0
119autovirusprotection0  9ciscv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
214CISrvr Program0 10CISRVR.EXE1 00 40Related to internet setup on Compaq PC's 01
1 5Cissi0  9Cissi.exe1 00 26Added by the CISSI.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.cissi.a@mm.html0
315FamilyKeyLogger0  9cisvc.exe1 00147Family Keylogger - is your best choice, if you want to know what other users on your machine are typing. Note! - this is not the cisvc.exe service.42http://www.spyarsenal.com/familykeylogger/0
3 7citiucs0 11CitiUCS.exe1 00 33Citibank  Virtual_Account_Numbers52http://www.citibank.com/us/cards/tour/cb/shp_van.htm0
2 7CitiVAN0 11CitiVAN.exe1 00140Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again24http://www.citibank.com/0
2 7CitiVAN0 28CitiVAN.exe /dontopenmycards2 00100Virtual Account Numbers 3, 7, 0, 0, 134, Orbiscom Ltd. All rights reserved.. Virtual Account Numbers 01
3 7CitiVAN0 28CitiVAN.exe /dontopenmycards211HKEY_LM\Run0100Virtual Account Numbers 3, 7, 0, 0, 134, Orbiscom Ltd. All rights reserved.. Virtual Account Numbers39http://www.absolutestartup.com/startup/1
122Windows Loader Service0  9civsc.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 4cixl0  8cixl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4CJET0  8CJet.exe1 00 45Added by the Adware.FFToolBar adware toolbar.60http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html0
1 5cjiss0  9cjiss.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7Cjstcom0 11Cjstcom.exe1 00 40Canon printer BJ status language monitor 01
228Canon Printer Monitor BJCxxx0 11Cjstlst.exe1 00 77Trayicon for Canon printer. xxx denotes model. Available via Start - Programs 01
221BJ Status Monitor 5xx0 11CJSTRxx.EXE1 00158Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer - Printers 01
225BJ Printer Status Monitor0 10Cjstsr.exe1 00 31Canon BJ printer status monitor 01
312SymKeepAlive0  7CKA.exe1 00 72Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive44http://www.symantec.com/sabu/sysworks/basic/0
312SymKeepAlive0  7CKA.exe111HKEY_CU\Run0 73Norton SystemWorks 2003.6.57, Symantec Corporation. Connection Keep Alive39http://www.absolutestartup.com/startup/1
1 4ckmv0  8ckmv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8startkey0  9CKOTS.exe1 00 45Added by the Troj/Bifrose-HM backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifrosehm.html0
1 7ckwvjhv0 11ckwvjhv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 10clamav.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
4 7ClamWin0 12ClamTray.exe1 00 17ClamWin antivirus23http://www.clamwin.com/0
4 7ClamWin0 20ClamTray.exe --logon211HKEY_LM\Run0 47ClamWin Antivirus 0.83, alch. ClamWin Antivirus39http://www.absolutestartup.com/startup/1
1 8Registry0 21class0117[random].exe1 00 38Added by the Spyware.Blackbox spyware.60http://www.sarc.com/avcenter/venc/data/spyware.blackbox.html0
1 8clbcatex0 12clbcatix.dll1 00 44Identified as Trojan-Clicker.Win32.Agent.ct. 01
3 8clboot320 12CLBOOT32.EXE1 00 71PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed52http://www.vector-networks.com/pc-duo-remote-control0
322pc-duo system snapshot0 12CLBOOT32.EXE1 00 71PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed53http://www.vector-networks.com/pc-duo-remote-control/0
3 7CLCLSet0  8CLCL.exe1 00 30CLCL clipboard caching utility 01
113clean_service0 17clean_service.cmd1 00 29Added by the  W32.Refaz WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.refaz.html0
312CleanEasyImg0 12cleanall.exe1 00  2?? 01
316CleanDiskAutoRun0 13cleandisk.exe111HKEY_LM\Run0 61HS CleanDisk Pro 4.2.1, Yenicag Bilisim Ltd. HS CleanDisk Pro39http://www.absolutestartup.com/startup/1
311FoxeCleaner0 14Cleaner.exe /i2 00 60Foxie Registry Cleaner 1.0.0.1, Team Foxie. Registry Cleaner 01
312cleanregpath0 12CleanReg.exe1 00 37Apparently Annex A ADSL modem related 01
3 9CleanTemp0 12CLEANT~1.EXE1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
3 9CleanTemp0 13CLEANT~1.EXEB1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
3 9cleantemp0 26CLEANT~1.EXEBCleanTemp.exe1 00  044http://www.html2exe.com/mnu/dl/dl.shtml#free0
212CleanTempDir0 13CleanTemp.bat122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
3 9CleanTemp0 13CleanTemp.exe1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
314CleanupProgram0 11cleanup.exe1 00 44In a C:\Sony\sys folder - Sony Vaio related? 01
3 8CleanUp!0 27Cleanup.exe /WindowsRestart215HKEY_CU\RunOnce0112Windows CleanUp! 3.0, Steven R. Gould. Removes temporary files. Frees disk space and helps protect privacy!  :-)39http://www.absolutestartup.com/startup/1
3 7itweaku0  9Clear.exe1 00 19Related to  ItweakU36http://www.tucows.com/preview/1943470
110clfmon.exe0 10clfmon.exe1 00 35Added by the  TROJ/AGENT-BJ TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbj.html0
212ati catalyst0  7CLI.exe1 00235System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLE.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop 01
3 6ATICCC0 15cli.exe runtime2 00383ATI's CATALYST™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start - Programs - ATI Catalyst Control Center - Advanced - Restart Runtime 01
224ATI CATALYST System Tray0 18CLI.exe SystemTray2 00235System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop 01
324ATI CATALYST System Tray0 18CLI.exe SystemTray222StartUp menu\All users0 50ACE 1.0.1718.38664, ATI Technologies Inc.. CLI.EXE39http://www.absolutestartup.com/startup/1
3 6Vonage0 14click2call.exe1 00 43Vonage Voice over IP Internet phone service31http://www.vonage.com/index.php0
2 7ClickMe0 11ClickMe.exe1 00 22ClickM  "JOKE" program75http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_CLICKME.A0
3 8Clickoff0 12Clickoff.exe1 00 54Clickoff automatically dismisses annoying dialog boxes47http://www.johanneshuebner.com/en/clickoff.html0
217Click Radio Tuner0 12clickr~1.exe1 00 70ClickRadio - subscription service playing radio music via the internet35http://www.clickradio.com/home.html0
219Click Tray Calendar0 12ClickT~1.EXE1 00 81ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc55http://waseo.de/en/Freeware2/ClickTrayE/clicktraye.html0
316Express ClickYes0 12ClickYes.exe111HKEY_CU\Run0 39Express ClickYes 1.1, ContextMagic.com.39http://www.absolutestartup.com/startup/1
1 8CLICONFG0 12CLICONFG.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
0 9pagmstart0 10client.exe1 00 25Possibly related to this? 7#FF00000
2 9DigiGuide0 10client.exe1 00 43Client 7.0, GipsyMedia Limited. Client code 01
2 9DigiGuide0 10CLIENT.EXE1 00 21TV guide and reminder 01
314Client Default0 10Client.exe1 00176A href="http://www.samurize.com/modules/news/"  rel="nofollow" target="_blank"Samurize is a system monitoring and desktop enhancement engine for Microsoft Windows 2000/XP/2003. 01
1 7piaoyes0 10client.exe1 00 37Added by the Backdoor.Djump backdoor.58http://www.sarc.com/avcenter/venc/data/backdoor.djump.html0
214Client Default0 20Client.exe i=Default225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
2 9DigiGuide0 12client01.exe1 00 21TV guide and reminder 01
1 7WIN32DS0 15clienttimer.exe1 00  056http://www.sarc.com/avcenter/venc/data/adware.eziin.html0
1 6WIN32i0 15clienttimer.exe1 00 44Added by the Adware.Eziin homepage hijacker.56http://www.sarc.com/avcenter/venc/data/adware.eziin.html0
1 7win32io0 15clienttimer.exe1 00 22Added by  Eziin adware60http://www.symantec.com/avcenter/venc/data/adware.eziin.html0
2 9clipdiary0 13clipdiary.exe111HKEY_CU\Run0 61ClipDiary Application 1, 0, 0, 1, . ClipDiary MFC Application39http://www.absolutestartup.com/startup/1
3 9clipdiary0 13clipdiary.exe1 00 61ClipDiary Application 1, 1, 0, 0, . ClipDiary MFC Application 01
3 9ClipMate60 12ClipMate.exe1 00168Clipmate is a program that runs in your task bar and captures/saves any data you copy to the clipboard.  You can then retrieve this data at a later date using Clipmate.25http://www.thornsoft.com/0
3 9ClipMate60 12ClipMate.exe111HKEY_CU\Run0 72ClipMate Clipboard Extender 6.5, Thornsoft Development, Inc.. ClipMate 639http://www.absolutestartup.com/startup/1
210ClipMate5x0 12ClipMt5x.exe1 00128Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs44http://www.thornsoft.com/ProductOverview.asp0
2 9Clipmate60 12CLIPMT60.EXE1 00126Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs35http://www.thornsoft.com/new_60.htm0
2 9ClipMate60 12ClipMt63.exe1 00131Clipmate allows you to store clips of text that you can then assign to hotkeys that will paste that information back to a document.25http://www.thornsoft.com/0
210Clipomatic0 14Clipomatic.exe1 00169Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data36http://www.mlin.net/Clipomatic.shtml0
1 7ClipSrv0 12clipserv.exe1 00134Added by the W32/Sdbot-AAV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotaav.html0
1 7ClipSrv0 13clipservr.exe1 00133Added by the W32/Sdbot-AFE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafe.html0
216Clipbook Service0 11Clipsrv.exe1 00 86Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks 01
2 7Clipsrv0 11Clipsrv.exe1 00  0 01
111LocalSystem0 13clipsvr16.exe1 00 22Added by Backdoor.Femo57http://www.sarc.com/avcenter/venc/data/backdoor.femo.html0
111LocalSystem0 13clipsvr32.exe1 00 22Added by Backdoor.Femo57http://www.sarc.com/avcenter/venc/data/backdoor.femo.html0
2 8ClipTrak0 12ClipTrak.exe1 00 29ClipTrak - clipboard extender50http://www.pcmag.com/article2/0,4149,114185,00.asp0
211ClipTrakker0 15ClipTrakker.exe1 00 32Cliptrakker - clipboard extender27http://www.cliptrakker.com/0
211ClipTrakker0 28ClipTrakker.exe /starthidden2 00125ClipTrakker Application 1.2 Release Candidate 1, Silicon Prairie Software (www.ClipTrakker.com). ClipTrakker Main Application 01
318SMS Client Service0 12clisvc95.exe1 00488When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server) 01
313CLMFrontPanel0 12clmpanel.exe1 00163System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost 01
1 5clmss0  9clmss.exe1 00134Added by the W32/Tilebot-AO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotao.html0
133Content List Management Subsystem0  9clmss.exe1 00133Added by the W32/Spybot-EL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotel.html0
415[Various Names]0 11cloaker.exe1 00 90Used by HP and Compaq computers to hide the windows of programs passed as arguments to it. 01
315accessoriesplus0 13clockplus.exe1 00110Clock Plus,  part of  Accessories_Plus allows you to select from dozens of alternatives for the Windows clock.20,  part of  <a href=0
3 9ClockWise0 13CLOCKWISE.EXE1 00258ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync36http://www.rjsoftware.com/ClockWise/0
1 4wise0 13clockwise.exe1 00 42Added by the Troj/Lazar-A backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojlazara.html0
3 5ClocX0  9ClocX.exe1 00 78ClocX is analog clock application for Microsoft Windows 98/ME/NT/2000/XP/2003.19http://clocx.fi.cz/0
3 7CloneCD0 15CloneCDTray.exe1 00149System tray for CloneCD - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions36http://www.elby.org/CloneCD/english/0
311CloneCDTray0 15CloneCDTray.exe1 00  036http://www.elby.org/CloneCD/english/0
311CloneCDTray0 15CloneCDTray.exe111HKEY_LM\Run0 52CloneCD 4, 1, 0, 0, Elaborate Bytes AG. CloneCD Tray39http://www.absolutestartup.com/startup/1
311CloneCDTray0 18CloneCDTray.exe /s2 00 47CloneCD 5, 0, 0, 0, SlySoft, Inc.. CloneCD Tray 01
320CyberLat Ram Cleaner0 16CLRamCleaner.exe1 00206CyberLat RAM Cleaner is a program that Frees, Optimizes and Defrags your system's wasted memory (RAM). Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://www.cyberlat.com/ramcleaner/0
320cyberlat ram cleaner0 16CLRamCleaner.exe111HKEY_LM\Run0 72CyberLat Ram Cleaner 2.x 2.01.0010, CyberLat. Increasing your PC's Speed39http://www.absolutestartup.com/startup/1
1 9MSVersion0 14clrschp038.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
114coolwebprogram0 10clrssn.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
112clock Loader0  7cls.exe1 00137Added by the W32/Sdbot-AFT worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaft.html0
116Windows System320 11clsas32.exe1 00132Added by the W32/Rbot-AZO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotazo.html0
123Windows System32 Driver0 12clsass32.exe1 00 49Added by the W32/Sdbot-AGG worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagg.html0
1 7cluijpl0 11cluijpl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
423Start RF Wireless Mouse0  8cm20.exe1 00 44Yuanxun Electronics RF wireless mouse driver 01
3 3cma0  7cma.exe1 00 77DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"29http://www.desksitemusic.com/0
3 3cma0  7cma.exe1 00 87DeskSite CMA siftware - &quot;retrieves new content from the DeskSite Data Center&quot;29http://www.desksitemusic.com/0
312Desksite CMA0  7cma.exe1 00  029http://www.desksitemusic.com/0
216CyberMedia Agent0 11CMAGENT.EXE1 00204Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled 01
111MachineTest0 12CMagesta.exe1 00134Added by the W32/Sdbot-NE worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotne.html0
111cesmain.dll0 19cmail.dll, Rundll322 00 52CnsMin &quot;Chinese Keywords&quot; hijacker related42http://217.115.153.73/parasite/CnsMin.html0
218Connection Manager0 12CManager.exe1 00229SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service 01
1 5CMAPP0 15cmappclient.exe1 00 33Added by the Trojan.Cmapp Trojan.73http://www.sarc.com/avcenter/venc/data/trojan.cmapp.html#technicaldetails0
118Dynamic Dns Binary0  9CMD16.EXE1 00113A R-Bot WORM variant functioning as a backdoor Trojan uses this file to terminate processes, among other actions.55http://www.sophos.com/virusinfo/analyses/w32rbotxm.html0
115Ass and titties0  9CMD32.EXE1 00135Added by the Troj/SdBot-GG worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgg.html0
1 3Cmd0  9cmd32.exe1 00 25Added by the TANKED WORM!57http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm0
120Configuration Loader0  9cmd32.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
112ControlPanel0 42cmd32.exe internat.dll,LoadKeyboardProfile2 00 47Added by the Troj/Dloader-JW downloader TROJAN.59http://www.sophos.com/virusinfo/analyses/trojdloaderjw.html0
116ControlPanel&gt;0 42cmd32.exe internat.dll,LoadKeyboardProfile2 00 47Added by the Troj/Dloader-JW downloader TROJAN.59http://www.sophos.com/virusinfo/analyses/trojdloaderjw.html0
112ControlPanel0 42cmd32.exe internat.dll,LoadKeyboardProfile211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cmdcon0 10cmdcon.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
121Windows Smrss Service0 11cmdpipe.exe1 00134Added by the W32/Tilebot-AE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasm.html0
115cmdprompt32.pif0 15CmdPrompt32.pif1 00 33Added by the  W32.Assiral.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html0
1 6MyLife0 11CmdServ.exe1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
111MsgSvcMgr320 12cmdzxdll.exe1 00133Added by the W32/Rbot-AEK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaek.html0
1 3CME0  7cme.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
315Check Messenger0 12cmesseng.exe1 00 97Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account34http://www.qchex.com/messenger.asp0
3 6CMESys0 10CMESys.exe111HKEY_LM\Run0 55CME 7.1.0.6, GAIN Publishing. CME II Client Application39http://www.absolutestartup.com/startup/1
1 6CMESys0 10CMESys.exe1 00 55CME 7.3.0.0, GAIN Publishing. CME II Client Application 01
1 6CmeSYS0 10CMEsys.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
1 6CmeUPD0 10CMEupd.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
0 8CMGrdian0 12CMGrdian.exe1 00 36One of the McAfee shared components. 01
2 8Guardian0 12CMGrdian.exe1 00211McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic 01
215McAfee Guardian0 12CMGRDIAN.EXE1 00  0 01
215McAfee Guardian0 16CMGrdian.exe /SU211HKEY_LM\Run0 84McAfee Windows Guardian 3.00.1051.0, Network Associates, Inc.. McAfee Guardian Agent39http://www.absolutestartup.com/startup/1
331IBM Wireless LAN Client Manager0  9CMIBM.EXE122StartUp menu\All users0 46cmibm Executable 1, 1, 58, 0, IBM Corporation.39http://www.absolutestartup.com/startup/1
310cmpciaudio0 12CMICNFG3.CPL1 00 63Registers the Control Panel applet for a C-Media PCI sound card 01
3 7ORiNOCO0  9Cmluc.exe1 00 56Client Manager software for an ORiNOCO wireless LAN card31http://www.orinocowireless.com/0
1 5cmman0  9CMMan.exe1 00124Added by the  Trojan.Cmapp TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.cmapp.html0
1 8cmmfuugt0 12cmmfuugt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
136Microsoft Connection Manager Monitor0  9cmmon.pif1 00132Added by the W32/Rbot-AKV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakv.html0
110Cmmon32Sys0 11cmmon32.exe1 00 29Added by the SMALL.CL TROJAN! 01
2 4run=0  9cmmpu.exe1 00212MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI) 01
115[Various Names]0 10cmon14.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
124(random 12 digit number)0 12cmpbk321.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
3 8CMPDPSRV0 12CMPDPSRV.EXE1 00237Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). &quot;Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more.&quot; Installed with some Compaq and Lexmark printers32http://www.viewahead.com/PDP.htm0
1 5cmrrs0  9cmrrs.exe1 00 36Added by the Troj/Dadobra-FO Trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobrafo.html0
1 5cmrss0  9cmrss.exe1 00 81Added by the A href="http://www.sophos.com/virusinfo/analyses/trojdloadermr.html"23Troj/Dloader-MR TROJAN!0
1 5cmrst0  9cmrst.exe1 00 38Added by the  PWSteal.Bancos.S TROJAN!64http://www.symantec.com/avcenter/venc/data/pwsteal.bancos.s.html0
1 5cmrst0  9cmrst.scr1 00 47Added by the Troj/Dloader-FP TROJAN/downloader!59http://www.sophos.com/virusinfo/analyses/trojdloaderfp.html0
125Microsoft System32 Update0  9cmsrg.exe1 00 26Added by the RBOT-GN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgn.html0
116Microsoft Update0  8cmss.exe1 00132Added by the W32/Rbot-ATQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatq.html0
120Windows CMS Protocol0  8cmss.exe1 00 48Added by the W32/Rbot-BFT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbft.html0
113ATD Direct CD0  9cmssr.exe1 00 46Added by the Troj/Stinx-V IRC backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxv.html0
118Microsofts Updatez0 10cmsssr.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 8cmsystem0 12CMSystem.exe1 00 24CASClient adware variant109http://re0
1 6cmt1010 10cmt101.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
113Remote Themes0 12cmutfilt.exe1 00  0 01
114Update Browser0 12cmutfilt.exe1 00 59Unknown malware.  Possible trojan downloader and  backdoor. 01
1 8cmwmsnfy0 12cmwmsnfy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5cmx320  9cmx32.exe1 00 27Added by the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
119Windows System File0  8cmxp.exe1 00 29Added by the SPYBOT.KHO WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.kho.html0
1 6CNBABE0 10CNBABE.EXE1 00103Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing 01
1 8cnexazcv0 12cnexazcv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115UpdateComponent0 11CNF UPD.EXE2 00 30Added by the SPYBOT.GEN VIRUS! 01
1 8shambl3r0  7cnf.bat1 00 25Added by the REMABL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
121Configuration Manager0 12CNFGLD32.EXE1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
121Configuration Manager0 11Cnfgldr.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 7Cnfrm320  9cnfrm.exe1 00 27Added by the MIMAIL.D WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.d@mm.html0
1 6Dluxjp0  9cnfrm.exe1 00 28Added by the DLUCA.D TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.d.html0
1 5Cn3230 11cnfrm33.exe1 00 27Added by the MIMAIL.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.g@mm.html0
115[Various Names]0 11cnftips.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5cnlkg0  9cnlkg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8cnoptoab0 12cnoptoab.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Mspatch890 10cnqmax.exe1 00 27Added by the RANDEX.P WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.p.html0
127Microsoft Intrenet Explorer0  8cnsg.pif1 00133Added by the W32/Rbot-ARO worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaro.html0
3 6CnsMin0 19CnsMin.dll,Rundll32111HKEY_LM\Run0 95Microsoft(R) Windows(R) Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
124System Failure Statistic0 10cnstat.exe1 00 26Added by the RBOT-LF WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlf.html0
332Connection Watcher - NETanalyser0  9cnwcw.exe122StartUp menu\All users0 46Connection Watcher 2.00.0011, NETanalyser.com.39http://www.absolutestartup.com/startup/1
4 8CnxAdslL0 12CnxAdslL.exe1 00 37DLink, Zoom, or Conexant modem driver 01
213CnxDslTaskBar0 12CnxDslTb.exe1 00 78Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems 01
2 9WooCnxMon0 10CnxMon.exe1 00 69Wanadoo ISP software related - not required - here's how to bypass it54http://www.faqoe.com/index.php?bas=/connexionmanel.htm0
310ledpointer0 11CNYHKey.exe1 00 53Chicony Electronics Multimedia Keyboard Hotkey Driver 01
217Coast to Coast AM0 34Coast to Coast AM Media Center.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
315Cobian Backup 60  9CobBU.exe111HKEY_LM\Run0 57Cobian Backup 6.1, Luis Cobian. Cobian Backup Application39http://www.absolutestartup.com/startup/1
1 9Diskstart0  8Code.exe1 00 21Adult content dialler 01
1 9Hpscanner0 10codeme.exe1 00  055http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
1 7Myvirus0 10codeme.exe1 00 31Added by the W32/Patco-A  worm.55http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
114System Service0 11coderxt.exe1 00132Added by the W32/Rbot-ALD worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotald.html0
1 4Divx0  9codll.exe1 00109Added by the Troj/Gravebot-A IRC backdoor.  This infection also creates the file C:\Windows\System32\sum.tgz.59http://www.sophos.com/virusinfo/analyses/trojgravebota.html0
120compd service drivrs0  8codq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8DBGA0EEG0 12Cokmgl32.dll1 00 93Added by the W32/Doxpar-F worm.br /br /Uses CLSID: b(48AC6462-563A-5DB4-6C73-5C2257016F8D)/b.56http://www.sophos.com/virusinfo/analyses/w32doxparf.html0
3 8siscolor0  9color.exe1 00206Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board 01
3 8coloreal0 12coloreal.exe1 00 85Makes colours sharper and brighter, but will only work with coloreal capable monitors 01
3 9WCOLOREAL0 12coloreal.exe1 00  0 01
3 9WCOLOREAL0 12coloreal.exe1 00  0 01
1 5CLSID0  7com.exe1 00 21Adult content dialler 01
1 4Com+0  8COM+.EXE1 00139Added by the  W32/Randon-O worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randono.html0
3 8ComAgent0 12ComAgent.exe1 00 45ComAgent - MDaemon's instant messaging client59http://www.altn.com/products/default.asp?product_id=MDaemon0
1 9combo.exe0  9combo.exe1 00105Unidentified mass-mailing spam malware.  When run this file, and combop.exe, send spam from your machine. 01
411MaxtorCombo0 15ComboButton.exe1 00140Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect) 01
110combop.exe0 10combop.exe1 00104Unidentified mass-mailing spam malware.  When run this file, and combo.exe, send spam from your machine. 01
1 6COMCFG0 10comcfg.exe1 00 30Added by the TOADCOM.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A0
1 6VB_run0 13comctl_32.exe1 00 36Dubious downloader from densmail.com 01
1 8comctl320 12comctl32.exe1 00 88Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am36http://www.kaspersky.com/personalpro0
1 8comctsvc0 12comctsvc.exe1 00 50Added by the W32/Tilebot-CM worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcm.html0
229NB Common Dialog Enhancements0 12COMDLGEX.EXE1 00106Part of McAfee Nuts &amp; Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs 01
1 6CC2KUI0  9comet.exe1 00192Comet Cursor - displays different mouse pointers dependent upon the site your visiting. Malware because it automatically installs. See here for more information and for the uninstall procedure43http://www.accs-net.com/smallfish/comet.htm0
112SSWPlauncher0 27comet.exe /app:SSWPlauncher2 00 28CometCursor by Comet Systems48http://www.doxdesk.com/parasite/CometCursor.html0
1 8mssysint0 10comime.exe1 00 45Added by the Troj/Netsnake-I backdoor trojan.59http://www.sophos.com/virusinfo/analyses/trojnetsnakei.html0
2 6COM-IP0  9COMIP.EXE1 00189COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) 01
1 5Timer0  8comm.exe1 00 44Added by the Troj/Bdoor-IP  trojan backdoor.57http://www.sophos.com/virusinfo/analyses/trojbdoorip.html0
0 7Caption0  7Command112Startup item0  0 4Link0
1 7COMMAND0 11command.exe1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
115Command Service0 11command.exe1 00164Identified as Adware.CommAd.A. This adware delivers popups to your computer. This infection also installs the file  asappsrv.dll into the same folder as command.exe 01
1 8Currency0 11Command.exe1 00 38Added by the Backdoor.Goster backdoor.59http://www.sarc.com/avcenter/venc/data/backdoor.goster.html0
110WinProfile0 11Command.exe1 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
110WinProfile0 11Command.exe1 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
110Messenger60 11command.pif1 00 26Added by the INZAE.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html0
1 5candy0 13command32.exe1 00 26Added by the RBOT-LV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlv.html0
1 9command320 13command32.exe1 00 35Added by the Troj/LineaDl-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojlineadla.html0
111Win Command0 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk0
111Win Command0 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk0
210IomegaWare0 13COMMANDER.EXE1 00 99Used by Iomega drives. Details of its purpose can be found here. Available via Start -&gt; Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
316Browser Launcher0 12Commandr.exe1 00162Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys 01
317zBrowser Launcher0 12Commandr.exe1 00193For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them 01
2 7CommCtr0 11commctr.exe1 00169Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!. Available via Start - Programs62http://commcenter.net2phone.com/GLPPublish.asp?idpage=features0
311Comm Driver0 11commh32.exe1 00157G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
115printer spooler0 16commonaccess.exe1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
213AOL Companion0 13companion.exe1 00212Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use 01
213AOL Companion0 16companion.exe /s222StartUp menu\All users0 41AOL Companion 1, 6, 2, 0, . AOL Companion39http://www.absolutestartup.com/startup/1
122Compaq Service Drivers0 10compaq.exe1 00133Added by the W32/Sdbot-AFU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafu.html0
120IPOT Service Drivers0 10compaq.exe1 00 45Added by a variant of the   FUROOTKIT TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1271310
221Compaq Message Server0 14COMPAQ-RBA.EXE1 00718Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start - Programs - Compaq Advisor - Advisor Settings under the "advanced" tab. Not required and can cause problems 01
138(874e009f-7e1e-42b5-86df-b9cde35ad753)0  9comph.dll1 00105Added by the Troj/Bdoor-QG backdoor Trojan.br /br /Uses CLSID: b(874e009f-7e1e-42b5-86df-b9cde35ad753)/b.57http://www.sophos.com/virusinfo/analyses/trojbdoorqg.html0
2 7Cleanup0 11compind.bat111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Compliant0 13compliant.exe1 00235Added by the W32/Rbot-LB trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection terminates certain processes and logs keystrokes to a file called syste.txt.55http://www.sophos.com/virusinfo/analyses/w32rbotlb.html0
126Microsoft Com Port Manager0 11COMPORT.EXE1 00152Added by the W32/Sdbot-AT backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotat.html0
122compaq service drivers0  9compq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
125Compaq Service Drivers 320 11compq32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
122compaq service drivers0 10compqs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
123compaqs service drivers0 10compqs.exe1 00  043http://vil.nai.com/vil/content/v_100454.htm0
115Service Drivers0  9Compt.exe1 00 50Added by the W32/Rbot-ZJ WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzj.html0
119Geography TX 1.0 NT0 14CompuSpeed.vbs1 00195Added by the VBS/Newley-A. The worm attempts to setup an administrator account, and if uninstalled using Add/Remove programs will likely delete SVCHOST.EXE, which usually shuts the computer down.56http://www.sophos.com/virusinfo/analyses/vbsnewleya.html0
1 6comrep0 13comrepl32.exe1 00 48Added by the W32/Rbot-DNH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdnh.html0
2 9COMSMDEXE0 10comsmd.exe1 00 143Com tray icon 01
118Meeting Connection0 12comsutil.exe1 00 12Added by the21Troj/PPdoor-E TROJAN!0
1 5comxt0  9comxt.exe1 00 26Added by the COMXT TROJAN!60http://www.symantec.com/avcenter/venc/data/trojan.comxt.html0
114Zekio Startups0 10condll.exe1 00113W32/Agobot-AGD is an IRC backdoor Trojan and network worm.  This file is located in the Windows system directory.58http://www.sophos.com/virusinfo/analyses/w32agobotagd.html0
134Microsoft Firewall Settings Loader0 10conf32.exe1 00121Added by the W32/Sdbot-KM worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkm.html0
312cucore agent0 13ConfAgent.exe1 00 95First Virtual Communications, Inc., Now RADVISION Ltd  Click_to_Meet videoconferencing software48http://www.clicktomeet.com/eng/products/ctm4.htm0
120Configuration Loader0 12confgldr.exe1 00 26Added by the POLYBOT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html0
1 6AolCon0 10config.com1 00 25Added by the TAPLAK WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html0
214ConfigServices0 10Config.exe1 00 36Part of initial setup on a Compaq PC 01
221Configuration Utility0 10Config.exe1 00  0 01
221Configuration Utility0 10CONFIG.EXE1 00 64Controls linksys wireless connection. Available from the Desktop 01
121Microsoft Config File0 10config.exe1 00 94Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls! 01
1 8Explorer0 11config_.com1 00 44Added by the W32/Floppy-D floppy drive worm.56http://www.sophos.com/virusinfo/analyses/w32floppyd.html0
112Config33.exe0 12Config33.exe1 00 28Added by the SDBOT.T TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T0
121Configuration Loading0 13configldr.exe1 00 28Added by the AGOBOT-EC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotec.html0
1 5cmd320 11configs.exe1 00 47Hijacker,  also detected as the  QURL-2 TROJAN!43http://vil.nai.com/vil/content/v_126408.htm0
1 8update320 11configs.exe1 00 47Hijacker,  also detected as the  QURL-2 TROJAN!43http://vil.nai.com/vil/content/v_126408.htm0
111configsetup0 17configsetup32.exe1 00135Added by the W32/Agobot-AFP worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.58http://www.sophos.com/virusinfo/analyses/w32agobotafp.html0
321Palm MultiUser Config0 14Configtool.exe1 00 47MultiUser configuration for a Palm PDA device?. 01
1 6cartao0 14conflicted.exe1 00 36Added by the Troj/Dadobra-DV trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobradv.html0
2 7Gearbox0 11confsvr.exe1 00210NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here41http://www.ntlworld.com/help/settings.htm0
2 6Conmgr0 10conmgr.exe1 00 28Starts Winfax pro at startup 01
310ConMgr.exe0 10conmgr.exe1 00172Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut&nbsp; 01
316Sametime Connect0 11Connect.exe1 00 53IBM Lotus Instant Messaging and Conferencing software57http://www.lotus.com/products/product3.nsf/wdocs/homepage0
316Sametime Connect0 11Connect.exe125StartUp menu\Current user0 88Sametime Connect 6, 5, 1, 0, Lotus Development Corporation. Sametime Connect Application39http://www.absolutestartup.com/startup/1
113Connect2Party0 17connect2party.exe1 00 21Adult content dialler 01
115System Services0 14connection.exe1 00 40Added by an unidentified WORM or TROJAN! 01
229SBC Yahoo! Connection Manager0 21ConnectionManager.exe1 00 69SBC Yahoo! Dial 2.0.1.3131, SBC Yahoo!. SBC Yahoo! Connection Manager 01
229sbc yahoo! connection manager0 21ConnectionManager.exe1 00305The cmanager.exe process is used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection. 01
326PCSuiteForNokia3650 Detect0 17ConnMngmntBox.exe122StartUp menu\All users0 62Symbian Connect 1, 0, 0, 1, Symbian Ltd.. ConnMngmntBox Module39http://www.absolutestartup.com/startup/1
1 8conscorr0 12conscorr.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 4Cons0 12consol32.exe1 00 89Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed 01
110icq center0 12consoles.exe1 00 39Added as a result of the  RANDIN VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
1 8systrasx0 12CONSOLES.EXE1 00134Added by the W32/Sdbot-NW worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnw.html0
0 8Contacte0 12contacte.exe1 00 20Some kind of driver? 01
115Windows Control0 11Control.exe1 00218Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs! 01
416SandboxieControl0 11Control.exe1 00 46Installed by the Sandboxie  security software.25http://www.sandboxie.com/0
115[Various Names]0 13control64.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
310CookieWall0 10cookie.exe1 00147CookieWall from Analog X. Allows you to decide which internet sites can add &quot;cookies&quot; related to their sites for the next time you return59http://www.analogx.com/contents/download/network/cookie.htm0
310CookieWall0 10cookie.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312Cookie Cop 20 13CookieCop.exe1 00159Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return50http://www.pcmag.com/article/0,2997,a=20844,00.asp0
3 9CookieJar0 13Cookiejar.exe1 00169Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add &quot;cookies&quot; related to their sites for the next time you return43http://www.jasons-toolbox.com/cookiejar.asp0
312CookiePatrol0 16CookiePatrol.exe1 00 71CookiePatrol - PestPatrol's cookie interceptor stopping spyware cookies39http://www.pestpatrol.com/CookiePatrol/0
124Microsoft System Checkup0  8Cool.exe1 00 25Added by the DONK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html0
1 8HELLBOT30 11coolbot.exe1 00 50Added by the W32/Mytob-S WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32mytobs.html0
3 8CoolKill0 12CoolKill.exe1 00 29Coolkill is a process killer.59http://www.prowebsitemanagement.com/cooltools/coolkill.html0
319CoolBeansSystemInfo0 18coolsysteminfo.exe111HKEY_LM\Run0 46Cool System Info 1.0.0.0, Cool Beans Software.39http://www.absolutestartup.com/startup/1
323copernic desktop search0 25CopernicDesktopSearch.exe1 00142Copernic  Desktop_Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures."61http://www.copernic.com/en/products/desktop-search/index.html0
323Copernic Desktop Search0 31CopernicDesktopSearch.exe /tray211HKEY_CU\Run0 98Copernic Desktop Search DESKTOPSEARCH 1.5 ENG, Copernic Technologies Inc.. Copernic Desktop Search39http://www.absolutestartup.com/startup/1
322CopernicPerUserTaskMgr0 26CopernicPerUserTaskMgr.exe1 00 66Automatic tasking feature of Copernic Pro multi-search engine tool 01
121compaq service drivrs0  8copq.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113WinShowUpdate0 50copy C:\WINDOWS\winshow.new C:\WINDOW\Swinshow.dll2 00 96Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version44http://www.doxdesk.com/parasite/Winshow.html0
312Copy handler0 16Copy Handler.exe2 00219Copy_Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes. 01
221Copy of StartupFaster0 21Copy of StartupFaster222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
311Resume Copy0 12copyfstq.exe1 00231Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function28http://ranvik.net/totalcopy/0
311Resume copy0 21copyfstq.exe /startup211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
122compaqs service driver0 13copypad32.exe1 00 23Added by the  SDBOT.CSO86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CSO&VSect=T0
0 2cp0 26CopyProtectionNotifier.exe1 00 88Related to  Emuzed Systems and Middleware.  Comes included with Windows XP Media Edition38http://www.emuzed.com/application.html0
310CoreCenter0 12CORECE~1.EXE1 00  0 01
310CoreCenter0 14CoreCenter.exe1 00126MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking 01
117CorelDraw Toolbox0 13CorelDraw.exe1 00107Sdbot WORM/IRC backdoor variant adds this, and will allow for a malicious attacker to exploit the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotvz.html0
1 7CoreSrv0 11coresrv.exe1 00 63Some IRC trojans/worms use this - see here for more information29http://lockdowncorp.com/bots/0
3 7CORESYS0 11coresys.exe1 00  2?? 01
111PC-Config320 10corona.exe1 00 28Added by the CORONEX.A WORM!57http://www.sophos.com/virusinfo/analyses/w32coronexa.html0
1 7cleanup0 13corpstats.exe1 00 44Added by the Troj/Ransom-A ransoming Trojan.57http://www.sophos.com/virusinfo/analyses/trojransoma.html0
115[Various Names]0 11corrida.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6cosine0 10cosine.exe1 00 26Added by the RBOT-SW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsw.html0
1 9couponica0 13couponica.exe1 00 17Adware - see here47http://vil.nai.com/vil/content/v_100077.htm#top0
3 7CP32NOT0 11CP32BTN.EXE1 00116For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons 01
313CPA9P2PSERVER0 12CPA9P2PS.exe1 00 42Found on a Compaq Presario but what is it? 01
219Verizon Control Pad0  8cpad.exe1 00100Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience56http://www.verizon.net/pands/dsl/benefits/controlpad.asp0
3 7CPATR100 11CPATR10.EXE1 00148Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast 01
310Cookie Pal0 12CPBrWtch.exe1 00 49Cookie Pal 1.7.0.0, Kookaburra Software. CPBrWtch 01
310Cookie Pal0 12CPBRWTCH.EXE1 00159Kookaburra Softwares Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return57http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
3 8CPBrWtch0 12CPBrWtch.exe1 00  057http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
4 7CPD_EXE0  7CPD.EXE1 00 42Firewall bundled with McAfee VirusScan 6.* 01
415McAfee Firewall0  7CPD.EXE1 00 78Firewall bundled with McAfee VirusScan 6.*.&nbsp;Can also be listed as CPD_EXE 01
1 4cpds0  8cpds.exe1 00 33Added by the Troj/Ghudl-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojghudlc.html0
3 8LManager0 12CPLBCL53.EXE1 00150A system tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations. 01
2 8CplBTQ000 12CplBTQ00.EXE1 00117Dritek System Inc. CPATR10 01.17.2003 ( VC60 ) 1.210, Dritek System Inc.. Compal ATR10 Easy Button ( Multi-Language ) 01
2 8cplbtq000 12CplBTQ00.EXE1 00 20Related to  EZbutton43http://castlecops.com/startuplist-8891.html0
2 8cpldbl100 12CPLDBL10.exe1 00 39Related to the  EZbutton quick launcher45http://castlecops.com/s8891-EzButton_EXE.html0
310CPortPatch0 11cppatch.exe1 00107CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? 01
322A1000 Settings Utility0 12cpqa1000.exe1 00164Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features 01
116Compaq Print Fax0 12cpqa1000.exe1 00 51Added by the W32/Sdbot-WL WORM/IRC backdoor trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwl.html0
4 7CPQAcDc0 11CPQAcDc.exe1 00 53Compaq PowerCon power management software for laptops 01
314Compaq Alerter0 12CPQAlert.exe1 00255Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information48fault, performance, and configuration management0
3 8CPQAlert0 12CPQAlert.exe1 00  070http://www.compaq.com/products/servers/management/cim-description.html0
213CPQBootPerfDB0 17CPQBootPerfDB.EXE1 00 39See the entry for Compaq Message Server 01
4 8CPQCalib0 12CPQCalib.exe1 00 53Compaq PowerCon power management software for laptops 01
2 8CPQDFWAG0 12CpqDfwAg.exe1 00 54For Compaq PC's. Runs Compaq diagnostics on every boot 01
210System DLF0 12cpqdiaga.exe1 00165Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start - Programs 01
210Compaq DMI0 10cpqdmi.exe1 00 50Compaq version of the Desktop Management Interface 01
310CPQEASYACC0 11cpqeadm.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
3 7cpqeaui0 11cpqeaui.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
321CompaqHW Comp Manager0 10cpqhcm.exe1 00 39Running on a Compaq laptop - any ideas? 01
3 6CPQAPP0 11CPQHKey.exe111HKEY_LM\Run0 68Chicony Wireless Driver 2, 2, 0, 0, Chicony. Chicony Wireless Driver39http://www.absolutestartup.com/startup/1
323CPQInet Runtime Service0 11CpqInet.exe1 00143For Compaq PC's. Allows AOL and Compuserve to use the  Easy Access buttons for the internet. Is not required if you don't use the ISP providers75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
211CPQINKAGENT0 12cpqinkag.exe1 00164That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) 01
316Compaq PK Daemon0  9cpqkl.exe1 00 91For Compaq laptops for programming user configurable keys. Not required unless you use them 01
217digital dashboard0 12CPQMLDET.exe1 00 48For Compaq PC's. Loads Digital Dashboard options 01
3 5cpqns0 12cpqnpcss.exe1 00 58Related to Compaq.Net - not required if you don't use that 01
213CompaqSystray0 11cpqpscp.exe1 00 23Compaq System Tray icon 01
2 6Cpqset0 10cpqset.exe1 00  0 01
2 6Cpqset0 10Cpqset.exe1 00 53Default settings software in Hewlett Packard notebook 01
1 3cpr0  3cpr1 00 28Adroar.com adware downloader 01
125Norton Live Update Server0  9cpsdv.exe1 00 30Added by the AGOBOT.EW TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW0
114system drivers0 10cpsq32.exe1 00 23Added by the  SDBOT.AXH86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXH&VSect=T0
111CPU Watcher0 12cpu.dll,load1 00 29Added by the Troj/Dloader-LO.59http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html0
111CPU Watcher0 16cpu.dll,load</a>1 00 29Added by the Troj/Dloader-LO.59http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html0
3 7CPUcool0 11Cpucool.exe1 00122Program to keep the processor cool when idle in "overclocked" systems. Also available via Start - Settings - Control Panel 01
124CPU microcode correction0 10cpudev.sys1 00 36Added by the Troj/Haxdoor-AO Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorao.html0
122Windows USB 2.0 Driver0 14cpufanctrl.exe1 00122Added by the W32/Rbot-CLP worm and IRC backdoor. This infection also creates the file C:\Windows\SoftWareProtector\424.pr.56http://www.sophos.com/virusinfo/analyses/w32rbotclp.html0
3 7CpuIdle0 11cpuidle.exe111HKEY_LM\Run0 32CpuIdle , Andreas Goetz. CpuIdle39http://www.absolutestartup.com/startup/1
111CPU Manager0 10cpumgr.exe1 00 27Added by the PANDEM.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.b.worm.html0
319IntelProcNumUtility0 13cpunumber.exe1 00284Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here58http://www.intel.com/support/processors/pentiumiii/psu.htm0
1 7Cpusave0 11Cpusave.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Cpusave320 13Cpusave32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
118cpu windows status0 12cpustats.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111My Computer0 10cqcags.exe1 00 12Added by the38W32/Sdbot-TJ WORM/IRC backdoor trojan!0
113cqpmxujjl.exe0 13cqpmxujjl.exe1 00 36Added by the Troj/StartP-BAI Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpbai.html0
216cracked_windows10 20cracked_windows1.exe1 00 28Cracked Windows popup killer71http://www.angelfire.com/electronic/purplexed/files/crackedwindows.html0
1 8lameshit0  9crash.exe1 00 35Added by the Troj/LowZone-H trojan.58http://www.sophos.com/virusinfo/analyses/trojlowzoneh.html0
311$sys$crater0 10crater.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
114CRC Protection0  9crc32.exe1 00 34Added by the Troj/Agent-PO Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentpo.html0
123Crc32stats Dependencies0 14Crc32stats.exe1 00136Added by the W32.Mytob.GT@mm worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.gt@mm.html#technicaldetails0
129Client Server Control Process0  9crcss.exe1 00 43Added by the Troj/Agent-HR backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagenthr.html0
1 6PCprot0  9crcss.exe1 00 30Added by an unidentified WORM! 01
121Windows Media Updater0 10crease.exe1 00132Added by the W32/Rbot-ATI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotati.html0
116Create A Monster0 18createAMonster.exe1 00 80Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related54http://sarc.com/avcenter/venc/data/adware.look2me.html0
2 8CreateCD0 12Createcd.exe1 00 95Adaptec Easy CD Creator system tray application (pre version 5). Available via Start - Programs 01
210CreateCD500 14Createcd50.exe1 00 89Adaptec Easy CD Creator version 5 system tray application. Available via Start - Programs 01
110setFTPBack0 12createsw.exe1 00 30Added by the FTP_BMAIL TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.html0
112Creative.exe0 12Creative.exe1 00 25Added by the PROLIN WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.prolin.worm.html0
1 8MSUpdate0 18criticalUpdate.exe1 00 15Affilred adware58http://sarc.com/avcenter/venc/data/pf/adware.affilred.html0
121Microsoft USB2 Driver0  9crmss.exe1 00108Added by the W32/Rbot-VK worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotvk.html0
3 9crossmenu0  9CrossMenu1 00 69Toshiba CrossMenu Utility - allows the user to create their own menus 01
3 9CrossMenu0 13CrossMenu.exe111HKEY_LM\Run0 45CrossMenu 1, 0, 5, 0, TOSHIBA. CrossMenu Main39http://www.absolutestartup.com/startup/1
1 8crozwzaj0 12crozwzaj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3crs0  7crs.exe1 00143Added by the W32/Agobot-TJ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobottj.html0
121ASP.NET State Service0 10crsass.exe1 00 46Added by the Troj/Banload-M downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojbanloadm.html0
122Windows System Manager0  8CRSL.EXE1 00110Added by the WORM_SDBOT.MG worm.  This infection connects to an IRC server where it waits for remote commands.83http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.MG0
127Print Driver Helper Service0  9crsrr.exe1 00 29Added by the AGENT-BC TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbc.html0
115[various names]0  9crsrs.exe1 00  057http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
110Auto updat0  9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
126Auto updat and other names0  9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
134Controlled Resource System Service0  8crss.exe1 00 28Added by the AGOBOT.GH WORM!68http://www.liutilities.com/products/wintaskspro/processlibrary/crss/0
1 4CRSS0  8CRSS.exe1 00 32added by the W32/Agobot-RM WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotrm.html0
127Microsoft ActiveX Component0  8crss.exe1 00 45Added by the Troj/Small-CR trojan downloader.57http://www.sophos.com/virusinfo/analyses/trojsmallcr.html0
121System Config Manager0  8crss.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH0
121System Config Manager0  8crss.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH0
120Win32 Network Driver0  8crss.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
125Windows Registry Security0  8crss.exe1 00 41Added by a variant of the IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
1102k6 updatz0  9crss3.exe1 00 48Added by the W32/Rbot-CPD worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcpd.html0
1 9[unknown]0 10crss32.exe1 00139Added by the  W32/Randon-X worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randonx.html0
1 9crssm.exe0  9crssm.exe1 00133Added by the W32/Rbot-AFH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotafh.html0
122Windows System Manager0  9crssm.exe1 00132Added by the W32/Rbot-AFH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafh.html0
112CaptionMgr320  9crssr.exe1 00163Added by the Zar.A infection.  It attempts to spread itself through emails sent out with the subject "Tsunami Donation!".  The file is found in the Windows folder.43http://www.f-secure.com/v-descs/zar_a.shtml0
110MS taskbar0  9crssr.exe1 00132Added by the W32/Rbot-AGO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotago.html0
129sp2 firewall/internet updater0 10crssrs.exe1 00 28Added by the  RBOT.BJO WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJO&VSect=P0
118CRC Value Verifier0  9crsss.exe1 00 29Added by the  SPYBOT.UK WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.UK&VSect=P0
111MSControl280  9crsss.exe1 00133Added by the W32/Rbot-AQL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaql.html0
115start uploading0  9crsss.exe1 00108Added by the W32/Rbot-SZ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsz.html0
121Windows media service0  9crsss.exe1 00 27Added by the RBOT.ACY WORM!105http://es0
118CRC Value Verifier0 11crsss32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118CRC Value Verifier0 11Crsss64.exe1 00 26Added by the RBOT-NY WORM!58http://www.sophos.com.au/virusinfo/analyses/w32rbotny.html0
1 8system320 10crsvvc.exe1 00 28Added by the  RBOT.BLY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLY&VSect=P0
127microsoft internet explorer0 11crsys32.exe1 00 27Added by the  RBOT.UZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UZ&VSect=P0
124Microsoft Control Center0  8crtl.exe1 00 20Added by W32/Rbot-VX55http://www.sophos.com/virusinfo/analyses/w32rbotvx.html0
121Windows media service0  9crvss.exe1 00 27Added by the SDBOT.VP WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VP0
415Crypkey License0 12crypserv.exe1 00126Used by certain software as copy protection.  This should be left running otherwise the program that utilizes it may not work. 01
1 8cryptdlg0 12cryptdlg.exe1 00 32Added by an unidentified TROJAN! 01
313calendarscope0  6cs.exe1 00 31Calendarscope calendar software29http://www.calendarscope.com/0
326CopernicSummarizerWatchdog0 28CSAgent.exe /thisismandatory211HKEY_CU\Run0 87Copernic Summarizer SUMMARIZER 2.1 ENG, Copernic Technologies Inc.. Copernic Summarizer39http://www.absolutestartup.com/startup/1
118IPv6 Helper Driver0  9csass.exe1 00 28Added by the AGOBOT.TC WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC0
121LanGuard Auto Updater0  9csass.exe1 00144Added by the W32/Rbot-DS trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotds.html0
117WSAConfiguration10  9csass.exe1 00 28Added by the AGOBOT.WH WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WH0
2 3csc0  7csc.exe1 00  2?? 01
116Critical Service0  9cscrs.exe1 00 48Added by the W32/Rbot-BFY worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfy.html0
111CSCRS Value0  9cscrs.exe1 00  8Added by13W32/Rbot-AAA.0
122Microsoft Data Machine0 12csdata32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111WinMX share0 10CSDVqs.exe1 00128Added by the W32/Sdbot-UU worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuu.html0
123Current Security Config0 11csecure.exe1 00132Added by the W32/Rbot-AMO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamo.html0
326fortis secure layer config0 11cseinst.exe1 00219Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information. 01
312CSINJECT.EXE0 12CSINJECT.EXE1 00211Part of Quarterdeck/Norton CleanSweep. For a full description see here. An excerpt - "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes."74http://service1.symantec.com/SUPPORT/cleansweep.nsf/docid/19990224132957280
2 6NCS_SS0 12Csinsm32.exe1 00 45Same as CleanSweep Smart Sweep-Internet Sweep 01
338CleanSweep Smart Sweep- Internet Sweep0 12Csinsm32.exe1 00 85Automatic logging of installs from Norton CleanSweep - available via Start - Programs 01
3 4MPEO0 12Csinsm32.exe1 00  0 01
337CleanSweep Smart Sweep-Internet Sweep0 12csinsmnt.exe122StartUp menu\All users0 78Norton CleanSweep 9.0, Symantec Corporation. Norton CleanSweep Install Monitor39http://www.absolutestartup.com/startup/1
1 5xware0 11cskware.exe1 00 58Malware downloader from xxsware.com, produces porn popups. 01
1 5cslsb0  9cslsb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115csm Win Updates0  7csm.exe1 00 50Added by the W32/Zotob-B worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32zotobb.html0
116new csnm manager0  8csmn.exe1 00 29Added by the  SDBOT.BZS WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BZS&VSect=P0
1 9ConSrvMgr0 11csmrsnv.exe1 00 42Added by the Troj/Stinx-J backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxj.html0
117cmsssystemprocess0  8csms.exe1 00 29Added by the  AGENT-Y TROJAN!56http://www.sophos.com/virusinfo/analyses/trojagenty.html0
117cmssSystemProcess0  9csmss.exe1 00 29Added by the AGENT-CO TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentco.html0
110spoolsvr320  9csmss.exe1 00 29Added by the AGENT-AU TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentau.html0
114VC5MediaPlayer0  9csmss.exe1 00 27Added by the DEDLER-B WORM!56http://www.sophos.com/virusinfo/analyses/w32dedlerb.html0
114VC5MediaPlayer0  9csmss.exe1 00 27Added by the DEDLER-B WORM!56http://www.sophos.com/virusinfo/analyses/w32dedlerb.html0
112WIN95DEFVIEW0  9csmss.exe1 00 35Added by the  TROJ/DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
110spoolsvr320 11csmss32.exe1 00 42Added by a variant of the AGENT-AU TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentau.html0
117ControlServiceMgr0  9csmsv.exe1 00 34Added by the Troj/Agent-XC Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentxc.html0
117ManageProtoclCtrl0  9csmsv.exe1 00 42Added by the Troj/Stinx-B backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxb.html0
1 4NDAv0  9CSNSS.EXE1 00  055http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
1 4SDAv0  9CSNSS.EXE1 00 56Added by the W32/Sumom-C instant messenger and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
129Client Server Runtime Service0  7csr.exe1 00 49Added by the W32/Sdbot-AFM worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotafm.html0
126ClientServerRuntimeService0  9csrcc.exe1 00 35Added by the Trojan.Sufiage Trojan.77http://www.sarc.com/avcenter/venc/data/trojan.sufiage.c.html#technicaldetails0
115WindowsTaskStat0 10csrcmd.exe1 00111Added by the Troj/Brepbot-B backdoor Trojan. This infection also creates the files Temp466.bat and Temp755.bat.58http://www.sophos.com/virusinfo/analyses/trojbrepbotb.html0
123Windows Custom Services0  9CSRCS.EXE1 00133Added by the W32/Spybot-EI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotei.html0
114TaskControlLog0 12csrdeu32.exe1 00136Added by the BKDR_BREPLIBOT.M worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FBREPLIBOT%2EM&VSect=T0
1 6Remndr0 11CsRemnd.exe1 00 22CasinoOnline foistware 01
112DriverModule0 11csrnvrt.exe1 00125Added by the Troj/Stinx-Q backdoor Trojan.  This infection also creates the files 557.bat and 989.bat in your Temp directory.56http://www.sophos.com/virusinfo/analyses/trojstinxq.html0
1 3csr0  9csrrs.exe1 00 48Added by the W32/Rbot-CKM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotckm.html0
118Service Controller0  9Csrrs.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
124Windows Taskmanager Data0 10csrrss.exe1 00 48Added by the W32/Rbot-BBH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbh.html0
129Client Server Runtime Process0  8csrs.exe1 00 32Added by the W32.Linkbot.M worm.74http://www.sarc.com/avcenter/venc/data/w32.linkbot.m.html#technicaldetails0
1 8Com+ Sys0  8csrs.exe1 00 28Added by the FORBOT-BT WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbt.html0
148microsoft client/server runtime server subsystem0  8csrs.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 7NetWork0  8csrs.exe1 00 28Added by the AGOBOT.JJ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.JJ0
136windows client/server runtime server0  8csrs.exe1 00 27Added by the  RBOT.KD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KD0
117Windows Time Sync0  8csrs.exe1 00 50Added by the  W32/Tilebot-N backdoor and IRC worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotn.html0
122Windows Update Service0  8csrs.exe1 00 28Added by the AGOBOT-NI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotni.html0
1 4dark0  8csrs.scr1 00 54Added by the Troj/Bancban-GT password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbangt.html0
115System32-Driver0 10csrs32.exe1 00152Added by the W32/Sdbot-CP backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotcp.html0
1 5csrsc0  9csrsc.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 9csrse.exe0  9csrse.exe1 00 45Added by the Backdoor.Hesive Trojan backdoor.76http://www.sarc.com/avcenter/venc/data/backdoor.hesive.html#technicaldetails0
118Microsoft Registry0  9csrse.exe1 00 26Added by the RBOT-PC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpc.html0
114system process0  9CSRSR.exe1 00 33Added by the  W32/AGOBOT-SQ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotsq.html0
319winupdateprotection0  8csrss.ex1 00 94EmployeeWatch is a commercial spyware program designed to monitor user activity on a computer.82http://securityresponse.symantec.com/avcenter/venc/data/spyware.employeewatch.html0
2 8.svchost0  9CSRSS.EXE111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8atisound0  9csrss.exe1 00462Added by the  WinSpy surveillance software. Uninstall this software unless you put it there yourself - NOTE - this file is placed in a %System%\ComRoot folder,  and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.winspy.html0
3 5csrss0  9csrss.exe1 00112Added by the Spyware.Keylog surveillance software.  Uninstall this software if it was not installed by yourself.64http://www.sarc.com/avcenter/venc/data/spyware.beyondkeylog.html0
319WinUpdateProtection0  9csrss.exe1 00212ICE Remote Spy monitoring software, "secretly monitors everything your spouse, kids or employees do on the Internet and emails the data to you." Note - this file is installed in a C:\Windowsupdate\Ufp\Irs7 folder69http://www.kephyr.com/spywarescanner/library/iceremotespy/index.phtml0
1 8.svchost0  9csrss.exe1 00129Added by a new Rbot variant.  This infection when started connects to a remote IRC server where it waits for commands to execute. 01
1 9.TEXTCONV0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8.WMAudio0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
113_systemdriver0  9csrss.exe1 00226Added by the  ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling,  and which should NOT figure in Msconfig!64http://www.symantec.com/avcenter/venc/data/trojan.ascetic.b.html0
114_winsystem.sys0  9CSRSS.EXE1 00 93Added by the W32/Sober-K infection!  File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
121AdRotator.Application0  9csrss.exe1 00167AdRotator adware. Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling79http://www.giantcompany.com/antispyware/research/spyware/spyware-AdRotator.aspx0
111Application0  9csrss.exe1 00 98Added by the W32.Beagle.EG@mm mass-mailing worm.  The emails that are sent are written in Russian.77http://www.sarc.com/avcenter/venc/data/w32.beagle.eg@mm.html#technicaldetails0
121ASP.NET State Service0  9csrss.exe1 00 47Added by the Troj/Dloader-QI downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderqi.html0
1 7BagleAV0  9csrss.exe1 00125Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ab@mm.html0
1 9BuildLabs0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 7ccpApps0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
114ClickTheButton0  9csrss.exe1 00134ClickTheButton Downloader-MY adware. Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_126801.htm0
123COM+ System Application0  9csrss.exe1 00 47Added by the W32.Banish.A@mm mass-mailing worm.93http://securityresponse.symantec.com/avcenter/venc/data/w32.banish.a@mm.html#technicaldetails0
134Console de Gerenciamento Microsoft0  9csrss.exe1 00 54Added by the Troj/Bancban-ET password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanet.html0
1 5csrss0  9csrss.exe1 00  0 01
1 5CSRSS0  9CSRSS.EXE1 00217Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling69http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/0
111csrsslevel40  9csrss.exe1 00389Unidentified malware - NOTE - this file is placed in a C:\Windows\SystemLevel4 folder,  and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!69http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/0
1 8Debugger0  9csrss.exe1 00142Added by the W32.Beagle.EA@mm mass-mailing worm. This infection should not be confused with the legitimate c:\windows\system32\csrss.exe file.77http://www.sarc.com/avcenter/venc/data/w32.beagle.ea@mm.html#technicaldetails0
1 6DIECOX0  9csrss.exe1 00139Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_100826.htm0
111FiendlyType0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
116FirewallActivies0  9csrss.exe1 00 36Added by the  Troj/Banker-AQ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeraq.html0
111KernellApps0  9csrss.exe1 00129Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!59http://www.sophos.com/virusinfo/analyses/trojbancbanac.html0
110Key Logger0  9csrss.exe1 00125Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!63http://www.symantec.com/avcenter/venc/data/w32.buchon.a@mm.html0
1 9Krnlcheck0  9csrss.exe1 00 83Added by Backdoor.Botnachala.  This infection also adds entries to your HOSTS file.63http://www.sarc.com/avcenter/venc/data/backdoor.botnachala.html0
120Microsoft SourceSafe0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
123microsoft windows csrss0  9csrss.exe1 00348Added by the  W32/KALEL-A WORM! - NOTE - this file should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!55http://www.sophos.com/virusinfo/analyses/w32kalela.html0
127Microsoft Word Profissional0  9csrss.exe1 00198Added by the Troj/Bancban-DB password-stealing trojan.  This infection targets Brazilian banks, so if you are a user of these banks you should check your passwords and accounts for unusual activity.59http://www.sophos.com/virusinfo/analyses/trojbancbandb.html0
123Norton Protect Activies0  9csrss.exe1 00242Added by the Troj/Banker-CZ Internet banking trojan.  This infection has the ability to steal information and log keystrokes.  if you are infected with this program it is strongly advised that you change any online passwords that you may use.58http://www.sophos.com/virusinfo/analyses/trojbankercz.html0
1 5NTDLM0  9csrss.exe1 00122Added by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hale.html0
1 4Prog0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
110RegDone Ex0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8RegWrite0  9csrss.exe1 00127Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sokacaps.html0
111Run TaskMrg0  9csrss.exe1 00128Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojldpinchw.html0
1 8rundll320  9csrss.exe1 00124Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 6Runner0  9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
114SernellApp.pcx0  9csrss.exe1 00 89Added by the Troj/Bancban-BJ  trojan.  Located in  Windows system folder\D5133\csrss.exe.59http://www.sophos.com/virusinfo/analyses/trojbancbanbj.html0
1 9Shockwave0  9csrss.exe1 00122Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sndog@mm.html0
113State Service0  9csrss.exe1 00 36Added by the Troj/Dadobra-CP trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobracp.html0
1 6System0  9csrss.exe1 00 39Added by the  PWSteal.Ldpinch.E TROJAN!65http://www.symantec.com/avcenter/venc/data/pwsteal.ldpinch.e.html0
114System Process0  9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
112systemdriver0  9csrss.exe1 00226Added by the  ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling,  and which should NOT figure in Msconfig!64http://www.symantec.com/avcenter/venc/data/trojan.ascetic.b.html0
112SYSTEMSars320  9csrss.exe1 00123Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/w32.ahlem.a@mm.html0
1 7TaskMrg0  9csrss.exe1 00 35Added by the Troj/LdPinch-W trojan.58http://www.sophos.com/virusinfo/analyses/trojldpinchw.html0
1 6Update0  9csrss.exe1 00  0 01
112windows 20040  9CSRSS.exe1 00 53Added as result of a  Troj/Banker-DY trojan infection58http://www.sophos.com/virusinfo/analyses/trojbankerdy.html0
125Windows Client Service 320  9csrss.exe1 00132Added by the W32/Rbot-ALB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalb.html0
120Windows Explorer SP20  9csrss.exe1 00 73Added by the Troj/Banker-DM password-stealing trojan for Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdm.html0
115Windows Spooler0  9csrss.exe1 00234Added by the W32/Tilebot-AL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This should not be confused with the legitimate csrss.exe file found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32tilebotal.html0
117Windows Time Sync0  9csrss.exe1 00 49Added by the W32/Tilebot-W worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32tilebotw.html0
114Windows Update0  9csrss.exe1 00 35Added by the Troj/Banker-IA Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeria.html0
121Windowsupdate Service0  9csrss.exe1 00102W32/Baba-E WORM creates this file, not to be mistaken for the legitimate Windows file documented here.54http://www.sophos.com/virusinfo/analyses/w32babae.html0
113winsystem.sys0  9CSRSS.EXE1 00  055http://www.sophos.com/virusinfo/analyses/w32soberk.html0
1 8WinXP-980  9CSRSS.exe1 00 83Added by the Troj/Banker-AZ  password-stealing trojan that targets Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankeraz.html0
1 6argq320 12csrss_32.exe1 00 48Added by the W32/Rbot-CPM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcpm.html0
1 2270 11csrss32.exe1 00 35Added by the Troj/Slsorve-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojslsorved.html0
126Microsoft CSRSS32 Protocol0 11csrss32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
124Microsoft Update Service0 11csrss32.exe1 00 28Added by the AGOBOT-HC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobothc.html0
116System Log Event0 11csrss32.exe1 00 28Added by the AGOBOT-JI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotji.html0
116System Log Event0 11csrss32.exe1 00 28Added by the AGOBOT-JI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotji.html0
127Microsoft CSRSS386 Protocol0 12csrss386.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
148microsoft client/server runtime server subsystem0 10csrssa.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
129Client Server Runtime Process0 10csrsss.exe1 00 27Added by the SDBOT-LD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotld.html0
112CSRSS Loader0 10csrsss.exe1 00 28Added by the AGOBOT.TX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX0
1 6CSRSSU0 10CSRSSU.EXE1 00169CoolWebSearch parasite related - hijacking to Slawsearch.com. You are advised to ask for help in our HijackThis forum to remove it. Located in the Windows system folder.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122Microsoft DLL Verifier0 10csrssv.exe1 00132Added by the W32/Rbot-ATK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatk.html0
1 6csrssw0 10CSRSSW.EXE1 00 32Added by the  TROJ/CWS-F TROJAN!54http://www.sophos.com/virusinfo/analyses/trojcwsf.html0
116wsaconfiguration0 11csrsvcs.exe1 00 29Added by the  AGOBOT.VI WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VI&VSect=P0
1 9System1320 10Csrtss.exe1 00197Added by the Troj/LanFilt-I.  This infection connects to an IRC server where it waits for remote commands to execute, it can also log keystrokes, download or upload files and act as a proxy server.58http://www.sophos.com/virusinfo/analyses/trojlanfilti.html0
116ProtocolEventTsk0 10csrwjd.exe1 00 42Added by the Troj/Stinx-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxn.html0
115SystemProcEvent0 10csrwnd.exe1 00 42Added by the Troj/Stinx-O backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxo.html0
311CSS_Central0 12CSS_1631.EXE1 00232CSS Communication Agent (95 Host) from Command Software Systems &quot;CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console.&quot;50http://www.commandcom.com/enterprise/csscntrl.html0
1 5cssrs0  9cssrs.exe1 00 29Added by the  Troj/Bancban-DW59http://www.sophos.com/virusinfo/analyses/trojbancbandw.html0
115Display Drivers0  9cssrs.exe1 00 28Added by the AGOBOT.FX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 5WinFX0  9cssrs.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 7MSN ang0 10cssrss.exe1 00 28Added by the FORBOT-CE WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotce.html0
1 4csss0  8Csss.exe1 00 27Added by the BALICK TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.balick.trojan.html0
310css server0 13CSSServer.exe1 00107Added by the  ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself.68http://www.symantec.com/avcenter/venc/data/spyware.comspysyssvr.html0
3 5SysW80  8csta.exe1 00 45Clean Space - privacy and perfomance enhancer35http://www.teosoft.com/en/index.htm0
311ChineseStar0  9cstar.exe1 00 33Chinese language support software 01
110nvsv32.exe0  8cstr.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
114WindowsDiskLog0  9cstsm.exe1 00 42Added by the Troj/Stinx-C backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxc.html0
223CleanSweep Useage Watch0 12CSUSEM32.EXE1 00151Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time 01
1 8CSV10P700 13CSv10P070.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P700 12CSV7P070.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P260 11CSV7P26.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P910 11CSV7P91.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
110[not used]0  8csvc.com1 00100Added by the Backdoor.Beasty backdoor.br /br /Uses CLSID: b{AP042907-B967-10D8-9CBD-2672810A369E}/b.76http://www.sarc.com/avcenter/venc/data/backdoor.beasty.html#technicaldetails0
3 6csvdea0 10csvdea.exe1 00129Added by the Spyware.SpyArsenalLog surveillance software. This program should be uninstalled if it was not installed by yourself.65http://www.sarc.com/avcenter/venc/data/spyware.spyarsenallog.html0
111netservices0  9csxrs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
119System time updator0 12CSysTime.exe1 00 27Added by the RANDEX.S WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.s.html0
0 9checktime0  6ct.exe1 00 56Found in the HPSelectFrontend directory on a HP machine. 01
0 9checktime0  6ct.exe1 00 56Found in the HPSelectFrontend directory on a HP machine. 01
4 2ct0  6ct.exe1 00112ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it 01
2 8CTAvTray0 12CTAvTray.EXE1 00 69CTAvtray 1, 0, 0, 2, Creative Technology Ltd.. EAX Animation Playback 01
2 8CTAVTray0 12CTAvTray.exe1 00144For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ 01
114ClickTheButton0  7CTB.EXE1 00 35ClickTheButton Downloader-MY adware43http://vil.nai.com/vil/content/v_126801.htm0
310CTCMonitor0 14CTCMonitor.exe1 00 54converting directly from MS Office, it is not required 01
223Creative MediaSource Go0 11CTCMSGo.exe1 00 89Creative  MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats40http://www.soundblaster.com/mediasource/0
223Creative MediaSource Go0 16CTCMSGo.exe /SCB211HKEY_CU\Run0 83Creative MediaSource Go! 2.0.0.0, Creative Technology Ltd. Creative MediaSource Go!39http://www.absolutestartup.com/startup/1
2 8CTDVDDet0 12CTDetect.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
317Creative Detector0 15CTDetect.exe /R211HKEY_CU\Run0 93Creative MediaSource Detector 2.2.0.0, Creative Technology Ltd. Creative MediaSource Detector39http://www.absolutestartup.com/startup/1
2 8CTDVDDet0 12CTDVDDet.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
3 8CTDVDDet0 12CTDVDDet.EXE111HKEY_LM\Run0 51CTDVDDET 1.0.2.0, Creative Technology Ltd. CTDVDDET39http://www.absolutestartup.com/startup/1
2 9CTStartup0 12CTEaxSpl.exe1 00 90Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard 01
2 9CTStartup0 17CTEaxSpl.EXE /run2 00 61CTEaxSpl 1, 1, 0, 1, Creative Technology Ltd.. Startup Splash 01
3 9CTStartup0 17CTEaxSpl.EXE /run211HKEY_LM\Run0 61CTEaxSpl 1, 1, 0, 4, Creative Technology Ltd.. Startup Splash39http://www.absolutestartup.com/startup/1
114ctflog manager0 10ctflog.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
110CTFM0N.exe0 10CTFM0N.exe1 00 49Added by the Trojan.StartPage.P browser hijacker.79http://www.sarc.com/avcenter/venc/data/trojan.startpage.p.html#technicaldetails0
3 6ctfmon0 10ctfmon.exe1 00329CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here62http://support.microsoft.com/default.aspx?scid=kb;en-us;2825990
310ctfmon.exe0 10ctfmon.exe111HKEY_CU\Run0 85Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. CTF Loader39http://www.absolutestartup.com/startup/1
1 6CTFMon0 10ctfmon.exe1 00  0 01
1 6ctfmon0 10ctfmon.exe1 00153Added by the Troj/SDBot-06 backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbot06.html0
110ctfmon.exe0 10ctfmon.exe1 00 59Added by the PWSteal.Raidys password-stealing trojan horse.75http://www.sarc.com/avcenter/venc/data/pwsteal.raidys.html#technicaldetails0
1 9ctfmon16c0 13ctfmon16c.exe1 00 43Added by the W32/Sharp-C mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32sharpc.html0
110Ctfmon.exe0 12ctfmon32.exe1 00 60CoolWebSearch parasite related - hijacking to Slawsearch.com53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8ctfmon320 12CTFMON32.EXE1 00 73CoolWebSearch parasite related - also detected as the  TROJ/CWS-E TROJAN!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8CTFMONSS0 12CTFMONSS.EXE1 00137Added by the Troj/CWS-F hijacker.  This infection will also install a Browser Helper Object with the filename WTLBASS32.DLL or SEHLP.DLL.54http://www.sophos.com/virusinfo/analyses/trojcwsf.html0
1 3MSN0 12ctfmoons.exe1 00 28Added by the SPYBOT.HI WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SPYBOT.HI0
120Win Updator Services0 10ctfnom.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 5cthbp0  9cthbp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cthelp0 10cthelp.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 8CTHELPER0 12CTHELPER.EXE1 00737CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it 01
311WINDVDpatch0 12CTHELPER.EXE1 00  0 01
3 8CTHelper0 12CTHELPER.EXE111HKEY_LM\Run0 78CtHelper Application 1, 2, 0, 2, Creative Technology Ltd. CtHelper Application39http://www.absolutestartup.com/startup/1
311WINDVDPatch0 12CTHELPER.EXE111HKEY_LM\Run0 78CtHelper Application 1, 0, 0, 2, Creative Technology Ltd. CtHelper Application39http://www.absolutestartup.com/startup/1
1 8CTHelper0 12cthelper.exe1 00 69Added by a WORM, W32/Rbot-XB, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotxb.html0
1 6CTin100 10CTin10.exe1 00 29Added by the BANCOS.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html0
217Creative Launcher0 14CTLauncher.exe1 00155For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start - Programs 01
2 7TaskBar0 11CTLTask.exe1 00242Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article41http://support.microsoft.com/?kbid=3219690
2 8TaskTray0 11CTLTray.exe1 00 73Creative TaskTray 1.00.00.24, Creative Technology Ltd.. Creative TaskTray 01
2 8Tasktray0 11CTLTray.exe1 00327Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon.  Also allows you to launch the Taskbar via right-click - Show Taskbar. The tasktray can be accessed via Start - Programs - Creative - Sound Blaster Audigy - Taskbar 01
313CreativeMixer0 11CTMIX32.EXE1 00207Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon 01
310cmsettings0  8ctmn.exe1 00 30Part of NetNanny  Chat_Monitor51http://www.pcmag.com/article2/0,1759,1265307,00.asp0
314NOMAD Detector0 11ctmnrun.exe1 00270Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected 01
3 7ctnmrun0 11ctnmrun.exe1 00270Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected 01
314nomad detector0 11ctnmrun.exe1 00  0 01
314NOMAD Detector0 11CTNMRun.exe111HKEY_CU\Run0 65NOMAD Detector 3.15.3.0, Creative Technology Ltd.. NOMAD Detector39http://www.absolutestartup.com/startup/1
220CreativeDiscNotifier0 12CTNOTIFY.EXE1 00145For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start - Settings - Control Panel 01
213Disc Detector0 12CtNotify.exe1 00 64For Creative sound cards. Detects when you insert a CD, DVD, etc 01
115[Various Names]0 12CToolBar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 8CTPDPSRV0 12CTPDPSRV.EXE1 00 65Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder). 01
310pdp Server0 13ctpdpsrvr.exe1 00173Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network 01
2 8CTRegRun0 12CTRegRun.exe1 00 98For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative 01
2 8CTRegRun0 12CTRegRun.EXE111HKEY_LM\Run0102Creative On-line Registration System 1.0.0.1, Creative Technology Ltd . Registration Scheduler Program39http://www.absolutestartup.com/startup/1
3 7CtrlVol0 11CtrlVol.exe1 00 48Acer's on screen volume control using the Fn key 01
211Speed racer0 11CTSRReg.exe1 00 34Software for a Creative sound card 01
113Event Locator0  8ctst.exe1 00 45Added as a service by the W32/Forbot-DJ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdj.html0
119CT Control Settings0 11CTSVCCD.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
233Creative Service for CDROM Access0 12Ctsvccda.exe1 00204Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start - Programs 01
3 8CTsysVol0 12CTSYSVOL.exe1 00 35Creative sound card volume controls 01
3 8CTSysVol0 12CTSysVol.exe1 00 70Creative Volume Control 1.0.0.0, Creative Technology Ltd. CTSysVol.exe 01
3 8CTSysVol0 15CTSysVol.exe /r211HKEY_LM\Run0 70Creative Volume Control 1.0.0.0, Creative Technology Ltd. CTSysVol.exe39http://www.absolutestartup.com/startup/1
2 8cttdpsrv0 12cttdpsrv.exe1 00  2?? 01
1 8CTUpdate0 12ctupdclt.exe1 00 12Added by the105W32/Rbot-0
410cuagentExe0 11Cuagent.exe1 00 25Command Antivirus related53http://www.command.co.uk/html/products/csav/index.cfm0
1 5cufya0  9cufya.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8culaavbq0 12culaavbq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3cuo0  7cuo.exe1 00 28Added by the BUGBEAR.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A0
2 8CursorXP0 12CursorXP.exe1 00 56CursorXP from Stardock - tool for creating mouse cursors42http://www.stardock.com/products/cursorxp/0
2 8CursorXP0 15CursorXP.exe -s2 00  0 01
432Client Update Service for Novell0 10cusrvc.exe1 00156Part of the Novell Client for Windows and is used to keep the client up to date.  It has a service name of cusrvc and is found in the Windows system folder. 01
2 6CuteMX0 10CuteMX.EXE1 00 20File sharing utility 01
312CuteReminder0 16CuteReminder.exe111HKEY_CU\Run0 54CuteReminder 2.0.0.0, CuteReminder Labs.. CuteReminder39http://www.absolutestartup.com/startup/1
1 6cuwqpj0 10cuwqpj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6XPSoft0 11CVDAsDW.exe1 00 27Added by the SDBOT-SY WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotsy.html0
1 4cvhv0  8cvhv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113cvmonitor.exe0 13cvmonitor.exe1 00 27Added by the SDBOT.BV WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BV0
4 5CVPND0  9cvpnd.exe1 00 84Sub-system used by Cisco VPN client for making a connection to a remote IPSec server 01
122Windows media services0 10cvrsss.exe1 00 26Added by the RBOT-MW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmw.html0
114Startup Update0 11Cvshost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
111MSN Manager0  8cvss.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114Bron-Spizaetus0  7CVT.exe1 00 48Added by the W32.Rontokbro@mm mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.rontokbro@mm.html#technicaldetails0
110SystemGent0  7CVT.exe1 00 32Added by the W32/Brontok-H worm.57http://www.sophos.com/virusinfo/analyses/w32brontokh.html0
3 6CWatch0  6cw.exe1 00 32ChatWatch - chat monitoring tool53http://www.zemericks.com/products/chatwatch/index.asp0
3 2cw0  7cw4.exe1 00  9See  Here70http://www.zemericks.com/news/newsletters/february_2005_newsletter.asp0
324client access api daemon0 12cwbappcd.exe1 00 36IBM iSeries Client Access, see  here52http://www-1.ibm.com/servers/eserver/iseries/access/0
227Client Access Check Version0 12cwbckver.exe1 00323Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to.&nbsp;Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbckver0 12cwbckver.exe1 00318Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
227Client Access Check Version0 18cwbckver.exe LOGIN211HKEY_LM\Run0102IBM(R) AS/400(R) Client Access Express for Windows(R) V5R1M0, IBM Corporation. Service Level Detection39http://www.absolutestartup.com/startup/1
225Client Access Help Update0 12cwbinhlp.exe1 00271Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbinhlp0 12cwbinhlp.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
221Client Access Service0 12cwbsvstr.exe1 00 76IBM(R) iSeries (TM) Access for Windows V5R3M0, IBM Corporation. cwbsvstr.exe 01
221Client Access Service0 12CwbSvStr.Exe1 00405Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbsvstr0 12cwbsvstr.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
321client access taskbar0 12cwbuitsk.exe1 00 44IBM iSeries Client Access taskbar, see  here52http://www-1.ibm.com/servers/eserver/iseries/access/0
029Client Access Express Welcome0 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
0 8cwbwlwiz0 12cwbwlwiz.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
329Client Access Express Welcome0 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
312Cwcdschk.exe0 12Cwcdschk.exe1 00 21IBM Thinkpad related? 01
3 8cwcptray0 12cwcptray.exe1 00 57Related to ContentWatch Parental Control Internet Filter.28http://www.contentwatch.com/0
324Crystal 3D Audio Control0 12CWD3DSND.EXE1 00 30Crystal 3D Audio sound driver. 01
213Coolwallpaper0 12cwm_tray.exe1 00103Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers45http://coolwallpaper.com/download/index2.html0
321CoolWallpaperSoftware0 12cwm_tray.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321Command WorkStation 40  9CWS 4.exe222StartUp menu\All users0 76CWS 4 Application 4.1, Electronics for Imaging, Inc. . CWS 4 MFC Application39http://www.absolutestartup.com/startup/1
212bOň
ůđ\×y-ŻĚ0 10cwueem.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8cwupdate0 12cwupdate.exe1 00115ContentProtect, from A href="http://www.contentwatch.com/products/contentprotect.php"ContentWatch - internet filter 01
1 6zstart0 12cxdxregt.exe1 00 27ZenoSearch adware component54http://vil.mcafeesecurity.com/vil/content/v_133714.htm0
110Zstart.lnk0 12cxdxregt.exe1 00 38Added by the Adware.ZenoSearch adware.61http://www.sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 7KV_HOST0  8cxjx.exe1 00 72Added by the Troj/LegMir-BB Trojan with password-stealing functionality.58http://www.sophos.com/virusinfo/analyses/trojlegmirbb.html0
117*microsoft update0  8cxma.exe1 00 35Added by the  W32.HLLW.STMU TROJAN!70http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml0
1 5cxorj0  9cxorj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123autoloaderaproposclient0 17cxtpls_loader.exe1 00 19AproposMedia adware45http://doxdesk.com/parasite/AproposMedia.html0
1 4cxuh0  8cxuh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 3C2K0  9CYB2K.EXE1 00176CYBERsitter 2000 or 2001 -  anti-porn filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser 01
2 5Cyber0 12cyberchk.exe1 00 59you to clean your drive after "x" amount of time has passed 01
1 9CyberWolf0 13CyberWolf.exe1 00 41Added by the  KICKIN.A (or CYDOG.C) WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html0
1 4cyef0  8cyef.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117Dos Prompt Loader0 10cygwin.exe1 00 79Added by W32/Sdbot-VV, A WORM/backdoor, and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvv.html0
2 8CyphTray0 12CyphTray.exe1 00 30Cypherus - encryption software24http://www.cypherus.com/0
114WindowsSysBoot0  9cytob.exe1 00134Added by the W32/Tilebot-AY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotay.html0
1 5cyvud0  9cyvud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4run=0 11cyxid98.exe1 00 20Unidentified malware 01
1 9ASDPLUGIN0  9czech.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 7drocher0  5d.exe1 00 21Adult content dialler 01
1 6System0  5d.exe1 00148Added by the W32.Mytob.KU@mm worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ku@mm.html#technicaldetails0
113[random name]0 12d?xplore.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
212D066UUtility0 12D066UUTY.EXE1 00104TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software 01
1 7systemr0 11d11host.exe1 00 43Added by the Troj/VB-GX downloading trojan.54http://www.sophos.com/virusinfo/analyses/trojvbgx.html0
3 2D40  6D4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
310Dimension40  6d4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
1 7WinMine0  9D4NG3.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
211DACONFIGEXE0 12daconfig.exe1 00 523Com NIC Diagnostics. Available via Start - Programs 01
4 6DadApp0 10dadapp.exe1 00253DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked - direct from Dell 01
234Corel Desktop Application Director0  8dadx.exe1 00153The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start - Programs 01
317DAEMON Tools-10330 22daemon.exe  -lang 10332 00 60DAEMON Tools 3.47.0.0, DAEMON'S HOME. Virtual DAEMON Manager 01
3 6Daemon0 10Daemon.exe1 00 83Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive36http://www.daemon-tools.net/main.htm0
317DAEMON Tools-10330 10Daemon.exe1 00  036http://www.daemon-tools.net/main.htm0
313TrackpointSrv0 10daemon.exe1 00116Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work 01
1 6Daemon0 24daemon.exe c daemon2.exe2 00107The WORM W32/Esalone-A will add the file,  corrupt WINZIP and WINRAR archives, and also create other files.57http://www.sophos.com/virusinfo/analyses/w32esalonea.html0
317DAEMON Tools-10330 21daemon.exe -lang 1033211HKEY_LM\Run0 60DAEMON Tools 3.47.0.0, DAEMON'S HOME. Virtual DAEMON Manager39http://www.absolutestartup.com/startup/1
2 6Daemon0 12DAEMON32.EXE1 00146Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start - Programs 01
112Micro Update0 10DAILIN.EXE1 00143Added by the W32/Rbot-ER trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboter.html0
410[not used]0 10DAinit.dll1 00 54Used by Desktop Authority desktop management software.53http://www.scriptlogic.com/products/desktopauthority/0
112daiXPdXm.exe0 12daiXPdXm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210Dell Alert0  9DAMon.exe1 00 75Dell Alert utility, that's supposed to make interaction with Support easier 01
2 3Dap0  7DAP.exe1 00 70Download Accelerator Plus from SpeedBit - download manager/accelerator34http://www.speedbit.com/DAPDL.asp?0
229Download Accelerator Plus 5.00  7DAP.exe1 00192Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is &quot;adware&quot; based24http://www.speedbit.com/0
219DownloadAccelerator0  7DAP.EXE1 00182Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is "adware" based 01
319DownloadAccelerator0 16DAP.EXE /STARTUP211HKEY_LM\Run0 79Download Accelerator Plus  7, 4, 0, 1, Speedbit Ltd.. Download Accelerator Plus39http://www.absolutestartup.com/startup/1
119DownloadAccelerator0 16DAP.EXE /STARTUP2 00 78Download Accelerator Plus 7, 4, 0, 2, Speedbit Ltd.. Download Accelerator Plus 01
1 5load=0 10dapdll.exe1 00 25Added by the ATAK.E WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.e@mm.html0
318Codename Dashboard0 13dashboard.exe1 00266Codename: Dashboard - &quot;an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time&quot;46http://www.downlinx.com/proghtml/415/41557.htm0
0 6dashie0 18dashIE.exe systray2 00 67Could be related to &quot;Dash Power Shopping&quot; tool bar in IE? 01
438Compuware Distributed Analyzer Service0 11DASVCNT.exe1 00 49Added as part of the Compuware DevPartner Studio.55http://www.compuware.com/products/devpartner/studio.htm0
3 9DataLayer0 13DataLayer.exe1 00229Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on 01
3 9DataLayer0 13DataLayer.exe1 00 67Nokia PC Suite 6, 0, Nokia Mobile Phones Ltd.. DataLayer 2.0 Module 01
112Data Layer 20 13datalayer.exe1 00 48Added by the W32/Rbot-BNF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbnf.html0
324Optus Cable Data Monitor0 15datamonitor.exe1 00 96Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits" 01
119Driver Data Monitor0 11datasys.exe1 00 48Added by the W32/Rbot-BBN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbn.html0
1 8Datcheck0 12datcheck.exe1 00 29Added by the KEYPANIC TROJAN!63http://www.symantec.com/avcenter/venc/data/keypanic.trojan.html0
1 8BootsCfg0 14Date.POP.vbs %2 00 31Added by the  VBS.KUULLIO WORM!62http://www.symantec.com/avcenter/venc/data/vbs.kuullio@mm.html0
113DateMakerIntl0 17DateMakerIntl.exe1 00 34Premium rate adult content dialler 01
112Date Manager0 15datemanager.exe1 00 87Date Manager - calender program. Spyware/adware based provided by The Gator Corporation28http://www.date-manager.com/0
217Desktop Architect0 10DATRAY.EXE1 00 94Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc55http://download.com.com/3000-2326-5630015.html?tag=list0
217Desktop Architect0 13datray.exe -S2 00 64Desktop Architect 2, 1, 1, 0, Ken Foster. Desktop Architect Tray 01
1 5daudi0  9daudi.exe1 00 29Malware,  as yet unidentified 01
1 8DAupdate0 12DAupdate.exe1 00 17NavEnhance adware 01
118Perfomance Monitor0 12davcsync.exe1 00 30Added by the W32/Lamud-A worm.55http://www.sophos.com/virusinfo/analyses/w32lamuda.html0
011DAW9532.exe0 11DAW9532.EXE1 00111Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. 01
213Daily Planner0 11dayplan.exe1 00141Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them36http://www.kmcsonline.com/index.html0
3 8DayToday0 12DAYTODAY.EXE1 00 71DayToday from RoboMagic Software Corp. Displays the date on the taskbar43http://www.locutuscodeware.com/daytoday.htm0
1 4wizz0 11dazzler.exe1 00 59Reported by Kaspersky Anti-Virus as Win32.Dialer.is TROJAN! 01
126Win Validation Application0 13DBExecCom.exe1 00 32Added by the W32/VBSilly-A worm.57http://www.sophos.com/virusinfo/analyses/w32vbsillya.html0
1 8debugger0  9dbg32.exe1 00 28Added by  W32/Mytob-FW WORM!56http://www.sophos.com/virusinfo/analyses/w32mytobfw.html0
123microsoft debug service0 10dbgbgr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft System Checkup0 12dbnetlib.exe1 00 25Added by the DONK.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.l.html0
2 6dbserv0 10dbserv.exe1 00 83Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled 01
321Gravis Appawareloader0 12dbserver.exe1 00155Looks like it's associated with  Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them22http://www.gravis.com/0
2 6dbtmon0 10dbtmon.exe1 00145Dell button monitor for 9XX series printer most commonly associated with 922. Can safely be turned off does not hamper printer operations. Can be 01
314Dialer Control0  6dc.exe1 00 68Dialer-Control. Detects and protects from premium rate p0rn diallers29http://www.dialer-control.de/0
1 2BD0  6dc.exe1 00 35Added by the Troj/Rasdoor-B Trojan.58http://www.sophos.com/virusinfo/analyses/trojrasdoorb.html0
115[Various Names]0 12DCC_send.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110dcomdriver0 11DCCOM32.EXE1 00 48Added by the W32/Nymph.gen@MM mass-mailing worm.42http://vil.nai.com/vil/content/v_99180.htm0
320DAZEL Delivery Agent0 12DcDaemon.exe1 00 62Control and send documents, etc, to any destination - see here58http://www.clickly.com/ISSVDO4Z/EN/user/proddet.html?P=8880
111DCE Manager0 10dcemgr.exe1 00 26Added by the TUMAG TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tumag.html0
1 7AdPopup0 11dcf5678.exe1 00 34Added by the Troj/Agent-FZ Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfz.html0
3 7DCfssvc0 11dcfssvc.exe1 00302Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example 01
3 7dcfssve0 11dcfssvc.exe1 00304Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example 01
118DcomHelper Service0 11dcmhelp.exe1 00 49Added by the W32/Sdbot-AJA worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaja.html0
138(2C1CD3D7-86AC-4068-93BC-A02304BB8C34)0 11dcom_16.dll1 00106Added by the Troj/Agent-BIW backdoor Trojan.br /br /Uses CLSID: b(2C1CD3D7-86AC-4068-93BC-A02304BB8C34)/b.58http://www.sophos.com/virusinfo/analyses/trojagentbiw.html0
111dcomcfg.exe0 11dcomcfg.exe1 00 44Added by the Troj/Zlob-IK downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobik.html0
110[not used]0 12dcompcss.exe1 00 35Added by the Troj/PPdoor-AQ Trojan.58http://www.sophos.com/virusinfo/analyses/trojppdooraq.html0
114WINDOWS SYSTEM0 12dcomuser.exe1 00132Added by the W32/Mytob-BJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobbj.html0
1 6System0  9dcomx.exe1 00 28Added by the CIREBOT TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cirebot.html0
1 6dcrgmj0 10dcrgmj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118Monitor SynManager0 10dcvwed.exe1 00134Added by the W32/Sdbot-NL worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnl.html0
1 8dcznetv20 12dcznetv2.exe1 00133Added by the W32/Tilebot-O worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tileboto.html0
117Microsoft Winsock0 12dczwin32.exe1 00 48Added by the W32/Rbot-BFW worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfw.html0
116Microsoft Config0 11dczznet.exe1 00231Added by the W32/Rbot-ARL worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.  This infection will also install the rootkit rdriv.sys in the Windows System folder.56http://www.sophos.com/virusinfo/analyses/w32rbotarl.html0
313Dialer Detect0  6dd.exe1 00147DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it43http://www.dialerdetect.nl/english/main.htm0
1 8D System0  6dd.exe1 00 48Added by the W32/Mytob-FN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobfn.html0
213DDCActiveMenu0 17DDCActiveMenu.exe1 00235Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
213DDCActiveMenu0 23DDCActiveMenu.exe -boot2 00 80WildTangent DDCActiveMenu Module , WildTangent. WildTangent DDCActiveMenu Module 01
312DD2KPECLIENT0 12DDClient.exe1 00126Added by the Spyware.DesktopD surveillance software. If you did not install this program, you should uninstall it immediately.60http://www.sarc.com/avcenter/venc/data/spyware.desktopd.html0
310DD2SERVICE0 12DDClient.exe1 00126Added by the Spyware.DesktopD surveillance software. If you did not install this program, you should uninstall it immediately.60http://www.sarc.com/avcenter/venc/data/spyware.desktopd.html0
2 4DDCM0 10DDCMan.exe1 00435Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case" target="_blank"privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
2 6DDCMan0 10DDCMan.exe1 00  038http://www.wildtangent.com/default.asp0
2 4DDCM0 22DDCMan.exe -Background2 00 70WildTangent Channel Manager , WildTangent. WildTangent Channel Manager 01
115Windows Service0  8dddd.exe1 00101Identified by Kaspersky Labs as PornWare.Dialer.Salc, also known to come with the Bube family trojans64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=415180
1 7ddeproc0 11ddeproc.exe1 00 83Associated with Webcelerator - spyware. Read eAcceleration's privacy statement here37http://www.eacceleration.com/privacy/0
1 6DDEsvr0 10ddesvr.exe1 00133Added by the W32/Agobot-QI worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotqi.html0
114Winsvr manager0 10DDEsvr.exe1 00 67Added by the W32/Tirbot-B WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32tirbotb.html0
1 7DirectX0 12ddhelp32.exe1 00 81Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.3180
1 8DDialler0 12DDialler.exe1 00 21Adult content dialler 01
311CCD Manager0  7DDS.EXE1 00 63Project Labs Century CD manager for their CD/DVD storage device27http://www.centurycdna.com/0
223DynDNS-Updater Traytool0 11ddutray.exe1 00102DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually38http://www.dyndns.org/services/dyndns/0
1 7de32gen0 11de32gen.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
2 7DeadAIM0 29DeadAIM.ocm,ExportedCheckODLs111HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
113virtual cdrom0 10deamon.exe1 00 27Added by the  RBOT.VP WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VP&VSect=P0
1 6debugg0 10debugg.dll1 00 47Added by the HaxDoor.B rootkit/backdoor Trojan.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.b.html0
112DebugMonitor0 16debugmonitor.exe1 00 71A MyDoom WORM variant adds this file, exploiting P2P and email clients.57http://www.sophos.com/virusinfo/analyses/w32mydoombh.html0
1 5Debug0 12DebugW32.exe1 00122Added by the GUBED TROJAN Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 4run=0  9dec25.exe1 00 25Added by the ATAK.F WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.f@mm.html0
1 9what ever0  9decom.exe1 00108Added by the W32/Rbot-SC worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsc.html0
1 3Gmh0  7Dee.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7deeenes0 11DeeEnEs.exe1 00 70DeeEnEs - automatically  updates a dynamic IP address when it changes.48http://www.palacio-cristal.com/products/DeeEnEs/0
312NAV DefAlert0 12DefAlert.exe1 00162Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis 01
115[Various Names]0 12defect08.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
113BODefenderDrv0 15DefenderDrv.sys1 00 45Added by the Troj/GrayBrd-BF backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbf.html0
124Automatic Defrag Manager0 10defrag.exe1 00132Added by the W32/Rbot-AKE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotake.html0
118windows dll loader0 15defragfat32.exe1 00 32Added by the  W32/SDBOT-SS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotss.html0
118Windows DLL Loader0 18defragfat32abc.exe1 00108Added by the W32/Rbot-RG worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrg.html0
118Windows DLL Loader0 17defragfat32pi.exe1 00 26Added by the RBOT-QQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqq.html0
118Windows DLL Loader0 16defragfat32z.exe1 00 28Added by the LINKBOT.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.a.html0
118Windows DLL Loader0 15DEFRAGFAT34.EXE1 00 44Added by the W32/Poebot-B WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotb.html0
118Windows DLL Loader0 15defragfat39.exe1 00 27Added by the POEBOT-C WORM!56http://www.sophos.com/virusinfo/analyses/w32poebotc.html0
118Windows DLL Loader0 14defragfatx.exe1 00134Added by the W32/Poebot-F trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32poebotf.html0
118Windows DLL Loader0 14defragfatz.exe1 00 28Added by the LINKBOT.H WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.h.html0
118Windows DLL Loader0 15defragfatz.exe.1 00 12Added by the31W32/Poebot-D WORM/IRC backdoor!0
113defragm_check0 14defragment.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7WebScan0 14DEFSCANGUI.EXE1 00150Stop-Sign from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware in itself - see their privacy statement here25http://www.stop-sign.com/0
3 8defwatch0 12defwatch.exe1 00191Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis 01
3 9slow play0 13DEFY DASH.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
112spywareguard0 17deinst_qfe001.exe1 00126Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application as described  here45http://castlecops.com/s3481-SpywareGuard.html0
125windows internet protocol0 17deinst_qfe001.exe1 00 45Added by a variant of the Win32.Small TROJAN! 01
122windows update checker0 17deinst_qfe002.exe1 00  0 01
3 5Delay0 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
3 8Delayrun0 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
211DELDIR0.EXE0 11DELDIR0.EXE115HKEY_LM\RunOnce0 58one-dev DelDir 1, 0, 0, 1, Network Associates Inc.. DelDir39http://www.absolutestartup.com/startup/1
321GhostSurfDelSatellite0 19DeleteSatellite.exe1 00 35SpyCatcher spyware remover related.58http://www.tenebril.com/products/ghostsurf/spycatcher.html0
2 7Execute0 14delfolders.exe1 00  2?? 01
3 7DellDMI0 11delldmi.exe1 00379Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? 7#FF00000
3 8DELLMMKB0 12DELLMMKB.EXE1 00 93Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys 01
3 9DellTouch0 12DELLMMKB.EXE1 00  0 01
2 6DellSC0 10dellsc.exe1 00 80Dell Solution Center - web-based troubleshooting tools and educational offerings 01
132windows service pack auto update0 10del-me.exe1 00 49Adware,  also detected as the Lowzones.BH TROJAN! 01
1 7delmsbb0 11delmsbb.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
1 7delsaap0 11delsaap.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
0 8delstart0 12delstart.exe1 00 83Reportedly part of BT ISP software - what does it do and is it required in startup? 01
0 6DelTmp0 11DelTemp.exe1 00142Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? 01
2 8DeltTray0 11deltray.exe1 00195System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -&gt; Programs or Start -&gt; Settings -&gt; Control Panel51http://www.midiman.net/products/m-audio/delta44.php0
0 6delcab0 20deltreew.exe C:\cabs2 00  6??font 01
111demm386.exe0 11DEMM386.EXE1 00143Added by the W32/Rbot-EO trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboteo.html0
0 5demon0  9demon.exe1 00 45Part of the French Wanadoo ADSL extense pack. 01
1 8Especial0 10Deneca.bat1 00 44Added by the WM97/Acened-A word macro virus.57http://www.sophos.com/virusinfo/analyses/wm97aceneda.html0
113WINDOWS DENEM0 10deneme.exe1 00132Added by the W32/Mytob-CR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcr.html0
114WINDOWS DENEME0 10deneme.exe1 00132Added by the W32/Mytob-CR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcr.html0
115[various names]0 10dePloy.exe1 00 90TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see  here44http://www.doxdesk.com/parasite/WareOut.html0
1 6Desire0 11desires.exe1 00 21Adult content dialler 01
325HydarVisionDesktopManager0 10desk95.exe1 00253ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs39http://support.microsoft.com/?id=8109370
325HydraVisionDesktopManager0 10desk98.exe1 00167ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup 01
114DeskAd Service0 14DeskAdServ.exe1 00 26Windupdates adware variant81http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx0
2 9DeskColor0 13DESKCOLOR.EXE1 00 65Provides transparent icon text backgrounds and coloured icon text 01
2 8Deskflag0 12Deskflag.exe1 00 43DeskFlag - animated USA flag on the desktop24http://www.deskflag.com/0
3 8DeskHide0 12deskhide.exe125StartUp menu\Current user0 27DeskHide 1.00, wh0t access.39http://www.absolutestartup.com/startup/1
118DeskMateAutoUpdate0 22DeskMateAutoUpdate.exe1 00 88DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related53http://www.pestpatrol.com/PestInfo/b/bargainbuddy.asp0
21000dsksvr000 13desksaver.exe1 00 35Related to  Advanced_Desktop_Shield40http://www.softstack.com/deskshield.html0
216DiscoverDeskshop0 12Deskshop.exe1 00 62Discover Deskshop - single use &quot;virtual&quot; credit card43http://www.dealchecker.com/doc.cfm?OID=10910
222AquaSoft PhotoKalender0 62DESKTO~1.EXE -p|Photokalender.ads -t|3 Monate unregelmäßig.pwt211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7desktop0 11desktop.exe1 00 27Added by the SDBOT.MD WORM!46http://www.f-secure.com/v-descs/sdbot_md.shtml0
114Desktop Search0 11desktop.exe1 00 33iSearch "Desktop Search" hijacker 01
311desktop.ini0 11desktop.ini125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
411lto manager0 21DesktopLtoManager.exe1 00 84Related to  Global_Positioning_System (GPS) found on HP iPAQ hw6500 unit and others.28http://www.globallocate.com/0
210desktopmgr0 14desktopmgr.exe1 00132Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the &quot;Blackberry&quot;39http://www.rim.net/products/index.shtml0
223Copernic Desktop Search0 17DesktopSearch.exe1 00140Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"61http://www.copernic.com/en/products/desktop-search/index.html0
016desk-top-service0 20desk-top-service.exe1 00  2?? 01
322Motorola Desktop Suite0 16DesktopSuite.exe122StartUp menu\All users0 88Symbian Connect QI 1, 0, 0, 1, Symbian Ltd.. Symbian Connect QI Reference User Interface39http://www.absolutestartup.com/startup/1
2 3DW40 18DesktopWeather.exe1 00 46The Weather Channel's desktop weather program. 01
3 3DW40 18DesktopWeather.exe111HKEY_CU\Run0 49Desktop Weather 4 4.24.0.0, TWCi. DesktopWeather439http://www.absolutestartup.com/startup/1
3 8DesktopX0 12DESKTOPX.EXE1 00 96A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking 01
2 6deskup0 10deskup.exe1 00 42Adds Iomega Zip drive icons to the desktop 01
2 6Deskup0 20deskup.exe /IMGSTART211HKEY_LM\Run0 45Iomega refresh 4, 0, 1, 0, Iomega. deskup.exe39http://www.absolutestartup.com/startup/1
115[Various Names]0 11Dest068.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9destroy110 13destroy11.exe1 00 44Added by the Troj/Delf-KO keylogging trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfko.html0
110destroyb110 14destroyb11.exe1 00 26Added by the  Troj/Delf-KO56http://www.sophos.com/virusinfo/analyses/trojdelfko.html0
2 8Detector0 12Detector.exe1 00 36Test Application 1, 0, 0, 1, . Image 01
2 8Detector0 12detector.exe1 00263USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software 01
214MGA_CD_Install0  7Deutsch1 00  0 01
129Microsoft Windows Workstation0 11devcode.exe1 00 48Added by the W32/Rbot-AWL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotawl.html0
129Microsoft Windows Workstation0 13devcode32.exe1 00 48Added by the W32/Rbot-BBT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbt.html0
111Dev Gnu Cpp0 10devcpp.exe1 00108Added by the W32/Rbot-RU worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotru.html0
315Device Detector0 13DevDetect.exe1 00 78Watches for external digital imaging products being connected from ACD Systems43http://www.acdsystems.com/English/index.htm0
315Device Detector0 22DevDetect.exe -autorun2 00  0 01
315Camera Detector0 22DevDetect.exe -autorun211HKEY_LM\Run0 62Device Detector 1, 3, 2, 1, ACD Systems, Ltd.. Device Detector39http://www.absolutestartup.com/startup/1
217Device Detector 20 12DevDtct2.exe1 00294Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources. 01
217Digital Dashboard0 11devgulp.exe1 00 48For Compaq PC's. Loads Digital Dashboard options 01
1 5Cmpnt0 12Devices2.exe1 00 43Added by the Troj/Tompai-D backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojtompaid.html0
128Configuration Loader Service0 10devl32.exe1 00 31Added by the W32/Sdbot-XY worm.56http://www.sophos.com/virusinfo/analyses/w32sdbotxy.html0
116Windows Archiver0 10devldr.exe1 00 46Added by the W32/Prex-J worm and IRC backdoor.54http://www.sophos.com/virusinfo/analyses/w32prexj.html0
3 8devldr160 12devldr16.exe1 00369Associated with some Creative Labs sound cards.  Provides audio support for DOS applications.  Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start - Settings - Control Panel - System - Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices 01
312devldr16.exe0 12devldr16.exe1 00369Associated with some Creative Labs sound cards.  Provides audio support for DOS applications.  Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start - Settings - Control Panel - System - Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices 01
111Divx4 codec0 12devldr32.exe1 00 96Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file76http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32/F4120
0 6Devlog0 10devlog.exe1 00115Apparently mainboard/chipset related, by a French company called AS Media -  what exactly is it, and is it required 01
111Dev Manager0 12devspecs.exe1 00107An Rbot variant.  This infection connects to an IRC server where it will await commands from a remote user. 01
1 5xdxqa0  8dewa.exe1 00 12Added by the140W32/Sdbot-YB.0
110autorepair0  8dexs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
120Configuration Loader0  8dezi.exe1 00134Added by the W32/Sdbot-OB worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotob.html0
132Managing FAT and NTFS partitions0 13dfrgfat16.exe1 00 48Added by the W32/Codbot-N worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotn.html0
134Defragmentation Management Handler0 13dfrgfat32.exe1 00 41Added by the W32/Codbot-AB backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32codbotab.html0
111wininet.dll0 11dfrgsrv.exe1 00 46Added by the Troj/DwnLdr-FS downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojdwnldrfs.html0
123Distributed File System0  9Dfsvc.exe1 00 38Added by the MYFIP.A or MYFIP.K WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.a.html0
316Hermes Messenger0 12DGDRHE~1.EXE1 00 65A LAN messenger alternative to WinPopUp - Digital Dreams Software27http://www.dgdr.com/hermes/0
3 4DGJM0  8DGJM.exe1 00  2?? 01
130Microsoft Security Pansasagers0 13dgkztsqgn.exe1 00 48Added by the W32/Rbot-BBJ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbj.html0
1 8dgtstart0 12dgtstart.exe1 00 21DigitalNames.g adware62http://www.viruslist.com/en/viruses/encyclopedia?virusid=808850
2 6dguard0 10dguard.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
1 5dgzqn0  9dgzqn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115DealHelperBrwsr0 11dhbrwsr.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
3 7FatPipe0  4DHCP1 00115Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users 01
131Symantec Client Security Loader0  8DHCP.DLL1 00116Added by the Troj/DllLoad-B trojan dll loader. DHCP.DLL is a file that tells the service what malicious DLL to load.58http://www.sophos.com/virusinfo/analyses/trojdllloadb.html0
1 8WinSec320  8dhcp.sys1 00 44Added by the Troj/Rawdoor-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojrawdoora.html0
121Microsoft STS Service0 10DHCP32.exe1 00136Added by the W32/Sdbot-UK worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuk.html0
4 8dhcpagnt0 12dhcpagnt.exe1 00 79Intel DSL modem driver - leave enabled or you'll have to re-install the drivers 01
111DHCP Client0 14dhcpclient.exe1 00133Added by the W32/Codbot-AG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32codbotag.html0
1 6dhixmg0 10dhixmg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6DHNUXB0 10DHNUXB.exe1 00  2?? 01
1 6atomix0  7dho.exe1 00 43Added by the W32.Hotmatom MSN Hotmail worm.73http://www.sarc.com/avcenter/venc/data/w32.hotmatom.html#technicaldetails0
116DealHelperUpdate0 10DHUpdt.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
1 5file10 13Dia Claro.htm2 00 29Added by the  Troj/Dloader-OR59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
310DiagAP81690 14DiagAP8169 /hw211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9(default)0 11diagcfg.exe1 00 36Added by the Backdoor.GWGirl trojan.59http://www.sarc.com/avcenter/venc/data/backdoor.gwgirl.html0
2 7diagent0 11diagent.exe1 00127System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -&gt; Programs 01
2 7DIAGENT0 19DIAGENT.EXE startup211HKEY_LM\Run0 87Creative Diagnostics Agent 1.00.10, Creative Technology Ltd. Creative Diagnostics Agent39http://www.absolutestartup.com/startup/1
110Diagnostic0 14diagnostic.exe1 00 42Added by the Troj/Alpha-C backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojalphac.html0
1 9installer0  8dial.exe1 00 75Malware - detected by  Kaspersky antivirus as trojan-dropper.win32.agent.mm36http://www.kaspersky.com/personalpro0
110User23.exe0  8DIAL.exe1 00 56This is a trojan trying to disguise itself as User32.dll 01
1 6regrun0 10dialer.exe1 00 97Adware downloader - also detected as a variant of the  TROJ_LOWZONES.BW or  TROJ_AGENT.RD TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW0
316antidialer.co.uk0 18Dialer_Watcher.exe1 00 85Dialer_Watcher is an application that allows you to detect  Dialers on your computer.24http://antidialer.co.uk/0
115[Various Names]0 13dialer423.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6itunes0  9dials.exe1 00109Detected as Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus. Note: A Url is not available at this time. 01
122windows dialup service0 10dialup.exe1 00 30Added by the  AGOBOT.AAH WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAH&VSect=P0
011diamondview0 15Diamondview.exe1 00115Manulife Financial Insurance program. Note: This file is legitimate. It is not known if it needs to run at startup. 01
1 5Livre0 10Dibane.bat1 00 26Added by the BANEDI VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w97m.banedi.html0
1 9rundll***0 23die.exe [path] mdll.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 25die.exe [path] secure.bat2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 25die.exe [path] secure.exe2 00  076http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 22die.exe [path] ttg.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
3 5DietK0  9DietK.exe1 00156DietK - add-on for Kazaa Media Desktop; "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"21http://www.dietk.com/0
3 8DigiCell0 12DigiCell.exe1 00420MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" 01
3 7digisrv0 11DigiSrv.exe1 00 49Related to camera software from  Digital_Dreams._44http://www.digitaldreamco.com/en/index.shtml0
112DigitalNames0 21DigitalNamesStart.exe1 00 28DigitalNames spyware variant81http://securityresponse.symantec.com/avcenter/venc/data/spyware.digitalnames.html0
1 5DigiD0 16DigitalSound.exe1 00 17Adware downloader 01
211DIGServices0 15DIGServices.exe1 00 58Created by Disney but licensed to ESPN for watching videos 01
2 9DIGStream0 13digstream.exe1 00222DIGStream Cache Manager - part of ESPN Motion and  Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically39http://espn.go.com/motion/download.html0
1 8Gtfgxojw0 11Dihpcyj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113iConfigLoader0 11DIIhost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
136Microsoft Internal AntiVirus Systems0 11dIlhost.exe1 00133Added by the W32/Rbot-AEV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaev.html0
3 9Dimension0 13Dimension.exe1 00220Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol 01
1 5Dino30  9dino3.exe1 00138Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result 01
1 5dinst0  9dinst.exe1 00 98GrandStreet parasite variant - detected by Kaspersky antivirus as Trojan-Downloader.Win32.Intexp.d48http://www.doxdesk.com/parasite/GrandStreet.html0
1 7Printer0 10dipset.exe1 00 38Added by a variant of the FBSR TROJAN!46http://vil.nai.com/vil/content/Print119618.htm0
112direct3d.exe0 12direct3d.exe1 00 52Added by the Troj/Certif-F password-stealing trojan.57http://www.sophos.com/virusinfo/analyses/trojcertiff.html0
111Windows SP40 12directCC.exe1 00121Added by the W32/Rbot-ACX worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotacx.html0
216Adaptec DirectCD0 12Directcd.exe1 00351DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start - Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
215AdaptecDirectCD0 12Directcd.exe1 00351DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start - Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
2 8DirectCD0 12DirectCD.exe1 00  0 01
121Printer direct access0 13directout.sys1 00 36Added by the TSPY_GOLDUN.EG rootkit.97http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FGOLDUN%2EEG&VSect=Td0
1 8directpt0 12directpt.dll1 00 44Added by the Troj/Haxdoor-AX rootkit Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorax.html0
111directs.exe0 11directs.exe1 00 64Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.o@mm.html0
1 8directut0 12directut.dll1 00 35Added by the Troj/Goldun-BX Trojan.58http://www.sophos.com/virusinfo/analyses/trojgoldunbx.html0
310DIRECTVDSL0 14Directvdsl.exe1 00 66Starts DirectTV DSL modem at boot up. Can also be started manually 01
1 7DirectX0 11DirectX.exe1 00 37Added by the BLAXE or  LOGPOLE WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.blaxe.html0
1 7directx0 11Directx.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
115DirectX Service0 11directx.exe1 00 49Added by the Troj/Crybot-B worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/trojcrybotb.html0
1 7directx0 13directx32.exe1 00 29Added by the  AGOBOT.CG WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CG0
110directx 320 13directx32.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
116WindowsXP Module0 13DirectX3D.exe1 00 42Malware, reportedly a keylogger - see here51http://www.anti-spy.info/process/directx3d.exe.html0
1 9DirectX640 14DirectXset.exe1 00 28Added by the BROWNEY.A WORM!43http://vil.nai.com/vil/content/v_100098.htm0
3 6Dirkey0 10Dirkey.exe1 00287Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders&nbsp;31http://www.protonfx.com/dirkey/0
1 4rn4d0 10dirote.exe1 00 34Added by the BKDR_MAROON.A TROJAN!107http://nl0
2 8discoveg0 12discoveg.exe1 00  2?? 01
312Disk_Monitor0 16Disk_Monitor.exe1 00225Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader 01
126Windows (random character)0 13diskcheck.exe1 00 28Added by the SINGU.B TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.singu.b.html0
1 7diskinf0 11diskinf.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
311DISKMON.EXE0 11DISKMON.EXE1 00280DiskMon is a small (55k zip file) that monitors hard disk activity.  It's most useful because it puts a little light on your system tray that tells you when your hard disk is reading or writing, saving you having to bend down to look at the light on the front of your system unit. 01
1 7diskchk0 13diskmon32.exe1 00 48Added by the W32/Rbot-BBI worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbi.html0
2 7Disknag0 11disknag.exe1 00 65Dell program that reminds you to make your&nbsp; backup diskettes 01
310DiskPiePro0 17DiskPiePro.exe /m211HKEY_CU\Run0 54DiskPiePro 1.0.0.0, Ziff Davis Media, Inc. DiskPie Pro39http://www.absolutestartup.com/startup/1
115[Various Names]0 12diskserv.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
112Disk Manager0 11diskver.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
129i am not ranky. i am etunnel!0 10disney.exe1 00 40Added by an unidentified WORM or TROJAN! 01
414APC UPS Status0 11Display.exe1 00 43APC PowerChute Personal Edition status icon67http://www.apcc.com/products/family/index.cfm?id=129&web_displayed=0
3 6disspy0 10disspy.exe1 00 45Disspy spyware detection and removal software44http://www.h-desk.com/new/Features.13.0.html0
224Distiller Assistant 3.010 12DISTASST.EXE1 00 90From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start - Programs 01
3 3Dit0  7Dit.exe1 00  0 01
3 3Dit0  7dit.exe1 00127Drive Icon and Label Utility - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found 01
210DiTask.exe0 10DiTask.exe1 00195Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -&gt; Programs42http://www.eicon.com/worldwide/default.htm0
311Divamon.exe0 11Divamon.exe1 00 57Associated with an Eicon Networks Diva ISDN or ADSL modem42http://www.eicon.com/worldwide/default.htm0
112DivX Updater0  8DivX.Exe1 00 43Added by the NALDEM TROJAN or MASTAK VIRUS!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.naldem.html0
1 4divx0 11divxenc.exe1 00 29Added to the  Spbot.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.spbot.b.html0
1 7mdetect0 15divxencoder.exe1 00 46Added by the Troj/Sqdload-A downloader trojan.58http://www.sophos.com/virusinfo/analyses/trojsqdloada.html0
111DivX Player0 14DivXPlayer.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
0 8djsnetcn0 12DJSNetCN.exe1 00 72Symantec Licensing Detect Internet Connection,  part of Norton antivirus 01
3 8DJSNetCN0 12DJSNETCN.exe119HKEY_LM\RunServices0 79Symantec Shared Components 5.0, Symantec Corporation. Symantec Shared Component39http://www.absolutestartup.com/startup/1
114djtopr1150.exe0 14djtopr1150.exe1 00 50Unknown malware. Located in %temp%\djtopr1150.exe" 01
1 7djvvjvy0 11djvvjvy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7dKernel0 11dkernel.exe1 00 30Added by the W32/Decoy-A worm.55http://www.sophos.com/virusinfo/analyses/w32decoya.html0
216DiskeeperSystray0 10DkIcon.exe1 00 60DisKeeper defragmentation software - can be started manually42http://www.executive.com/defrag/defrag.asp0
1 4dkjb0  8dkjb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 9DkService0 13DkService.exe1 00200From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. 01
1 6DKTime0 10dktime.exe1 00 26Added by the LUNII TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html0
113Dkware lptt010 10dkware.exe1 00180Variant of the  RapidBlaster parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113Dkware ml097e0 10dkware.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
138(D1589445-4C2D-4827-6486-8C9674D8B206)0 11dkxcj32.dll1 00100Added by the W32/Korgo-Z network worm.br /br /Uses CLSID: b(D1589445-4C2D-4827-6486-8C9674D8B206)/b.55http://www.sophos.com/virusinfo/analyses/w32korgoz.html0
1 7dkzzixm0 11dkzzixm.exe1 00  2?? 01
2 7DlaTray0 11Dlatray.exe1 00404System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" 01
2 6HP_dla0 11dlatray.exe1 00106On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD 01
221Dell AIO Printer A***0 12dlbabmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
0 8dlbcserv0 12dlbcserv.exe1 00 31Related to a Dell Photo Printer 01
021dell aio printer a9600 12dlbfbmgr.exe1 00 36Dell A960 All-In-One Printer related 01
221Dell AIO Printer A***0 12dlbfbmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
021dell aio printer a9200 12dlbkbmgr.exe1 00 45Button manager for the Dell AIO Printer A920? 01
221Dell AIO Printer A***0 12dlbkbmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
226dell photo aio printer 9220 12dlbtbmgr.exe1 00 67Adds an icon to the system tray for a Dell printer solution center. 01
026dell photo aio printer 9620 11dlbxmon.exe1 00 40DellPhoto AIO Printer 962 Device Monitor 01
1 5dlder0  9dlder.exe1 00249Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see here). Reported in the past as a virus12explorer.exe0
311DLForcerExe0 15DLForcerEXE.exe1 00  2?? 01
219Digital Line Detect0  7DLG.exe1 00 72BVRP Software TestLine 1, 0, 0, 1, BVRP Software. Digital Line Detection 01
219Digital Line Detect0  7DLG.exe1 00201Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems 01
319Digital Line Detect0  7DLG.exe122StartUp menu\All users0 72BVRP Software TestLine 1, 0, 0, 1, BVRP Software. Digital Line Detection39http://www.absolutestartup.com/startup/1
2 3DLG0 11DLGCHBW.exe1 00175Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates 01
238Data LifeGuard LifeLine Lite installer0  9DLGLI.EXE1 00 29Backweb installer - see  here29http://www.cexx.org/dlgli.htm0
315DLHelperEXE.exe0 15DLHelperEXE.exe125StartUp menu\Current user0 45DLHelper Module 6, 0, 0, 3, . DLHelper Module39http://www.absolutestartup.com/startup/1
1 6dlhost0  6dlhost1 00 35Added by the Troj/ExpHook-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojexphooka.html0
319windows system tray0 10dlhost.exe1 00 55Related to  IamBigBrother Internet monitoring software.52http://www.internetsafetysoftware.com/iambigbrother/0
111DynamicHost0 10dlhost.exe1 00 50Added by the W32/Tilebot-BO worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotbo.html0
117Microsoft Windows0 11dlIhost.exe1 00108Added by the W32/Rbot-QC worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotqc.html0
212NetworkSetup0  9dlink.exe1 00 23D-Link System Tray icon44http://www.dlink.com/tech/faq/dlink-icon.htm0
124Dll executer_AutoStarter0 28Dll executer_AutoStarter.exe2 00 28Added by the W32/VB-SP worm.53http://www.sophos.com/virusinfo/analyses/w32vbsp.html0
1 7Systask0  7dll.dll1 00 88Added by the PWSteal.Ldpinch.B password-stealing Trojan.br /br /Uses CLSID: b[Random]/b.95http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.b.html#technicaldetails0
1 5CLSID0  7dll.exe1 00 21Adult content dialler 01
111System32Dll0 12DLL32SYS.EXE1 00 28Added by the SPYBOT-CZ WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcz.html0
116Dll6d AutoLoader0 12DLL6DSYS.EXE1 00142Added by the W32/Sdbot-HX worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbothx.html0
1 9[unknown]0 12DLL9DSYS.EXE1 00142Added by the W32/Sdbot-HZ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbothz.html0
111DllCacherv20 14dllcachev2.exe1 00 27Added by the LATEDA TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lateda.html0
2 9Live Menu0 12Dllcmd32.exe1 00110eFax Send button for eFax Messenger Plus. Available via Start - Programs Disabling instructions available here34http://www.efax.com/help/index.asp0
110[not used]0 11dllcnfg.exe1 00 46Added by the Backdoor.Samkams backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.samkams.html#technicaldetails0
110MSN Update0 10DLLCON.EXE1 00144Added by the W32/Rbot-EA trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotea.html0
1 6dlldmt0 10dlldmt.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7dllhelp0 11dllhelp.exe1 00 34Added by the STARTPAGE.DQ hijacker53http://www.hacksoft.com.pe/virus/w32_startpage_dq.htm0
119Win32 Configuration0 11dllhelp.exe1 00 27Added by the SDBOT.UL WORM!90http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.UL0
1 7dllhelp0 10dllhlp.exe1 00 34Added by the Downloader-HI TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1231550
1 5DLL320 11dllhost.dll1 00 53%WinDir%LoveLetter.doc.exe (copy of the worm EXE)br / 01
1 7DllHost0 11dllhost.exe1 00 36Added by the BKDR_PROSTI.A backdoor.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FPROSTI%2EAA&VSect=T0
1 7WinMngn0 11dllhost.exe1 00181Added by the Troj/Sivion-A TROJAN by appearing to be an anti-virus program. Additional files are installed to the Program Files to enable unauthorised access by way of IRC channels.57http://www.sophos.com/virusinfo/analyses/trojsiviona.html0
420Gilat SOM Enumerator0 11dllhost.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
113index service0 13dllhost32.exe1 00 29Added by the  AGOBOT.CH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CH&VSect=P0
116windows dll host0 13dllhost32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
114Windows Update0 13dllhostup.exe1 00 36Added by the Troj/Bancban-NB Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbannb.html0
113dllhostxp.exe0 13dllhostxp.exe1 00 38Browser hijacker and adware downloader 01
1 4upme0 10dllman.exe1 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.f@mm.html0
1 4upme0 10dllman.exe1 00 26Added by the MUGLY.F WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.f@mm.html0
122Windows Online Updater0 10dllman.exe1 00 26Added by the RBOT-TE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotte.html0
1 5Dlite0 14dllmanager.exe1 00 29Added by the WOOTBOT.DN WORM!90http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.DN0
136Windows Plug and Play Service 32 BIT0 14dllmanager.exe1 00 48Added by the W32/Rbot-CGK worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcgk.html0
144microsoft windows dll services configuration0 16dllmanager32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 5DLL320 12dllmem32.exe1 00 26Added by the KWBOT.E WORM!64http://www.symantec.com/avcenter/venc/data/w32.kwbot.e.worm.html0
121Microsoft DLL Manager0 10dllmgr.exe1 00121Added by the W32/Sdbot-KJ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkj.html0
125Windows 64bit DLL Manager0 12dllmgr64.exe1 00 50Added by the W32/Tilebot-CP worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcp.html0
111dll manager0 13dllmngr32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Microsoft DLL Manager0 10dllmnr.exe1 00152Added by the W32/Sdbot-DM backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdm.html0
129microsoft dll printer manager0  9dllpt.exe1 00 29Added by the  SDBOT.BIH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BIH&VSect=P0
1 6dllreg0 10dllreg.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 3run0 10DLLREG.EXE1 00124Added by the W32/Dumaru.w Trojan! Acts as a keylogger and sends out the stolen information to a predetermined email address.43http://vil.nai.com/vil/content/v_100977.htm0
118microsoft dllset320 12dllset32.exe1 00 27Added by the  RBOT.OZ WORM!87http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.OZ0
1 7regscan0 12DLLSRV32.EXE1 00 30Added by the  AGOBOT.AEW WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEW&VSect=T0
112DLLService320 12dllsvc32.exe1 00 28Added by the AGOBOT.VX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VX0
114[unknown name]0 13DLLSYSBIN.EXE1 00121Added by the W32/Sdbot-IZ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotiz.html0
1 6Dial220  7dlm.exe1 00 21Adult content dialler 01
1 6Dial330  7dlm.exe1 00 21Adult content dialler 01
317dlink system tray0 11dlnetst.exe1 00 66Related to  D-Link DGE-530T PCI card for servers and workstations.38http://www.dlink.com/products/?pid=2840
112li-speed****0  9dlres.exe1 00 34Adult web-dialler - **** is random 01
1 7dlsp2mx0 11dlsp2mx.exe1 00 36Added by the Dial/MPB-B porn dialer.54http://www.sophos.com/virusinfo/analyses/dialmpbb.html0
2 3DLT0  7dlt.exe1 00  2?? 01
136Distributed Link Tracking Extensions0 11dltksvc.exe1 00 30Added by the W32.Myfip.K worm.89http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.k.html#technicaldetails0
1 5dluca0  9dluca.exe1 00 28Added by the DLUCA.C TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.c.html0
1 6dluxde0 10dluxde.exe1 00 49All-In-One-Telcom (adult content dialler) variant 01
1 6DM mgr0 10dm_mgr.exe1 00 27Added by the JITTAR TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jittar.html0
111Auto Update0  7dma.exe1 00132Added by the W32/Rbot-AVO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavo.html0
443Logical Disk Manager Administrative Service0 11dmadmin.exe1 00 71This Windows service manages hard disk and volume functions in Windows. 01
1 3dmc0  7dmc.exe1 00 49Added by Trojan-Downloader.Win32.Dluca.bv TROJAN! 01
1 9dmcoj.exe0  9dmcoj.exe1 00 34Added by the Troj/RuinDl-K Trojan.57http://www.sophos.com/virusinfo/analyses/trojruindlk.html0
1 6Crusty0  9dmcpl.exe1 00 24Added by the RUSTY WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html0
138(9F81D88C-C298-9935-C5D1-40AA4DB91155)0 10dmdlgs.exe1 00106Added by the Troj/Zlob-JF downloader Trojan.br /br /Uses CLSID: b(9F81D88C-C298-9935-C5D1-40AA4DB91155)/b.56http://www.sophos.com/virusinfo/analyses/trojzlobjf.html0
225InControl Desktop Manager0 10DMHKEY.EXE1 00140For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start - Programs 01
1 9J04sRjc5h0  9dmifs.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 6DMILDR0 10dmildr.exe1 00411Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -&gt; Programs&nbsp;68http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm0
2 5DMISL0  9DMISL.EXE1 00213DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information59http://support.intel.com/support/tokenexpress/pro/11601.htm0
2 8DMISLAPP0 12DMISLAPP.exe1 00213DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information59http://support.intel.com/support/tokenexpress/pro/11601.htm0
1 8dmlcwryk0 12dmlcwryk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
331Document Manager Upload Monitor0  9DMMon.exe125StartUp menu\Current user0 64IBM WebSphere PDM File Monitor 1, 0, 0, 1, IBM. PDM File Monitor39http://www.absolutestartup.com/startup/1
1 9DSService0  9dmrss.exe1 00 36Added by the AGOBOT-XX network Worm!57http://www.sophos.com/virusinfo/analyses/w32agobotxx.html0
1 9DM_server0 12dmserver.exe1 00 19Comet Cursor adware48http://www.doxdesk.com/parasite/CometCursor.html0
1 8dmserver0  9dmsrv.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
1 7Dmsvc320 11Dmsvc32.exe1 00 29Added by the AGOBOT.ABU WORM!100http://es0
138microsoft internet, varying file names0 11dmsvc32.exe1 00 49Added as result of a  W32/Sdbot-AZ worm infection56http://www.sophos.com/virusinfo/analyses/w32sdbotaz.html0
121windows driver update0 11dmsvc32.exe1 00 49Added as result of a  W32/Sdbot-GP worm infection56http://www.sophos.com/virusinfo/analyses/w32sdbotgp.html0
1 6dmtdll0 10dmtdll.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
311DMXLauncher0 15DMXLauncher.exe1 00  0 01
311dmxlauncher0 15DMXLauncher.exe1 00139Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files. 01
1 4Dnar0  8Dnar.exe1 00 91Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see here89http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=1137;start=00
3 6dancer0  9DncLE.exe1 00 57Part of Microsoft Plus! Digital Media Edition - see  here62http://www.microsoft.com/windows/plus/dme_more/moreupdates.asp0
322distributed.net client0  9DNETC.EXE1 00205Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses23http://distributed.net/0
120Windows Update Files0  9dnetc.exe1 00 93Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update 01
1 9[unknown]0 11DNETLIB.EXE1 00142Added by the W32/Sdbot-HA worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotha.html0
1 6dnorvd0 10dnorvd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
012DNS2GoClient0 16dns2goclient.exe1 00171DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address.28http://dns2go.deerfield.com/0
1 7winhelp0  9dns32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110dnscleaner0 14dnscleaner.exe1 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
113DNSCacheBoost0 11dnsping.exe1 00165Added by the Troj/DNSBust-A trojan.  This infection modifies your dns servers that your computer uses in order to redirect popular sites to an address of its choice.58http://www.sophos.com/virusinfo/analyses/trojdnsbusta.html0
111DNS Service0 15dnsresolver.exe1 00 26Added by the RBOT-PQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpq.html0
127Domain Name Resolve Service0 15dnsresolver.exe1 00 48Added by the W32/Rbot-BYB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbyb.html0
112Dns Resolver0 12dnsrslve.exe1 00 29Added by W32/Rbot-WS, a WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotws.html0
1 7SiS Dns0 10dnssvc.exe1 00 36Added by the Troj/Dloader-UE Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderue.html0
1 8ntupdate0  9dnsvc.exe1 00 27Added by the SDBOT-TC WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbottc.html0
110Dns Server0  9dnswn.exe1 00106An Rbot variant. This infection connects to an IRC server where it will await commands from a remote user.32http://www.malwareblog.com/?p=990
325DameWare NT Utilities 2.60 11DNTUS26.EXE1 00219Dameware NT Utilities program that allows remote access and control of a computer.  This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed.38http://www.dameware.com/products/dntu/0
1 5dntyv0  9dntyv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5DNXVC0  9dnxvc.exe1 00  2?? 01
1 3doc0  7doc.exe1 00257Added by the  W32/Agobot-PJ trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.  This infection will add entries to your HOSTS file, so the hosts file should be restored after cleaning this infection.57http://www.sophos.com/virusinfo/analyses/w32agobotpj.html0
3 6BayMgr0 11DockApp.exe1 00156Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices&nbsp; 01
1 6DocTor0 10Doctor.exe1 00 26Added by the DOTOR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOTOR.A0
119microsoft upmachine0  9doezs.exe1 00 28Added by the  RBOT.BCT WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCT&VSect=P0
1 3Hah0  7Doi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5Doing0  9doing.exe1 00  2?? 01
1 8doit.exe0  8doit.exe1 00134Added by the W32/Forbot-EK WORM!  This file is found in the Windows system folder.  May also create a Windows service called doit.exe.57http://www.sophos.com/virusinfo/analyses/w32forbotek.html0
316Don&#039;t Panic0 19dontpanicdemodp.exe1 0015630-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."40http://www.panicware.com/product_dp.html0
311Don't Panic0 19dontpanicdemodp.exe1 0015630-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."40http://www.panicware.com/product_dp.html0
3 5dopus0  9dopus.exe1 00 43Directory Opus - a file manager from GPSoft31http://gpsoft.com.au/Intro.html0
1 6wersds0 10doriot.exe1 00 27Added by the JECT.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/download.ject.c.html0
1 8wpds.exe0 10doriot.exe1 00 29Added by the SMALL-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallky.html0
113WIN32 DDOSSER0  7dos.exe1 00 12Added by the97W32/Rbot-YY to the Windows system folder,it has a backdoor functionality exploiting IRC channels.0
113Window Loader0  9Dos32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 3dos0  9dos64.exe1 00 24Adware downloader trojan 01
110Auto Start0  9dosin.exe1 00142Added by the W32/SdBot-GO worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotgo.html0
113Micro Process0 13dosprmwin.exe1 00144Added by the W32/Rbot-BC trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotbc.html0
120Configuration Loader0 12dosrun32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
111Windows DOS0  8dosw.exe1 00 38Added by the W32/Salay-A network worm.55http://www.sophos.com/virusinfo/analyses/w32salaya.html0
1 4dous0  8dous.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Down2Home0 13Down2Home.exe1 00137Down2Home allows you to monitor your Internet connections traffic and provides statistics on the amount of data transferred and received. 01
218Digital River eBot0 12downlo~1.exe1 00271Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here164http://groups.g0
114DealHelperDown0 12download.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
112Eac Download0 12download.exe1 00 83Associated with Webcelerator - spyware. Read eAcceleration's privacy statement here13#Webcelerator0
113Download Plus0 16DownloadPlus.exe1 00 44DownloadPlus parasite - opens pop-up adverts49http://www.doxdesk.com/parasite/DownloadPlus.html0
2 4eBot0 18DownloadWizard.exe1 00265eBot from Digital River - &quot;helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'.&quot; Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -&gt; Programs30http://www.ebot.com/index.html0
215Download Wonder0 18DownloadWonder.exe1 00100Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features21http://www.forty.com/0
1 6Downxz0 10Downxz.bat1 00 26Added by the MYDOOM.W WORM76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
1 3Dsi0 13dp-******.exe1 00 66Added by an unidentified adware where ****** are random characters 01
1 5dpaei0  9dpaei.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6DPAgnt0 10DPAgnt.exe1 00 34digitalPersona fingerprint scanner30http://www.digitalpersona.com/0
4 6Dpcnav0 10dpcnav.exe1 00 65DirecWay from DirectTV satellite based high-speed internet access71http://www.professionalsatellite.com/html/direcway_dw4000_features.html0
2 8DPConfig0 12DPConfig.exe1 00127Compuware DevPartner Studio Configuration Utility, a tool for software developers - system tray access to configure the utility 01
1 8dpcproxy0 12dpcproxy.exe1 00 30Added by the GOLDENP-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojgoldenpa.html0
3 8Dpcstart0 12dpcstart.exe1 00105Startup program for Direcway 2-way satellite internet service. Loads DirecWay's Navigator, tray icon, etc 01
421DPCProxyLoadOnStartup0 12dpcstart.exe1 00 65DirecWay from DirectTV satellite based high-speed internet access71http://www.professionalsatellite.com/html/direcway_dw4000_features.html0
1 723ni3tQ0 10dpctml.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3dsi0 10dp-him.exe1 00 37Added by the  Troj/Multidr-AH TROJAN!59http://www.sophos.com/virusinfo/analyses/trojmultidrah.html0
1 3dpi0  7dpi.exe1 00 42Delfin Media Viewer or "Promulgate" adware51http://www.spywareguide.com/product_show.php?id=7270
3 4NDPS0 10DPMW32.EXE1 00137Novell Distributed Printer Services - part of Novell's Netware Client and  Groupwise products. Not required if you don't use this feature39http://www.novell.com/products/netware/0
110[not used]0 12dpnetmsg.exe1 00730Added by the Troj/PPdoor-Q backdoor Trojan.  This infection may also make the files C:\Windows\System32\dpnetmsg.exe, C:\Windows\System32\iueninet.dll, C:\Windows\System32\fsmgntfs.dll, C:\Windows\System32\ntmapast.dll, C:\Windows\System32\ir50psrv.exe, C:\Windows\System32\kbd1uery.dll, C:\Windows\System32\lfyockaa.dll, C:\Windows\System32\a15svcs.exe, C:\Windows\System32\dpnmdlib.exe, C:\Windows\System32\c_28usic.dll, C:\Windows\System32\atiysnpn.dll, C:\Windows\System32\treemqoa.dll, C:\Windows\System32\arptutdn.dll, C:\Windows\System32\eulapart.dll, C:\Windows\System32\smlo8thk.exe, C:\Windows\System32\odbcfwci.ime, C:\Windows\System32\hgakheg.dll, C:\Windows\System32\jkwbhew.dll, and C:\Windows\System32\testtest.exe.57http://www.sophos.com/virusinfo/analyses/trojppdoorq.html0
1 8dpnsvr320 12dpnsvr32.exe1 00 53Added by the Troj/AOLPass-B password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojaolpassb.html0
331Don&#039;t Panic Pop-Up Stopper0  9dpps2.exe1 00320Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group47http://www.panicware.com/product_companion.html0
3 5dpps20  9dpps2.exe1 00  047http://www.panicware.com/product_companion.html0
314Pop-Up Stopper0  9dpps2.exe1 00320Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group45http://www.popupstopper.net/product_dpps.html0
1 3dps0  7dps.exe1 00135scumware-remover.org  foistware, bogus adware/spyware remover,  is in fact itself a browser hijacker, redirecting to smartestsearch.com 01
4 6dpti2o0 10dpti2o.sys1 00 49DPT SmartRAID miniport driver added by Microsoft. 01
1 7ffeqfqs0 10dqddss.exe1 00130Added by the W32/Sdbot-SG worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotsg.html0
120DivX MediaPlayer 7.00 11Dr.DivX.exe1 00 30Added by the ALADINZ.G TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.g.html0
1 4DR_S0  8DR_S.exe1 00 16AdShooter adware56http://sarc.com/avcenter/venc/data/adware.adshooter.html0
326Speedtouch USB Diagnostics0 12Dragdiag.exe1 00307For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line) 01
326SpeedTouch USB Diagnostics0 18Dragdiag.exe /icon211HKEY_LM\Run0 67Alcatel Speedtouch USB Diagnostics 1.3.4, Alcatel Bell. Diagnostics39http://www.absolutestartup.com/startup/1
3 8DragDrop0 12DragDrop.exe1 00  2?? 01
318Drag'n Drop CD+DVD0 21DragDrop.exe /StartUp211HKEY_LM\Run0 45Drag'n Drop CD+DVD 3.00, . Drag'n Drop CD+DVD39http://www.absolutestartup.com/startup/1
1 6draw320 10draw32.dll1 00137Part of the Troj/Haxdoor-AE rootkit.  This is installed as a system driver service so will not be seen in the services.msc control panel.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorae.html0
1 6drct160 10drct16.dll1 00160Added by the Troj/Haxdoor-CN rootkit infection. This file is installed as system driver and is used to hide processes, files, and registry keys from being seen.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorcn.html0
1 3RUN0 10DRDOOM.EXE1 00156Added by the W32/Semapi-A. This mass-mailing worm may display a message: "Unable to locate 'semapi.dll' reinstalling this application may fix this problem."56http://www.sophos.com/virusinfo/analyses/w32semapia.html0
2 8DrgToDsc0 12DrgToDsc.exe1 00239Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly 01
215RoxioDragToDisc0 12DrgToDsc.exe1 00  0 01
215RoxioDragToDisc0 12DrgToDsc.exe111HKEY_LM\Run0 65Drag-to-Disc 7.5.0.47 , Sonic Solutions. Drag To Disc Application39http://www.absolutestartup.com/startup/1
3 6KE98010 12DriBat32.exe1 00 69KE-9801 multimedia keyboard - required if you use the multimedia keys30http://www.reset.bg/ke9801.htm0
3 9dried.exe0  9dried.exe1 00  2?? 01
112Driver Cache0 16Driver Cache.exe2 00 45Added by the Troj/Feutel-S keylogging Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutels.html0
110systeminfo0 10DRIVER.EXE1 00139Added by the  W32/Randon-Y worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randony.html0
115[various names]0 12driver32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
115[Various Names]0 12driver64.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 7Drivers0 11Drivers.bat111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111MicrosoftKs0 11Drivers.bat1 00 86Added by the Troj/Shutdown-F trojan.  This trojan attempts to shut down your computer.59http://www.sophos.com/virusinfo/analyses/trojshutdownf.html0
211DriveSelect0 15driveselect.exe1 00144DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start - Programs 01
112Winxp update0 10Drivxp.exe1 00 49Added by the W32/Sdbot-AIP worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaip.html0
116wsaconfiguration0  9drrss.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
112drsmartloadb0 16drsmartloadb.exe1 00 36Added by the Troj/Drsmartl-D Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartld.html0
2 9STManager0  8drst.exe1 00334Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here49http://flr.free.fr/spip/article.php?id_article=560
2 9STManager0 11drst.exe -b211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7syspath0  7drv.exe1 00 24Added by the SOBER WORM!45http://www.avp.ch/avpve/worms/email/sober.stm0
111drvddll.exe0 11drvddll.exe1 00 28Added by the BEAGLE.AP WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html0
111Drvddll_exe0 11drvddll.exe1 00 27Added by the BEAGLE.X WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.x@mm.html0
0 9DrvListnr0 13DrvListnr.exe1 00 42Analog Devices SoundMAX soundcard related. 01
3 7DrvLsnr0 11DrvLsnr.exe1 00 36adi DrvLsnr 1, 0, 0, 3, adi. DrvLsnr 01
3 7drvlsnr0 11drvlsnr.exe1 00120Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly 01
310DrvMon.exe0 10DrvMon.exe111HKEY_CU\Run0 78Alcor Micro, Corp. Drive Monitor 1, 0, 0, 9, Alcor Micro, Corp.. Drive Monitor39http://www.absolutestartup.com/startup/1
1 7drvnetw0 11drvnetw.exe1 00 56Added by the Troj/Brogger-B information stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbroggerb.html0
1 7drvr32h0 11drvr32h.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
111drvrmanager0 15drvrquery32.exe1 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
1 6avidrv0  9drvsc.exe1 00118Detected as the Trojan-Downloader.Win32.Agent.ph TROJAN! by Kaspersky Anti-Virus. Note: No URL available at this time. 01
110drvsys.exe0 10drvsys.exe1 00 27Added by the BEAGLE.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.w@mm.html0
1 8ipconfig0 10drvsys.exe1 00 34Added by the Troj/Erazer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojerazera.html0
1 8drwatson0 15drwatson_32.exe1 00 34Added by the  TROJ/LOHAV-S TROJAN!56http://www.sophos.com/virusinfo/analyses/trojlohavs.html0
1 9[default]0 14DrWatson32.exe1 00 26Added by the DREMN TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.dremn.html0
111Sync Server0 13drwatsoon.exe1 00 30Added by the WATSOON.A TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/w32.watsoon.a.html0
115DrWeb Antivirus0 11DRWEBAV.EXE1 00 40Added by an unidentified WORM or TROJAN! 01
414Drwebscheduler0 12Drwebscd.exe1 00160Dr. Web antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem20http://www.sald.com/0
414DrWebScheduler0 12drwebscd.exe1 00105Dr.Web ® for Windows 9x/Me/NT/2000/XP 4, 32, 2, 8170, Doctor Web Ltd.. Dr.Web Scheduler for Windows 95-XP 01
1 6drwhxk0 10drwhxk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117COM+ Event System0 12DRWTSN16.EXE1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 2ds0  6ds.exe1 00 45Added by the Backdoor.Spymon backdoor Trojan.76http://www.sarc.com/avcenter/venc/data/backdoor.spymon.html#technicaldetails0
310DesktopSpy0  7dsa.exe1 00128Added by the Spyware.DesktopSpy surveillance software. If you did not install this program, you should uninstall it immediately.62http://www.sarc.com/avcenter/venc/data/spyware.desktopspy.html0
1 3dsa0  7dsa.exe1 00 47Homepage hijacker - redirecting to downseek.com 01
113DASDS VSAVdjs0 10dsabdw.exe1 00130Added by the W32/Sdbot-RE worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotre.html0
114Answer Problem0 11dSAFsqs.exe1 00 75W32/Sdbot-SC is an IRC backdoor Trojan! Found in the WIndows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotsc.html0
311dellsupport0 10DSAgnt.exe1 00 98Dell Support Agent offers additional support and update features for your Dell computer or laptop. 01
311DellSupport0 19DSAgnt.exe /startup211HKEY_CU\Run0 50Dell Support 1, 1, 0, 73, Gteko Ltd.. Dell Support39http://www.absolutestartup.com/startup/1
1 3DSB0  7DSB.exe1 00 19EnergyPlugin adware62http://sarc.com/avcenter/venc/data/pf/adware.energyplugin.html0
022Desktop Service Centre0  7DSC.exe1 00 43OptusNet DSL or Dial-Up connection software 01
3 8DS Clock0 11dsclock.exe1 00 78Digital desktop clock including synchronization with atomic servers - see here35http://www.dualitysoft.com/dsclock/0
123microsoft compiler pack0  9DSDEV.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
2 7DSentry0 11DSentry.exe1 00260Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts 01
2 9DVDSentry0 11DSentry.exe1 00260Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts 01
2 9DVDSentry0 11DSentry.exe111HKEY_LM\Run0 75Dell - DVDSentry 1, 0, 5, 0, Dell - Advanced Desktop Engineering. DVDSentry39http://www.absolutestartup.com/startup/1
315Absolute Shield0 12dseraser.exe1 00 60Absolute Shield/Evidence Eliminator - iternet history eraser44http://www.absoluteshielderaserinternet.com/0
1 5rCron0 12dservice.exe1 00 22Switch Dialer Variant. 01
428Sharing and Mapping Software0 10DShmap.exe1 00126a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm"Intel AnyPoint internet sharing software 01
3 7SIDEBAR0 12dsidebar.exe111HKEY_CU\Run0 49Desktop Sidebar 1.05.90.0, Idea2. Desktop Sidebar39http://www.absolutestartup.com/startup/1
118Windows Disk Check0 12dskcheck.exe1 00 50Added by the W32/Tilebot-CQ worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcq.html0
1 9Dskcompat0 13Dskcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9diskchk320 12dskmon32.exe1 00 48Added by the W32/Rbot-BCL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcl.html0
411DSLAGENTEXE0 12dslagent.exe1 00  0 01
411DSLagentexe0 12DSLagent.exe1 00175Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection42http://www.eicon.com/worldwide/default.htm0
411DSLAGENTEXE0 16dslagent.exe USB211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221YAMAHA DS-XG Launcher0 12dslaunch.exe1 00101System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups 01
1 9ASDPLUGIN0 12dslgeacc.exe1 00 31Added by the Dial/Asd-A dialer.54http://www.sophos.com/virusinfo/analyses/dialasda.html0
118dropspam lifestyle0 15dslifestyle.exe1 00 89Added by the AdwareDropspam Slyware! Note: This will install even if you try to abort it.54http://vil.mcafeesecurity.com/vil/content/v_137582.htm0
3 6DSLMON0 10dslmon.exe1 00 55DSLMON Application 1, 0, 0, 1, . ADIMON MFC Application 01
3 6dslmon0 10dslmon.exe1 00 62Sagem DSL modem related. Apparently needed to detect the modem 01
322Consola KIT Terra ADSL0 10DSLMON.EXE122StartUp menu\All users0 55DSLMON Application 1, 0, 0, 1, . ADIMON MFC Application39http://www.absolutestartup.com/startup/1
3 6DSLMON0 13dslmon.exe /W222StartUp menu\All users0 55DSLMON Application 1, 0, 0, 1, . ADIMON MFC Application39http://www.absolutestartup.com/startup/1
4 6DSLMON0 13dslmon.exe /W2 00  0 01
036at&amp;amp;t dsl service pca program0 10dslpca.exe1 00 16AT&T DSL related 01
332at&amp;t dsl service pca program0 10dslpca.exe1 00 16AT&T DSL related 01
328AT&T DSL Service PCA Program0 14dslpca.exe /ws211HKEY_LM\Run0 50AT&T DSL Service 4.0.0.0300, AT&T. DSL Application39http://www.absolutestartup.com/startup/1
310DSLSTATEXE0 11dslstat.exe1 00103System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) 01
310DSLSTATEXE0 16dslstat.exe icon2 00 62DSL Status 4.1.0, GlobespanVirata, Inc.. DSL Status Executable 01
1 5AvSer0  7dsm.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6DsmSer0  7dsm.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6rollbk0  7dsm.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 2ss0  8dssa.dll1 00 77Added by the Backdoor.Xebiz backdoor Trojan.br /br /Uses CLSID: b[Various]/b.92http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xebiz.html#technicaldetails0
2 8DSSSGENS0 12dssagens.exe1 00  2?? 01
1 3DSS0 12dssagent.exe1 00157DSSAgent by Brřderbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info28http://cexx.org/dssagent.htm0
1 6dstray0 10dstray.exe1 00 35Added by the Troj/CmjSpy-AA Trojan.58http://www.sophos.com/virusinfo/analyses/trojcmjspyaa.html0
315Kýsayol DSunucu0 11DSunucu.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
223Iomega Backup Scheduler0 11dtiom98.exe1 00 95Used by Iomega drives. Details of its purpose can be found here. Available via Start - Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
2 8EDLoader0 12DTLoader.exe1 00 97Effective Desktop from MiniStars Software - desktop management software no longer being supported 01
115[Various Names]0 10DTOURS.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
129DirectX For Microsoft Windows0 14dtxservice.exe1 00 28Added by the PROGENT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.progent.html0
215Winsock2 driver0 11DTZEDGC.EXE111HKEY_LM\Run0111Microsoft® Windows® Operating System 5.1.2700.0, Microsoft Corporation. Generic Host Process for Win32 Services39http://www.absolutestartup.com/startup/1
3 9No-IP DUC0  9DUC20.exe1 00237Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available20http://www.no-ip.com0
1 4duck0  8duck.exe1 00 83Added by W32/Agobot-APO, a WORM/backdoor. It is found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32agobotapo.html0
313Direct Update0 13DUControl.exe1 00 32DirectUpdate dynamic DNS updater28http://www.directupdate.net/0
110Win32_Duel0  8Duel.exe1 00 82Added by the PE_LUDER.A-O virus/worm. This virus infects only .exe and .scr files.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE%5FLUDER%2EA%2DO&VSect=T0
113Win32_Duel_v20 11Duel_v2.exe1 00 52Added by the W32/Dref-L mass-mailing worm and virus.54http://www.sophos.com/virusinfo/analyses/w32drefl.html0
2 8DU Meter0 11DUMETER.EXE1 00 45Hagel Technologies internet bandwidth monitor31http://www.dumeter.com/main.php0
3 8DU Meter0 11DUMeter.exe111HKEY_LM\Run0 53DU Meter 3.07 Build 192, Hagel Technologies. DU Meter39http://www.absolutestartup.com/startup/1
116Dumeter Services0 11dumeter.exe1 00219Added by the W32/Sdbot-AEQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This infection will also create the file msdirectx.sys in the Windows System folder.57http://www.sophos.com/virusinfo/analyses/w32sdbotaeq.html0
3 9NWEReboot0  9dummy.exe1 00 82Temporary file used during the installation of Ahead Nero CD/DVD burning software. 01
212dumprep 0 -k0 12dumprep 0 -k2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
216kernelfaultcheck0 12dumprep 0 -k2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
216KernelFaultCheck0 12dumprep 0 -k211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212dumprep 0 -u0 12dumprep 0 -u2 00  0 01
216kernelfaultcheck0 12dumprep 0 -u2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
214UserFaultCheck0 12dumprep 0 -u2 00  0 01
214UserFaultCheck0 12dumprep 0 -u2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
113DUN_SERVICES30 13DUN_SERVICES31 00 35Added by the Trojan.Sokiron trojan.75http://www.sarc.com/avcenter/venc/data/trojan.sokiron.html#technicaldetails0
113dun_services30  8dun3.exe1 00 28Added by the  Trojan.Sokiron75http://securityresponse.symantec.com/avcenter/venc/data/trojan.sokiron.html0
119windowsupdatedirect0 14dupadirect.exe1 00 25Added by the  Troj/Dupa-C55http://www.sophos.com/virusinfo/analyses/trojdupac.html0
113windowsupdate0 14dupadupam2.exe1 00 25Added by the  Troj/Dupa-B55http://www.sophos.com/virusinfo/analyses/trojdupab.html0
2 9DoUWantIt0  8duwi.exe1 00 56DoUWantIt - online shopping assistant. Start it manually 01
1 6dvb03a0 10dvb03a.dll1 00 98Added by the Troj/Haxdoor-CF Trojan. This infection is stealthed/hidden by the dvb06a.sys rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorcf.html0
1 7WDVB 050 10dvb06a.sys1 00 37A variant of Troj/Haxdor-Fam rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdorfam.html0
3 5dvd430  9DVD43.exe1 00  5DVD4332http://www.dvdidle.com/dvd43.htm0
2 5dvd430 14dvd43_tray.exe1 00 101.0.0.0, . 01
2 5dvd430 14DVD43_Tray.exe1 00106DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"32http://www.dvdidle.com/dvd43.htm0
1 8dvd4free0 12dvd4free.dll1 00 36Added by the Troj/Haxdoor-BC Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbc.html0
3 9DVDBitSet0 13DVDBitSet.exe1 00192DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used 01
3 9DVDBitSet0 19DVDBitSet.exe /NOUI2 00109DVD+RW Drive/Disc Compatibility Setting 1.1, Hewlett-Packard Company. DVD+RW Drive/Disc Compatibility Setting 01
138{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}0 10dvdcap.dll1 00164A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}/b.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
0 8dvdcheck0 12DVDCheck.exe1 00 81Related to an  Intervideo program. What does it do and is it required in startup?38http://www.intervideo.com/jsp/Home.jsp0
0 8watchdog0 12DVDCheck.exe1 00  038http://www.intervideo.com/jsp/Home.jsp0
1 9Dvdcompat0 13Dvdcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
123UDP checksum correction0 12dvdkernl.sys1 00 36Added by the Troj/Haxdoor-BC Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbc.html0
211DVDLauncher0 15DVDLauncher.exe1 00174A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process - and is installed for ease of use 01
011ultradvdmon0 10DVDMon.exe1 00 28UltraDVD DVD player software32http://www.ultra-dvd-player.com/0
120configuration loader0 14DVD-Player.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8DVDrealm0 12DVDrealm.sys1 00133Added by the W32/Tilebot-G worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tilebotg.html0
3 5DVD430 25DVDRegionFree.exe /hidden211HKEY_LM\Run0131DVD Region-Free - Watch and copy CSS encrypted DVDs from any region! 5, 6, 1, 8, Fengtao Software Inc.. DVD Region-Free Application39http://www.absolutestartup.com/startup/1
3 7DVDTray0 11DVDTray.exe1 00 56HP CD/DVD Tray icon. What does it do, and is it required 01
3 7DVDTray0 11DVDTray.exe111HKEY_LM\Run0 412.0, Hewlett-Packard Company. HP DVD Tray39http://www.absolutestartup.com/startup/1
310DVDUpgrade0 12DVDUpgrd.exe1 00  2?? 01
122Microsoft Time Manager0 10dveldr.exe1 00 26Added by the RBOT-HQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothq.html0
125Windows Automatic Updates0  9dvldr.exe1 00 26Added by the RBOT.MF WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MF0
1 8messnger0 11Dvldr32.exe1 00 28Added by the DELODER.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A0
4 5Dvp950  9Dvp95.exe1 00 92Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine35http://www.f-secure.com/index.shtml0
012LoadDvpApi9x0 12DVPAPI9X.exe1 00 61Part of Command AntiVirus for Windows 95/98/Me. Is it needed? 01
4 8dvpapi9x0 12DVPAPI9X.exe1 00 38Command AntiVirus for Windows 95/98/Me 01
410DvpInitExe0 11Dvpinit.exe1 00 25Command Antivirus related53http://www.command.co.uk/html/products/csav/index.cfm0
4 6dvprpt0 10Dvprpt.exe1 00 38Command Antivirus real time protection53http://www.command.co.uk/html/products/csav/index.cfm0
1 8dvraudio0 12dvraudio.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
3 6DVSync0 10dvsync.exe1 00127DVSync is the program that allows you to synchronize your daVinci’s PDA's data with your Personal Information Manager on the PC 01
1 7dvuakfl0 11dvuakfl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321DataViz Inc Messenger0 14DvzIncMsgr.exe1 00 50Installed with  DataViz "Documents to Go" software46http://www.dataviz.com/products/documentstogo/0
217DataViz Messenger0 11DvzMsgr.exe1 00229DataViz Documents to Go - &quot;allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts&quot;46http://www.dataviz.com/products/documentstogo/0
112DownloadWare0  6dw.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
1 2dw0  6dw.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
110MediaLoads0  6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
110MediaLoads0  6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
120MediaLoads Installer0  6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
1 6sstata0  9dwdas.exe1 00 26Added by the DASDA TROJAN!61http://www.symantec.com/avcenter/venc/data/TROJAN!.dasda.html0
1 6yymikI0  9dwdlb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118DamedWare Services0 10dwdrce.exe1 00142Added by the W32/Rbot-AOJ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaoj.html0
116{8c-c4-4a-a4-zn}0 12dwdsregt.exe1 00 36Added by  Adware.ZenoSearch ADAWARE!57http://sarc.com/avcenter/venc/data/adware.zenosearch.html0
119DownloadWare Engine0  7Dwe.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
318DWHeartbeatMonitor0 22DWHeartbeatMonitor.exe1 00175DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference 01
318DWHeartbeatMonitor0 22DWHeartbeatMonitor.exe111HKEY_CU\Run0 74weather.com DWHeartbeatMonitor 1, 0, 1, 1, weather.com. DWHeartbeatMonitor39http://www.absolutestartup.com/startup/1
221DigitalWizard Monitor0  9dwMon.exe1 00131InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content 01
324Desktop Weather Platinum0 14DWPlatinum.exe122StartUp menu\All users0 35Screenweaver 0.0.0.0, Screenweaver.39http://www.absolutestartup.com/startup/1
1 6DxLoad0 12DX3DRndr.exe1 00 25Added by the GIBE.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html0
1 9Dx8compat0 13Dx8compat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
113DirectX9 Diag0 11dx9diag.exe1 00132Added by the W32/Rbot-ALT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalt.html0
1 6ktubqr0 12dxcqqijz.exe1 00153Added by the Troj/Sdbot-DF backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotdf.html0
117Direct X Direct3D0  9dxd3d.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
111dxdiags.exe0 11dxdiags.exe1 00 34Added by the Troj/Certif-G Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifg.html0
211DXDllRegExe0 12dxdllreg.exe1 00120Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it 01
136DirectX DLL Register Support Service0 12DXDLLSVC.EXE1 00 50Added by W32/Codbot-I, a WORM/IRC backdoor TROJAN!56http://www.sophos.com/virusinfo/analyses/w32codboti.html0
116DirectX Graphics0 11dxdmain.exe1 00 31Added by the W32/Codbot-O worm.56http://www.sophos.com/virusinfo/analyses/w32codboto.html0
138{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}0  9dxmpp.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}/b. 01
1 6dxmsrv0 10dxmsrv.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7version0 10Dxokpo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Direct X Opengl0 12dxopengl.exe1 00 39Added by a variant of the RBOT-CJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcj.html0
114DirectX Plugin0  9dxreg.exe1 00 42Added by the Troj/Theef-M backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheefm.html0
115Service Manager0 11dxsound.exe1 00 31Added by the PROXY-GRIC TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1008860
1 5Dxsty0  9Dxsty.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
120DirectX Video Driver0 11dxterm5.exe1 00 28Added by the WILAB-A TROJAN!55http://www.sophos.com/virusinfo/analyses/w32wilaba.html0
112Dxupdate.exe0 12Dxupdate.exe1 00 24Added by the MAFEG WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.mafeg.html0
1 5dxvid0  9dxvid.exe1 00 49Added by Trojan-Downloader.Win32.Dluca.by TROJAN! 01
1 9fddddHOME0 10dxxatp.exe1 00135Added by the Troj/Ranck-AF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaf.html0
214DynDNS Updater0 10DynDNS.exe111HKEY_CU\Run0 65DynDNS Updater 2.1.0.0, Kana Solution. Dynamic IP address updater39http://www.absolutestartup.com/startup/1
314dyndns updater0 10DynDNS.exe1 00118Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org. 01
118Dynamic Dns Binary0 12dynitora.exe1 00 86Added by W32/Rbot-WT, a WORM/backdoor, and will be found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwt.html0
118dynhttp dns binary0 12dynizari.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 7dynsite0 11DynSite.exe1 00 69DynSite is a dynamic DNS client, also called an automatic IP updater.29http://noeld.com/download.htm0
317Dynu Basic Client0 11dynubas.exe1 00 71Dynu online dynamic IP update client. Useful when using a dial up modem20http://www.dynu.com/0
1 7boqamah0 12dytevevi.exe1 00136Added by the W32/Sdbot-UH worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuh.html0
1 7dyttyfd0 11dyttyfd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311Dzieńdobry!0 20dziendobry.exe /auto211HKEY_CU\Run0 50Dzieńdobry! 2.4, VSD Software. Program Dzieńdobry!39http://www.absolutestartup.com/startup/1
2 8DZKillMe0 12DZSAVEME.EXE1 00  2?? 01
323EPSON Stylus C40 Series0 72E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"211HKEY_CU\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
331epson stylus photo rx420 series0 13E_FATI9CE.EXE1 00 70Related to the EPSON Stylus Photo RX420 Series printer/scanner/copier. 01
331EPSON Stylus Photo RX420 Series0 89E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
326EPSON Stylus CX6600 Series0 18E_FATI9EE.EXE /P26211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
331EPSON Stylus Photo RX620 Series0 18E_FATI9HE.EXE /P31211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
323EPSON Stylus C43 Series0 17E_S08IC1.EXE /P23211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323Epson Stylus C82 Series0 12e_s0hic1.EXE1 00132Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required 01
323EPSON Stylus C42 Series0 73E_S10IC1.EXE "/P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.03, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
3 8E_S10IC20 12E_S10IC2.exe1 00 60Epson Stylus printer monitor - for checking ink levels, etc. 01
323EPSON Stylus C44 Series0 12E_S10IC2.EXE1 00 70Epson Stylus C44 Series printer monitor - for checking ink levels, etc 01
319EPSON Stylus CX32000 71E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.05, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323EPSON Stylus C43 Series0 73E_S10IC2.EXE /P23 " PSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43""211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
330EPSON Stylus Photo R300 Series0 86E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
330EPSON Stylus Photo R300 Series0 80E_S4I0F2.EXE /P30 EPSON Stylus Photo R300 Series /O6 USB001 /M Stylus Photo R3002 00 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 3 01
330EPSON Stylus Photo R200 Series0 17E_S4I0H2.EXE /P30211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
317EPSON PictureMate0 17E_S4I0P1.EXE /P17211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
326EPSON PictureMate (Copy 1)0 76E_S4I0P1.EXE /P26 "EPSON PictureMate (Copy 1)" /O6 "USB001" /M "PictureMate"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323EPSON Stylus C66 Series0 73E_S4I0S2.EXE "/P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
332EPSON Stylus C66 Series (Copy 1)0 82E_S4I0S2.EXE "/P32 "EPSON Stylus C66 Series (Copy 1)" /O6 "USB001" /M "Stylus C66"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323EPSON Stylus C46 Series0 12E_S4I0T1.EXE1 00 70Epson Stylus C46 Series printer monitor - for checking ink levels, etc 01
332EPSON Stylus C46 Series (Copy 4)0 81E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 4)" /O6 "USB024" /M "Stylus C46"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
2 8E_S4I2F10 12E_S4I2F1.exe1 00146Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of a print job spooled to that printer 01
330EPSON Stylus Photo R300 Series0 84E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"211HKEY_CU\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
0 8E_S4I2G10 12E_S4I2G1.EXE1 00 58Related to the Epson Stylus CX5400 printer/scanner/copier. 01
319EPSON Stylus CX64000 71E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
024EPSON Stylus Photo RX6000 12E_S4I2M1.EXE1 00 86Part of the printer drive for the Epson Stylus Photo RX600 printer. Is this necessary?90http://www.epson.com/cgi-bin/Store/consumer/consDetail.jsp?BV_UseBVCookie=yes&oid=417642780
344Auto EPSON Stylus C86 Series (Copy 1) on MOM0 17E_S4I2R1.EXE /P44211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
329EPSON Stylus Photo 820 Series0  8E_S6.tmp111HKEY_CU\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
3 5E_S230 12E_SICN03.exe1 00 60Epson printer status monitor - for checking ink levels, etc. 01
3 8E_SOEIC10 12E_SOEIC1.exe1 00 60Epson Stylus printer monitor - for checking ink levels, etc. 01
2 3EPS0 12e_srcv02.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check0 12e_srcv02.exe1 00  0 01
242EPSON Status Monitor 3 Environment Check 20 12e_srcv02.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
242EPSON Status Monitor 3 Environment Check 20 12E_SRCV02.EXE1 00 86EPSON Status Monitor 3 2.09, SEIKO EPSON CORPORATION. StatusMonitor3 Environment Check 01
2 3EPS0 12e_srcv03.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check0 12e_srcv03.exe1 00  0 01
242EPSON Status Monitor 3 Environment Check 20 12e_srcv03.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check0 12E_SRCV03.EXE122StartUp menu\All users0 86EPSON Status Monitor 3 1.10, SEIKO EPSON CORPORATION. StatusMonitor3 Environment Check39http://www.absolutestartup.com/startup/1
343EPSON Status Monitor 3 Environment Check(3)0 12E_SRCV03.EXE122StartUp menu\All users0 86EPSON Status Monitor 3 3.01, SEIKO EPSON CORPORATION. StatusMonitor3 Environment Check39http://www.absolutestartup.com/startup/1
1 5empin0 11e121307.exe1 00 98Adware downloader/installer,  Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530767750
1 800D34A520 12E5C5BDB4.exe1 00108Added by the Adware.CashSaver  spyware/redirector.  File found in the %System%\56171D04\E5C5BDB4.exe folder.60http://www.sarc.com/avcenter/venc/data/adware.cashsaver.html0
136a70f6a1d-0195-42a2-934c-d8ac0f7c08eb0 12E6F1873B.DLL1 00 36BrowserAid/Startium parasite related61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
1 6e7wLcg0 10e7wLcg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8OEXCheck0 12EA2Check.exe1 00118Express Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others37http://www.ajsystems.com/oexhome.html0
312eabconfg.cpl0 12EabServr.exe1 00 92Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys 01
312eabconfg.cpl0 19EabServr.exe /Start211HKEY_LM\Run0 71Quick Launch Buttons 5, 0, 4, 2, Hewlett-Packard . Quick Launch Buttons39http://www.absolutestartup.com/startup/1
3 7EACLEAN0 11eaclean.exe1 00 61For Compaq PC's.  Easy Access button support for the keyboard75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
1 4eacm0  8eacm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113EanthologyApp0 12EANTHO~1.EXE1 00148Stop-Sign from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware itself - read their privacy statement here25http://www.stop-sign.com/0
213eanthologyapp0 14eanthology.exe1 00 59eAcceleration Stop-Sign related; not recommended; see  note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
222eanthology_install.exe0 22eanthology_install.exe1 00 60eAcceleration Stop-Sign related; not recommended - see  note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
114EastFax żÍ»§¶Ë0 26EastFaxClient.exe /autorun211HKEY_CU\Run0 51EastFax żÍ»§¶Ë 3, 6, 0, 0, ¸´Ô°żĆĽĽ. EastFax żÍ»§¶Ë39http://www.absolutestartup.com/startup/1
316Easy File Backup0 20Easy File Backup.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
120Easy.Windows.Monitor0 31Easy.Windows.Monitoring.exe.exe1 00 33Added by the WORM_MINUSIA.A worm.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMINUSIA%2EA&VSect=T0
1 6EasyAV0 10EasyAV.exe1 00 40Added by the NETSKY.S or NETSKY.T WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.s@mm.html0
224Lotus Organizer EasyClip0 12easyclip.exe1 00184The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page. Available via Start - Programs 01
1 9EasyDates0 13EasyDates.exe1 00 34Premium rate adult content dialler 01
112EasyDates_nl0 16EasyDates_nl.exe1 00 21Adult content dialler 01
3 8Easy Key0 11easykey.exe1 00111For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used 01
3 7EasyKey0 11easykey.exe1 00111For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used 01
3 7EasyPHP0 11EasyPHP.exe111HKEY_LM\Run0 53Application EasyPHP 1.8.0.0, EasyPHP. EasyPHP Manager39http://www.absolutestartup.com/startup/1
324Kodak EasyShare software0 13EasyShare.exe1 00123Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually 01
324Kodak EasyShare software0 16EasyShare.exe -h222StartUp menu\All users0 86Kodak EasyShare software 4, 0, 2, 134, Eastman Kodak Company. Kodak EasyShare software39http://www.absolutestartup.com/startup/1
324Kodak EasyShare software0 17EasyShare.exe -hx2 00 64KODAK EasyShare Software 5, 2, 0, 49, . KODAK EasyShare Software 01
311EasyTuneIII0 12EasyTune.exe1 00 75Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available 01
311EasyTuneIII0 12EasyTune.exe111HKEY_LM\Run0 53myapp Application 1, 0, 0, 1, . myapp MFC Application39http://www.absolutestartup.com/startup/1
1 7easywww0 11easywww.exe1 00 14EasyWWW adware64http://www.kephyr.com/spywarescanner/library/easywww/index.phtml0
1 7easywww0 12easywww2.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 4eatj0  8eatj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
120EbatesMoeMoneyMaker00 24EbatesMoeMoneyMaker0.exe1 00 13Ebates adware76http://www.kephyr.com/spywarescanner/library/ebatesmoemoneymaker/index.phtml0
114Windows Update0  8ebay.exe1 00 29Added by the GAOBOT.BUU WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.buu.html0
112eBay Toolbar0 12EBAYTBAR.EXE1 00 64eBay Toolbar - reportes as spyware as it &quot;phones home&quot;35http://pages.ebay.com/ebay_toolbar/0
311ebaytoolbar0 16eBayTBDaemon.exe1 00 98eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites.35http://pages.ebay.com/ebay_toolbar/0
311eBayToolbar0 16eBayTBDaemon.exe111HKEY_LM\Run0 57eBay Toolbar Daemon 2, 0, 5, 2, eBay. eBay Toolbar Daemon39http://www.absolutestartup.com/startup/1
1 4Notn0  8Eber.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
1 4eblf0  8eblf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7Proc9950 10ebmqbx.exe1 00 54Added by the W32/Ixbot-E worm and IRC backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32ixbote.html0
3 6eBoard0 10Eboard.exe1 00 73eMachines multimedia keyboard manager. Required if you use the extra keys 01
316eMachines eBoard0 10Eboard.exe1 00 73eMachines multimedia keyboard manager. Required if you use the extra keys 01
1 2RF0  6EC.exe1 00 81Added by the Troj/Lineage-U password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineageu.html0
1 6E-Card0  9ecard.exe1 00 23Added by the YODI WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodi.html0
1 3Tmm0  7Ecb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 3ecc0  7ecc.exe111HKEY_LM\Run0 46Online Start 1, 4, 2, 1, Telenor. Online Start39http://www.absolutestartup.com/startup/1
320C-Media Echo Control0 12EchoCtrl.exe1 00165C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer 01
316evidence cleaner0 12ecleaner.exe1 00 73Evidence_Cleaner cleans up tracks left by your PC and Internet activities32http://www.evidence-cleaner.net/0
0 4ecpe0  8ECPE.EXE1 00  2?? 01
125COM+ EventSystem Services0 12ECSERVER.EXE1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
322PCSuiteForNokia3650 TS0 19ECTaskScheduler.exe122StartUp menu\All users0 59ECTaskScheduler Module 1, 0, 0, 1, . ECTaskScheduler Module39http://www.absolutestartup.com/startup/1
3 9Sgeecview0 10Ecview.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
1 8ecwooxgx0 12ecwooxgx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114EDDIEBOYISBACK0 19EDDIEBOYWASHERE.vbs1 00 12Added by the18VBS/Ediboy-B WORM!0
4 7eDexter0 11eDexter.exe1 00 31eDexter 1.34, Pyrenean. eDexter 01
4 7edexter0 11edexter.exe1 00107EDexter is an older, small, free web filtering program produced by: Edexter.  It is used to filter out ads.35http://www.pyrenean.com/edexter.php0
3 6EdHTML0 15EdHTML.exe /min211HKEY_CU\Run0 35EdHTML 5.0, Binboy Software. EdHTML39http://www.absolutestartup.com/startup/1
316e06dxlrd_76047030  9EDICT.EXE1 00 50Related to  Microsoft_Encarta Dictionary functions23http://encarta.msn.com/0
1 7editpad0 11editpad.exe1 00 30Added by the CONSPER-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojconsperb.html0
1 5edjwb0  9edjwb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111eDonkey20000 15eDonkey2000.exe1 00264A peer to peer application for sharing files over the Internet.  The free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar, and WinTools. Located in c:\program files\eDonkey2000\eDonkey2000.exe 01
111eDonkey20000 18eDonkey2000.exe -t2 00  0 01
3 8Edwizard0 12Edwizard.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
219Evidence Eliminator0  6ee.exe1 00132Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis48http://www.evidence-eliminator.com/product.shtml0
1 6ee.exe0  6ee.exe1 00 48Unknown adware.  Located in c:\program files\ee. 01
1 4ahmB0  8eee2.exe1 00 88Added by the Troj/LowZone-CA backdoor Trojan which lowers the security on your computer.59http://www.sophos.com/virusinfo/analyses/trojlowzoneca.html0
1 3Air0  7Eej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4aida0  8eetu.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116Windows Explorer0 13EEXPLORER.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
112efaxs lptt010  9efaxs.exe1 00186Variant of the  RapidBlaster parasite (in an &quot;efaxs&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112efaxs ml097e0  9efaxs.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
1 4efdx0  8efdx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
315EFI Job Monitor0 12efjm.dll,run111HKEY_CU\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
1 5efmcn0  9efmcn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Efpap.exe0  9Efpap.exe1 00123Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching41http://www.softstack.com/fileprotpro.html0
418eTrust EZ Firewall0 11efpeadm.exe1 00 18eTrust EZ Firewall47http://www1.my-etrust.com/products/Firewall.cfm0
1 9CSMonitor0 10efqgqh.exe1 00134Added by the W32/Sdbot-NJ worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnj.html0
110Explorer320 12efsdfgxg.exe1 00 35Added by the Troj/Clicker-Y Trojan.58http://www.sophos.com/virusinfo/analyses/trojclickery.html0
110Explorer640 12efsdfgxg.exe1 00 36Added by the Troj/Clicker-AA Trojan.59http://www.sophos.com/virusinfo/analyses/trojclickeraa.html0
439EarthLink Firewall Process Path Service0 16EFWPPService.exe1 00102Related to EarthLink's Firewall, a part of the EarthLink Protection Control Center, powered by Aluria.46http://www.earthlink.net/software/free/pcc/fw/0
1 5ehbcn0  9ehbcn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112Media center0 11ehshell.exe1 00 34Added by a Rbot variant infection.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3WIN0 11ehshell.exe1 00 75Added by the W32/Mytob-CQ mass-mailing worm with IRC backdoor funtionality.56http://www.sophos.com/virusinfo/analyses/w32mytobcq.html0
3 6ehTray0 10ehtray.exe1 00 29eHome Media Center PC related 7#FF00000
1 5ehusq0  9ehusq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ei10.exe0  8ei10.exe1 00 28Added by the AGOBOT-NK WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnk.html0
1 9[unknown]0 16EIEXPLORER32.EXE1 00134Added by the W32/Sdbot-NX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnx.html0
1 5Einfo0  9Einfo.exe1 00 36Added by the Troj/GrayBrd-BD Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbd.html0
1 4eity0  8eity.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Nab0  7Eja.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6ejdukv0 10ejdukv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9EJzBg.exe0  9EJzBg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310ExitKiller0 11Ekiller.exe1 00 65Exit Killer - automatically closes pop-up windows in your browser26http://www.exitkiller.net/0
1 7igamatu0  8ekor.exe1 00 39Added by the  BACKDOOR.SDBOT.AQ TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.aq.html0
3 5ekort0 26ekort.exe /dontopenmycards211HKEY_LM\Run0 83Swedbank e-kort 2, 4, 0, 1, 81, Orbiscom Ltd. All rights reserved.. Swedbank e-kort39http://www.absolutestartup.com/startup/1
114bron-spizaetus0 14eksplorasi.exe1 00 31Added by the  RONTOKBRO.J WORM!88http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.J&VSect=P0
110[not used]0 14eksplorasi.pif1 00 50Added by the W32/Korbo-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32korboa.html0
311Eksplorator0 15Eksplorator.exe122StartUp menu\All users0 62EDBUD Eksplorator 3.00.0002, MTM Digital s.c.. Eksplorator.EXE39http://www.absolutestartup.com/startup/1
315CloneCDElbyCDFL0 13ElbyCheck.exe1 00318From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it42http://www.elby.org/english/corp/index.htm0
3 9Elbycheck0 13ElbyCheck.exe1 00318From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it42http://www.elby.org/english/corp/index.htm0
315CloneCDElbyCDFL0 25ElbyCheck.exe /L ElbyCDFL2 00 67Elaborate Bytes ElbyCheck 2, 1, 0, 0, Elaborate Bytes AG. ElbyCheck 01
1 7Element0 11Element.txt1 00 25Added by the ELEM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html0
115[various names]0  7elf.exe1 00 48Elf is a hacker program, tied to a trojan server 01
1 6elgvrn0 10elgvrn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6etbrun0 13elit***32.exe1 00 46Adware.EliteBar toolbar and search redirector. 01
1 8checkrun0 14elite***32.exe1 00 16EliteBar adware.76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
121Windows Fixes Systems0  9elite.exe1 00137Added by the W32.Mytob.EG@mm worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.eg@mm.html#technicaldetails0
1 6etbrun0 14eliteetf32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8checkrun0 14eliteevl32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8checkrun0 14elitelsj32.exe1 00 29Added by the  Troj/Multidr-ER59http://www.sophos.com/virusinfo/analyses/trojmultidrer.html0
110elitemedia0 17elitemediapop.exe1 00 36Added by the Troj/LowZone-BB Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzonebb.html0
2 8checkrun0 14elitenfp32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8antiware0 14elitezjx32.exe1 00 34Related to searchmiracle hijacker. 01
2 3elm0 10Elmenv.exe1 00 68ViaTech eLicense for securing, distributing and selling music online 01
443EarthLink Protection Control Center Service0 12ELNKServ.exe1 00 98Added by EarthLink's Protection Control Center, including EarthLink's Firewall, powered by Aluria.43http://www.earthlink.net/software/free/pcc/0
114Bron-Spizaetus0 10ElnorB.exe1 00 45Added by the W32/Brontok-A mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontoka.html0
1 8elphqlfs0 12elphqlfs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9elpow_spy0 13elpow_spy.sys1 00119Added by the Spyware.ElpowKeylogger surveillance software.  This should be removed if it was not installed by yourself.66http://www.sarc.com/avcenter/venc/data/spyware.elpowkeylogger.html0
313ELSAChipGuard0 12elsavect.exe1 00249ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking 01
310elsblaunch0 14ELSBLaunch.exe1 00 22EarthLink  SpamBlocker51http://www.earthlink.net/software/free/spamblocker/0
310ELSBLaunch0 14ELSBLaunch.exe122StartUp menu\All users0 76EarthLink spamBlocker 1.1.0.11, . EarthLink spamBlocker Launcher Application39http://www.absolutestartup.com/startup/1
125Windows Internet Services0 11eltsass.exe1 00 50Added by the W32/Tilebot-EO worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboteo.html0
1 8elxvlgfe0 12elxvlgfe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7EM_EXEC0 11EM_EXEC.EXE1 00186Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled 01
3 7EM_EXEC0 11EM_EXEC.EXE111HKEY_LM\Run0 65MouseWare 9.40, Logitech Inc.                    . Control Center39http://www.absolutestartup.com/startup/1
311EasyMessage0  7em2.exe1 00 72Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See here27http://www.easymessage.net/0
311EasyMessage0 13em2.exe -wait2 00  0 01
2 7EMA.exe0  7EMA.EXE1 00 75Time management system which helps you to manage your time and appointments 01
1 7emakesv0 11EMAKE2B.EXE1 00 48Switch premium rate adult content dialer variant52http://www.spywareguide.com/product_show.php?id=19490
1 7eMakeSV0 11EMAKESV.EXE1 00 24A switch dialer variant. 01
112EMAP Service0  9emape.exe1 00116Added by the W32/Tilebot-EM worm and IRC backdoor. This infection utilizes the rootkit C:\Windows\System32\rofl.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotem.html0
1 6emfhor0 10emfhor.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
140(tt9381D8F2-0288-11D0-9501-00AA00B911A5)0  9emgfx.exe1 00 54Added by the Troj/Fusion-B keylogging backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfusionb.html0
319Electron Microscope0  9EMIII.exe1 00332Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues21http://www.em-dc.com/0
1 7emoc0re0  7emo.exe1 00 61W32/Agobot-AGE is a network worm with backdoor functionality.58http://www.sophos.com/virusinfo/analyses/w32agobotage.html0
115Help Temp Files0  9emp32.exe1 00 41Added by the W32/Forbot-EC Backdoor/Worm!57http://www.sophos.com/virusinfo/analyses/w32forbotec.html0
1 8emsw.exe0  8emsw.exe1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
214eMuleAutoStart0  9emule.exe1 00296As of today, eMule is one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release. Located in C:\Program Files\eMule\emule.exe54http://www.emule-project.net/home/perl/general.cgi?l=10
314eMuleAutoStart0  9emule.exe1 00297As of today, eMule is one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release." Located in C:\Program Files\eMule\emule.exe54http://www.emule-project.net/home/perl/general.cgi?l=10
314Skrót do eMule0  9eMule.exe125StartUp menu\Current user0 57eMule 0.45.1 Unicode, http://www.emule-project.net. eMule39http://www.absolutestartup.com/startup/1
1 5emule0  9emule.exe1 00132Added by the W32/Rbot-ALZ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalz.html0
314eMuleAutoStart0 15emule.exe /tray2 00 57eMule 0.46.2 Unicode, http://www.emule-project.net. eMule 01
214eMuleAutoStart0 20emule.exe -AutoStart211HKEY_CU\Run0 57eMule 0.45.1 Unicode, http://www.emule-project.net. eMule39http://www.absolutestartup.com/startup/1
314eMuleAutoStart0 20emule.exe -AutoStart2 00 57eMule 0.47.0 Unicode, http://www.emule-project.net. eMule 01
220eMusicClient Systray0 16eMusicClient.exe1 00 28eMusic MP3 download software38http://www.emusic.com/about/index.html0
215EN4060C Taskbar0 12en4060ct.exe1 00 94Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray 01
1 8enakeplb0 12enakeplb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116www.hidro.4t.com0 10enbiei.exe1 00 28Added by the BLASTER.F WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.f.worm.html0
318Encompass_ENCMONTR0 12ENCMONTR.EXE1 00 46Optional simple browser from Yahoo (Encompass) 01
319Energizer FileSaver0 23Energizer FileSaver.exe2 00 68Energizer FileSaver - UPS back-up utility for Energizer UPS products43http://www.energizerups.com/productline.asp0
319Energizer FileSaver0 23Energizer FileSaver.exe222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
312EnergyPlugIn0 16EnergyPlugin.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112energyplugin0 16EnergyPlugin.exe1 00 27EnergyPlugin adware variant83http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.energyplugin.html0
114enewsletterpro0 18enewsletterpro.exe1 00 64Added by the Troj/StartPa-KN Internet Explorer hijacking Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpakn.html0
224SB Audigy 2 Startup Menu0  3eng1 00517Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function 01
1 6enggfj0 10enggfj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 9enginecs20 13enginecs2.exe1 00 91Part of the Cyber Sentinel Internet filtering software. Does anyone know if what this does?46http://www.securitysoft.com/new601/cs_home.htm0
214MGA_CD_Install0  7English1 00  0 01
217Status Monitor XE0  9ENGSS.EXE1 00258The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start - Programs 01
4 7EngUtil0 11EngUtil.exe1 00110Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking 01
418RoxioEngineUtility0 11EngUtil.exe1 00110Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking 01
1 9enhance320 13enhance32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
112Enh Win Updt0 11enhupdt.exe1 00100Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h36http://www.kaspersky.com/personalpro0
215EnigmaPopupStop0 19EnigmaPopupStop.exe1 00 64SpyHunter - spyware remover of somewhat dubious repute, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note0
1 4enjl0  8enjl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 9envyhfcpl0 12EnMixCPL.exe1 00 39VIA  Envy24 PCI Audio Controller driver59http://www.via.com.tw/en/products/audio/controllers/envy24/0
115Start aThe Roll0 11enotxa2.exe1 00108Added by the W32/Rbot-PV worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotpv.html0
012ENSMIX32.EXE0 12ENSMIX32.EXE1 00 18Sound card driver. 01
311entbloess 20 14Entbloess2.exe1 00174Related to  Window-Switcher it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2000 and XP.25http://www.entbloess.com/0
0 9$EnterNet0 12Enternet.exe1 00 65Connection manager for the EnterNet ISP. You can also use RASPPOE37http://user.cs.tu-berlin.de/~normanb/0
011prodigy dsl0 15EnterNetDUN.Exe1 00 33Prodigy EnterNet DUN PPPoE Client 01
3 8Entunnel0 12Entunnel.EXE122StartUp menu\All users0 68Entunnel 1.1.2.70, VanDyke Software, Inc.. Entunnel Tray Application39http://www.absolutestartup.com/startup/1
1 7enwnsis0 11enwnsis.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8enydmvsx0 12enydmvsx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119Registry Value Name0  9enzxp.exe1 00188Added by the W32/Rbot-BAJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This infection will also disable the Windows firewall.56http://www.sophos.com/virusinfo/analyses/w32rbotbaj.html0
3 7eonemng0 11eOneMng.exe1 00118eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC 01
1 8eonpyrxx0 12eonpyrxx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 6EOUApp0 10EOUWiz.exe1 00 56Ease of Use Wizard Application for Intel wireless cards. 01
3 6EOUApp0 10EOUWiz.exe111HKEY_LM\Run0 83Intel PROSet/Wireless 9, 0, 0, 0, Intel Corporation. Ease Of Use Wizard Application39http://www.absolutestartup.com/startup/1
318easykeyboardlogger0  7epl.exe1 00 92EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!69http://www.symantec.com/avcenter/venc/data/spyware.easykeylogger.html0
316ePowerManagement0 12ePM.exe boot211HKEY_LM\Run0 77Acer ePowerManagement 1.0.0.0, Acer Value Labs, Taiwan. Acer ePowerManagement39http://www.absolutestartup.com/startup/1
3 6epm-dm0 10epm-dm.exe111HKEY_LM\Run0 75Acer EPM Device Manager 2.00, Acer Value Labs, USA. Acer EPM Device Manager39http://www.absolutestartup.com/startup/1
412Naimagent_UI0 20EPOAgentnaimag32.exe1 00400Workstation background program for Network Associates’ McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan 01
417Naimagent_service0 20EPOAgentnaimas32.exe1 00268Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages 01
218eprint 4.0 service0 11EPRINT4.EXE1 00244A component of the LEADTOOLS  ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more! - Can be started manually.28http://www.eprintdriver.com/0
3 9ePrompter0 13ePrompter.exe1 00 40ePrompter - E-mail notification software25http://www.eprompter.com/0
328aluria&#039;s pop-up stopper0  7eps.exe1 00 19Aluria  Pop-Stopper54http://www.aluriasoftware.com/homeproducts/popstopper/0
323aluria's pop-up stopper0  7eps.exe1 00 19Aluria  Pop-Stopper54http://www.aluriasoftware.com/homeproducts/popstopper/0
118EPS Printer driver0 12epsn2sys.sys1 00 34Identified as Trojan.NtRootKit.75. 01
317EPSON CardMonitor0 24EPSON CardMonitor1.0.exe2 00106Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint 01
229\\MOM\EPSON Stylus C86 Series0 53EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
317EpsonPhotoStarter0 22EPSON_PhotoStarter.exe1 00100Only needed if you want to make full use of the capabilities of an Epson printer that included this  01
118EPS Printer Driver0 12EPSONSYS.SYS1 00 71Added by the Trojan.Goldun.I password-stealing Trojan for online banks.76http://www.sarc.com/avcenter/venc/data/trojan.goldun.i.html#technicaldetails0
219soap blah part dart0 11Eq Less.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4NiCQ0  8eqgq.exe1 00135Added by the Troj/Ranck-AA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaa.html0
1 9EQTraffic0 13EQTraffic.exe1 00 45Unknown Adware.  Possible CAS adware related. 01
3 8Equipmen0 12Equipmen.exe1 00  2?? 01
3 6eraser0 10eraser.exe1 00 63Eraser allows for complete removal of data from your hard drive27http://www.heidi.ie/eraser/0
3 6eraser0 16eraser.exe -hide2 00 63Eraser allows for complete removal of data from your hard drive27http://www.heidi.ie/eraser/0
3 6Eraser0 16eraser.exe -hide211HKEY_CU\Run0 22Eraser 5.7, -. Eraser.39http://www.absolutestartup.com/startup/1
213OP12 Reminder0  8Ereg.exe1 00 55Registration reminder for OmniPage Pro 12 from ScanSoft33http://www.scansoft.com/omnipage/0
320PDFConverterReminder0  8ereg.ini111HKEY_LM\Run0 62Ereg Application 1.0.1.6, ScanSoft, Inc.. Ereg MFC Application39http://www.absolutestartup.com/startup/1
2 3erm0  7erm.exe1 00  2?? 01
1 7LasErma0 13Ermasys32.exe1 00 25Added by the W32/Lerma-A.55http://www.sophos.com/virusinfo/analyses/w32lermaa.html0
1 8eros.exe0  8eros.exe1 00 21Adult content dailler 01
323XTNDConnect PC - ErPhn20 10ErPhn2.exe1 00 99Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook15#EasySync%20Pro0
110ErrorGuard0 14ErrorGuard.exe1 00 33Spyware remover of dubious repute 01
211Error Nuker0 14ErrorNuker.exe1 00 66scan at startup. The program can be launched manually if required. 01
211Error Nuker0 24ErrorNuker.exe autostart2 00 49Error Nuker 01.02.04, Trek Blue, Inc. Error Nuker 01
323XTNDConnect PC - ErTray0 10ErTray.exe1 00 99Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook15#EasySync%20Pro0
0 8ERTS07490 12ERTS0749.exe1 00110IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? 01
325IBM Warranty Notification0 12ERTS0749.exe1 00  0 01
115[Various Names]0 10ERTYDF.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
122Microsoft DDEs Control0  8Erun.pif1 00132Added by the W32/Rbot-AMU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamu.html0
1 5erver0  9erver.exe1 00 44Added by the Troj/Bckdr-ACI backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojbckdraci.html0
1 8erwnades0 12erwnades.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
323Epson Stylus C62 Series0 12E-S0BIC1.EXE1 00132Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required 01
217Easy Start Button0  7esb.exe1 00111Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys 01
3 3ESB0  7esb.exe1 00131Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys 01
113EasySearchBar0 13ESBUpdate.exe1 00 31EasySearchBar adware downloader 01
1 6Helper0 10eschlp.exe1 00 28Added by the BLASTER.T WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html0
1 9EScorcher0 13escorcher.exe1 00197Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead25http://www.escorcher.com/0
2 5ESFTP0  9esftp.exe1 00 87ESftp - FTP client for transfering files between a local PC and another remote computer30http://esftp.com/features.html0
122Microsoft ESTMP Server0  9ESMTP.EXE1 00 49Added by the WORM_MYTOB.OX worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EOX&VSect=T0
1 4Esoh0 11Esoh123.exe1 00 28Added by the AGOBOT.FF WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FF0
3 7ESPN3600 18espn360.exe -nogui211HKEY_CU\Run0 38ESPN360 1.0.0.21, ESPN. ESPN360 Client39http://www.absolutestartup.com/startup/1
413eSafe Protect0 12ESPWatch.exe1 00 69eSafe from Aladdin - internet security for gateway and E-mail servers44http://www.esafe.com/esafe/default.asp?cf=tl0
0 6essapm0 10essapm.exe1 00 26ESS Solo soundcard driver. 01
010ESS Daemon0  8Essd.exe1 00 35Related to an ESS based soundacard. 01
4 5Essdc0  9essdc.exe1 00 63Related to an ESS Solo soundcard. Seems as though it's required 01
0 8ESSNDSYS0 12ESSNDSYS.EXE1 00 35Related to an ESS based soundacard. 01
4 6ESSOLO0 10ESSOLO.exe1 00 65Sound card driver that re-instates itself every time it's removed 01
3 5load=0  9esspk.exe1 00 60Speakerphone capability through a soundcard for an ESS modem23http://www.esstech.com/0
4 5esspk0  9esspk.exe1 00 81ESS Technology modem speaker driver file. Required to get on-line with this modem 01
311EssSpkPhone0 10essspk.exe1 00116ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets 01
1 3Qqi0  7Est.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
120e-surveiller station0 12estation.exe1 00 25Added by the  ESurveiller67http://www.symantec.com/avcenter/venc/data/spyware.esurveiller.html0
0 8esupinit0 11eSupCmd.exe1 00109Related to  SupportSoft "Real-Time Service Management software" - what exactly does it do and is it required?62http://support.com/solutions/overview/solutions_overview.shtml0
114alt CTRL Shift0  9et3rd.exe1 00134Added by the Troj/Sdbot-RH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/trojsdbotrh.html0
115alt CTRLx Shift0  9et3rd.exe1 00130Added by the W32/Sdbot-RG worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrg.html0
310EasyTuneIV0 11ET4Tray.exe1 00 75Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available 01
1 7etauyxg0 11etauyxg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110ETB Tester0 11etbtest.exe1 00128Added by the W32/Rbot-ABR. When this infection starts it connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotabr.html0
222Scotia OnLine Recovery0 12etdirrcv.exe1 00229Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process32http://www.entrust.com/index.cfm0
236Scotia OnLine Security v*.* Recovery0 12etdirrcv.exe1 00229Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process32http://www.entrust.com/index.cfm0
116Ethernet Drivers0 12ethernet.exe1 00 97Added by the a  href="http://www.sarc.com/avcenter/venc/data/w32.gaobot.cez.html#technicaldetails64W32.Gaobot.CEZ infection. Found in the Windows system directory.0
115EthernetDrivers0 12ethernet.exe1 00 77Added by the W32.Gaobot.CEZ infection. Found in the Windows system directory.75http://www.sarc.com/avcenter/venc/data/w32.gaobot.cez.html#technicaldetails0
112the ethernet0 12ethernet.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 6Yahoo!0 12ethernet.exe1 00 36Added by the BKDR_PROSTI.A backdoor.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FPROSTI%2EAA&VSect=T0
120WindowsRegKey%update0 15ethernet32m.exe1 00 26Added by the RBOT-EN WORM!55http://www.sophos.com/virusinfo/analyses/w32rboten.html0
218Slingshot Tray App0 20EtiTray.exe /startup211HKEY_CU\Run0 44Enfish 6.1, Enfish Software. Enfish Eti Tray39http://www.absolutestartup.com/startup/1
312ET Minimizer0  9etmin.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 9MSRegScan0  9ETNKL.exe1 00128Added by the Spyware.ComKeylogger surveillance software. This program should be uninstalled if it was not installed by yourself.64http://www.sarc.com/avcenter/venc/data/spyware.comkeylogger.html0
221EarthLink ToolBar 5.00 12etoolbar.exe1 00199EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time 01
1 7eueghwp0 11eueghwp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Iji0  7Eug.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6eujqsu0 10eujqsu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7tE7h34e0 11eunache.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8EuroGlot0 12EuroGlot.exe1 00125Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"44http://www.euroglotonline.nl/en/default.html0
2 9ICH Synth0 10eusexe.exe1 00216Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices 01
311DEventAgent0 12eventagt.exe1 00114DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this 01
3 9Event Log0 12eventlog.exe1 00  2?? 01
2 8eventmgr0 12eventmgr.exe1 00 97Used with a Microtek scanner. Manages the scanner's button events. Available via Start - Programs 01
1 8eventwvr0 12eventwvr.exe1 00 43Added by the Troj/Cosiam-G backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamg.html0
1 4Evil0  8Evil.exe1 00158Added by the W32.Mytob.JM@mm mass-mailing worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.jm@mm.html#technicaldetails0
1 7evjdihr0 11evjdihr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313EVENTLISTENER0 11EvLstnr.exe1 00 75Used with a Nikon digital camera to recognize when the camera is plugged in 01
2 7evntsvc0 10evntsc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
210TkBell.Exe0 11evntsvc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
2 9TkBellExe0 11evntsvc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
118System Event Agent0 11evntsvc.exe1 00 42Added by the Troj/Wollf-I backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojwollfi.html0
3 8EVOLOSTA0 12EVOLOSTA.EXE1 00544Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start - Run dialog to run it 01
112blah service0 10evosys.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6EvtHtm0 10evthtm.exe1 00 34Premium rate adult content dialler 01
1 6EvtHtm0 18evthtm.exe /nocomm211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321BMO MasterCard Wallet0 11EWALLET.EXE1 00 83The wallet conveniently stores billing, shipping and payment information on your PC 01
3 4Lasb0  8ewat.exe1 00  2?? 01
1 6ewlxde0 10ewlxde.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7w32data0  9eworo.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9ewupdater0 13ewupdater.exe1 00 28EasyWebSearch adware updater81http://www.kephyr.xaviermedia.us/spywarescanner/library/easywebsearch/index.phtml0
119TmNetDriver Monitor0  9exbce.exe1 00133Added by the W32/Sdbot-ABR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotabr.html0
115[Various Names]0 18ExchangeMaster.exe1 00132Part of the Wareout infection as described A href=http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
0 8FPEXCNVT0 10ExCnvt.exe1 00150Related to the a hred="http://www.castelle.com/products/faxpress/default.htm"Castelle Faxpress fax server product line.  Anyone know what this is for? 01
1 8exdl.exe0  8exdl.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
110exe lptt010  7exe.exe1 00184Variant of the  RapidBlaster parasite (in an &quot;Exe&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
110exe ml097e0  7exe.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
115[Various Names]0 12EXE32EXE.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 4seli0  9exe82.exe1 00 36Added by the Troj/LowZone-AS Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzoneas.html0
3 9cleantemp0 17EXEBCleanTemp.exe1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
2 7uoltray0  8exec.exe1 00 40Netzero free ISP software - not required 01
215netzero_uoltray0 15exec.exe regrun2 00  0 01
129System Executable DLL Library0 13EXECDLL32.exe1 00 28Added by the RANDEX.AZ WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.az.html0
1 7execfg40 11execfg4.exe1 00 27Added by the ELECTRON WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.electron.html0
110[not used]0 12exeroute.exe1 00 90Added by the Troj/WowPWS-A password-stealing Trojan for the online game World of Warcraft.57http://www.sophos.com/virusinfo/analyses/trojwowpwsa.html0
1 7winprot0 13exeserver.exe1 00 42Added as a result of the CHUPACABRA VIRUS!62http://www.dark-e.com/archive/trojans/chupacabra/10/index.shtm0
115Windows Updates0  9exesy.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
412vet start up0 12exevet32.exe1 00244Computer Associates &quot;InnoculateIT&quot;&nbsp; and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options22http://www.vet.com.au/0
2 7exgiwsl0 11exgiwsl.exe1 00  2?? 01
313Exif Launcher0 18Exiflaquickdcr.exe1 00116USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly 01
116NOYPI_KANG_ASTIG0 21Exit to DosPrompt.pif2 00 46Added by the W32.Filukin.A@ mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.filukin.a@mm.html#technicaldetails0
215Excite Platform0 12Exlaunch.exe1 00287Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer 01
1 6xevivi0 11exobaba.exe1 00132Added by the W32/Sdbot-UQ worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuq.html0
2 6Exodus0 10Exodus.exe1 00 90Added by Exodus. Exodus is an instant messaging program that utilizes the jabber protocol.31http://exodus.jabberstudio.org/0
1 7exp.exe0  7exp.exe1 00 53Added by a variant of the SMALL.ABD downloader TROJAN 01
1 6rforce0 12EXP1ORER.EXE1 00 29Added by the  TROJ_DROPPER.KN87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.KN&VSect=T0
114WINDOWS SYSTEM0 12expI0rer.exe1 00132Added by the W32/Mytob-FI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobfi.html0
116Navegador de red0 12ExpIorer.exe1 00 44Added by the Troj/Taladra-E backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtaladrae.html0
114WINDOWS SYSTEM0 12EXPIORER.EXE1 00 49Added by the WORM_MYTOB.MA worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EMA&VSect=T0
111expl0re.exe0 11EXPL0RE.EXE1 00 26Added by the  Troj/Popno-A56http://www.sophos.com/virusinfo/analyses/trojpopnoa.html0
1 8EXPL0RER0 12EXPL0RER.exe1 00 43Added by the Troj/Feutel-G backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelg.html0
1 8EXPLORER0 12EXPL0RER.EXE1 00 44Added by the Troj/BeastDo-Y backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojbeastdoy.html0
118Microsoft Internet0 12expl0rer.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
124Microsoft Update Machine0 12expl0rer.exe1 00 27Added by the SDBOT.OK WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.OK&VSect=T0
113Expl0rer soft0 12expl0rer.pif1 00133Added by the W32/Rbot-ARE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotare.html0
1 8explorer0 10expl32.exe1 00 27Added by the RATSOU TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.html0
110Explorer320 10Expl32.exe1 00 31Added by the HACKTACK.B TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKTACK.B0
1 3pcc0 12explcrer.exe1 00 43Added by the Troj/Agent-FW backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfw.html0
114Office Startup0 11Exploer.exe1 00 87Added by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entries79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bv.html0
112COM++ System0 12exploier.exe1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
118Microsofts Updatez0 13exploirez.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
117microsoft windows0 12explorar.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7explore0 11explore.exe1 00 49Added by any number of VIRUSES, WORMS or TROJANS! 01
1 7Explore0 11explore.exe1 00 21Adult content dialler 01
115explore manager0 11explore.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
111explore.exe0 11Explore.exe1 00 31Added by the GRAYBIRD.G TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.g.html0
116filename process0 11explore.exe1 00129Added by W32/Agobot-QN,  a TROJAN/backdoor that allows for unauthorized access to the PC using an IRC channel to a remote server.57http://www.sophos.com/virusinfo/analyses/w32agobotqn.html0
114SystemExplorer0 11explore.exe1 00 73Homepage hijacker - file located in the "Services" folder in Common Files 01
114Update Windows0 11EXPLORE.EXE1 00 59Added by the Backdoor.Win32.Rbot.aal worm and IRC backdoor. 01
114Video Services0 11explore.exe1 00 28Added by the GAOBOT.GL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gl.html0
1 6Window0 11explore.exe1 00 29Added by the GAOBOT.ADW WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adw.html0
1 7Default0 11explore.vbs1 00138ml" target=_blankALLEM mass-mailing worm.  It finds addresses to send to in the Microsoft Outlook address book.  It also spreads via MIRC. 01
119Microsoft Update 320 13explore32.exe1 00 29Added by the SPYBOT.CYM WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.cym.html0
1 8startkey0 13explore32.exe1 00 43Added by the Troj/Bdoor-MT backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormt.html0
1 5Video0 12explored.exe1 00 28Added by the GAOBOT.RF WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rf.html0
113Windows Login0 12explored.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
113exploreff.exe0 13exploreff.exe1 00 36Added by the Trojan.Finfanse Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.finfanse.html#technicaldetails0
113Explorer soft0 12explorer.com1 00133Added by the W32/Rbot-ARM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotarm.html0
1 8EXPLORER0 12EXPLORER.dll1 00 33Added by the Troj/SCLog-B trojan.56http://www.sophos.com/virusinfo/analyses/trojsclogb.html0
1 8Explorer0 12Explorer.doc1 00 38Added by the WM97/Resume-A email worm.57http://www.sophos.com/virusinfo/analyses/wm97resumea.html0
2 5Jgvta0 12explorer.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8explorer0 12explorer.exe1 00248Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL84http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_BISTRO&amp;VSect=T0
3 3klp0 12explorer.exe1 00119Added by the Spyware.ComSurveilSys surveillance software. bIf this was not installed by you, you should uninstall it./b65http://www.sarc.com/avcenter/venc/data/spyware.comsurveilsys.html0
115[random number]0 12explorer.exe1 00 53Added by the Troj/Keylog-AN password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojkeylogan.html0
1 64566550 12Explorer.exe1 00135Added by the Troj/Bifrose-DF Trojan.  This infection should not be confused with the legitimate Microsoft file C:\Windows\Explorer.exe.59http://www.sophos.com/virusinfo/analyses/trojbifrosedf.html0
1 5ccreg0 12explorer.exe1 00178Added by the ZCREW TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\System or C:\Winnt\System subdirectory66http://www.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html0
1 7Explore0 12Explorer.exe1 00155Added by the IRC.FLOOD.G TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.g.html0
115Explorer lptt010 12explorer.exe1 00304Variant of the  RapidBlaster parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!49http://www.doxdesk.com/parasite/RapidBlaster.html0
115Explorer ml097e0 12explorer.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
112IE configure0 12explorer.exe1 00 81Added by the Troj/Lineage-C password-stealing Trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagec.html0
1 9IExplorer0 12explorer.exe1 00  092http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FZAPCHAST%2EBD&VSect=T0
1 7Loadab10 12explorer.exe1 00 36Added by the Troj/Lineage-AJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojlineageaj.html0
1 9loadMecq00 12explorer.exe1 00101tml" target=_blankMUMUBOU.C trojan.  Note that legitimate explorer.exe resides in the Windows folder. 01
1 9loadMect10 12explorer.exe1 00 72Added by the  Troj/Lineage-L trojan to the %Windr%/Program Files folder.58http://www.sophos.com/virusinfo/analyses/trojlineagel.html0
1 8MicroCQ00 12explorer.exe1 00 82Added by the Troj/Lineage-AK password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageak.html0
127Microsoft Automatic Updater0 12Explorer.exe1 00 31Added by the  W32/RBOT-SG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsg.html0
133Microsoft Synchronization Manager0 12explorer.exe1 00225Added by the W32/Sdbot-AEA worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer. Note: this is not the legitimate explorer.exe found in your c:\Windows folder.57http://www.sophos.com/virusinfo/analyses/w32sdbotaea.html0
119Microsoft Update 320 12explorer.exe1 00223Added by the W32/Rbot-ARF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This should not be confused with the legitimate explorer.exe found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/w32rbotarf.html0
134Microsoft Windows Keyboard service0 12explorer.exe1 00132Added by the W32/Rbot-ECN worm and IRC backdoor.  This infection should not be confused with the legitimate C:\Windows\explorer.exe.56http://www.sophos.com/virusinfo/analyses/w32rbotecn.html0
1 4mmb20 12explorer.exe1 00279Added by an unidentified WORM or TROJAN - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in the C:\Windows\System folder (Win 98/ME) or in the C:\Winnt\System32 or C:\Windows\System32 subfolder (Windows 2000 and Win XP) 01
1 7MsAudio0 12explorer.exe1 00119Added by the Troj/LegMir-BY Trojan.  This infection should not be confused with legitimate file C:\Windows\explorer.exe58http://www.sophos.com/virusinfo/analyses/trojlegmirby.html0
1 8oadMect10 12explorer.exe1 00125Added by the Troj/Lineage-L password stealing trojan.  This trojan targets passwords associated with the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagel.html0
112QoS Provider0 12explorer.exe1 00142Added by the W32/Agobot-UX worm and IRC backdoor.  This infection should not be confused with the legitimate explorer.exe found in C:\Windows.57http://www.sophos.com/virusinfo/analyses/w32agobotux.html0
1 5Shell0 12explorer.exe1 00 35Added by the Trojan.Kakkeys trojan.75http://www.sarc.com/avcenter/venc/data/trojan.kakkeys.html#technicaldetails0
1 7Shell320 12explorer.exe1 00134Added by the W32/Sdbot-NF worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnf.html0
1 5smsys0 12Explorer.exe1 00186Added by the CLICKER-C TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\Template or C:\Winnt\Template subdirectory58http://www.sophos.com/virusinfo/analyses/trojclickerc.html0
1 6Sustem0 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
112SustemUpdate0 12explorer.exe1 00  0 01
110sys_Runtt10 12explorer.exe1 00132Added by the Troj/Lineage-M password stealing trojan.  This trojan attempts to steal passwords from the popular online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagem.html0
1 8sysMett10 12explorer.exe1 00 52Added by the Troj/LegMir-Y password stealing trojan.57http://www.sophos.com/virusinfo/analyses/trojlegmiry.html0
1 6system0 12Explorer.exe1 00247Added by the GRAYBIRD TROJAN! Note - this is located in this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) rather than the valid Windows Explorer which is located in C:\Windows or C:\Winnt78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html0
114System Update20 12explorer.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 7Taskmrg0 12explorer.exe1 00 37Added by the TROJ_ZAPCHAST.BD Trojan.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FZAPCHAST%2EBD&VSect=T0
1 7Windows0 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
116Windows Explorer0 12explorer.exe1 00 44Added by the W32/Poebot-J WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotj.html0
116Windows Services0 12explorer.exe1 00128Added by the W32/Sdbot-W.  When this infection loads it connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotwt.html0
116Windows System320 12explorer.exe1 00 31Added by the W32/Opanki-V worm.56http://www.sophos.com/virusinfo/analyses/w32opankiv.html0
119Windowz Update V2.00 12Explorer.exe1 00150Added by the YODO WORM! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in the System32 sub-directory74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodo.html0
1 8WinUPD320 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
1 6WksSVC0 12EXPLORER.exe1 00 12Added by the134W32/Mytob-BW0
113Explorer soft0 12explorer.pif1 00133Added by the W32/Rbot-APK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapk.html0
118Microsoft Explorer0 12explorer.pif1 00133Added by the W32/Sdbot-ACX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacx.html0
116Windows Explorer0 12explorer.pif1 00133Added by the W32/Rbot-AID worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaid.html0
118Microsoft Explorer0 12explorer.scr1 00121Added by the W32/Rbot-ADH worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotadh.html0
114System-Service0 12EXPLORER.SCR1 00 61Added by the  BENJAMIN WORM! KaZaA file-sharing users beware!86http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A&VSect=T0
1 6Limpet0 14explorer16.exe1 00133Added by the W32/Rbot-AJD worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajd.html0
116Explorer Service0 14Explorer32.exe1 00 26Added by Backdoor.Fraggle.60http://www.sarc.com/avcenter/venc/data/backdoor.fraggle.html0
125Microsoft Windows Updates0 14explorer32.exe1 00 27Added by the SDBOT.VQ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VQ&VSect=T0
114Win32 Explorer0 14Explorer32.exe1 00 28StartPa-MN homepage hijacker55http://sophos.com/virusinfo/analyses/trojstartpamn.html0
134Windows Explorer Update Build 11420 14EXPLORER32.EXE1 00 50Added by the KaZaA based  KWBOT or  KWBOT.Y WORMS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.A0
112explorer.exe0 17explorer32dbg.exe1 00 69Browser Hijacker to http://default.home and possibly other locations. 01
122Microsoft Explorer(64)0 14EXPLORER64.EXE1 00136Added by the W32/Spybot-R worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32spybotr.html0
110explorer320 15explorer6s4.exe1 00 47Added by the Downloader.Win32.Small.biq TROJAN! 01
123MicrosoftServiceManager0 13EXPLORERE.EXE1 00 26Added by the YAHA.AB WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ab@mm.html0
115Explorer Loader0 13explorerl.exe1 00143Added by the W32/Sdbot-ADI worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotadi.html0
114Config Loader20 12explores.exe1 00 28Added by the GAOBOT.BT WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bt.html0
1 8RavTimer0 12explores.exe1 00 42Added by the Troj/Homey-A backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojhomeya.html0
128Microsoft EXPLOREXP Protocol0 13explorexp.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
115explorer loader0 11explr32.exe1 00 28Added by the  AGOBOT.N WORM!124http://www.0
115[Various Names]0 11expoler.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
121Outlook Mail Services0 11express.exe1 00132Added by the W32/Rbot-ATJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatj.html0
1 6Explkw0  9expup.exe1 00 17Keywords hijacker 01
1 8exqvbedm0 12exqvbedm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8Exshow950 12EXSHOW95.exe1 00142Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices 01
1 6extapp0 10extapp.exe1 00119Added by the Backdoor.Acidoor  backdoor trojan.  This backdoor listens on TCP ports 4432 and 4433 awaiting connections.60http://www.sarc.com/avcenter/venc/data/backdoor.acidoor.html0
121External Dependencies0 12External.exe1 00147Added by the W32/Mytob-AT mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobat.html0
120Configuration Loader0 10extrac.exe1 00133Added by the W32/Sdbot-AFP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafp.html0
3 8ExtraDNS0 12ExtraDNS.exe1 00 33ExtraDNS - DNS configuration tool26http://www.extratools.com/0
325extreme messenger for aim0 20ExtremeMessenger.exe1 00 69Extreme_Messenger - an extension for the AIM Instant Messenger client32http://www.extrememessenger.com/0
1 4exww0  8exww.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
019ExxtremeHelperDemon0 12exxdemon.exe1 00 40Creative Exxtreme graphics card related? 01
1 3XXX0 16exysa ummama.vbs2 00116Added by the VBS/Suasage-A emailing worm.  This worm spreads by emailing all the users in your Outlook contact list.57http://www.sophos.com/virusinfo/analyses/vbssausagea.html0
1 5eyiid0  9eyiid.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6eyjvbw0 10eyjvbw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110bwomnduwaj0 10eyuzqp.exe111HKEY_LM\Run0 79TODO: <Product name? 0, 0, 7, 0, TODO: <Company name?. TODO: <File description>39http://www.absolutestartup.com/startup/1
2 7ezagent0 11ezagent.exe1 00 80EzVCR recording software for the ASUS TV FM card. Available via Start - Programs50http://www.asus.com/products/vga/tvfm/overview.htm0
3 8EzButton0 12EzButton.EXE1 00148EZbutton, is quick launcher of the Media player app that comes with certain laptops.  Typically installed in C:\Program Files\EzButton\EzButton.EXE. 01
2 6EZDesk0 10EZDESK.EXE1 00 82Utility that remembers icon locations for each user and resolution. Available here32http://members.aol.com/EzDesk95/0
410eTrustCIPE0 12ezdsmain.exe1 00164eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior128http://www10
2 8EzEjMnAp0 12EzEjMnAp.exe1 00272For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start - Programs 01
2 8EZEJMNAP0 12EzEjMnAp.Exe111HKEY_LM\Run0108IBM ThinkPad EasyEject Support Application 1, 0, 0, 0, IBM Corp.. IBM ThinkPad EasyEject Support Application39http://www.absolutestartup.com/startup/1
01439ELTFH25Z8SKF0 10Ezg1q5.exe1 00 57Seems to be associated with software by Resplendence SP ? 7#FF00000
1 5jijbl0  9ezlwy.bat1 00 24Added by the REDDW WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reddw@mm.html0
1 5ezula0 10eZmmod.exe1 00128Regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
3 7EZNORUN0 11EZNORUN.EXE1 00 22Easy Internet related? 01
2 9Web Offer0 13ezPopStub.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
1 9web offer0 13ezPopStub.exe1 00 15Added by  eZula90http://research.sunbelt-software.com/threat_display.cfm?name=eZula.WebOffer&threatid=149970
316ab EazyScheduler0 11ezsched.exe1 00  2?? 01
311EZSMART App0 11ezsmart.exe1 00 97EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported 01
4 7ezPS_Px0 11ezSP_Px.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px0 11ezSP_Px.exe1 00 68ezSP_Px Application 1, 0, 0, 0, Easy Systems Japan Ltd.. ezSP_Px MFC35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px0 11ezSP_Px.exe1 00 80ezSP_Px Application 1, 0, 0, 0, Easy Systems Japan Ltd.. ezSP_Px MFC Application 01
4 7ezPS_Px0 17ezSP_PxEngine.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px0 17ezSP_PxEngine.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
2 6eZstub0 10eZstub.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
1 9web offer0 12EZSTUB22.EXE1 00 21eZula  TopText adware44http://www.doxdesk.com/parasite/TopText.html0
1 9eZulaMain0 13eZulaMain.exe1 00136Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
1 9eZuluMain0 13eZuluMain.exe1 00 87Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work 01
115start athx roll0 11f0mered.exe1 00 28Added by the  RBOT.AAV WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AAV&VSect=P0
115Mozilla Firefox0 11F1REF0X.EXE1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
114Compaq Drivers0 13F1rewalls.exe1 00 31Added by the W32/Sdbot-WD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotwd.html0
310f1Tray.exe0 10F1TRAY.EXE1 00182System Tray icon for FusionOne’s MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"27http://www.mightyphone.com/0
1 4f6070  8f607.exe1 00 27Added by the URAT.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.urat.b.html0
111Conf Loader0 12F64MGR32.EXE1 00143Added by the Troj/Sdbot-GQ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgq.html0
116microsoft driver0  8faet.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8FS Agent0 10fagent.exe1 00 47Added by the Troj/Volver-B IRC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojvolverb.html0
125FAH@C:+FAH504-Console.exe0 18FAH504-Console.exe1 00267Folding@Home version 5.0.4. "Folding@Home is a distributed computing project -- people from through out the world download and run software to band together to make one of the largest supercomputers in the world. Every computer makes the project closer to our goals." 8<a href=0
2 5FAhid0  9Fahid.exe1 00 52Tablet drivers for Chinese and Japanese handwriting. 01
110[not used]0 12fakegina.dll1 00 54Added by the Trojan.Fakegina password-stealing Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.fakegina.html#technicaldetails0
112blah service0  9FaLeH.exe1 00133Added by the W32/Rbot-AES worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaes.html0
1 4UCmd0 12fallfour.exe1 00 49Added by the W32/Sdbot-AZA worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaza.html0
411Toshiba Fan0  7fan.exe1 00 97Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat 01
0 6fapmon0 10fapmon.exe1 00 63Fair Access Policy monitor for DirecPC/DirecWay internet access33http://www.copperhead.cc/fap.html0
3 8farmmext0 12farmmext.exe111HKEY_LM\Run0 380, 4, 1, 3, FarmMext. www.farmmext.com39http://www.absolutestartup.com/startup/1
1 8farmmext0 12farmmext.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 4Fash0  8Fash.exe1 00 27Ibis toolbar adware related68http://www.liutilities.com/products/wintaskspro/processlibrary/Fash/0
2 4fast0  8fast.exe1 00328Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys 01
2 8fastuser0  8fast.exe1 00328Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys 01
2 7FastUsr0  8fast.exe1 00  0 01
211FAST Defrag0  9FAST2.EXE1 00 33FastDefrag defragmenting software21http://www.ams.as.ro/0
227Microsoft Office Fast Cache0 12Fastboot.exe1 00137Part of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled63http://support.microsoft.com/default.aspx?scid=kb;en-us;Q1327550
1 7acocash0 12fastdown.exe1 00 21Adult content dialler 01
1 7acocash0 12fastfown.exe1 00 21Adult content dialler 01
310FastTVSync0 14FastTVSync.exe111HKEY_LM\Run0 49FastTVSync Module 1, 0, 0, 1, . FastTVSync Module39http://www.absolutestartup.com/startup/1
115Fat32 Microsoft0  9fat32.exe1 00232Added by the W32/Rbot-EL trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection also attempts to terminate various processes including other infections.55http://www.sophos.com/virusinfo/analyses/w32rbotel.html0
1 8fatrecov0 12fatrecov.exe1 00235Added by the TrojanSpy.SCKeyLog.j keylogger - A  keylogger or keyboard logger is a type of surveillance software  that has the capability to record every keystroke you make to a log file, which can then be sent to a specified receiver.46http://www.webopedia.com/TERM/K/keylogger.html0
316Windows Guardian0 12Fawgrd32.exe1 00158Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes 01
1 2110 13faxcomdos.exe1 00 12Added by the34Troj/Dloader-KF TROJAN/downloader!0
311CstlFaxTray0 11FaxTray.Exe1 00229Used by Castelle fax servers. This application allows you to directly access FaxPress functionality from your system tray. To store the icon in your system tray for ready access, click the check box for Run FaxTray in system tray23http://www.castelle.com0
1 8System330 10FB_PNU.EXE1 00 29Added by the NICHELLO-A WORM!59http://www.sophos.com/virusinfo/analyses/w32nicehelloa.html0
2 9PP****usb0 12FBDirect.exe1 00282Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start - Programs 01
3 8FBDirect0 12FBDirect.exe1 00282Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start - Programs 01
0 3FBI0  9FBISM.exe1 00 35Compaq related but what does it do? 01
326mount safe &amp;amp; sound0 11Fbmount.exe1 00  0 01
321Mount Safe &amp;Sound0 11Fbmount.exe1 00193From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start 01
317Mount Safe &Sound0 11Fbmount.exe1 00193From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start 01
1 6dvsfss0 12fbsfsdrs.exe1 00 27Added by the SDBOT-QA WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqa.html0
212BlazeChanger0 12FBZPaper.exe1 00 55Ember graphic file viewer, manager, and touch-up system30http://www.firehand.com/Ember/0
3 9FastCache0  6fc.exe1 00 77FastCache from AnalogX - speeds up browsing by resolving DNS requests locally55http://www.analogx.com/contents/download/network/fc.htm0
1 8fcengine0 12FCEngine.exe1 00 24CASClient adware variant109http://re0
1 6fchelp0 10FCHelp.exe1 00 30Added by either  Adware.FCHelp74http://securityresponse.symantec.com/avcenter/venc/data/adware.fchelp.html0
112User Manager0 10fcllls.exe1 00 36Added by the  Troj/Zagaban-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojzagabanb.html0
328Freecom Personal Media Suite0  9FCPMS.exe125StartUp menu\Current user0 64Freecom Personal Media Suite 1.27, Freecom. Personal Media Suite39http://www.absolutestartup.com/startup/1
3 6FD_SAP0  6FD.exe1 00 27Genicom SAP Printer driver. 01
322Free Downloads Monitor0 10fdcmon.exe1 00  2?? 01
110FDD SYSTEM0  7Fdd.exe1 00 61Added by the W32/Mytob-FO mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobfo.html0
1 6msjdqs0 10fddwqt.exe1 00132Added by the W32/Sdbot-POworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotpo.html0
1 8fdifekae0 12fdifekae.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221Free Download Manager0  7fdm.exe1 00 32Free Download Manager - see here14- see <a href=0
221Free Download Manager0 16fdm.exe -autorun211HKEY_CU\Run0 50Free Download Manager 1.0, . Free Download Manager39http://www.absolutestartup.com/startup/1
1 6fdnqlb0 10fdnqlb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Windows Update0  8fdos.exe1 00 48Added by the W32/Rbot-COG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcog.html0
117Microsoft Startup0 11FDWQCVE.EXE1 00152Added by the W32/Sdbot-BA backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotba.html0
1 8fdwwrlmd0 12fdwwrlmd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9msgsmrsgs0  9fdxit.exe1 00132Added by the W32/Sdbot-QYworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotqy.html0
311ODBC BackUp0  9fdxxl.exe1 00156G Data "PC Spion" - monitoring and surveillance software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
3 8SysPilot0  9fdxxl.exe1 00  0 8PC Spion0
112Fear Service0 10fear32.exe1 00 32Added by the W32/Tilebot-T worm.57http://www.sophos.com/virusinfo/analyses/w32tilebott.html0
118Monitor SynManager0 12FECWVNCD.EXE1 00121Added by the W32/Sdbot-IW worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotiw.html0
1 8FixError0 10fedisk.com1 00 48Added by the Troj/IRCBot-HH IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojircbothh.html0
319FEELitDeviceManager0 12feelitdm.exe1 00115Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals) 01
123Microsoftf DDEs Control0  8FEnR.exe1 00133Added by the W32/Rbot-AIM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaim.html0
112Fen Startups0 12fensvc32.exe1 00 29Added by the RANDEX.CCF WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ccf.html0
1 9hpDexmark0 11feqfevhj.ex1 00130Added by the W32/Sdbot-RA worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotra.html0
316FerrariWallPaper0 13FerrariWP.exe1 00155Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com 01
316FerrariWallPaper0 13FerrariWP.exe111HKEY_LM\Run0 18WallPaper 1.00, ..39http://www.absolutestartup.com/startup/1
1 6fetimr0 10fetimr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4feyo0  8feyo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0  6FF.EXE1 00 29Added by the W32/Rirc-D worm.54http://www.sophos.com/virusinfo/analyses/w32rircd.html0
1 9SAvasddwq0  9ffasd.exe1 00130Added by the W32/Sdbot-SI worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotsi.html0
322FriendFinder Messenger0  9FFIMC.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 4ffis0 13ffisearch.exe1 00 33iSearch "Desktop Search" hijacker 01
1 7dS35DLL0  9ffqca.exe1 00121Added by the W32/Sdbot-KV worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkv.html0
120Windows Reg Services0 13ffservice.exe1 00 47Added by the Troj/Redrival-A downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojredrivala.html0
1 7ffspjte0 11ffspjte.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7DfqwSfS0 10ffsqsd.exe1 00130Added by the W32/Sdbot-SH worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotsh.html0
1 5fggmf0  9fggmf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8CRCCheck0 10FGHECX.EXE1 00121Added by the W32/Sdbot-JU worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotju.html0
1 6fginqv0 10fginqv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311FolderGuard0  9FGKEY.EXE1 00 85Part of the Winability's Folderguard program.  Used to protect folders on a computer.26http://www.winability.com/0
1 6fgqyos0 10fgqyos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5fgsrv0  9fgsrv.dll1 00 71Added by the Troj/Fgbot-A Trojan.br /br /Uses CLSID: b{random clsid}/b.56http://www.sophos.com/virusinfo/analyses/trojfgbota.html0
1 7fhsvbec0 11fhsvbec.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7fhtfnoe0 11fhtfnoe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7Fhtisxk0 11fhtisxk.exe1 00206XtraKeys - keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove via Spybot S&D (for example) 01
119ProcessEnumerator320  8fi49.exe1 00133Added by the W32/Sdbot-ACN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacn.html0
132windows service pack auto update0 10figgaz.exe1 00 96Added by a  TROJAN.CLICKER - identified by  Kaspersky antivirus as Trojan-Clicker.Win32.Agent.bt46http://www.f-secure.com/v-descs/trojclik.shtml0
122Microsoft DLL Verifier0  8file.exe1 00134Added by the  W32/Rbot-AED worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaed.html0
3 6FileBX0 10FileBX.exe122StartUp menu\All users0 74FileBox eXtender 1, 90, 3, 0, Hyperionics Technology LLC. FileBox eXtender39http://www.absolutestartup.com/startup/1
122ntfss microsoft system0 10filees.exe1 00 28Added by the  RBOT.GAB WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GAB&VSect=P0
316FileList.org.URL0 16FileList.org.URL125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
115service cleaner0  9filen.exe1 00 28Added by the  RBOT.BRH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRH&VSect=T0
1 7Systray0 12filename.exe1 00 19Winfavorites adware80http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html0
122ntfss microsoft system0 10filess.exe1 00 28Added by the  RBOT.AXZ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AXZ&VSect=P0
111SystemTasks0  9filez.exe1 00 21Adult content dialler 01
3 8filmloop0 19FilmLoopService.exe1 00 94Related to  FilmLoop A photocasting network. Share your Pictures with your family and friends.24http://www.filmloop.com/0
310FilterGate0 14filtergate.exe1 00120Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items26http://www.filtergate.com/0
311Filterguard0 12Filtrgrd.exe1 00289An icon located in the lower left of the screen and looks like a lifesaver. This icon is a “short-cut” to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by “right-clicking” on the icon 01
1 4find0  8find.exe1 00126With the word this being a link.  This infection also connects to an IRC server where it waits for remote commands to execute. 01
319Microsoft Find Fast0 12FINDFAST.EXE125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 9Find Fast0 12Findfast.exe1 00121Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier 01
119Microsoft Find Fast0 12Findfast.exe1 00142Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier 01
211BrowseProxy0 15FindService.exe1 00212Actual Names - "It is now possible to enter a particular word or keyword phrase that is associated with your business, and immediately be directed to YOUR WEBSITE! The Actual Names technology can do this for you"46http://actualnames.com/index.php?cont=products0
1 9ASDPLUGIN0 11Finland.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
114Mozila Firefox0 11firebox.exe1 00133Added by the W32/Rbot-AIP worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaip.html0
1 7FireFox0 11firefox.exe1 00132Added by the W32/Rbot-ATP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatp.html0
119firefox auto update0 11firefox.exe1 00 50Added by the W32/Tilebot-DN worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdn.html0
221Firefox Preloader.lnk0 20FirefoxPreloader.exe1 00 84Used by Firefox to load portions of the program into memory so its launched quicker. 01
314McAfeeFireTray0 12Firetray.exe111HKEY_LM\Run0107McAfee Desktop Firewall 8.5, Networks Associates Technology, Inc.. McAfee Desktop Firewall Tray Application39http://www.absolutestartup.com/startup/1
116Windows Firewall0 12FIREWAL1.EXE1 00144Added by the W32/Rbot-DB trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotdb.html0
1 8firewall0 12Firewall.bat1 00 31Added by the  VBS.Ypsan.G(AT)mm75http://securityresponse.symantec.com/avcenter/venc/data/vbs.ypsan.g@mm.html0
110Protection0 12Firewall.exe1 00 77Added by W32/Elitper-A, a WORM, and found inthe Windows Program Files folder.57http://www.sophos.com/virusinfo/analyses/w32elitpera.html0
124Windows Network Firewall0 12firewall.exe1 00 44Added by the W32/Poebot-J WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotj.html0
4 7dwStart0 12FireWall.exe1 00 47Shield Firewall 3, 1, 0, 0, NextAisle. Firewall 01
4 7dwstart0 12FireWall.exe1 00 19The_Shield Firewall46http://www.pcsecurityshield.com/webApp/208.asp0
113firewall_anti0 17firewall_anti.exe1 00 35Added by the Troj/Netdeny-A trojan.58http://www.sophos.com/virusinfo/analyses/trojnetdenya.html0
122Life Personal Firewall0 18FirewallingV10.exe1 00 48Added by the W32/Rbot-BKF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbkf.html0
118Microsoft Firewall0 15firewallsp2.exe1 00 26Added by the RBOT-MC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmc.html0
315firewallstartup0 19Firewallstartup.exe1 00 21Innovative  Solutions30http://www.innovative-sol.com/0
111FirewallSvr0 15FirewallSvr.exe1 00 40Added by the NETSKY.X or NETSKY.Y WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.x@mm.html0
121Life FireWall Update10 20FireWall-Update1.exe1 00145Added by the W32/Rbot-ARS worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotars.html0
120Personal Firewall V90 21Firewall-UpdateV9.exe1 00 48Added by the W32/Rbot-BJR worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbjr.html0
133Microsoft Synchronization Manager0 12firewire.exe1 00133Added by the W32/Sdbot-AFC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafc.html0
1 9weboqacuc0 13FIRITIROL.EXE1 00127Added by the W32/Sdbot-UC. When started this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuc.html0
1 6serves0 13FirstLove.vbs1 00 12Added by the17VBS/VBSWG-D WORM!0
218Admin Bin Mp3 Bait0 13FirstPeak.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7HGTXPEI0 15FirstReboot.exe1 00118Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -&gt; Settings -&gt; Control Panel 01
1 7SyncMon0 13fixcomdos.exe1 00 43Added by the Troj/Clunky-B backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojclunkyb.html0
115ARCHIVE CONTROL0 14fixupdattr.exe1 00137Added by the W32.Mytob.GU@mm worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.gu@mm.html#technicaldetails0
1 50agU30  9fiyej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5fjgcb0  9fjgcb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6fjmenu0 10FjMenu.exe1 00407From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, Organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX,  Enable/disable Button Panel and the Fujitsu menu settings, which are customizable. 01
312fujitsu menu0 12FjMnuIco.exe1 00407From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, Organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX,  Enable/disable Button Panel and the Fujitsu menu settings, which are customizable. 01
1 4fjqi0  8fjqi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313FJTWAIN Setup0 22FjtwSetup.exe /Station211HKEY_LM\Run0 76Scanner Utility for Microsoft Windows 1, 1, 7, 0, FUJITSU LIMITED. FjtwSetup39http://www.absolutestartup.com/startup/1
2 8fkSysMon0 12fksysmon.exe1 00153fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"39http://www.fkware.com/sysmon/index.html0
1 3Boq0  7Fla.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 3Kcp0  7Fla.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6flacpy0 10flacpy.exe1 00 28FlashEnhancer adware variant60http://sarc.com/avcenter/venc/data/adware.flashenhancer.html0
2 7FLASH320 11flash32.exe1 00  2?? 01
116Macromedia Flash0 16flash8player.exe1 00 50Added by the W32/Tilebot-EI worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotei.html0
1 9flashdrvr0 13Flashdrvr.dll1 00115Added by the Troj/Haxdoor-BX Trojan.  This infection is bundled with the rootkit C:\Windows\System32\Flashdrv3.sys.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbx.html0
3 8FlashEnc0 12FlashEnc.exe1 00247Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission. which is a pain. No need for it if you do not want these features 01
125Flashget Download Manager0 12Flashget.exe1 00 51Added by the W32/Rbot-AGZ WORM/IRC backdoor trojan!56http://www.sophos.com/virusinfo/analyses/w32rbotagz.html0
211DataCaching0 12FlashKsk.exe1 00162SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon24http://www.smartdisk.com0
117Flash Memory tool0 12FLASHMGR.EXE1 00 42Added by the Troj/Riler-F backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojrilerf.html0
2 9Flashnote0 13flashnote.exe111HKEY_CU\Run0 70FlashNote Application 1, 3, 0, 0, Softvoile. FlashNote MFC Application39http://www.absolutestartup.com/startup/1
2 7PP3100b0 11flatbed.exe1 00184Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop 01
114kl antifunlove0  9flcss.exe1 00118Added by the  W32.Funlove.4099 WORM! **Note:  located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (XP/WinNT/2K)77http://securityresponse.symantec.com/avcenter/venc/data/w32.funlove.4099.html0
1 8fldiysch0 12fldiysch.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7fldrsys0 11fldrsys.dll1 00 96Added by the Troj/Agent-QY Trojan.br /br /Uses CLSID: b{A49667E0-E10C-4BAB-98B5-54FC5A6F3AF9}/b.57http://www.sophos.com/virusinfo/analyses/trojagentqy.html0
1 7FlenCPY0 11flencpy.exe1 00 28FlashEnhancer Adware variant 01
311FlexType 2K0 10Flex2K.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
3 7Flexicd0 11Flexicd.exe1 00 40CD player - part of the Win95 Power Toys86http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp0
1 8jvdnlssn0 12fljzsshc.exe1 00 60Flingstone.com adware - and its Golden Palace Casino program 01
115[Various Names]0  9FLKPT.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6flncpy0 10flncpy.exe1 00 28FlashEnhancer adware variant60http://sarc.com/avcenter/venc/data/adware.flashenhancer.html0
310Flow Go TV0 11flogotv.exe1 00  2?? 01
1 8FLooDNeT0 11FLooDeR.exe1 00 30Added by of the ENDOOL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.endool.html0
110OLE Object0  9floop.dll1 00 71Added by the Troj/Proxmeg-B proxy Trojan.br /br /Uses CLSID: bRandom/b.58http://www.sophos.com/virusinfo/analyses/trojproxmegb.html0
1 4flps0  8flps.vbs1 00 24Added by the BYRON WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bryon@mm.html0
1 8flpycntl0 12flpycntl.exe1 00 30Added by the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
217FlashPath Monitor0 12FLSHSTAT.EXE1 00184System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start - Programs 01
216FlashPath Status0 12FLSHSTAT.EXE1 00  0 01
2 6FLSVCI0 10FLSVCI.exe1 00  2?? 01
1 7NotFaut0 10flxper.exe1 00 49Added by the W32/Sdbot-AGZ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagz.html0
114FlyswatDesktop0 11flydesk.exe1 00 19Advertising spyware 01
315FaxCenterServer0 10fm3032.exe1 00234FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others.41http://www.data-tech.com/content/fax.aspx0
315FaxCenterServer0 13fm3032.exe /s2 00  0 01
310FmctrlTray0 10Fmctrl.EXE1 00130Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used) 01
2 4run=0 10fmedia.exe1 00 45FMedia FaxWorks related - can be run manually 01
311FreeMem Pro0 11FMEMPRO.EXE1 00186Some users swear by memory management utilities such as FreeMem Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
311FreeMem Pro0 21fmempro.exe autostart211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
112fmnwebassist0 16fmnwebassist.exe1 00 22Adware popup generator 01
1 8fmopkwsg0 12fmopkwsg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7FMStart0 11Fmstart.exe1 00150GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop28http://www.gfi.com/faxmaker/0
1 4FMSZ0  8fmsz.exe1 00 25Added by the FMSZ TROJAN!45http://www.pestpatrol.com/pestinfo/f/fmsz.asp0
317Alcom PCL Capture0 12FMW_PCAP.EXE1 00  2?? 01
114Fenio Startups0 12fnesvc32.exe1 00 59A variant of the Agobot WORM/IRC backdoor Trojan adds this.57http://www.sophos.com/virusinfo/analyses/w32agobotos.html0
112fnmwebassist0 16fnmwebassist.exe1 00 12WinPL adware38http://doxdesk.com/parasite/WinPL.html0
1 4fnnr0  8fnnr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Npe0  7Fnt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4run=0 10fntldr.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8fnvfseve0 12fnvfseve.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4fnxr0  8fnxr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 5Focus0  9Focus.exe1 00 26ISDN configuration wizard? 01
1 6foikvh0 10foikvh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110RealP1ayer0 10folder.bat1 00113Added by the Trojan.Rplay.A Trojan!  Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
110RealP1ayer0 10folder.exe1 00113Added by the Trojan.Rplay.A Trojan!  Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
318folderclone v*.*.*0 15folderclone.exe1 00 47Folderclone backup and synchronization software37http://www.folderclone.com/fcinfo.htm0
4 4fspr0 16FolderShield.exe1 00 47Folder Shield - hide personal files and folders38http://www.baxbex.de/foldershield.html0
311folder view0 14folderview.exe1 00106Folder_View enhances the Windows file Explorer by making all folders you need available in a single click.37http://www.folderview.com/folderview/0
218FoneSyncSystemTray0 22FoneSyncSystemTray.exe1 00284System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required 01
1 7FontFix0 11fontfix.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
110AdobeFonts0  9fonts.hta1 00 48Browser hijacker - redirecting to Hugesearch.net 01
1 9TrueFonts0  9fonts.hta1 00  0 01
1 8FONTVIEW0 12FONTVIEW.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 5filit0 10foobar.exe1 00 39Added by the Troj/Perda-F proxy Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdaf.html0
1 7Tiny AV0 11fooding.exe1 00 27Added by the NETSKY.I WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.i@mm.html0
2 6Forbes0 16ForbesAlerts.exe1 00 95Forbes Business News Alerts - displays business news headlines in a little window on the screen 01
1 6deejay0 10forboo.exe1 00 28Added by the FORBOT-AY WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotay.html0
115[Various Names]0 16forces_elite.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 7Systrsy0 12format32.exe1 00 12Added by the19W32/Cellery-A WORM!0
1 6avnort0 13formatsys.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5ltwob0 13formatsys.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5serpe0 13formatsys.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 8RunDLL320  4foto1 00 31Added by the W32/Bimoco-A WORM!56http://www.sophos.com/virusinfo/analyses/w32bimocoa.html0
1 4foto0  8foto.exe1 00129Added by the a href ="http://www.sarc.com/avcenter/venc/data/backdoor.antilam.g1.html" target="_new"Backdoor.Antilam.g1 backdoor. 01
328viewpointphotosdeviceconnect0 24FotomatDeviceConnect.exe1 00294Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this  article You can remove it, go to Start - Control Panel - Add/Remove Programs list... 3bad0
227FotoStation Easy AutoLaunch0 31FotoStation Easy AutoLaunch.exe2 00193Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either 01
3 7Foul PX0 10FoulPX.exe1 00 36Foul PX, Optusnet usage stat checker 01
3 9FourthDay0 13FourthDay.exe1 00 70The Fourth Day - "astronomical clock and almanac for your system tray"46http://www.starstonesoftware.com/fourthday.htm0
1 7foveegm0 11foveegm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5foxdh0  9foxdh.exe1 00 56Added by the Troj/GWGhost-Q information stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojgwghostq.html0
1 5foxdh0 12foxdhend.exe1 00 97Added by the PWSteal.Menghuan password-stealing trojan for the online game Menghuan Xiyou Online.77http://www.sarc.com/avcenter/venc/data/pwsteal.menghuan.html#technicaldetails0
1 5Foxdh0 13foxdhsend.exe1 00 35Added by the TSPY_FOLIN.AP spyware.96http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FFOLIN%2EAP&VSect=Td0
1 8foxmkbvb0 12foxmkbvb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7foxrxjh0 11foxrxjh.exe1 00 35Added by the Troj/GWGhost-T Trojan.58http://www.sophos.com/virusinfo/analyses/trojgwghostt.html0
314Fatpipe Dialer0 12fpdialer.exe1 00137Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users 01
223FinePrint Dispatcher v50 12fpdisp5a.exe1 00135Added by Fineprint. "FinePrint is a Windows printer driver that saves ink, paper and time by controlling and enhancing printed output."54http://www.fineprint.com/products/fineprint/index.html0
323FinePrint Dispatcher v50 12fpdisp5a.exe111HKEY_LM\Run0 50FinePrint 5.25, FinePrint Software, LLC. FinePrint39http://www.absolutestartup.com/startup/1
323FinePrint Dispatcher v50 25fpdisp5a.exe /source=HKLM2 00 50FinePrint 5.35, FinePrint Software, LLC. FinePrint 01
223FinePrint Dispatcher vx0 12FPDISPxA.EXE1 00185FinePrint - virtual printer for use with any printer. Search for "dispatcher"  here for more information. If removed, it will re-install when program is run - hence the Y recommendation44http://www.softwarelabs.com/fp/fineprint.htm0
228pdfFactory Pro Dispatcher v10 11fppdis1.exe1 00151With pdfFactory you can create PDF documents from any program printing to the virtual PDF printer. Available via a desktop shortcut or Start - Programs44http://www.fineprint.com/software/index.html0
328pdfFactory Pro Dispatcher v20 12fppdis2a.exe111HKEY_LM\Run0 72FinePrint pdfFactory 2.25, FinePrint Software, LLC. FinePrint pdfFactory39http://www.absolutestartup.com/startup/1
328pdfFactory Pro Dispatcher v20 25fppdis2a.exe /source=HKLM2 00 52pdfFactory 2.43, FinePrint Software, LLC. pdfFactory 01
326Warning: do not remove it!0 11fpplock.exe1 00141Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data" 01
115Terminate Popup0  8FPUK.exe1 00257a target="_blank" href="http://www.free-popup-killer.com/"Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411"here 01
2 8FPWGMWZD0 12FPWGMWZD.exe1 00  2?? 01
4 9FoolProof0 12fpwinldr.exe1 00 55FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
1 7fI@HOME0 10fq13rp.exe1 00135Added by the Troj/Ranck-AE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckae.html0
1 6fqdlgc0 17fqdlgc.exe -start211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4fqfy0  8fqfy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
413Quick Startup0 12Fquick32.exe1 00 91For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone31http://www.nisis.com/index.html0
1 6fqytuf0 10fqytuf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9ASDPLUGIN0 10france.exe1 00 69Added by a variant of the  ASDPLUG adult content premium rate dialer!58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
3 5Fraps0  9FRAPS.EXE1 00 37FRAPS 2, 7, 0, 5492, Beepa P/L. Fraps 01
3 5Fraps0  9fraps.exe1 00 38Fraps Real-Time Video Capture software 01
3 5Fraps0 30fraps.exe /nosplash /minimized2 00 37FRAPS 2, 7, 2, 5533, Beepa P/L. Fraps 01
216Monstersoundtray0 12Freectrl.exe1 00 43Diamond Multimedia sound card control panel 01
3 9Safeworld0 11Freedom.exe1 00 27SafeWorld Internet Security72http://www.safeworldsoftware.com/products/is2003_features.html/SafeWorld0
322Zero Knowledge Freedom0 11Freedom.exe111HKEY_CU\Run0 71Freedom 3.2.0 3.2.0.2002.0304, Zero-Knowledge Systems Inc.. Freedom 3.239http://www.absolutestartup.com/startup/1
4 7Freedom0 11Freedom.exe1 00 69Freedom 5.1.3 5.1.3.36337, Zero-Knowledge Systems Inc.. Freedom 5.1.3 01
4 7Freedom0 11Freedom.exe1 00173Zero Knowledge Freedom - Anti-Virus, Personal Firewall and Parental Control, it also blocks ads, safeguards your personal information, encrypts your passwords, and much more23http://www.freedom.net/0
422TELUS Security service0 11freedom.exe1 00 63Freedom Internet Security, provided by TELUS Communications Inc60http://www.freedom.net/products/bundles/security_bundle.html0
310FreeMemVn20 11FreeMem.exe1 00182Some users swear by memory management utilities such as FreeMem but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
4 8Freenote0 12freenote.exe1 00 96FreeNote is a freeware application that lets you place virtual sticky notes around your desktop.39http://www.mgshareware.com/fnmain.shtml0
310FreeRAM XP0 29FreeRAM XP Pro 1.40.exe /tray2 00 76FRXPRO 1.0.0.0, YourWare Solutions (TM). FreeRAM XP Pro (YourWare Solutions) 01
310FreeRAM XP0 28FreeRAM XP Pro 1.40.exe -win211HKEY_CU\Run0 76FRXPRO 1.0.0.0, YourWare Solutions (TM). FreeRAM XP Pro (YourWare Solutions)39http://www.absolutestartup.com/startup/1
310FreeRAM XP0 20FreeRAM XP Pro x.exe2 00223Some users swear by memory management utilities such as FreeRAM XP Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind. "x" indicates the version number33http://www.yourwaresolutions.com/0
314BySoft FreeRAM0 11FreeRAM.exe111HKEY_CU\Run0 64BySoft FreeRAM - freeware 4.0, BySoft. BySoft FreeRAM - freeware39http://www.absolutestartup.com/startup/1
214Spyware Begone0 12freescan.exe1 00 73Spyware BeGone - free spyware removal utility. Not recommended - see note52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
116Spyware Vanisher0 15FreeScanner.exe1 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
114ET dll Locator0 11frepdll.exe1 00 32Added by the W32/Tilebot-D worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotd.html0
2 9freshclam0 13freshclam.exe1 00 58Auto update agent of the open source Clamwin virus scanner23http://www.clamwin.com/0
313Fresh Desktop0 16freshdesktop.exe1 00195Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals41http://www.softcows.com/fresh_desktop.htm0
322FridaysInHellInstaller0 26FridaysInHellInstaller.exe1 00  2?? 01
1 4frjs0  8frjs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119windows frame works0 13frmwrks32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 6FG1_000 12frntgate.exe1 00 34FrontGate MX - e-mail spam blocker54http://www.presorium.com/en_au/products/fg/index.shtml0
318free ram optimizer0  7fro.exe1 00 94Free_Ram_Optimizer monitors your memory, and frees up ram if it falls below a certain minimum.37http://www.acelogix.com/freeware.html0
1 4Frsk0  8frsk.exe1 00 37Unidentified adware downloader trojan 01
122Windows network client0 12FRundlll.exe1 00 45Added by the Troj/GrayBrd-CA backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdca.html0
112Windows Rwxf0 12FRundlll.exe1 00 44Added by the Troj/GrayBrd-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojgraybrda.html0
1 8WindowsF0 12FRundlll.exe1 00 45Added by the Troj/GrayBird-Y backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdy.html0
4 7FRW_EXE0  7FRW.EXE1 00 55ConSeal Signal9 firewall - now McAfee Personal firewall42http://www.claymania.com/rate-conseal.html0
4 8frxmxins0 12frxmxins.exe1 00 28ATI 3D Studio MAX/VIZ driver 01
3 8Fryderyk0 12fryderyk.exe111HKEY_CU\Run0 34Fryderyk 1.6, Aktywni.pl. Fryderyk39http://www.absolutestartup.com/startup/1
3 7DepFrez0 12frzstate.exe1 00249Deep Freeze from Hyper Technologies. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example70http://www.winselect.com/pages/deepfreeze/dpfrz_info.htm?B13=More+Info0
310freesurfer0  8fs20.exe1 00 38EMS Free Surfer mk II - pop-up stopper39http://www.kolumbus.fi/eero.muhonen/FS/0
4 4fsaa0  8fsaa.exe1 00108F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers53http://www.f-secure.com/products/anti-virus/fsav2005/0
1 4fsbq0  8fsbq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7FSCBoss0 11FSCBoss.exe1 00 36Free Store Club shop online software53http://freestorenow.com/dollardriven/makingmoney.html0
318FRISK FP-Scheduler0 11F-Sched.exe1 00 99Scheduler for  F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis22http://www.f-prot.com/0
318FRISK FP-Scheduler0 19F-Sched.exe STARTUP2 00106Scheduler for F-Prot for Windows 1, 0, 0, 8, FRISK Software International. Scheduler - Windows application 01
2 7FSDPSRV0 11FSDPSRV.exe1 00  2?? 01
1 8dasxdads0  9fsdqd.exe1 00 29Added by the GAOBOT.BIQ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.biq.html0
3 6fsserv0  9fserv.exe1 00272a target="_blank" href="http://www.bysoft.se/sureshot/farsighter/manual.html"Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time 01
129DirectX for Microsoft Windows0 12Fservice.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
134DirectX For Microsoft&reg; Windows0 12fservice.exe1 00 12Added by the21Troj/Prorat-L TROJAN!0
1 8Trickler0  7fsg.exe1 00  6Adware 01
1 8Trickler0 12Fsg_3202.exe1 00 96Added by the Gator Adware.  This program downloads and displays advertisements on your computer.56http://www.sarc.com/avcenter/venc/data/adware.gator.html0
212fsg_4104.exe0 12fsg_4104.exe1 00 53Installed with Kazaa and believed to be Gator adware? 01
1 8Trickler0 12fsg_4203.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Trickler0 15fsg-ag_3102.exe1 00  6Adware 01
1 6fsliqy0 18fsliqy.exe  -start211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
416F-Secure Manager0  9FSM32.EXE1 00 66F-Secure Antivirus - carry out scheduled virus scans automatically44http://www.f-secure.com/products/anti-virus/0
416F-Secure Manager0 17FSM32.EXE /splash2 00 98F-Secure Management Agent 5.80 Build 8213 , F-Secure Corporation. F-Secure Settings and Statistics 01
325F-Secure Management Agent0 10FSMA32.EXE1 00104F-Secure Antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products44http://www.f-secure.com/products/anti-virus/0
3 3fsp0  7fsp.exe1 00115Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents39http://www.baxbex.com/foldershield.html0
413f-secure 20060  9fspex.exe1 00 37F-Secure Anti-Virus automatic updater53http://www.f-secure.com/products/anti-virus/fsav2006/0
2 8FSScrCtl0 12FSScrCtl.exe1 00101Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver" 01
220Screen Saver Control0 12FSScrCtl.exe1 00151Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon 01
220Screen Saver Control0 12FSScrCtl.exe1 00 93Stardust Screen Saver Toolkit 2.1 2, 1, 0, 46, Stardust Software. Screen Saver Control applet 01
423F-Secure Startup Wizard0  8FSSW.EXE1 00 18F-Secure antivirus44http://www.f-secure.com/solutions/home.shtml0
423F-Secure Startup Wizard0 16FSSW.EXE /reboot2 00 89F-Secure Personal Express 5, 10, 0, 0, F-Secure Corporation. F-Secure PEX Start-up Wizard 01
4 7F-StopW0 11F-StopW.exe1 00 55F-Prot anti-virus background scanner by F-Risk Software21http://www.f-prot.com0
4 7F-StopW0 11F-StopW.EXE111HKEY_LM\Run0 75F-StopW NT/2000/XP 3.16, Frisk Software International. F-StopW Version 3.1639http://www.absolutestartup.com/startup/1
1 3FSW0  7FSW.exe1 00 26FreeScratchAndWin parasite54http://www.doxdesk.com/parasite/FreeScratchAndWin.html0
110SysDesktop0  9fswan.exe1 00 35Added by the Troj/QQPass-AF Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassaf.html0
110SysDesktop0 11fswanQQ.exe1 00 52Added by the Troj/QQSend-A password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqsenda.html0
311fswebserver0  8fsws.exe1 00174Easy_File_Sharing_Web_Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services.28http://www.sharing-file.com/0
115[Various Names]0  9ftbar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
4 8GilatFTC0  7ftc.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
223faxtalk callcontrol 6.00 12FTClCtrl.EXE1 00176This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually 01
211CallControl0 12ftctrl32.exe1 00268FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows 01
316anycom bluetooth0 15ftflauncher.exe1 00 50Associated with an Anycom bluetooth wireless card. 01
1 6ftkcpy0 10ftkcpy.exe1 00 28FlashEnhancer adware variant60http://sarc.com/avcenter/venc/data/adware.flashenhancer.html0
312FTMSFLT(USB)0 12FTMSFLTU.EXE1 00 38Fujitsu's Touch Panel Message Notifier 01
218BMail Installation0 12FTP_back.exe1 00202Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not20http://www.imesh.com0
1 9MSFWAVTSM0 10FTPDev.exe1 00108Added by the W32/Rbot-ACF worm. This infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotacf.html0
210ftpmanager0  8FTPDM.ex1 00300Robust_FTP is a Windows-based file transfer client application that transfers files between a user’s local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (With upload transfer resume and download transfer resume) - can be started manually.31http://www.robust.ws/ftpdm.html0
210ftpmanager0  9FTPDM.exe1 00298Robust FTP is a Windows-based file transfer client application that transfers files between a user’s local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume). Can be started manually31http://www.robust.ws/ftpdm.html0
1 9FTPGraber0 13FTPGraber.exe1 00 31Added by the DLOADER-DT TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderdt.html0
113kernel faults0 11ftphost.exe1 00 28Added by the  RBOT.BHU WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHU&VSect=P0
123QoS RSVP accdes service0 16ftplanServer.exe1 00 43Added by the Troj/Feutel-U backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelu.html0
1 6irwftp0 10ftpmon.exe1 00103Added by a password stealing TROJAN, Troj/Bancban-BO.  This file is found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbo.html0
3 8Ftpqueue0 12Ftpsched.exe1 00 80Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers40http://www.ipswitch.com/Products/WS_FTP/0
110FUS_Server0 13FTPServer.exe1 00 45Added by the Troj/Hupigon-RO backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigonro.html0
115ftp for windows0 12ftpwin32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
020%FP%012-L2TP fts.exe0  7fts.exe1 00 20012.Net ISP software 01
025%FP%1776 Internet fts.exe0  7fts.exe1 00 261776 Internet ISP software 01
020%FP%Barak013 fts.exe0  7fts.exe1 00 21Barak013 ISP software 01
020%FP%Friendly fts.exe0  7fts.exe1 00 60Friendly ISP software -  what does it do and is it required? 01
220%FP%Friendly fts.exe0  7fts.exe1 00 60Friendly ISP software -  what does it do and is it required? 01
220%FP%Friendly fts.exe0  7fts.exe1 00 56Friendly Products 1, 0, 0, 0, Friendly Technologies. fts 01
415FlexType 2K.lnk0 11FType2K.exe1 00 44A program used to write and read in Cyrillic 01
122WINDOWS FUCK BY CLASIC0  8fuck.exe1 00131Added by the W32/Zotob-H worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32zotobh.html0
1 5super0 10fuckbx.exe1 00 36added by the  Troj/Lineage-H TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlineageh.html0
139find a cheaper pussy then this, fuck it0 10FUCKIT.EXE1 00151Added by the W32/SdBot-C backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32sdbotc.html0
121NTSF MICROSOFT SYSTEM0 10fufffy.exe1 00133Added by the W32/Rbot-AEL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotael.html0
1 7fugujml0 11fugujml.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Amq0  7Fuh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112fukerservice0 10fukerz.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7reg_key0 13FUKULAMER.exe1 00 28Added by the BEAGLE.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ah@mm.html0
1 9ASDPLUGIN0 13fullgames.exe1 00 33Premium rate adult content dialer 01
113Microsoft DLL0 10fumeta.exe1 00132Added by the W32/Rbot-AUG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaug.html0
122Userinterface Reporter0 17fuuuucktttttt.exe1 00151Added by the  W32/Mytob-DK worm. When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.56http://www.sophos.com/virusinfo/analyses/w32mytobdk.html0
1 4fvek0  8fvek.exe1 00 34Added by the Troj/Drivol-A trojan.57http://www.sophos.com/virusinfo/analyses/trojdrivola.html0
425Find Virus Launch Program0 12fvlaunch.exe1 00 81Part of a target="_blank" href="http://www.drsolomon.com/"Dr. Solomon's Antivirus 01
119Norton Antivirus AV0 13FVProtect.exe1 00 71Added by the NETSKY.P WORM! Note - this is not the popular AV software!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.p@mm.html0
1 4fvxv0  8fvxv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8firewall0 10fw_304.exe1 00 34Added by the Troj/Bdoor-JQ Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorjq.html0
1 8fwabrjwe0 12fwabrjwe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
016hp 1000 firmware0  8fwdl.exe1 00 96HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)? 01
3 8UpdateFW0 11fwdload.exe1 00 98Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module? 7#FF00000
110FWDMON.EXE0 10fwdmon.exe1 00 42Added by the Troj/Proxy-S backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojproxys.html0
316fritz!webprotect0 12FwebProt.exe1 00 44Firewall included in FRITZ! ISP DSL software 01
4 9fwenc.exe0  9fwenc.exe1 00262a target="_blank" href="http://www.checkpoint.com/products/protect/vpn-1_srsc.html"Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers" 01
113fwin32 Loader0 10FWIN32.EXE1 00142Added by the W32/SdBot-GH worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgh.html0
1 6fwjtos0 10fwjtos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116All Sea web link0 10FWLink.exe1 00 69Free screensaver, installs lots of foistware. See here. Get rid of it42, installs lots of foistware. See <a href=0
112msfirewall320 10FWMs32.exe1 00 40Added by the Troj/Proxy-AA proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxyaa.html0
025%FP%012-L2TP FWPortal.exe0 12FWPortal.exe1 00 20012.Net ISP software 01
030%FP%1776 Internet FWPortal.exe0 12FWPortal.exe1 00 261776 Internet ISP software 01
025%FP%Barak013 FWPortal.exe0 12FWPortal.exe1 00 21Barak013 ISP software 01
118Fwr Command Module0  7fwr.exe1 00 27Added by the SDBOT-PP WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpp.html0
2 8fwrastrc0 12fwrastrc.exe1 00 65Dial-up software for Friendly Technologies/1NationOnLine free ISP 01
1 9fwservice0  9fwservice1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
215JeticoPFStartup0  9fwsrv.exe111HKEY_LM\Run0 64Jetico Personal Firewall 1.0.1.58, Jetico, Inc.. Firewall Server39http://www.absolutestartup.com/startup/1
1 7fwvyjpo0 11fwvyjpo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5fwypu0  9fwypu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7fxcxvmt0 11fxcxvmt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6fxkrdf0 10fxkrdf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7fxredir0 11fxredir.exe1 00 30Canon MultiPASS fax redirector 01
129microsoft security controlers0 12fxsecues.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 9fxX3C3vdz0 13fxX3C3vdz.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7testest0  9fxxxh.exe1 00133Added by the W32/Sdbot-MK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmk.html0
138{e04408db-4812-4478-8d4d-e46edcffd3b6}0 10fyhhxw.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{e04408db-4812-4478-8d4d-e46edcffd3b6}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
121NTSF Microsoft System0  9fylez.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7fyrmsfw0 11fyrmsfw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6qfqqza0  8fzqw.exe1 00153Added by the Troj/Sdbot-EL backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotel.html0
1 5g.exe0  5g.exe1 00 49Added by the Backdoor.Graybird.Q backdoor Trojan.80http://www.sarc.com/avcenter/venc/data/backdoor.graybird.q.html#technicaldetails0
113$Windows Time0 12G_Server.exe1 00 44Added by the Troj/Feutel-BI Trojan backdoor.58http://www.sophos.com/virusinfo/analyses/trojfeutelbi.html0
112g_server.exe0 12G_Server.exe1 00 35Added by the  TROJ/FEUTEL-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojfeutelc.html0
118Gray_Pigeon_Server0 12G_Server.exe1 00 51Added as a new service by the Troj/Feutel-C TROJAN.57http://www.sophos.com/virusinfo/analyses/trojfeutelc.html0
116GrayPigeonServer0 12G_Server.exe1 00 49Added by the Backdoor.Greybird.K trojan backdoor.80http://www.sarc.com/avcenter/venc/data/backdoor.greybird.k.html#technicaldetails0
1 8H_Server0 12G_Server.exe1 00 36Added by the Troj/GrayBird-W Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdw.html0
115Removale Sorage0 12G_Server.exe1 00 44Added by the Troj/Feutel-AT backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelat.html0
111windowslogo0 12G_Server.exe1 00147Added by the Troj/GrayBrd-F backdoor Trojan. This infection also installs the files c:\windows\system32\Plugin\ENLOG.DLL and c:\windows\tpighz.dat.58http://www.sophos.com/virusinfo/analyses/trojgraybrdf.html0
115g_server1.2.exe0 15G_Server1.2.exe1 00 29Added by the  Troj/GrayBird-Z59http://www.sophos.com/virusinfo/analyses/trojgraybirdz.html0
118Gray_Pigeon_Server0 15G_Server1.2.exe1 00 45Added by the Troj/GrayBrd-AP backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdap.html0
121Gray_Pigeon_Server2.00 15G_Server2.0.exe1 00 36Added by the Troj/GrayBird-O Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdo.html0
118Network Connection0 15G_Server2.0.exe1 00 45Added by the Troj/GrayBrd-BE backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbe.html0
1 8NewWords0 15G_Server2.0.exe1 00 44Added by the Troj/Feutel-AL backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelal.html0
113Plug and P1ay0 15G_Server2.0.exe1 00155Added by the Troj/Feutel-AW backdoor Trojan. This infection also creates the files C:\windows\ohadpl.dat, C:\Windows\psslor.dat, and C:\Windows\vikyik.dat.58http://www.sophos.com/virusinfo/analyses/trojfeutelaw.html0
112sysServer2.00 15G_Server2.0.exe1 00 35Added by the Troj/Feutel-AK Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelak.html0
116Workstation ADSL0 15G_Server2.0.exe1 00 45Added by the Troj/GrayBrd-AH backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdah.html0
1 3wto0 15G_Server2.0.exe1 00 45Added by the Troj/GrayBrd-BN backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbn.html0
1 5G0mez0  9G0mez.vbs1 00 77Added by the VBS.Gormlez@mm infection! Found in the Windows system directory.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
118Gray_Pigeon_Server0 13G1_Server.exe1 00 44Added by the Troj/Feutel-CE backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelce.html0
3 8GoToMyPC0  9g2svc.exe1 00195ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser37https://www.gotomypc.com/ad/corp/home0
3 8GoToMyPC0 16g2svc.exe -logon2 00 59GoToMyPC 5.0 Build 370, Citrix Online. GoToMyPC Host Loader 01
2 6g3dctl0 10g3dctl.exe1 00  2?? 01
2 8BPServer0 12G6FTPSrv.exe1 00 22BulletProof FTP Server45http://www.bpftpserver.com/?page=home&lang=en0
4 4g7ps0  8G7PS.dll1 00 96Part of G7 Productivity   Systems.br /br /Uses CLSID: b{9EACF0FB-4FC7-436E-989B-3197142AD979}/b.20http://www.g7ps.com/0
115[Various Names]0 10gabber.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8gacvmegc0 12gacvmegc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110hpSdwxmark0  9Gaddw.exe1 00130Added by the W32/Sdbot-RB worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrb.html0
112GAELICUM.EXE0 12GAELICUM.EXE1 00 44Added by the Troj/Penta-A downloader trojan.56http://www.sophos.com/virusinfo/analyses/trojpentaa.html0
1 8gah95on60 12gah95on6.exe1 00 26ShopAtHome/SAHagent adware62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530760820
2 4Gaim0  8gaim.exe1 00239Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks. 01
1 8Trickler0 22gain_trickler_3202.exe1 00  6Adware 01
1 5adobe0  7gam.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 5clock0  8game.exe1 00 31Added by the W32/Jincop-A worm.56http://www.sophos.com/virusinfo/analyses/w32jincopa.html0
110MS-Connect0  8game.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
1 5Win320  8Game.exe1 00 31Added by the  VBS.Scafene WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.scafene@mm.html0
1 5Win320 12Game.exe.vbs1 00 31Added by the  VBS.Scafene WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.scafene@mm.html0
215WT Game Channel0 15GameChannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
214WT GameChannel0 15GameChannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
115microsoft games0 15gamemanager.exe1 00 30Added by the  SPYBOT.AHQ WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AHQ&VSect=P0
312gameutil.exe0 12gameutil.exe1 00192Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot 01
1 5gasrv0  9gaSrv.exe1 00 75Adware downloader,  identified by  Panda antivirus as Trojan.Downloader.ALQ45http://www.pandasoftware.com/home/default.asp0
1 6gaSrve0 10gaSrve.exe1 00 70Adware downloader, identified by Panda antivirus as Trj/Downloader.ALQ 01
1 5Gator0  9gator.exe1 00 43Spyware - see here for removal instructions41http://www.pchell.com/support/gator.shtml0
113Gator eWallet0  9gator.exe1 00 85Gator eWallet from The Gator Corporation. Spyware - see here for removal instructions27http://www.gator.com/about/0
111Gay_Sexy_**0 15Gay_Sexy_**.exe1 00 61Premium rate adult content dialler (where * is a random char) 01
1 9jidifedig0  9gba1t.exe1 00133Added by the A href="http://www.sophos.com/virusinfo/analyses/w32sdbotvb.html"W32/Sdbot-VB WORM!  Found in the Windows system folder. 01
1 4gbga0  8gbga.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6GoBack0 10GBMenu.exe1 00376Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
1 6Driver0  8gbot.exe1 00 31Added by the JUNTADOR.K TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K0
322GoBack Polling Service0 10GBPoll.exe1 00376Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
3 6GBTray0 10GBTray.exe1 00403System Tray icon access to Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
3 6GoBack0 10GBTray.exe1 00  051http://www.roxio.com/en/products/goback/index.jhtml0
316GoBack Tray Icon0 10GBTray.exe1 00403System Tray icon access to Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
123Windows Console Monitor0 12gcasAV32.exe1 00 44Added by the W32/Kedebe-A mass mailing worm.56http://www.sophos.com/virusinfo/analyses/w32kedebea.html0
427MicrosoftAntiSpywareCleaner0 15gcASCleaner.exe1 00 75Part of the Microsoft AntiSpyware cleaning engine.  Should not be disabled. 01
310gcasDtServ0 14gcasDtServ.exe1 00 17Giant Antispyware49http://www.giantcompany.com/home-antiSpyware.aspx0
3 8gcasServ0 12gcasServ.exe1 00 17Giant Antispyware49http://www.giantcompany.com/home-antiSpyware.aspx0
3 8gcasServ0 12gcasServ.exe111HKEY_LM\Run0 91GIANT AntiSpyware Service 1.00.0346, GIANT Company Software inc.. GIANT AntiSpyware Service39http://www.absolutestartup.com/startup/1
427wireless-g notebook adapter0  7Gcc.exe1 00 41LinkSys Wireless-G Notebook Adapter diver 01
312GCC Reminder0 10gccrem.exe1 00 77Associated with AcraMax Greeting Card Creator. Is it a registration reminder?50http://www.arcamax.com/products/oem/ogccreator.htm0
1 6gcdatt0 10gcdatt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6gceorg0 10gceorg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7vmtuner0  9gclib.exe1 00 76Hijacker - detected by  Kaspersky antivirus as Trojan-Clicker.Win32.Small.fh36http://www.kaspersky.com/personalpro0
1 6gctmkb0 10gctmkb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7gctstwr0 11gctstwr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7sws.exe0 11gd-dial.exe1 00 67Component of the   "GlobalDialer" adult content premium rate dialer80http://securityresponse.symantec.com/avcenter/venc/data/dialer.globaldialer.html0
1 7gdien320 11gdien32.exe1 00 51Added by the Troj/Singu-P password-stealing trojan.56http://www.sophos.com/virusinfo/analyses/trojsingup.html0
3 9GDMgr.exe0  9gdmgr.exe1 00114Added by the Spyware.GuardMon monitoring software.  If this program was not installed by you it should be removed.60http://www.sarc.com/avcenter/venc/data/spyware.guardmon.html0
2 6GDrive0 11GDriver.exe1 00164Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start - Settings - Control Panel - System - Device Manager 01
333NETGEAR WG311T Wireless Assistant0 12Gear311T.exe125StartUp menu\Current user0 66NetgearRev Application 2, 36, 24, 5,  . NetgearRev MFC Application39http://www.absolutestartup.com/startup/1
012AS00_Gear5110 11gear511.exe1 00245Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. is it at all required? 01
2 7GEARsec0 11gearsec.exe1 00117Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player 01
1 7Windows0 11gearsec.exe1 00 12Added by the254W32/Stubbot-B worm. It c0
1 7systemr0  9gedit.exe1 00 53Added by the Troj/QQPopoa-A password-stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpopoaa.html0
1 6GEDZAC0 10GEDZAC.exe1 00 24Added by the GEMEL WORM!62http://www.symantec.com/avcenter/venc/data/w32.hllw.gemel.html0
4 9GeekAlarm0 13GeekAlarm.exe1 00168GeekAlarm is a program that helps you take breaks from staring at your computer screen for too long.  This program is required to run in order for the alerts to appear.25http://www.geekalarm.com/0
2 8GemStRmW0 12GemStRmW.exe1 00116For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually 01
2 8gemstrmw0 15gemstrmw.exe /r2 00 45GetStarted! 3, 14, 0, 0, Gemplus. GSCardStart 01
1 8gencroot0 12gencroot.exe1 00 35Added by the Troj/HacDef-X rootkit.57http://www.sophos.com/virusinfo/analyses/trojhacdefx.html0
114general lptt010 11general.exe1 00187Variant of the  RapidBlaster parasite (in a &quot;General&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114general ml097e0 11general.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
117Microsoft Netview0 11gesfm32.exe1 00 27Added by the RANDEX.C WORM!60http://www.symantec.com/avcenter/venc/data/w32.randex.c.html0
312ganonymouspe0 17GetAnonymousP.exe1 00105GetAnonymous will prevent any attempt of private information becoming observed by anyone on the internet.57http://www.privatenavigator.com/GetAnonymous/personal.asp0
218GetRight Tray Icon0 12GETRIGHT.EXE1 00264GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start - Programs 01
214Start GetRight0 12getright.exe1 00 68GetRight 5.2d, Headlight Software, Inc.. GetRight®  www.getright.com 01
214Start Getright0 12getright.exe1 00 22See Getright Tray Icon 01
320GetRight - Tray Icon0 12getright.exe122StartUp menu\All users0 67GetRight 5.1, Headlight Software, Inc.. GetRight®  www.getright.com39http://www.absolutestartup.com/startup/1
2 9Get Smile0 12getsmile.exe1 00 60Puts smilie faces in your E-mail. Run manually when required 01
1 6Mcsoft0 11gfeqzvq.exe1 00134Added by the W32/Sdbot-NV worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnv.html0
1 8gfofctgp0 12gfofctgp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 83Dfx Acc0 10GFXACC.EXE1 00 23Added by the GIBE WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html0
2 9Gadu-Gadu0  6gg.exe1 00 40Polish language Instant Messaging client 01
110r_services0  6gg.exe1 00 34Added by the Troj/Radnag-A trojan.57http://www.sophos.com/virusinfo/analyses/trojradnaga.html0
2 9Gadu-Gadu0 12gg.exe /tray2 00 69Gadu-Gadu 7, 0, 0, 22, Gadu-Gadu Sp. z oo. Gadu-Gadu - program glowny 01
1 7stratas0  9ggfig.exe1 00 28Added by the  OPANKI.W WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPANKI.W&VSect=P0
1 6bdfger0 10gggasw.exe1 00130Added by the W32/Sdbot-RT worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrt.html0
1 8gggyjqmw0 12gggyjqmw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7vmtuner0  9gglib.exe1 00 35Added by the Troj/QLowZon-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojqlowzond.html0
114google toolbar0 10ggtb32.exe1 00 45Added by the W32/Agobot-RR WORM/iRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotrr.html0
1 8Jfwehnrt0 11GHGFJRS.EXE1 00121Added by the W32/Sdbot-IJ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotij.html0
1 7Sys_Run0  9ghost.exe1 00132Added by the Troj/Lineage-N password stealing trojan.  This infection attempts to steal the player information for the game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagen.html0
217GhostStartService0 21GhostStartService.exe1 00136Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard50http://www.symantec.com/sabu/ghost/ghost_personal/0
217GhostStartTrayApp0 21GhostStartTrayApp.exe1 00 64System Tray access to Norton Ghost - added from the 2003 version50http://www.symantec.com/sabu/ghost/ghost_personal/0
3 9GhostSurf0 13GhostSurf.exe122StartUp menu\All users0 96Tenebril Super-Application Architecture 0.10, Tenebril Incorporated. Architecture launch vehicle39http://www.absolutestartup.com/startup/1
216Norton Ghost 9.00 13GhostTray.exe1 00 66Norton Ghost tray icon - the application can be launched manually.50http://www.symantec.com/sabu/ghost/ghost_personal/0
1 4gifa0  8gifa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110ImagViewer0 15GifAnimator.exe1 00 30Added by the W32/USKAF-A worm.55http://www.sophos.com/virusinfo/analyses/w32uskafa.html0
111gigabit.exe0 11gigabit.exe1 00 27Added by the BEAGLE.U WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.u@mm.html0
1 7Cheatle0 12GigaByte.exe1 00 27Added by the SHODI.B VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html0
110gimmygames0 14gimmygames.exe1 00 47Added by the Troj/Drsmartl-I downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartli.html0
138{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}0 12ginuerep.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
0 8GisdnLog0 12gisdnlog.exe1 00 21BT Digital Access USB43http://www.bt.com/homehighway/more_info.htm0
1 8uteyilix0 12givohise.exe1 00139http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.am.html"Backdoor.Sdbot.AM Backdoor infection!  Found in the Windows system directory. 01
1 6gknarl0 10gknarl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4gkus0  8gkus.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
316Popup Terminator0 15GLADManager.exe1 00 32Popup Terminator - pop-up killer52http://www.gleanersoft.com/popupterminator/info.html0
3 7Glass2k0 11Glass2k.exe1 00 91Glass2k is a small little program that allows Win2K/XP users to make any window transparent42http://www.chime.tv/products/glass2k.shtml0
110[not used]0  7gld.exe1 00 46Added by the Backdoor.Zagaban backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.zagaban.html#technicaldetails0
1 8spyblocs0  8GLFF.exe1 00 27Rogue anti-spyware program.59http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm0
4 5Glide0 12Glidew32.exe1 00 22Cirque touchpad driver45http://www.cirque.com/products/touchpads.html0
3 6Glonim0 10Glonim.exe111HKEY_CU\Run0 71Glonim 1.4.1.0, Gregory Maynard-Hoare. Glonim Animation/Wallpaper Patch39http://www.absolutestartup.com/startup/1
0 9Miniphone0 12glophone.exe1 00257VoiceGlo Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - is it required in startup?24http://www.voiceglo.com/0
1 4glou0  8glou.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5gluon0  9gluon.exe1 00 28In a gluon/bin sub-directory 01
1 3glv0  7glv.exe1 00 36Added by the Troj/Dloader-NG trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderng.html0
1 6gmoqst0 10gmoqst.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 6Gmouse0 10Gmouse.exe1 00 78Amouse mouse driver - required if you use non-standard Windows driver features 01
1 5gsads0  8gms2.exe1 00 43PacerD_Media/Pacimedia.com adware component55http://www.benedelman.org/spyware/installations/pacerd/0
1 8GStartup0  7GMT.exe1 00 33Gator spyware variant. See  Gator 6#Gator0
1 8GStartup0 16GMT.exe /startup222StartUp menu\All users0 47GAIN 7.1.0.6, GAIN Publishing. GAIN Application39http://www.absolutestartup.com/startup/1
135Microsoft Internet Firewall Manager0  9GMT16.exe1 00 28Added by the RANDEX.AT WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.at.html0
3 8Gnetmous0 12gnetmous.exe1 00 89Genius NetScroll+ mouse driver - required if you use non-standard Windows driver features56http://www.geniusnet.com.tw/product/mouse/netscroll+.htm0
1 5gngxi0  9gngxi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Gekio Startups0 12gnksvc32.exe1 00142Added by the W32/Agobot-PE network worm.  When started this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotpe.html0
338{0228e555-4f9c-4e35-a3ec-b109a192b4c2}0 11gnotify.exe1 00 66Google Gmail_notifier. Alerts you when you have new Gmail messages39http://toolbar.google.com/gmail-helper/0
1 6gnsinl0 10gnsinl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 4gnub0  8gnub.exe1 00  2?? 01
1 4gnvv0  8gnvv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
126Go!Zilla Monster Downloads0  6Go.exe1 00101Download manager for resuming downloads and choosing multiple download locations. Advertising spyware 01
127microsoft intrenet explorer0  8goaw.pif1 00 26Added by the  W32/Rbot-API56http://www.sophos.com/virusinfo/analyses/w32rbotapi.html0
114OutlookExpress0  9goawv.exe1 00144Added by the W32/Rbot-CC trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotcc.html0
1 5VANTI0  7God.sys1 00 35Added by the Troj/Hackvan-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojhackvana.html0
1 3GOG0  7GOG.exe1 00 28Added by the PHILIS.B VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.b.html0
112RUNGogoTools0 14GoGoLaunch.exe1 00 37Added by the Adware.GoGoTools adware.60http://www.sarc.com/avcenter/venc/data/adware.gogotools.html0
1 5goidr0  9goidr.exe1 00 12Goidr adware61http://www.symantec.com/avcenter/venc/data/spyware.goidr.html0
1 6google0 10google.exe1 00132Added by the W32/Rbot-AMW worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamw.html0
124google Intrenet Explorer0 10google.pif1 00133Added by the W32/Rbot-ARA worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotara.html0
214GoogleDCClient0 13GoogleDCC.exe1 00366a target="_blank" href="http://toolbar.google.com/dc/faq_dc.html#about1"Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing" 01
221Google Desktop Search0 17GoogleDesktop.exe1 00344Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"36http://desktop.google.com/about.html0
221Google Desktop Search0 26GoogleDesktop.exe /startup2 00  0 01
221Google Desktop Search0 26GoogleDesktop.exe /startup211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
219google earth viewer0 14GOOGLEMAPS.EXE1 00141Google_Earth  "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips."24http://earth.google.com/0
310googletalk0 14googletalk.exe1 00142Google_Talk "enables you to call or send instant messages to your friends for free–anytime, anywhere in the world".  Can be launched manually.27http://www.google.com/talk/0
314&Google Search0 32GoogleToolbar2.dll/cmsearch.html1 00  0 01
126Run Google Web Accelerator0 22GoogleWebAccWarden.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 8goot.exe0  8goot.exe1 00146Added by the Troj/Bifrose-C backdoor Trojan.  This infection also installs the files C:\Windows\system32\god.sys and c:\windows\system32\ranx.dll.58http://www.sophos.com/virusinfo/analyses/trojbifrosec.html0
114WINDOWS SYSTEM0 11gothica.exe1 00133Added by the W32/Mytob-HU worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobhu.html0
1 7Command0  9Gotit.exe1 00 24Added by the TITOG WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.worm.html0
1 9gotsmiley0 13GotSmiley.exe1 00 46Gator GotSmiley - adware based, also see  here42http://www.doxdesk.com/parasite/Gator.html0
1 8Go!Zilla0 11gozilla.exe1 00101Download manager for resuming downloads and choosing multiple download locations. Advertising spyware 01
1 6gpwfoi0 10gpwfoi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8gqgqqger0 12gqgeqegl.exe1 00153Added by the W32/Sdbot-CLJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotclj.html0
110[not used]0  9gr33n.exe1 00134Added by the W32/Sdbot-ZP worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzp.html0
2 3GRA0  7gra.exe1 00329Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag&nbsp;and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility 01
2 3GCS0 16GrabClipSave.exe1 00 32GrabClipSave screen capture tool44http://www.boumchalak.net/Tools/GCS/gcs.html0
121DarkDevil.Grasiele.BR0 12Grasiele.VBS1 00 25Added by the LEMBRA WORM!74http://securityresponse.symantec.com/avcenter/venc/data/vbs.lembra@mm.html0
0 8GrdSys320 12GrdSys32.exe1 00160X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? 01
1 6HELPER0 13greece_nm.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
0 9AliUSBfix0 11GREENMK.exe1 00 59May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? 01
1 5552780 15grepclient1.exe1 00 81Added by the Troj/Lineage-S password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineages.html0
1 3Grm0  7Grm.exe1 00 89Added by the Backdoor.Grm infection.  This infection listens for connections on port 761456http://www.sarc.com/avcenter/venc/data/backdoor.grm.html0
2 8Grokster0 12Grokster.exe1 00 42Grokster Peer-To-Peer File Sharing program49http://www.pestpatrol.com/PestInfo/G/Grokster.asp0
2 7GrpConv0 11grpconv.exe1 00253To facilitate the upgrade from Windows 3.1 to Win95/98, an executable file named GRPCONV.EXE is included with Win95/98. This file provides the translation of groups and group items to folders and links unless you need to access Win 3.1 Group files&nbsp; 01
113Virtual CD v60 11grplscd.exe1 00132Added by the W32/Rbot-AXV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxv.html0
1 8Debugger0 12grpmnt32.exe1 00 36Added by the Troj/Dloader-WT Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwt.html0
110gcsxgsqfss0 11grwfsrs.exe1 00128Added by the W32/Sdbot-WZ worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotwz.html0
331Gravis Xperience Driver Support0 12Grxp4exe.exe1 00211Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used22http://www.gravis.com/0
115win usb support0 10grxsrv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 5Gscbc0  9Gscbc.exe1 00  2?? 01
1 8DOGStart0 11GSDOGST.EXE1 00 88Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS 01
1 6Pigeon0 12GServer2.exe1 00 45Added by the Troj/GrayBrd-AK backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdak.html0
1 6zzgshp0  8gshp.vbs1 00 65Homepage hi-jacker that re-defines your IE or Netscape start page 01
2 9Gsiconexe0 10Gsicon.exe1 00252ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities42http://www.eicon.com/worldwide/default.htm0
2 9GSICONEXE0 10GSICON.EXE111HKEY_LM\Run0 56BT Voyager ADSL Modem 3.1.1, BT, Inc.. DSL Modem Monitor39http://www.absolutestartup.com/startup/1
1 7GMedia20  8GSM2.exe1 00 74Malware downloader - detected by Kaspersky antivirus as Trojan.Win32.VB.ux 01
3 8gsma.bat0  8gsma.bat122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 2g30 12GSMedia3.exe1 00 75Malware downloader - detected by  Kaspersky antivirus as Trojan.Win32.VB.ux36http://www.kaspersky.com/personalpro0
1 7GMedia20 12GSMedia3.exe1 00 74Malware downloader - detected by Kaspersky antivirus as Trojan.Win32.VB.ux 01
211GSOrganizer0 15GSOrganizer.exe1 00 54GoldenSection Organizer - personal information manager33http://www.tgslabs.com/index.php30
0 8gsifinal0 11gspndll.dll1 00 71USB DSL modem related - [what does it do and is it required in startup? 01
111VideoDriver0 12gspotbot.exe1 00 29Added by the SPIGOT.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spigot.c.html0
1 9gssomatic0 13gssomatic.exe1 00 22Searchcentrix hijacker54http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp0
1 3gsv0  7gsv.exe1 00 39Added by the ROBAL 1.0 backdoor TROJAN! 01
1 5ccApp0 10gsw332.exe1 00 77Added by VBS/Speery-A, a WORM! It will be found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/vbsspeerya.html0
1 5ccApp0 14gsw332.exe.vbs1 00 77Added by VBS/Speery-A, a WORM! It will be found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/vbsspeerya.html0
312GazelDisplay0  9gsyno.exe1 00 64BT Digital Access USB - Gazel ISDN installation System Tray icon43http://www.bt.com/homehighway/more_info.htm0
2 9GotSmiley0 22GSYUpdater.exe /update211HKEY_LM\Run0 59GotSmiley 1.0.1.5, GAIN Publishing, Inc.. GotSmiley Updater39http://www.absolutestartup.com/startup/1
129Microsoft Windows WKS Service0  6gt.exe1 00152Added by the W32/Sdbot-AJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotaj.html0
115[random number]0  9gtask.exe1 00 88Added by the Troj/LegMir-AX password-stealing Trojan for the online game Legend of Mir..58http://www.sophos.com/virusinfo/analyses/trojlegmirax.html0
1 3Kbf0  7Gtn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7Gtwatch0 11gtwatch.exe1 00 49Associated with a Mustec scanner and not required 01
3 5guard0  9Guard.exe1 00101Related to Phoenix_Technologies Core Managed Environment (cME) Integration and Certification program.23http://www.phoenix.com/0
111kernel32dll0 11guardpc.exe1 00 28Added by the FORBOT-CU WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcu.html0
1 8guarnset0 12guarnset.exe1 00 14Adlogix adware54http://sarc.com/avcenter/venc/data/adware.adlogix.html0
1 6gufimn0 10gufimn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
020Startup Launcher GUI0  7GUI.exe1 00 16Startup manager? 01
3 9EasyTuneV0  7GUI.exe1 00 99A utility installed by Gigabyte motherboard software that allows you to tweak settings in the bios. 01
218WinTOTAL Scheduler0  8guru.exe1 00 47WinTOTAL Real estate appraisal software related 01
3 7GuruNet0 11GuruNet.exe1 00 90GuruNet lets you click on any word on your screen to get the relevant information you want37http://www.gurunet.com/what_tools.jsp0
3 7VGAUtil0  9G-VGA.exe1 00111Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical) 01
3 7VGAUtil0  9G-VGA.exe111HKEY_LM\Run0 51Menu Application 1, 0, 0, 1, . Menu MFC Application39http://www.absolutestartup.com/startup/1
1 5gwcrx0  9gwcrx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4gwhm0  8gwhm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
323Multi-function Keyboard0 12GWHotKey.exe1 00103Gateway Multi-function Keyboard Utility 6.5, BillP Studios. Multi-function Keyboard   By Bill Pytlovany 01
323Multi-function keyboard0 12GWHotkey.exe1 00161Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc) 01
212GWInkMonitor0 16GWInkMonitor.exe1 00120Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some! 01
2 8GWMDMMSG0 12GWMDMMSG.exe1 00158Used with internal modems on Gateway and vprMatrix PCs. This is the &quot;GTW modem messaging applet&quot; and is not required for the modem to work correctly 01
3 7GWMDMpi0 11GWMDMpi.exe1 00183Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information153http://support0
210SourcePath0  9gwreg.exe1 00 91Used to update Gateway registry settings for System Restoration Kit and Web update programs 01
218Greetings Workshop0 12GWREMIND.EXE1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
237Microsoft Greetings Workshop Reminder0 12Gwremind.exe1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
3 4gwum0  8gwum.exe1 00183Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system &quot;tweakers&quot; 01
110fGQEGqHOME0 10gwwgtp.exe1 00 28Added by the RANKY.J TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.j.html0
1 8gwxeqgfc0 12gwxeqgfc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9vmcleaner0  9gxlib.exe1 00 34Added by the Troj/Small-HS Trojan.57http://www.sophos.com/virusinfo/analyses/trojsmallhs.html0
1 7gywecwq0 11gywecwq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 3gyy0  7gyy.exe1 00 47Possibly Gator (and therefore spyware) related? 7#FF00000
1 1H0  5H.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0  8H00D.EXE1 00 32Added by the W32/Randon-AB worm.57http://www.sophos.com/virusinfo/analyses/w32randonab.html0
114WINDOWS SYSTEM0  6h3.exe1 00135Added by the W32.Mytob.EP@mm worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ep@mm.html#technicaldetails0
120h4te service drivers0  8h4te.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8haaeapmv0 12haaeapmv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116hachimitsu-lemon0 20hachimitsu-lemon.exe1 00127Added by the Trojan.Hachilem trojan.  This trojan steals email addresses and registers them at porn sites without notification.76http://www.sarc.com/avcenter/venc/data/trojan.hachilem.html#technicaldetails0
1 3pms0 17Hacker.com.cn.exe1 00 44Added by the Troj/Feutel-CJ backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelcj.html0
1 9Messenger0 10Hacker.exe1 00 48Added by the Trojan.Esteems.E keylogging Trojan.77http://www.sarc.com/avcenter/venc/data/trojan.esteems.e.html#technicaldetails0
117Messenger Service0 10hacker.exe1 00 47Added by the Troj/PcClient-M keylogging Trojan.59http://www.sophos.com/virusinfo/analyses/trojpcclientm.html0
316unhackme monitor0 11hackmon.exe1 00107UnHackMe allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits".34http://www.softaward.com/9275.html0
231Ultra Hal Assistant 4.5 Startup0 11HalAsst.exe1 00138Zabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion34http://www.zabaware.com/assistant/0
112yeahdude.exe0 13hallowelt.exe1 00 42Added by the GAOBOT.RS or GAOBOT.SA WORMS!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rs.html0
112Hardware Mon0 10halmon.exe1 00 42Added by the Troj/Theef-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheefn.html0
313HaMFrontPanel0 12hampanel.exe1 00190Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless 01
1 6haotia0 10haotia.exe1 00 88Added by the Troj/QQRob-AY Trojan.  This infection also creates the file %Temp%8fv9.dll.57http://www.sophos.com/virusinfo/analyses/trojqqrobay.html0
1 6winter0  9happy.exe1 00132Added by the W32/Sdbot-YF worm. When started this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotyf.html0
3 4Hare0  8hare.exe1 00 61Hare - improve and optimize performance of desktop/laptop PCs51http://www.foxpop.ndirect.co.uk/pc/dachshund_03.htm0
323Snelkoppeling naar Hare0  8Hare.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
324HawkEye IV Control Panel0 11HAWK_32.EXE1 00140Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -&gt; Programs 01
324HawkEye IV Control Panel0 11HAWK_32.EXE125StartUp menu\Current user0 90HawkEye(TM) 4.00.0000, Number Nine Visual Technology Corp.. HawkEye(TM) Control Panel File39http://www.absolutestartup.com/startup/1
3 7HawkEye0 11HAWK_95.EXE1 00140Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -&gt; Programs 01
316Handy Backup 3.90 11hbagent.exe1 00139Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers27http://www.handybackup.com/0
316Handy Backup 4.00 18hbagent.exe -logon211HKEY_CU\Run0 67Handy Backup 4.0 Agent 1, 0, 0, 1, Novosoft. Handy Backup 4.0 Agent39http://www.absolutestartup.com/startup/1
1 6Hbinst0 10Hbinst.exe1 00292Hotbar enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see here22http://www.hotbar.com/0
1 6Hotbar0 10Hbinst.exe1 00  022http://www.hotbar.com/0
122WINDOWS SYSTEM DNSPOOL0 10hbmail.exe1 00135Added by the W32.Mytob.FW@mm worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.fw@mm.html#technicaldetails0
1 6Hotbar0 13HbOEAddOn.exe1 00 27Added by the Hotbar adware.57http://www.sarc.com/avcenter/venc/data/adware.hotbar.html0
4 7HbTools0 14HbtOEAddOn.exe111HKEY_LM\Run0 34Hobar 4.6.2.1460, Hotbar.com Inc..39http://www.absolutestartup.com/startup/1
313WeatherOnTray0 20HbtWeatherOnTray.exe111HKEY_LM\Run0 34Hobar 4.6.2.1460, Hotbar.com Inc..39http://www.absolutestartup.com/startup/1
211HC Reminder0  6hc.exe1 00101For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed 01
2 8HCDetect0 12HCDetect.exe1 00335MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem 01
3 5tgcmd0 38hcenter.exe /starthidden /tgcmdwrapper211HKEY_LM\Run0 44Help Center 6,1,35,0, BellSouth. Help Center39http://www.absolutestartup.com/startup/1
1 6hcfcxg0 10hcfcxg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112hclean32.exe0 12hclean32.exe1 00133TROJAN downloader/installer! - assumed to be associated with Wareout, malware masquerading as a spyware and dialer remover, see  here44http://www.doxdesk.com/parasite/WareOut.html0
2 5spc_w0  7hcm.exe1 00 22NetZero Search related 01
3 8Hcontrol0 12hcontrol.exe1 00 73Hotkeys on an ASUS Notebook. Only required if you use the additional keys 01
3 8Hcontrol0 12Hcontrol.exe111HKEY_LM\Run0 33ATK0100 1043, 3, 2, 1, . HControl39http://www.absolutestartup.com/startup/1
312HiberMonitor0 10HCount.exe1 00  2?? 01
344High Definition Audio Property Page Shortcut0 12HDAShCut.exe111HKEY_LM\Run0139Microsoft® Windows® Operating System 5.10.01.5013, Windows (R) Server 2003 DDK provider. High Definition Audio Property Page Shortcut v1.0a39http://www.absolutestartup.com/startup/1
244High Definition Audio Property Page Shortcut0 21HDAudPropShortcut.exe1 00139Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required 01
244High Definition Audio Property Page Shortcut0 21HDAudPropShortcut.exe111HKEY_LM\Run0138Microsoft® Windows® Operating System 5.10.00.5010, Windows (R) Server 2003 DDK provider. High Definition Audio Property Page Shortcut v1.039http://www.absolutestartup.com/startup/1
121Hard drive Controller0 16hdcontroller.exe1 00 30Added by the W32.Kiman.B worm.72http://www.sarc.com/avcenter/venc/data/w32.kiman.b.html#technicaldetails0
213rsd_hddthermo0 19HDD Thermometer.exe2 00 64Related to  RSD_Software  hard disk temperature monitoring tool.23http://www.rsdsoft.com/0
3 9HDDHealth0 13hddhealth.exe1 00199HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure"27http://www.panterasoft.com/0
3 9HDDHealth0 17HDDHealth.exe -wl211HKEY_CU\Run0 172.1, PANTERASoft.39http://www.absolutestartup.com/startup/1
3 7hddlife0 11HDDlife.exe1 00117HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks.23http://www.hddlife.com/0
3 7HDDlife0 14HDDlifePro.exe1 00 63HDDlife 2, 5, 0, 74, BinarySense, Ltd.. HDDlife executable file 01
315HDD temperature0 18HDDTemperature.exe125StartUp menu\Current user0 79HDD Temperature Pro 1.4.0.206, PalickSoft. HDD Temperature main executable file39http://www.absolutestartup.com/startup/1
214Icon Animation0  7HDE.EXE1 00 86Part of McAfee Nuts &amp; Bolts. Provides entertaining animation of your desktop icons 01
315HDInspector.exe0 15HDInspector.exe111HKEY_LM\Run0 67Hard Drive Inspector 1, 3, 844, 0, Altrixsoft. Hard Drive Inspector39http://www.absolutestartup.com/startup/1
118HP Service Drivers0  9hdsys.exe1 00133Added by the W32/Sdbot-ZE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotze.html0
2 6HDtray0 10HDtray.exe1 00150Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start - Settings - Control Panel159http://www.con0
1 8sxvcAQam0 10hdvcxa.exe1 00134Added by the W32/Sdbot-DL worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdl.html0
2 8Head.txt0  8Head.txt125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 6Head240 10Head24.exe1 00 49Added by the W32/Sdbot-AUS worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaus.html0
214Icon Hearit 950 12hearit95.exe1 00 75Audio desktop customization utility from Moon Valley Software. Resource hog 01
214Icon Hearit 980 12hearit98.exe1 00 75Audio desktop customization utility from Moon Valley Software. Resource hog 01
1 7Loaders0  8HeIp.exe1 00134Added by the W32/Sdbot-ADB worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotadb.html0
1 7Loaders0  8HeIp.pif1 00133Added by the W32/Sdbot-ACS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacs.html0
2 9PicasaNet0  9Hello.exe1 00130Hello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs30http://www.hello.com/index.php0
2 9PicasaNet0 12Hello.exe -b2 00 41Hello! 1, 0, 0, 651, Picasa, Inc.. Hello! 01
3 8HelloNet0 12HelloNet.exe111HKEY_CU\Run0 41HelloNet 2, 2, 0, 1, HelloNet. ADSL Shell39http://www.absolutestartup.com/startup/1
3 6ISHelp0  8help.exe1 00138Added by the Spyware.ISpy keystroke logger and screenshot capture.  If you did not install this on your machine then you should remove it.56http://www.sarc.com/avcenter/venc/data/spyware.ispy.html0
111MS Scandisk0  8Help.exe1 00 42Added by the Backdoor.AntiLam.20 backdoor.63http://www.sarc.com/avcenter/venc/data/backdoor.antilam.20.html0
122Remote Help Connection0  8Help.exe1 00 35Added by the Troj/Feutel-BD Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelbd.html0
219Windows Help System0  8Help.pif1 00  2?? 01
1 4help0  8help.scr1 00 54Added by the Troj/Banker-BIR password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankerbir.html0
111helpctl.exe0 11helpctl.exe1 00 28Added by the GASLIDE TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html0
110helper.dll0 20helper.dll, Rundll322 00 52CnsMin &quot;Chinese Keywords&quot; hijacker related42http://217.115.153.73/parasite/CnsMin.html0
112winlogon.exe0 10helper.exe1 00 36Added by the  Troj/Fakespy-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakespya.html0
111HelpExp.exe0 11HelpExp.exe1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
2 4Help0 11helpext.exe1 00  2?? 01
1 5helpw0  9helpw.exe1 00 17Adware downloader 01
1 8Driverab0  8helz.exe1 00 12Added by the236W32/Rbot-ABH trojan ba0
1 9heomstool0 13heomstool.exe1 00 68Added by the Trojan.Heoms Korean-based information gathering Trojan.73http://www.sarc.com/avcenter/venc/data/trojan.heoms.html#technicaldetails0
323Internet History Eraser0 11HERASER.exe1 00 54Internet History Eraser - deletes your browsing tracks49http://www.internet-history-eraser.com/index.html0
1 4heru0  8heru.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9wzservice0  8hess.exe1 00 31Added by the HACKARMY.W TROJAN! 01
3 2Hf0  6Hf.exe1 00 58Hide Folders - hide your folders so only you can view them24http://www.fspro.net/hf/0
3 6hffsrv0 10hffsrv.exe1 00202Hide_Files_&_Folders is a password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching.33http://www.softstack.com/hff.html0
111HF Security0 12hfsecure.exe1 00133Added by the W32/Agobot-TI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotti.html0
3 4hfxp0  8hfxp.exe1 00 61Hide Folders XP - hide your folders so only you can view them26http://www.fspro.net/hfxp/0
1 8hfyxuakw0 12hfyxuakw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118meeting connection0 12hgakdl32.exe1 00140Looks like a variant of the  Troj/PPdoor-E TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.57http://www.sophos.com/virusinfo/analyses/trojppdoore.html0
223Colorific Control Panel0 12Hgcctl95.exe1 00146From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor 01
220Matrox Color Control0 12hgcctl95.exe1 00 55For Matrox video cards. Quick access to changing colors 01
1 9hgqhp.exe0  9hgqhp.exe1 00 39Added by the Trojan.Flush.F DNS Trojan.75http://www.sarc.com/avcenter/venc/data/trojan.flush.f.html#technicaldetails0
1 7huigezi0 13HgzServer.exe1 00 31Added by the GRAYBIRD.C TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.c.html0
1 7msagent0  8hhnt.exe1 00 35Added by the  TSPY_AGENT.JI spyware83http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.JI0
116HTML Help System0  7hhs.pif1 00132Added by the W32/Rbot-ATB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatb.html0
118HTML32 Help System0  9hhs32.pif1 00133Added by the W32/Rbot-ATE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute..56http://www.sophos.com/virusinfo/analyses/w32rbotate.html0
1 3Dna0  7Hhv.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6hhxglp0 10hhxglp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311Hibernation0  9hib32.exe1 00202Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly 01
411Hibernation0 11hibserv.exe1 00 71Used compaq laptops to manage the power management hibernation feature. 01
127Working Network Connections0  9hicom.exe1 00151Added by the Trojan.Chimo.A  Trojan.  This file is installed as a service with the service name TY164.  The file is found in the Windows system folder.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.chimo.a.html#technicaldetails0
1 7Hid.exe0  7hid.exe1 00 29Added by the RATSOU.B TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html0
110[not used]0 12hidedown.exe1 00 45Added by the Troj/Leodon-B trojan downloader.57http://www.sophos.com/virusinfo/analyses/trojleodonb.html0
1 5hiden0  9hiden.exe1 00 30Added by the  AGENT-IW TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentiw.html0
3 6HideOE0 10HideOE.exe1 00 80HideOE - allows you to 'hide'  Outlook Express or minimize it to the sytem tray.95http://www.r2.com.au/software.php?page=2&show=hideoe&PHPSESSID=2256bb0c52a103fac2bd9a885f0ca7870
1 4cpyt0  9hidep.exe1 00 35Added by the Troj/Mirjack-A trojan.58http://www.sophos.com/virusinfo/analyses/trojmirjacka.html0
111HideRun.exe0 38Hiderun.exe and svhost.exe and pro.gif2 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
1 9drvsyskit0  8hidr.exe1 00 36Added by the W32.Beagle.DZ P2P worm.74http://www.sarc.com/avcenter/venc/data/w32.beagle.dz.html#technicaldetails0
3 7hidserv0 11hidserv.exe1 00597This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards53http://www.microsoft.com/hwdev/tech/input/audctrl.asp0
110Search.vbs0  8Hijacker1 00  0 01
323hijackthis startup scan0 14HijackThis.exe1 00659HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you always should consult with knowledgable folks before deleting anything.  Required if you'd like Hijack This to run a scan at startup,  and show the results when new items are found (if so,  check the appropriate box in the "Config" section")47http://www.download.com/3000-8022-10227353.html0
1 8HijSrv320 10hijsrv.exe1 00 54Added by the Troj/Bankgerm-D password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankgermd.html0
1 8BT0000320 14hiklmnop27.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000330 14hiklmnop27.exe1 00  054http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000340 14hiklmnop27.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
114Memory manager0 11himem32.exe1 00 35Added by the Troj/MancSyn-C Trojan.58http://www.sophos.com/virusinfo/analyses/trojmancsync.html0
1 5load=0  8hint.exe1 00 23Added by the ATAK WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html0
319Petit Larousse 20010 17HIPL2000Popup.exe1 00 21Popup dictionary tool 01
211HistoryKill0 12histkill.exe1 00197HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start - Programs 01
211HistoryKill0 21histkill.exe /startup2 00 77HistoryKill 2003.01.0001, SwankSoft Technologies. HistoryKill privacy utility 01
1 9Diskstart0  7hit.exe1 00 21Adult content dialler 01
1 4hitq0  8HitQ.exe1 00 42Hijacker, for more information  Click_Here78http://www.talkaboutshareware.com/group/alt.comp.freeware/messages/289755.html0
313HitwarePKLite0 12HITWAR~1.EXE1 00 25Hitware Popup Killer Lite55http://www.rightutilities.com/products/hitware_lite.htm0
1 3HIV0  7HIV.exe1 00 25Added by the HIVA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.hiva.html0
1 8hjujemfi0 12hjujemfi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5hjvew0  9hjvew.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 2hk0  6hk.exe1 00 91KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself!68http://www.symantec.com/avcenter/venc/data/spyware.keyloggerexp.html0
313Hook99startup0  9hk2re.exe1 00313Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent47http://thunder.prohosting.com/~ladi/e_hook.html0
3 5hkcmd0  9hkcmd.exe1 00248Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via the Display Properties in Control Panel 01
311HotKeysCmds0  9hkcmd.exe1 00243Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via Control Panel - Display Properties 01
311HotKeysCmds0  9hkcmd.exe111HKEY_LM\Run0 74Intel(R) Common User Interface 7.0.0.4020, Intel Corporation. hkcmd Module39http://www.absolutestartup.com/startup/1
1 7windows0  8hkey.exe1 00 29Added by the GAOBOT.AFW WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afw.html0
1 7hkniqbd0 11hkniqbd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6hkserv0 10HKserv.exe1 00121Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS 01
310hkserv.exe0 10HKserv.exe1 00121Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS 01
3 4hkss0  8hkss.exe1 00 51Compaq HotKey Support - multimedia keyboard support 01
1 5hkvma0  9hkvma.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110hlhtxo.exe0 10hlhtxo.exe1 00 34Added by the  QLOWZONES-27 TROJAN!43http://vil.nai.com/vil/content/v_135291.htm0
1 7hlhvmth0 11hlhvmth.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112hlinstaller10 16hlinstaller1.exe1 00 62Identified by  Kasperksy_Labs as Trojan.Win32.SecondThought.aa25http://www.kaspersky.com/0
1 6hlkgbg0 10hlkgbg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118HLL Data Parameter0 11hllcxpa.exe1 00 27Added by the RBOT.AFG WORM!96http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.AFG0
118auto__hloader__key0 15hloader_exe.exe1 00108Added by the Troj/BagleDl-W Trojan.  This infection also creates the following file %System%hloader_dll.dll.58http://www.sophos.com/virusinfo/analyses/trojbagledlw.html0
1 4down0  9hlp32.exe1 00 37Added by the  TROJ_DLOADER.BG TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?Vname=TROJ_DLOADER.BG0
1 9hlcleanup0 12hlsetup2.exe1 00 37LinkReplacer/FFinder adware component54http://vil.mcafeesecurity.com/vil/content/v_134892.htm0
1 4hmby0  8hmby.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115HMI PowerSystem0 12hmisvc32.exe1 00 51Added by the W32/Sdbot-WB Worm/IRC backdoor Trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwb.html0
115HML PowerSource0 12hmlsvc32.exe1 00 12Added by the38W32/Sdbot-XL WORM/IRC backdoor trojan!0
112HPl Services0 12hmlsvc32.exe1 00128Added by the W32/Agobot-SI worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotsi.html0
324Hardware Sensors Monitor0 12hmonitor.exe1 00181Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems 01
3 8Hmonitor0 12Hmonitor.exe1 00110Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status 01
115HMV PowerSource0 12hmusvc32.exe1 00121Added by the W32/Sdbot-YW worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyw.html0
1 4hmvy0  8hmvy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5hmwbr0  9hmwbr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4hmxx0  8hmxx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Sync Data0 11Hndsync.exe1 00123a target="_blank" href="http://www.pocketrealestate.com/PREWireless.asp"Pocket Real Estate - mobile synchronization manager 01
114Hekio Startups0 12Hnksvc32.exe1 00 42Added by the W32/Agobot-QE  TROJAN & WORM.57http://www.sophos.com/virusinfo/analyses/w32agobotqe.html0
112ho2stdll.exe0 12ho2stdll.exe1 00 53Added by the Troj/Banker-HO password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerho.html0
1 8hogxegrn0 12hogxegrn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214Holiday Lights0 18Holiday Lights.exe2 00116Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start - Programs37http://www.tigertech.com/hlights.html0
112hoi services0 12holsvc32.exe1 00 33Added by the  W32/AGOBOT-SF WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotsf.html0
112HOl Services0 12holsvc32.exe1 00 32Added by the W32/Agobot-SF worm.57http://www.sophos.com/virusinfo/analyses/w32agobotsf.html0
3 9HomeAlarm0 13HomeAlarm.exe1 00 47Chameleon Clock - system tray clock replacement30http://www.softshape.com/cham/0
116homeland network0 19HomelandNetwork.exe1 00 63Homeland_Network Notifier - Pops ads, see their  privacy_policy41http://www.homelandnetwork.com/index.html0
322Register Homesite+.exe0 24Homesite+.exe /REGSERVER217HKEY_LM\RunOnceEx0 45HomeSite6 6.0.0.0, Macromedia, Inc.. HomeSite39http://www.absolutestartup.com/startup/1
3 5Honor0  9honor.exe1 00  2?? 01
117Intel system tool0 12hookdump.exe1 00 56Identified as Trojan.Win32.TopAntiSpyware.m by Kapersky. 01
3 7HookSys0 11HookSys.exe1 00118SurfinGuard Pro - protects against all malicious code delivered through executables, scripting files, ActiveX and Java51http://www.rocketdownload.com/details/secu/6889.htm0
312HookUpFinder0 16hookupfinder.Exe111HKEY_LM\Run0 49HookUpFinder 2.00, Futurecast Media. HookUpFinder39http://www.absolutestartup.com/startup/1
1 4host0  8host.exe1 00 45Added by the Troj/GrayBrd-AR backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdar.html0
120Windows Host Service0  8host.exe1 00 12Added by the104W32/Kelvi0
114Windows Update0 10host32.exe1 00 26Added by the RBOT-GU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgu.html0
112ControlPanel0 44host32.exe internat.dll, LoadKeyboardProfile2 00 41Added by a vairant of the DELF.DW TROJAN!106http://it0
1 9servicing0  9hostd.exe1 00 29Added by the  SDBOT.BUI WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BUI&VSect=P0
111hostdll.exe0 11hostdll.exe1 00 59The Troj/Banker-BO TROJAN will add this to steal passwords.58http://www.sophos.com/virusinfo/analyses/trojbankerbo.html0
114WINTASKMANAGER0 13hostdrvXP.exe1 00 12Added by the38W32/Mytob-AX WORM/IRC backdoor trojan!0
111Hostren.exe0 11Hostren.exe1 00 59Added by PWS.BANKER.F,  a variant of the  BANKER-BO TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbo.html0
113Windows Hosts0  9hosts.exe1 00 34Added by the Troj/Kelvir-O TROJAN!57http://www.sophos.com/virusinfo/analyses/trojkelviro.html0
1 8hostserv0 12hostserv.exe1 00134Added by the W32/Rbot-AIH  worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaih.html0
122Windows Host32 Starter0 12hostserv.exe1 00 12Added by the38W32/Sdbot-WU WORM/IRC backdoor trojan!0
112HostSVC syse0 11HostSVC.exe1 00142Added by the W32/Rbot-ANZ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanz.html0
119Windows Host Device0 11hostsvc.exe1 00 26Added by the ZOOTY-A WORM!55http://www.sophos.com/virusinfo/analyses/w32zootya.html0
1 7WINTASK0  7hot.exe1 00 49Added by the WORM_MYTOB.NM worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ENM&VSect=T0
1 6hot_br0 10Hot_br.exe1 00 12Added by the56Dial/Dialer-G TROJAN, found in the Program Files folder.0
1 8Hot_Kiss0 12Hot_Kiss.exe1 00 21Adult content dialler 01
1 9Hot_Tarts0 13Hot_Tarts.exe1 00 21Adult content dialler 01
112Hot_Tarts_**0 16Hot_Tarts_**.exe1 00 60Premium rate adult content dialer (where * is a random char) 01
112hot_tarts_au0 16Hot_Tarts_Au.exe1 00 34Premium rate adult content dialler 01
112hot_tarts_mc0 16Hot_Tarts_mc.exe1 00 47Wink/HotTarts premium rate adult content dialer41http://www.doxdesk.com/parasite/Wink.html0
112Hot_Tarts_nz0 16Hot_Tarts_nz.exe1 00 36Added by the Dial/MPB-A porn dialer.54http://www.sophos.com/virusinfo/analyses/dialmpba.html0
112HotAction_hr0 16hotaction_hr.exe1 00 41Added by the Dial/SiteIcon-B porn Dialer.59http://www.sophos.com/virusinfo/analyses/dialsiteiconb.html0
311Hot Corners0  8Hotc.exe1 00124Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"37http://www.southbaypc.com/HotCorners/0
2 6PLFFAP0 18HotfixQ0306270.exe1 00177Used by various key-chain USB drive's software for detecting and syncing the usb drive when inserted or retained. The flash drive works either way and the resources are minimal. 01
3 8HOTFOON20 18hotfoon4[1].exe /h211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 6HotIDE0 10hotide.exe1 00101HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks 01
4 5load=0 10hotkey.exe1 00 58Solo 5300 display driver for Win2K on some Gateway laptops 01
3 9HotkeyApp0 13HotkeyApp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
110CPQHotKeys0 13hotkeysvc.exe1 00139Added by the W32/Rbot-XA WORM, which allows exploitation by a remote attacker over IRC channels.  It is found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotxa.html0
212Hot Party 220 13hotpart22.exe1 00  2?? 01
1 6HotPix0 10hotpix.exe1 00 21Adult content dialler 01
1 7hotplug0 11hotplug.exe1 00 28Added by the SILLYDL TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=395740
111hotsurprise0 15HotSurprise.exe1 00 33Premium rate adult content dialer 01
215HotSync Manager0 11hotsync.exe1 00171Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing.  Available via Start - Programs 01
315HotSync Manager0 11HOTSYNC.EXE1 00 64HotSync® Manager 3.1.1, Palm, Inc.. HotSync® Manager Application 01
315HotSync Manager0 11HOTSYNC.EXE125StartUp menu\Current user0 78HotSync® Manager, Palm Desktop 4.1.0, Palm, Inc.. HotSync® Manager Application39http://www.absolutestartup.com/startup/1
215HotSync Manager0 18Hotsync.exe -logon2 00  0 01
218eFax.com Tray Menu0 11HotTray.exe1 00136eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start - Programs. Disabling instructions available here34http://www.efax.com/help/index.asp0
212j2 Tray Menu0 11HotTray.exe1 00136eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start - Programs. Disabling instructions available here34http://www.efax.com/help/index.asp0
110hotwetlove0 14hotwetlove.exe1 00 82Adult content dialler. Will not uninstall - components have to be manually deleted 01
3 9HoverDesk0 13HoverDesk.exe1 00 40HoverDesk - desktop replacement software25http://www.hoverdesk.net/0
1860000 - C:\Documents and Settings\Owner\Start Menu\Programs\hp deskjet 960c series v3.20 27hp deskjet 960c series v3.2215HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
411HPLJ Config0 47HP LaserJet 1300 -pn "" -n 0 -l 1033 -sl 1200002 00 77SetConfig Application 2, 0, 0, 0, Hewlett-Packard Inc.. SetConfig Application 01
311hptvnow.exe0  9HP TV Now2 00164Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) - user's choice! 01
219hpWirelessAssistant0 25HP Wireless Assistant.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
319hpwirelessassistant0 25HP Wireless Assistant.exe2 00227The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices. 01
110HP Deskjet0 18HP_DeskJet_500.exe1 00 28Added by the FORBOT-DA WORM!60http://www.sophos.com.au/virusinfo/analyses/w32forbotda.html0
312HPLogiFinder0 13hp_finder.exe1 00118HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used 01
020Main Executable (HP)0 12HP05T0R5.exe1 00 79HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do? 01
1 3Bgi0  7Hpb.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 3Bgi0  7Hpb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
316HP Status Server0 10hpboid.exe1 00  2?? 01
313TomcatStartup0 12hpbpsttp.exe111HKEY_LM\Run0 66Hewlett-Packard ProxyStop3 2, 0, 0, 3, Hewlett-Packard. ProxyStop339http://www.absolutestartup.com/startup/1
413TomcatStartup0 12hpbpsttp.exe1 00254Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. The Apache Tomcat server is required for the HP Toolbox software to run, as well as scanning across the network when using HP multifunction devices like the Laserjet 3015 All-in-One. 01
417TomcatStartup 2.50 12hpbpsttp.exe1 00  0 01
212HP CD Writer0 12hpcdtray.exe1 00 80System Tray access to a HP CD-Writer's functions. Available via Start - Programs 01
2 9HP CD-DVD0 12hpcdtray.exe1 00 80System Tray access to a HP CD-Writer's functions. Available via Start - Programs 01
220HP Component Manager0 12hpcmpmgr.exe1 00194Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" 01
1 7wXEAbxb0 11hpcpttp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214HP Simple Trax0 10Hpcron.exe1 00139Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -&gt; Programs or Desktop Icon 01
219HP Display Settings0 12hpdisply.exe1 00131Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message 01
219HP Display Settings0 15hpdisply.exe /s211HKEY_LM\Run0 73Hewlett-Packard HpDisplay Settings 1, 11, 0, 0, Hewlett-Packard. hpdisply39http://www.absolutestartup.com/startup/1
2 8DJREGFIX0 14hpdjregfix.reg1 00265DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers 01
1 4HPNT0  9hpdll.exe1 00 63Unknown adware. Found in the C:\Program Files\hpdll\ directory. 01
111000hpdllhos0 13hpdllhost.exe1 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
118windows hp drivers0 10hpdmws.exe1 00 23Added by the  SDBOT.AQU86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AQU&VSect=T0
1 8hpdriver0 12hpdriver.sys1 00134Added by the W32/Tilebot-AI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotai.html0
2 41:000  9hpdrv.exe1 00 69HP utility for monitoring when and how many recoveries have been done 01
2 4run=0  8hpfsched1 00218HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature 01
2 8hpfsched0 12hpfsched.exe1 00  0 01
2 8hpgs2wnd0 12hpgs2wnd.exe1 00167&quot;HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites.&quot; Available via Start -&gt; Programs66http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm0
229Share-to-Web Namespace Daemon0 12hpgs2wnd.exe1 00263HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites. In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start - Programs66http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm0
229Share-to-Web Namespace Daemon0 12hpgs2wnd.exe111HKEY_LM\Run0 60Hewlett-Packard hpgs2wnd 2,4,0,26, Hewlett-Packard. hpgs2wnd39http://www.absolutestartup.com/startup/1
3 8Hpha1mon0 12Hpha1mon.exe1 00142Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature. 01
3 8HPHAxMON0 12HPHAxMON.EXE1 00321Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon** (where ** is the version number) from version 4 onwards 01
3 8HPHmon**0 12HPHMON**.EXE1 00324Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don't use the reader 01
3 8hphmon030 12hphmon03.exe1 00 80Related to the Hewlett-Packard Photosmart's configuration and diagnostics module 01
3 8HPHmon030 12hphmon03.exe111HKEY_LM\Run0 47hp photosmart 3,4,13, Hewlett-Packard. HPHa3mon39http://www.absolutestartup.com/startup/1
3 8HPHmon040 12hphmon04.exe1 00141Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature 01
3 8HPHmon050 12hphmon05.exe111HKEY_LM\Run0 46HP Photosmart 5,1,7, Hewlett-Packard. HPHmon0539http://www.absolutestartup.com/startup/1
2 8HPHmon060 12HPHMON06.EXE1 00107Related to the Hewlett Packard software HP Photosmart software that is bundled with many of their printers. 01
3 8HPHmon060 12hphmon06.exe111HKEY_LM\Run0 47HP Photosmart 6,0,72, Hewlett-Packard. HPHmon0639http://www.absolutestartup.com/startup/1
1 6Hphome0  9hphome.js1 00 17Homepage hijacker 01
310PreloadApp0 11hphprld.exe1 00 26HP Printer driver related? 01
2 5setup0 25hphprld.exe ....setup.exe2 00 56HP DeskJet Setup - printers function normally without it 01
3 8HPHUPD**0 12hphupd**.exe1 00112HP software update checker and wizard launcher. ** represents the version number. Available via Start - Programs 01
2 8hphupd040 12hphupd04.exe1 00 89HP Photosmart software update checker and wizard launcher. Available via Start - Programs 01
3 8HPHUPD040 12hphupd04.exe111HKEY_LM\Run0 47hp photosmart 4,2,41, Hewlett-Packard. HPHupd0439http://www.absolutestartup.com/startup/1
3 8HPHUPD050 12hphupd05.exe111HKEY_LM\Run0 46HP Photosmart 5,1,7, Hewlett-Packard. HPHupd0539http://www.absolutestartup.com/startup/1
0 8HPHUPD060 12hphupd06.exe1 00 70Part of the Hewlett Packard printer drivers. Is this necessary to run? 01
3 8HPHUPD060 12hphupd06.exe111HKEY_LM\Run0 47HP Photosmart 6,0,72, Hewlett-Packard. HPHupd0639http://www.absolutestartup.com/startup/1
2 5CXMon0 15Hpi_Monitor.exe1 00132Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start - Programs 01
2 5CXMon0 15Hpi_Monitor.exe111HKEY_LM\Run0 83HP PhotoSmart Software 3.9.0.0, Hewlett-Packard Company. Device Monitor Application39http://www.absolutestartup.com/startup/1
312zzz-hpi-boot0 12hpi-boot.exe1 00 38Associated with HP Photosmart printers 01
314HP IDScheduler0 12HPIDSCHD.exe1 00 29HP Instant Delivery Scheduler 01
3 5exmon0 14hpimoniter.exe1 00 71Some kind of hp digital camera maybe or a photo smart connection probe? 01
215HP JetDiscovery0 12HPJETDSC.EXE1 00 74HP JetAdmin software which monitors printing jobs on a network environment 01
428JetAdmin Discovery Indicator0 12HPJETDSC.EXE1 00264HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator 01
310hpjsiroute0 11hpjsira.exe1 00122Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2" 01
4 6HpLamp0 10HPLAMP.EXE1 00123HP Scanner Utility that controls your scanner’s light bulb. Needed if it's switched on. Also refer here for troubleshooting94http://www.hp.com/cgi-bin/cposupport/get_doc.pl?SNI=hpscanjet320506&LC=scanners&Tfile=nps050420
3 7hplampc0 11hplampc.exe1 00 76HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off 01
123Hewlett Packard Manager0 13hpmanager.exe1 00133Added by the W32/Mytob-ET worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobet.html0
217HP Precision Scan0 12hpmdlbwx.exe1 00 89HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required 01
3 7HpMmKbd0 11HpMmKbd.exe1 00119HP’s multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard 01
4 3hpn0  7hpn.sys1 00 46NetRAID-4M Miniport driver added by Microsoft. 01
325HP Network Registry Agent0  9hpnra.exe1 00  2?? 01
016VDI Manager (HP)0 13HPO0VDX05.exe1 00 52HP (Hewlett-Packard) related. Now - what does it do? 01
338HPAiODevice(hp officejet v series) - 10 33hpoant07.exe -DeviceID 1119130605222StartUp menu\All users0 86hp officejet v series A.14.04.06, Hewlett-Packard Co.. HP OfficeJet COM Device Objects39http://www.absolutestartup.com/startup/1
334HPAiODevice(hp officejet g series)0 12hpoavn07.exe1 00105HP Printer related,  reportedly lets file transfers from an HP device pass files through Windows firewall 01
318hp psc 2000 Series0 12hpobnz08.exe1 00119System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start 01
233HPAiODevice(hp psc 900 series) -10 12hpobrt07.exe1 00172Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry 01
2 8hpodblia0 12hpodblia.exe1 00114HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually 01
211hpaiodevice0 12hpodev07.exe1 00466Direct from HP - &quot;Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when &quot;portable&quot; is chosen during installation)&quot;. Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to &quot;hpodir07.exe&quot; works just fine if you need to use the scanner 01
2 8hpodlb080 12hpodlb08.exe1 00114HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually 01
220HPAIO_PrintFolderMgr0 12hpoopm07.exe1 00381Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner 01
014officejet 61000 12hposol08.exe1 00 66Associated with a HP PSC2110 (and maybe others) all-in-one machine 01
314officejet 61000 12hposol08.exe122StartUp menu\All users0111hp digital imaging - hp all-in-one series 002.000.000.169, Hewlett-Packard Co.. HP OfficeJet COM Device Objects39http://www.absolutestartup.com/startup/1
331HP OfficeJet Series xxx Startup0 12HPOSTR03.EXE1 00 47xxx represents the series number - such as 700. 01
331HP OfficeJet Series xxx Startup0 12HPOstr05.exe1 00 47xxx represents the series number - such as 700. 01
315DeviceDiscovery0 12hpotdd01.exe1 00237Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" 01
315DeviceDiscovery0 12hpotdd01.exe1 00 62Hewlett-Packard hpotdd01 1, 0, 0, 1, Hewlett-Packard. hpotdd01 01
412hpotdd01.exe0 12hpotdd01.exe1 00237Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" 01
314HP AutoIndexer0 18hppautoindexer.exe1 00181Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup 01
321HP Laser Jet Director0 15hppdirector.exe1 00200System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc 01
116hp photo manager0 18HPPhotoManager.exe1 00 29Added by the  SDBOT.AXU WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXU&VSect=T0
3 5hpppt0 15hpppt.exe /ICON211HKEY_LM\Run0112HP ScanJet Parallel Port Test Utility 1, 0, 1, 0, Hewlett-Packard Company. HP ScanJet Parallel Port Test Utility39http://www.absolutestartup.com/startup/1
4 6hpppta0 10HPPPTA.exe1 00 44HP parallel port driver for certain hardware 01
122Win USB 2.0 USB Driver0 11HPPrint.exe1 00 29Added by the SPYBOT.DNB WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dnb.html0
120HP32X Printer driver0 14hpprintdrv.sys1 00 44Added by the Troj/Haxdoor-AU rootkit Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorau.html0
1 8hpprintx0 12hpprintx.dll1 00 36Added by the Troj/Haxdoor-AU Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorau.html0
2 8HPPROPTY0 12HPPROPTY.EXE1 00 19HP LaserJet Toolbox104http://h20
315HP SchedIndexer0 19hppschedindexer.exe1 00181Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup 01
315HP SchedIndexer0 19hppschedindexer.exe111HKEY_LM\Run0 74HP LaserJet 3300 1, 0, 12, 222, Hewlett-Packard. HP LaserJet 3300 Software39http://www.absolutestartup.com/startup/1
221HP Parallel Port Test0  8hppt.exe1 00 36Associated with a HP ScanJet scanner 01
3 8HPPWRSAV0 12HPPWRSAV.EXE1 00282Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch17http://www.hp.com0
010CamMonitor0 11hpqcmon.exe1 00 38From HP and related to digital imaging 01
0 7hpqcmon0 11hpqcmon.exe1 00 38From HP and related to digital imaging 01
410CamMonitor0 11hpqcmon.exe111HKEY_LM\Run0 56HpqCmon Application 2.0.0.133, . HpqCmon MFC Application39http://www.absolutestartup.com/startup/1
224hp image zone fast start0 12hpqthb08.exe1 00194Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time 01
224HP Image Zone Fast Start0 15hpqthb08.exe -s2 00 93hp digital imaging - hp all-in-one series 053.000.013.000, Hewlett-Packard Co.. HP Image Zone 01
324HP Image Zone Fast Start0 15hpqthb08.exe -s222StartUp menu\All users0 93hp digital imaging - hp all-in-one series 045.004.157.000, Hewlett-Packard Co.. HP Image Zone39http://www.absolutestartup.com/startup/1
226HP Digital Imaging Monitor0 12hpqtra08.exe1 00106hp digital imaging - hp all-in-one series 053.000.013.000, Hewlett-Packard Co.. HP Digital Imaging Monitor 01
226hp digital imaging monitor0 12hpqtra08.exe1 00 65HP digital imaging monitor;  can apparently be launched manually. 01
326HP Digital Imaging Monitor0 12hpqtra08.exe122StartUp menu\All users0106hp digital imaging - hp all-in-one series 045.004.157.000, Hewlett-Packard Co.. HP Digital Imaging Monitor39http://www.absolutestartup.com/startup/1
312HP ScanPatch0 13HPScanFix.exe1 00197Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting 01
122IPOT USB Service DRV320 12hpsebc08.exe1 00134Added by the W32/Sdbot-WH WORM/IRC backdoor Trojan, it also drops a file named msdirectx.sys in the folder it was originally run from.56http://www.sophos.com/virusinfo/analyses/w32sdbotwh.html0
123IPOT USB Service DRIVER0 13hpsebc087.exe1 00111A Sdbot Trojan variant will add this file, and also another detected as Troj/NtRootK-F, the file msdirectx.sys.56http://www.sophos.com/virusinfo/analyses/w32sdbotwa.html0
1 9HpPrinter0 12HPSERVER.EXE1 00 43Added by Troj/CmjSpy-T , a backdoor TROJAN!57http://www.sophos.com/virusinfo/analyses/trojcmjspyt.html0
2 8hpsjbmgr0 12hpsjbmgr.exe1 00242HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment 01
313HPSCANMonitor0 11hpsjvxd.exe1 00106HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner 01
214HP ScanPicture0 12hpsplmwa.exe1 00 89HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required 01
017hp Silent Service0 11HpSrvUI.exe1 00 10HP related 01
417hp Silent Service0 11HpSrvUI.exe111HKEY_LM\Run0 69hp Service Application 1, 0, 0, 3, Hewlett-Packard Co.. hp UI Service39http://www.absolutestartup.com/startup/1
2 7HPStart0 11hpstart.wsf1 00147This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot 01
2 9HP Status0 12hpstatus.exe1 00 28HP Printer Status and Alerts 01
124SyBot v2.1 By Sky-Dancer0  8HPSV.exe1 00 30Added by the W32.Zotob.I worm.72http://www.sarc.com/avcenter/venc/data/w32.zotob.i.html#technicaldetails0
110hp service0  9hpsys.exe1 00198Added by the W32/Codbot-AF worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer. This will also create the file %Temp%terminate.bat.57http://www.sophos.com/virusinfo/analyses/w32codbotaf.html0
2 8hpsysdrv0 12hpsysdrv.exe111HKEY_LM\Run0 54hpsysdrv 1, 7, 0, 0, Hewlett-Packard Company. hpsysdrv39http://www.absolutestartup.com/startup/1
3 8hpsysdrv0 12hpsysdrv.exe1 00 54hpsysdrv 1, 7, 0, 0, Hewlett-Packard Company. hpsysdrv 01
3 8hpsysdrv0 12hpsysdrv.exe1 00606This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working 01
216Display Settings0 11hptasks.exe1 00 98Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers 01
216Display Settings0 14hptasks.exe /s2 00 75Hewlett-Packard HP Notebook Utilities 1, 14, 0, 3, Hewlett-Packard. hptasks 01
316HP Tray Icon WMI0 14HPTrayIcon.exe111HKEY_LM\Run0 85hp toptools for desktops 5.6, Hewlett-Packard Co.. hp toptools for WMI Implementation39http://www.absolutestartup.com/startup/1
3 9HP TV Now0 11hptvnow.exe1 00164Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) - user's choice! 01
0 7cetihpz0 12hpuiprot.dll1 00 25Installed by HP Printers. 01
017HP Visualize Init0 12HpVisIni.exe1 00 30HP Visualize software related. 01
2 5load=0 10HPWHRC.EXE1 00 61Loads the Status Window software for the HP Laserjet printers 01
115Win Drivers SSL0  8hpws.exe1 00 38Added by the  WIN32/IRCBOT.67098 WORM!70http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=20850
117Win Drivers SSL320 13hpwsnnsbc.exe1 00 68Added by the W32/Sdbot-VG WORM!  Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvg.html0
211HPWebUpdate0 11hpwucli.exe115HKEY_CU\RunOnce0 80HP Software Update Client 3, 0, 4, 2, Hewlett-Packard. HP Software Update Client39http://www.absolutestartup.com/startup/1
218HP software update0 12HPWuSchd.exe1 00 85HP software updates. If a shortcut doesn't exist, create your own and run it manually 01
318HP Software Update0 12HPWuSchd.exe111HKEY_LM\Run0 62Hewlett-Packard hpwuSchd 1, 0, 0, 3, Hewlett-Packard. hpwuSchd39http://www.absolutestartup.com/startup/1
218HP software update0 13HPWuSchd2.exe1 00 84HP software updates. If a shortcut doesn't exist create your own and run it manually 01
318HP Software Update0 13HPWuSchd2.exe111HKEY_LM\Run0113hp digital imaging - hp all-in-one series 050.000.146.000, Hewlett-Packard Co.. Hewlett-Packard Product Assistant39http://www.absolutestartup.com/startup/1
416pml driver hpz120 12HPZipm12.exe1 00 93Used by HP Printer/Scanner/Copier printers to prevent Windows from entering hibernation mode. 01
2 7HPZTS040 11hpzts04.exe1 00 72Hewlett Packard printer toolbox shortcut that resides in the system tray 01
114Windows Update0 12hpztsb02.exe1 00 33Added by the Troj/Bancd-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojbancdc.html0
320HPDJ Taskbar Utility0 12hpztsb04.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
320HPDJ Taskbar Utility0 12hpztsb05.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
220HPDJ Taskbar Utility0 12hpztsb06.exe1 00 99Hewlett Packard utility installed with HP Deskjet printers to do maintenance tasks and diagnostics. 01
220HPDJ Taskbar Utility0 12hpztsb07.exe1 00131This program will add a system tray icon to your taskbar that will assist in diagnosing problems with your Hewlett Packard printer. 01
320HPDJ Taskbar Utility0 12hpztsb07.exe111HKEY_LM\Run0 25HP DeskJet 2,140,0,0, HP.39http://www.absolutestartup.com/startup/1
320HPDJ Taskbar Utility0 12hpztsb08.exe111HKEY_LM\Run0 25HP DeskJet 2,223,0,0, HP.39http://www.absolutestartup.com/startup/1
220HPDJ Taskbar Utility0 12hpztsb09.exe1 00 99Hewlett Packard utility installed with HP Deskjet printers to do maintenance tasks and diagnostics. 01
320HPDJ Taskbar Utility0 12hpztsb09.exe111HKEY_LM\Run0 25HP DeskJet 2.245.1.0, HP.39http://www.absolutestartup.com/startup/1
320HPDJ Taskbar Utility0 12hpztsb10.exe111HKEY_LM\Run0 25HP DeskJet 2.323.0.0, HP.39http://www.absolutestartup.com/startup/1
320HPDJ Taskbar Utility0 12hpztsbol.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
320HPDJ Taskbar Utility0 12hpztsd02.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
112HQI Services0 12hqisvc32.exe1 00 12Added by the32W32/Agobot-RO WORM/IRC backdoor!0
112HQI Services0 12hqlsvc32.exe1 00 12Added by the39W32/Agobot-RP WORM/IRC backdoor trojan!0
1 7MSTasks0  9hqybe.exe1 00 40Added by the Troj/Ranck-DS proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckds.html0
3 2HR0  6Hr.exe1 00173Added by the Spyware.HiddenRecorder spyware.  This programs periodically takes screenshots of your activity.  If you did not install this program, then it should be removed.66http://www.sarc.com/avcenter/venc/data/spyware.hiddenrecorder.html0
1 7Hrn_qtv0 12hrnsvc32.exe1 00133Added by the W32/Sdbot-AET worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaet.html0
1 6hrxbgf0 10hrxbgf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7hsouvtt0 11hsouvtt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 9Live Menu0 37HsPfcW32.dll,JSPFCWSetHooking,1,0,0,01 00107eFax Messenger Plus (tm) 3.0.0.0, j2 Global Communications, Inc.. eFax Messenger Plus - DLL Command Utility 01
1 5hssvc0  9hssvc.exe1 00 55Added by the SecurityRisk.HubSafe information gatherer.64http://www.sarc.com/avcenter/venc/data/securityrisk.hubsafe.html0
3 9megapanel0 11HSTrans.exe1 00 72Added by the Homescan Internet Transporter - part of  ACNielson_Homescan53http://www2.acnielsen.com/products/cps_homescan.shtml0
128Remote Administrator Service0 12HSTSVC32.EXE1 00 43Added by the Troj/Remadm-M backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojremadmm.html0
013HsuGuiControl0 17HsuGuiControl.exe1 00 67Part of the Starband Internet satellite client.  Is this necessary? 01
1 7hsxgtjs0 11hsxgtjs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110WinUpdatea0  8hta1.hta111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 12htmlsync.exe1 00 44Added by the Troj/Chorus-A browser hijacker.57http://www.sophos.com/virusinfo/analyses/trojchorusa.html0
3 7HTpatch0 11htpatch.exe1 00197HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6% 01
1 6htproc0 12htproc32.dll1 00106Identified as a variant of the Trojan.Psw.Lineage.Sk password-stealing Trojan for the online game Lineage. 01
1 8htrvrscx0 12htrvrscx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117Internet Explorer0  8http.exe1 00606Added as part of a new potential CWS infection.  This program is part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge.Br /br /bThese files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information.  It should be deleted immediately and you should enable your firewall./bbr /br /The shttps directory should be removed in its entirety from safe mode and then you should contact your financial services and report the issue and have passwords changed. 01
116Microsoft Status0  8http.exe1 00132Added by the W32/Rbot-AML worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaml.html0
1 9https-ssl0  9https.exe1 00 26Added by the MOEGA.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.d.html0
1 5htwmn0  9htwmn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6huhdir0 10huhdir.exe1 00  2?? 01
3 8voowsmcr0 10huhdir.exe1 00  0 01
1 6huhukp0 10huhukp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7huuaohh0 11huuaohh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5myhuy0  7huy.exe1 00 32Added by the W32/Blaster-C worm.57http://www.sophos.com/virusinfo/analyses/w32blasterc.html0
1 5myhuy0  8huy2.exe1 00 32Added by the W32/Blaster-L worm.57http://www.sophos.com/virusinfo/analyses/w32blasterl.html0
1 8huySosat0 12huysosat.exe1 00 42Added by the Troj/Mdrop-RG dropper Trojan.57http://www.sophos.com/virusinfo/analyses/trojmdroprg.html0
1 4Hvid0  8Hvid.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
221Cryptographic Service0  9hvohv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Hardware Clock Driver0 11HWCLOCK.EXE1 00 12Added by the79W32/Hwbot-A WORM/IRC backdoor as a new service, it's servicename being Hwclock.0
1 8hwdetect0 12hwdetect.exe1 00 35Added by the Troj/MancSyn-B Trojan.58http://www.sophos.com/virusinfo/analyses/trojmancsynb.html0
315Hardware Doctor0 12Hwdoctor.exe1 00247Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems 01
1 4hwhw0  8hwhw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7HWINFO*0  7HWINFO*1 00 55Added by the  PUROL WORM! where * is a random character75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.purol.html0
1 3hws0  7hws.exe1 00107Added by  Troj/StartPa-CT Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)59http://www.sophos.com/virusinfo/analyses/trojstartpact.html0
322hawking hwu54g utility0 10HWU54G.exe1 00 68Related to Hawking  Technologies  HWU54G Mini Wireless-G USB Adapter27http://www.hawkingtech.com/0
116Hardware Profile0  9hxdef.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
116Soft Profile Inc0 12hxdef.exe...1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 8HXDL.EXE0  8HXDL.EXE1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
1 9HXIUL.EXE0  9HXIUL.EXE1 00166Also known as "HelpExpress". Will install itself if you have previously had Attune by Aveo installed as they're by the same company. Uninstall via Add/Remove programs 01
115[various names]0 11hyandex.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
325HydraVisionDesktopManager0 11HydraDM.exe111HKEY_LM\Run0 91ATI Technologies Inc. HydraVision Desktop Manager 3.25.0006, ATI Technologies Inc.. HydraDM39http://www.absolutestartup.com/startup/1
1 8runhyper0 10hyperx.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 4test0 14i love you.exe2 00 51Added by the Troj/Singu-T password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojsingut.html0
215CorelCENTRAL 100 13I_26dadCC.exe1 00135CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start - Programs108http://ww0
215CorelCENTRAL 100 22I_26dadCC.exe /startup2 00  0 01
1 8rate.exe0 12i11r54n4.exe1 00 76Added by the BEAGLE.E or BEAGLE.F or BEAGLE.G or BEAGLE.H or BEAGLE.I WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.E@mm.html0
1 4I3860  8I386.exe1 00 27Added by the  MYPOWER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mypower.b@mm.html0
1 5i386p0  9I386P.SYS1 00 39Added by the Backdoor.Rustock backdoor.77http://www.sarc.com/avcenter/venc/data/backdoor.rustock.html#technicaldetails0
118Config Loadatiorin0 14I3Explorer.exe1 00 28Added by the SDBOT.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html0
0 8I81SHELL0 12I81SHELL.exe1 00 89Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard 01
3 9i8kfangui0 13i8kfangui.exe1 00 41Graphical interface for fan speed control 01
3 9i8kfangui0 22I8kfanGUI.exe /startup2 00 87I8kfanGUI Application 2.2.0, Christian Diefer. Dell Inspiron 8000/8100/8200 fan control 01
113IntruderAlert0  8ia99.exe1 00 39Intruder Alert '99 from Bonzi - spyware56http://www.safersite.com/PestInfo/db/i/internetalert.asp0
3 8IAAnotif0 12iaanotif.exe1 00352IAA Event Monitor User Notification Tool - part of  Intel® Application Accelerator - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed42http://www.intel.com/support/chipsets/iaa/0
3 8IAAnotif0 12iaanotif.exe111HKEY_LM\Run0 94IAA RAID Event Monitor 4.0.0.6211, Intel Corporation. IAA Event Monitor User Notification Tool39http://www.absolutestartup.com/startup/1
1 8ialkdqea0 12ialkdqea.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
326Internet Answering Machine0  7IAM.exe1 00134From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access24http://www.callwave.com/0
326Internet Answering Machine0 14IAM.exe -start2 00 81CallWave Service 3.07.9 (13-May-2005), CallWave, Inc.. Internet Answering Machine 01
4 6iamapp0 10iamapp.exe1 00139AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well 01
4 6iamapp0 10IAMAPP.EXE111HKEY_LM\Run0 62Norton Internet Security 4.0, Symantec Corporation. IAMAPP.EXE39http://www.absolutestartup.com/startup/1
326Internet Answering Machine0 12IAMNET~1.EXE1 00136From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access24http://www.callwave.com/0
3 3Iap0  7iap.exe1 00247Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely? 7#FF00000
3 3ias0  7ias.exe1 00 92InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!69http://www.symantec.com/avcenter/venc/data/spyware.invisibleaspy.html0
1 7IASHLPR0 11IASHLPR.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
142Local Security Authority Subsystem Service0  8Iass.exe1 00 50Added by the W32/Tilebot-CA worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotca.html0
124Microsoft media services0  9Iassd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
139Microsoft Internet Acceleration Utility0  7iau.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
1 4iauo0  8iauo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6RenolB0  6ib.exe1 00  2?? 01
324ibwin background process0 15IBackground.exe1 00 19IBackup for Windows36http://www.ibackup.com/ibwin_new.htm0
324IBWin Background process0 15IBackground.exe111HKEY_LM\Run0 60IBWin Background Process 9.00.0005, Pro-softnet Corporation.39http://www.absolutestartup.com/startup/1
323Iomega Automatic Backup0 11ibackup.exe1 00 76Iomega Automatic Backup - automatic backups for use with Iomega portable HDD113http://www0
323Iomega Automatic Backup0 11ibackup.exe1 00 56Iomega Automatic Backup 1, 0, 2, 52, Iomega Corporation. 01
329Iomega Automatic Backup 1.0.10 11ibackup.exe1 00 76Iomega Automatic Backup - automatic backups for use with Iomega portable HDD113http://www0
119instant buzz daemon0 12IBDaemon.exe1 00 19Instant_Buzz adware50http://www.publishingcentral.com/news.php?story=720
1 3ibm0  7ibm.exe1 00 35Added by the Troj/LegMir-AH trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirah.html0
1 5Shell0 12ibm00001.exe1 00 34Added by the Troj/Torpig-C Trojan.57http://www.sophos.com/virusinfo/analyses/trojtorpigc.html0
327IBMUltraBayHotSwapCPLLoader0 12IBMBAY2N.EXE1 00 73Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops 01
023IBMUltraBayHotSwapSound0 12IBMBAYSN.EXE1 00123Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound? 01
211ibmmessages0 15ibmmessages.exe1 00 49Access IBM Message Center 1.102, IBM. ibmmessages 01
211ibmmessages0 15ibmmessages.exe1 00210Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport" 01
211ibmmessages0 15ibmmessages.exe111HKEY_CU\Run0 49Access IBM Message Center 2.012, IBM. ibmmessages39http://www.absolutestartup.com/startup/1
310Ibmmon.exe0 10Ibmmon.exe1 00  2?? 01
313ibwin monitor0 13IBMonitor.exe1 00 19IBackup for Windows36http://www.ibackup.com/ibwin_new.htm0
313IBWin Monitor0 17IBMonitor.exe Min211HKEY_LM\Run0 54IBWin Monitor v3.2 9.00.0002, Pro-Softnet Corporation.39http://www.absolutestartup.com/startup/1
3 8Ibmpmsvc0 12ibmpmsvc.exe1 00295Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 &amp; F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes 01
3 6IBMPRC0 10ibmprc.exe111HKEY_LM\Run0 60ibmprc Application 1, 0, 0, 1, IBM Corp.. ibmprc Application39http://www.absolutestartup.com/startup/1
112Shmgrate.exe0  9ibot4.exe1 00 27Added by the GASTER TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gaster.html0
1 3Ibs0  7ibs.exe1 00102The Troj/HideDial-B  TROJAN adds this, and downloads a third-party dialler application to C:\MISB.EXE.59http://www.sophos.com/virusinfo/analyses/trojhidedialb.html0
312InstallBuddy0  9Ibtna.exe1 00185InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync58http://www.bluenomad.com/ib/prod_installbuddy_details.html0
4 6icabar0 10icabar.exe1 00 27Related to Citrix MetaFrame 01
1 8icasserv0 12icasServ.exe1 00 51Browser hijacker, redirecting to Searchforfree.info 01
1 7iccmdsd0 11iccmdsd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9iccontrol0 13iccontrol.exe1 00 57Added by the  ICcontrol premium rate adult content dialer64http://www.symantec.com/avcenter/venc/data/dialer.iccontrol.html0
1 4icgy0  8icgy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6iClean0 10iClean.exe1 00132IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"35http://www.nsclean.com/ieclean.html0
316Integrity Client0 11iclient.exe122StartUp menu\All users0 62Integrity Client 3.5.175.087, Zone Labs Inc.. Integrity Client39http://www.absolutestartup.com/startup/1
4 7Sweep950 12ICLOAD95.EXE1 00 32Part of Sophos ant-virus sofware40http://www.sophos.com/products/software/0
4 3icm0  7ICM.EXE1 00206Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail 01
418InterCheck Monitor0  9Icmon.exe1 00 32Part of Sophos ant-virus sofware40http://www.sophos.com/products/software/0
112NtDIC(ntdic)0 10icntrl.exe1 00 50Added by the W32/Tilebot-EG worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboteg.html0
2 3ICO0  7ICO.EXE1 00213Found on a Sony Vaio laptop and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games 01
321Mouse Suite 98 Daemon0  7ICO.EXE111HKEY_LM\Run0 69MouseSuite 98 1.0.0.0, Primax Electronics Ltd.. Mouse Suite 98 Daemon39http://www.absolutestartup.com/startup/1
111Icon lptt010  8icon.exe1 00175Variant of the  RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
111Icon ml097e0  8icon.exe1 00175Variant of the  RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
322VPN Dialer (OnStartup)0 56Icon3E5562ED.exe -run_only_if_connected -auto_initiation222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
4 8ICONCLNT0 12iconclnt.exe1 00 58APC PowerChute Tray Icon. Associated with the  UPS listing 4#UPS0
3 8ICONDESK0 12ICONDESK.EXE1 00 85Small utility which will allow you the option of hiding or showing your desktop icons 01
313FWD Softphone0 25IconE2A1D22B.ico -startup222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
211Iconfig.exe0 11Iconfig.exe1 00 27Icon for LS-120 "Superdisk" 01
3 7E-Color0 11IconMgr.exe1 00 56E-Color, Inc. IconMgr 1, 0, 0, 1, E-Color, Inc.. IconMgr 01
3 7E-color0 11IconMgr.Exe1 00314Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program 01
3 9LightSurf0 11IconMgr.exe122StartUp menu\All users0 57IconMgr 1, 0, 0, 1, LightSurf Technologies, Inc.. IconMgr39http://www.absolutestartup.com/startup/1
2 7Iconoid0 11Iconoid.exe1 00 33Iconoid is a desktop icon manager34http://www.sillysot.com/index.html0
2 9Iconsaver0 13Iconsaver.exe1 00 35IconSaver is a desktop icon manager35http://www.iconsaver.com/index.html0
126Internet Content Publisher0  7ICP.EXE1 00 31Added by the  W32/RBOT-UD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotud.html0
213Mirabilis ICQ0  7icq.exe1 00133If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -&gt; Programs 01
3 3ICQ0 17Icq.exe -trayboot215HKEY_CU\RunOnce0 30ICQ  2003a Beta, ICQ Inc.. ICQ39http://www.absolutestartup.com/startup/1
118ICQ Messenger 20020 11ICQ2002.exe1 00133Added by the W32/Sdbot-ABL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotabl.html0
1 6runapp0 10icqchk.exe1 00 19Added by the  Bomka73http://securityresponse.symantec.com/avcenter/venc/data/trojan.bomka.html0
116icq chat service0 11icqjdhs.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 8ICQ Lite0 11ICQLite.exe1 00112a target="_blank" href="http://www.icq.com/download/"ICQ Lite - compact version of the popular messaging program 01
2 8ICQ Lite0 21ICQLite.exe -minimize211HKEY_LM\Run0 34ICQLite 1, 0, 0, ICQ Ltd.. ICQLite39http://www.absolutestartup.com/startup/1
2 8ICQ Lite0 21ICQLite.exe -trayboot215HKEY_CU\RunOnce0 42ICQLite 20, 34, 2321, 0, ICQ Ltd.. ICQLite39http://www.absolutestartup.com/startup/1
213Mirabilis ICQ0 10ICQNet.exe1 00133If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -&gt; Programs 01
1 3ICQ0 10ICQNET.vbs1 00 62Added by the VBS.Gormlez@mm infection! Found in the C:\ drive.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
115ICQ Hacking Pro0 10ICQpro.exe1 00 40Added by a variant of the NETSPY TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY0
2 8ICServer0 12Icserver.exe1 00117Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations 01
4 6ICSMGR0 10ICSMGR.EXE1 00128Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you’re sharing the internet on various computers 01
327ICW - Internet Call Waiting0  7Icw.exe122StartUp menu\All users0 69Internet Call Waiting 1.1.0, BellSouth Telecommunications. ICW Client39http://www.absolutestartup.com/startup/1
215SetupICWDesktop0 12icwconn1.exe1 00256Appears to be the &quot;Internet Connection Wizard&quot; from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -&gt; Programs -&gt; Accessories -&gt; Communication (or similar) anyway 01
216^SetupICWDesktop0 21icwconn1.exe /desktop215HKEY_CU\RunOnce0112Microsoft(R) Windows (R) 2000 Operating System 5.00.3502.6602, Microsoft Corporation. Internet Connection Wizard39http://www.absolutestartup.com/startup/1
112stcinstaller0  8id53.exe1 00 32Added by the SCTHOUGHT.L TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCTHOUGHT.L0
1 6ID85250 10ID8525.exe1 00 29Added by the ID8525.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A0
1 6ID85250 11id85255.exe1 00 29Added by the ID8525.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A0
0 3IDA0  7IDA.EXE1 00 59HP related - in a Program FilesHewlett-PackardPC COE folder 01
3 3IDA0  7IDA.EXE1 00 59HP related - in a Program FilesHewlett-PackardPC COE folder 01
329Internet Download Accelerator0  7ida.exe1 00 46Internet Download Accelerator download manager28http://www.westbyte.com/ida/0
329Internet Download Accelerator0 16ida.exe -autorun2 00 74Internet Download Accelerator 4.4, WestByte. Internet Download Accelerator 01
1 6idabaj0 10idabaj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212ID Commander0  9IDCom.exe1 00 60Caller ID utility for identifying incoming telephone numbers 01
1 8intdctrr0 12idctup20.exe1 00 28SafeSurfing parasite variant48http://pestpatrol.com/pestinfo/s/safesurfing.asp0
1 3IDE0  7ide.exe1 00 30Added by the ASSASIN.F TROJAN!66http://www.symantec.com/avcenter/venc/data/backdoor.assasin.f.html0
1 7idecntl0 11idecntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
110IDE Loader0 13IDElibr32.exe1 00 68Added by the XILON TROJAN! Related to the game &quot;Diablo II&quot;77http://securityresponse.symantec.com/avcenter/venc/data/w32.xilon.trojan.html0
3 8iDesktop0 12idesktop.exe1 00 81Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse59http://www.immersion.com/products/ce/generaldownloads.shtml0
3 6detect0 11idetect.exe1 00168iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled41http://www.clasys.com/internet_turbo.html0
3 6Detect0 17iDetect.exe /auto2 00  0 01
115ToPicks Starter0 10Idhost.exe1 00 24ToPicks parasite related44http://www.doxdesk.com/parasite/TOPicks.html0
2 5IDMan0 18IDMan.exe  /onboot2 00133Internet Download Manager (IDM) 5, 0, 2, 2, Internet Download Manager Corp., Tonec Inc. . Internet Download Manager Application (IDM) 01
2 5IDMan0  9IDMan.exe1 00 70Internet Download Manager - download files faster, schedule and resume39http://www.internetdownloadmanager.com/0
2 5IDMan0 17IDMan.exe /onboot2 00133Internet Download Manager (IDM) 4, 0, 1, 0, Internet Download Manager Corp., Tonec Inc. . Internet Download Manager Application (IDM) 01
1 5idqex0  9idqex.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Nbe0  7Idt.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
111IDTemplates0 14IDTemplate.exe1 00 32Added by the W32/Brontok-H worm.57http://www.sophos.com/virusinfo/analyses/w32brontokh.html0
216IDW Logging Tool0 10idwlog.exe1 00144Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems 01
3 6CCWC7I0  8idxl.exe1 00 64Moleculesoft Cache, Cookie & Windows Cleaner Ver. 7 - auto clean39http://www.moleculesoft.se/index2b.html0
117Internet Explorer0  6IE.EXE1 00122Added by W32/Sdbot-VS TROJAN/backdoor.  Remote access, by way of the IRC network, becomes available to unauthorized users.56http://www.sophos.com/virusinfo/analyses/w32sdbotvs.html0
112SystemSearch0  6ie.reg1 00 42Installs a Seachxl.com browser page hijack 01
116[variable names]0  9ie_32.exe1 00 35Added by the Spyware.Acext spyware.57http://www.sarc.com/avcenter/venc/data/spyware.acext.html0
3 7Olympic0 10IE4321.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7olympic0 10IE4321.exe1 00 74Adult content premium rate dialer - also detected as Trojan.Win32.Small.CZ 01
310IECleanAux0 11Ieboot6.exe1 00115IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup35http://www.nsclean.com/ieclean.html0
1 4Ahst0  8iebs.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
2 7iecheck0 11iecheck.exe1 00181Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit225http://www.iconedit2.com/0
211iecheck.exe0 11iecheck.exe1 00182Integrity checker for  IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit225http://www.iconedit2.com/0
1 9[unknown]0 13IECONTROL.EXE1 00142Added by the W32/Sdbot-HO worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotho.html0
3 7IECount0 11IECount.exe111HKEY_CU\Run0 65IECount 3.2, F-Group Software. IECount - internet explorer add-on39http://www.absolutestartup.com/startup/1
1 5iedll0  9iedll.exe1 00 51Homepage hijacker, redirecting to coolwwwsearch.com 01
3 9IE Doctor0 12IEDoctor.exe1 00241IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options" 01
1 8IEDriver0 12IEDriver.exe1 00 93Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze 01
116Config Loadation0 14iEEexplore.exe1 00 28Added by the SDBOT.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html0
110[not used]0 16ieen445F8764.dll1 00 33Added by the Troj/Opnis-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojopnisd.html0
1 8IEengine0  9IEeng.exe1 00 20STARTPAG.AI hijacker80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STARTPAG.AI0
110ieexec.exe0 10ieexec.exe1 00 40Added by an unidentified WORM or TROJAN! 01
126Microsoft IE Execute shell0 10IEExec.exe1 00 30Added by the ALADINZ.N TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.n.html0
127miscrosoft windows explorer0 14IEEXPLORER.exe1 00 37Reported as Win32/IRCBot.worm.74240.J 01
110IEFeatures0 14IEFeatures.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 8IEFilter0 12IEFilter.dll1 00 97Added by the Troj/SrchSpy-A Trojan.br /br /Uses CLSID: b{B9D06F5B-5BF3-4BC5-A58F-D1CD948478CE}/b.58http://www.sophos.com/virusinfo/analyses/trojsrchspya.html0
1 8IefxTray0 12Iefxtray.exe1 00110Added by the  Troj/Bdoor-ZAS. The backdoor can be instructed by remote users to find and read arbitrary files.58http://www.sophos.com/virusinfo/analyses/trojbdoorzas.html0
110ieharv.exe0 10ieharv.exe1 00 53Added by the Troj/Banker-HH password stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerhh.html0
115[Various Names]0 12iehelper.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5Bakra0 10IEHost.EXE1 00 23IEDriver adware variant 01
114IE Java Update0 10iejava.exe1 00 43Added by the Troj/Agent-HD backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagenthd.html0
1 8iekdjuyr0 12iekdjuyr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 2FX0 12ieloader.exe1 00 29Added by the SMALL.RR TROJAN! 01
3 9IEManager0 13IEManager.exe111HKEY_CU\Run0 78IEManager 4.3, F-Group Software. IEManager - tool to control Internet Explorer39http://www.absolutestartup.com/startup/1
323IE New Window Maximizer0 15iemaximizer.exe1 00111IE New Window Maximizer,  see  here - automatically maximize new Internet Explorer and Outlook Express windows.35http://www.jiisoft.com/iemaximizer/0
1 4ieoc0  8ieoc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318IE Privacy KeeperB0 29IEPrivacyKeeper.exe -scleanup211HKEY_LM\Run0 65IE Privacy Keeper 2.0.0.0, UnH Solutions, Inc.. IE Privacy Keeper39http://www.absolutestartup.com/startup/1
1 7ies4dll0 11IES4DLL.DLL1 00291Added by the Trojan.Goldun.G password-stealing Trojan.  This infection will attempt to steal passwords and online bank information.  If you have this infection, it is advised that you change all online bank passwords.  This infection will also create the file called %System%IES4SERVICE.SYS.76http://www.sarc.com/avcenter/venc/data/trojan.goldun.g.html#technicaldetails0
1 5Iesar0  9Iesar.exe1 00 51Browser hijacker - redirecting to an adult web page 01
1 7iesdl4l0 11iesdl4l.dll1 00119Added by the Troj/Haxdoor-AQ backdoor Trojan. This infection also creates the file C:\Windows\System32\iesservice4.sys.59http://www.sophos.com/virusinfo/analyses/trojhaxdooraq.html0
112Iesearch.exe0 12Iesearch.exe1 00 18LookNSearch adware61http://sarc.com/avcenter/venc/data/pf/adware.looknsearch.html0
119Microsoft IT Update0 10IEserv.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114\IEService.exe0 13IEService.exe1 00 25FastFind parasite variant 01
115[Various Names]0 14iesetupdll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6iesprt0 10IESPRT.SYS1 00118Added by the Troj/Goldun-G password stealing trojan.  If you have this infection you should change all your passwords.57http://www.sophos.com/virusinfo/analyses/trojgoldung.html0
1 8iets.exe0  8iets.exe1 00 33Added by the Troj/Rizon-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojrizond.html0
2 5ietsr0  9ietsr.exe1 00 79IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc35http://www.nsclean.com/ieclean.html0
1 7window20 12ieupdate.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
120IEAgent update check0 11iewatch.exe1 00 34Added by the Troj/Agent-FV Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfv.html0
110iewq32.exe0 10iewq32.exe1 00 36Added by the Troj/Banker-AKW Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankerakw.html0
1 7easywww0 12iewwwint.exe1 00 14EasyWWW adware64http://www.kephyr.com/spywarescanner/library/easywww/index.phtml0
1 7iestart0 13iexp1orer.exe1 00 28Added by the NEMOG.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.c.html0
111iexpand.exe0 11iexpand.exe1 00 60Added by the Trojan.PSW.Platan.5.A password-stealing Trojan.82http://www.sarc.com/avcenter/venc/data/trojan.psw.platan.5.a.html#technicaldetails0
1 6sysres0 13IExpIore .exe2 00 33Added by the  W32.ELITPER.E WORM!64http://www.symantec.com/avcenter/venc/data/w32.elitper.e@mm.html0
119Default web browser0 12IexpIore.exe1 00164Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"59http://www.sophos.com/virusinfo/analyses/trojoblivionb.html0
117Internet Explorer0 12iexpiore.exe1 00132Added by the W32/Rbot-AZC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotazc.html0
110winprofile0 12iexpiore.exe1 00 39Added by a variant of the MONCHER WORM! 01
110WinProfile0 12iexpIore.exe1 00 32Added by the Troj/Chum-C trojan.55http://www.sophos.com/virusinfo/analyses/trojchumc.html0
120Configuration Loader0 12IEXPL0RE.EXE1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 9IEXPL0RER0 13IEXPL0RER.EXE1 00 77Added by the W32/Agobot-QL WORM!  File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotql.html0
1 2[]0 13iexpl0res.exe1 00  0 01
1 9Antivirus0 13iexpl0res.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9iexpl0res0 13iexpl0res.exe1 00164Added by the  RBOT.AEX WORM! - NOTE:  this malware actually changes the default value data of the Registry "Run"  key in order to force Windows to launch it at boot85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEX&VSect=T0
1 8Iexploit0 13Iexploit.html1 00135Added by the VBS.Inker.B@mm mass-mailing worm.  This worm will also swap your mouse buttons, change icons, and lower security settings.75http://www.sarc.com/avcenter/venc/data/vbs.inker.b@mm.html#technicaldetails0
1 6AtxBrw0 11IEXPLOR.exe1 00 21Unidentified Malware. 01
122C:\WINDOWS\IEXPLOR.EXE0 11IEXPLOR.exe1 00  0 01
1 6iexplo0 11iexplor.exe1 00 34Added by the Trojan.Sidea  Trojan.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.sidea.html0
113winsockdriver0 11IEXPLOR.EXE1 00 95Added by the W32/WarPigs-C WORM/IRC backdoor TROJAN!  It is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32warpigsc.html0
1 9IExplorer0 13Iexplor32.exe1 00 97Added by the Troj/Bdoor-BY trojan backdoor.  This infection allows remote access via TCP port 23.57http://www.sophos.com/virusinfo/analyses/trojbdoorby.html0
116macromedia drive0 13Iexplor32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8mssysint0 13Iexplore .exe2 00202Added by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!62http://www.symantec.com/avcenter/venc/data/pwsteal.abchlp.html0
110[not used]0 12iexplore.com1 00 32Added by the Troj/Pcik-A trojan.55http://www.sophos.com/virusinfo/analyses/trojpcika.html0
2 8IEXPLORE0 12IEXPLORE.EXE125StartUp menu\Current user0 93Microsoft® Windows® Operating System 6.00.2900.2180, Microsoft Corporation. Internet Explorer39http://www.absolutestartup.com/startup/1
121$WindowsRegKey%update0 12IEXPLORE.EXE1 00174Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!55http://www.sophos.com/virusinfo/analyses/w32rbotez.html0
1 7cmssapp0 12iexplore.exe1 00 54Added by the Troj/Bancban-DM password-stealing trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbandm.html0
116Explorer Updater0 12IEXPLORE.exe1 00175Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!56http://www.sophos.com/virusinfo/analyses/w32sdbotwo.html0
1 8IEXPLORE0 12iexplore.exe1 00178Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.aphexdoor.html0
1 8Iexplore0 12iexplore.exe1 00174Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxer.html0
117Iexplore Services0 12iexplore.exe1 00195Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
117Iexplore Services0 12iexplore.exe1 00195Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
117Internet Explorer0 12IEXPLORE.EXE1 00174Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!55http://www.sophos.com/virusinfo/analyses/w32rbotey.html0
131Internet Explorer Configuration0 12Iexplore.exe1 00121Added by the http://www.sophos.com/virusinfo/analyses/w32sdbotgib.html Backdoor/Worm!  Found in the Windows system folder13W32/Sdbot-GIB0
112Intespention0 12IEXPLORE.exe1 00133Added by the W32/Forbot-FL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfl.html0
113Java Runtimes0 12iexplore.exe1 00177Added by the KILLAV.B TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.b.html0
1 9Microsoft0 12iexplore.exe1 00 44Added by the Troj/QQRob-R downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobr.html0
112Microsoft IE0 12Iexplore.exe1 00176Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!57http://www.sophos.com/virusinfo/analyses/w32forbotag.html0
127Microsoft Internet Explorer0 12iexplore.exe1 00166Downloader trojan. Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
1 9OPTIMIZER0 12iexplore.exe1 00176Added by the EVIVINC TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html0
118Program in Windows0 12iexplore.exe1 00187Added by a variant of the LOVGATE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
114SerDgeonServer0 12IExplore.exe1 00153Added by the Troj/Feutel-AC backdoor Trojan. Note: this is not the the legitimate iexplore.exe found in the C:\program files\internet explorer directory.58http://www.sophos.com/virusinfo/analyses/trojfeutelac.html0
110ShellRun320 12iexplore.exe1 00 48Added by the Troj/IRCBot-AY IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojircbotay.html0
1 5slide0 12Iexplore.exe1 00176Added by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html0
120System Configuration0 12iexplore.exe1 00176Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.a.d.html0
115Win32 Processer0 12iexplore.exe1 00 52Added by the W32/Agobot-PA WORM/IRC backdoor trojan!57http://www.sophos.com/virusinfo/analyses/w32agobotpa.html0
1 7windows0 12iexplore.exe1 00132Added by the W32/Rbot-UM worm.  When started this infections connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotum.html0
128Windows Configuration System0 12IExplore.exe1 00 48Added by the W32/Rbot-DDG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddg.html0
116Windows Services0 12IEXPLORE.EXE1 00231Added by the W32/Rbot-WE worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.  These infections also log keystrokes, so if you are infected you should change all your passwords.55http://www.sophos.com/virusinfo/analyses/w32rbotwe.html0
122WINDOWS SYSTEM CLEANER0 12iexplore.exe1 00136Added by the W32.Mytob.ET@mm worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.et@mm.html#technicaldetails0
121$WindowsRegKey%update0 12IEXPLORE.EXE111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113MSN Messenger0 12IEXPLORE.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
126Internet Explorer Security0 12iexplore.pif1 00132Added by the W32/Rbot-ALQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalq.html0
1 7cmssapp0 13iexplore_.exe1 00 36Added by the Troj/Bancban-CQ trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbancq.html0
112iexplore.exe0 16iexplore_dbg.exe1 00 69Browser Hijacker to http://default.home and possibly other locations. 01
110IELoader320 14iexplore32.exe1 00 36Added by the  SPEX or  SPEX.B WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.spex.worm.html0
125IExplorer6 Java Scripting0 15IExplore326.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
125IExplorer7 Java Scripting0 15IExplore327.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
126iexplorer32 java scripting0 15IExplore32b.exe1 00 28Added by the  RBOT.ABO WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABO&VSect=P0
127iexplorer32c java scripting0 16IExplore32cb.exe1 00 28Added by the  RBOT.ABN WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABN&VSect=P0
120Configuration Loaded0 13iexploree.exe1 00121Added by the W32/Sdbot-KC worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkc.html0
1 7ALG.EXE0 14iexplorer .exe2 00 32Added by the W32/Demotry-B worm.57http://www.sophos.com/virusinfo/analyses/w32demotryb.html0
1 9iexplorer0 13iexplorer.exe1 00  0 01
1 9IExplorer0 13IExplorer.EXE1 00126Troj/Bancos-BC is a password stealing infection that targets users of Brazlilian banks.  Found in the Program Files directory.58http://www.sophos.com/virusinfo/analyses/trojbancosbc.html0
116iexplorer lptt010 13iexplorer.exe1 00190Variant of the  RapidBlaster parasite (in an &quot;iexplorer&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
116iexplorer ml097e0 13iexplorer.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
117Internet Explorer0 13iexplorer.exe1 00165Added by the LORSIS WORM! Note - the legitimate IE (iexplore.exe) does not figure in Msconfig/Startup unless added manually and this loads from the "RunServices" key76http://securityresponse.symantec.com/avcenter/venc/data/w32.lorsis.worm.html0
125Internet Explorer Updater0 13iexplorer.exe1 00 93Added by the  REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reur.b.html0
1 6irwftp0 13iexplorer.exe1 00 30Added by the BANKER-AN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeran.html0
115kernel32sys.dll0 13IEXPLORER.exe1 00143Added by the W32/Rbot-MK trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotmk.html0
127Microsoft  Associates, Inc.0 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
126Microsoft Associates, Inc.0 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
114Microsoft Inc.0 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
130Microsoft(R) Windows(R) Operat0 13iexplorer.exe1 00 34Added by the Troj/Feutel-W Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelw.html0
112msn messenge0 13IExplorer.exe1 00 26Added by the  Troj/Delf-LL56http://www.sophos.com/virusinfo/analyses/trojdelfll.html0
113MSN Messenger0 13IExplorer.exe1 00 53Added by the Troj/Banker-EU password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankereu.html0
1 8syscheck0 13iexplorer.exe1 00 29Added by the AGENT.DM TROJAN! 01
1 9sysconfig0 13iexplorer.exe1 00 25Added by the CULT.C WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.cult.c@mm.html0
128Windows Backup Configuration0 13IEXPLORER.exe1 00 28Added by the GAOBOT.AZ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.az.html0
1 6WinVNC0 13iexplorer.exe1 00 27Added by the EVIVINC VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html0
1 9iexplorer0 12iexplorer.ie1 00 45Added by the Troj/NetDevil-A backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojnetdevila.html0
1 4Name0 14Iexplorer0.exe1 00 30Added by the THREADSYS TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.threadsys.html0
113Microsoft Dev0 15iexplorer32.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
114Windows Update0 14iexplorere.exe1 00 28Added by the GAOBOT.AP WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ap.html0
115Windows Updater0 15iexplorerrs.exe1 00 30Added by the  W32/RBOT-TN WORM55http://www.sophos.com/virusinfo/analyses/w32rbottn.html0
117iexplorers loader0 14iexplorers.exe1 00134Added by the W32/Sdbot-DQ worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdq.html0
124Microsoft Machine Script0 16iexplorersis.exe1 00 48Added by the W32/Rbot-CMH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcmh.html0
112Start Upping0 17iexplorerupdt.exe1 00108Added by the W32/Rbot-RR worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrr.html0
121Windows HWinfo Loader0 11iexplre.exe1 00132Added by the W32/Rbot-ALS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotals.html0
116MSStartOptimizer0 11Iexpres.exe1 00 28Added by the POLDO.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.poldo.b.html0
117microsoft opeions0  9IEXwe.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112MsWin Update0  9IFA32.EXE1 00144Added by the W32/Rbot-BU trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotbu.html0
311iFinger 2.10 21iFinger.exe /NOSPLASH222StartUp menu\All users0 40iFinger 2.1, iFinger Ltd. iFinger Engine39http://www.absolutestartup.com/startup/1
413intelwireless0 12ifrmewrk.exe1 00 52Associated with the Intel PRO/Set Wireless software. 01
313IntelWireless0 38ifrmewrk.exe /tf Intel PROSet/Wireless211HKEY_LM\Run0 84Intel PROSet/Wireless 9, 0, 0, 0, Intel Corporation. Intel Framework MFC Application39http://www.absolutestartup.com/startup/1
413IntelWireless0 38ifrmewrk.exe /tf Intel PROSet/Wireless2 00 84Intel PROSet/Wireless 9, 0, 0, 0, Intel Corporation. Intel Framework MFC Application 01
312IFSplash.exe0 12IFSplash.exe1 00 48I-FORCE driver for force feedback steering wheel 01
1 8iftokgdl0 12iftokgdl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ekor.exe0  7igamatu1 00 39Added by the  BACKDOOR.SDBOT.AQ TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.aq.html0
211persistence0 12igfxpers.exe1 00 73Associated with the Common User Interface module for Intel graphics cards 01
2 8igfxtray0 12igfxtray.exe1 00209Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start - Settings - Control Panel 01
232Intel&reg; Common User Interface0 12igfxtray.exe1 00  0 01
4 8IgfxTray0 12igfxtray.exe111HKEY_LM\Run0 77Intel(R) Common User Interface 7.0.0.2331, Intel Corporation. igfxTray Module39http://www.absolutestartup.com/startup/1
1 4WUPD0 12iglmtray.exe1 00 23Added by the TZET WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.tzet.worm.html0
114MS WINS Binary0  9IGN32.pif1 00145Added by the W32/Rbot-ASB worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotasb.html0
1 6lspins0  8igps.exe1 00 53Kapersky identified it as Trojan-Clicker.Win32.VB.kc. 01
1 7igsex2x0 11igsex2x.exe1 00 42NewDial premium rate adult content dialler75http://securityresponse.symantec.com/avcenter/venc/data/dialer.newdial.html0
1 5igwya0  9igwya.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Qqq0  7Ihn.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7ihotske0 11ihotske.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Adiliwut0 12ihotunib.exe1 00  8Added by14W32/Sdranck-C.0
215Explorer Player0 12ihoxbrde.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 7ihp-1000 13iHPDetect.exe1 00121Drive Letter Searcher ,  iRiver iHP-100  iHP and H Series player related - does it need to start with Windows every time?40http://www.redchairsoftware.com/irivium/0
122Microsoft Internet Exp0 14iiexplorer.exe1 00 26Added by the RBOT-KX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkx.html0
1 8Navegate0 14iiexplorer.exe1 00 89Added by the Troj/Bancban-OP Trojan that steals banking information for Brasillian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbanop.html0
1 5iihpg0  9iihpg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4iilc0  8IILC.EXE1 00 17Homepage hijacker 01
118Intel system works0  7iis.exe1 00 27Added by the RBOT.QGA WORM!90http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.QGA0
1 7iisvers0 11iisvers.exe1 00 41Added by an unidentified TROJAN or adware 01
413IJ75P2PSERVER0 12IJ75P2PS.EXE1 00 77Printer utility which is required in order to make the printer work correctly 01
1 7ijqgevr0 11ijqgevr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
414IKE Service 950 14IKEService.exe1 00 77disabled, but without IKESERVICE you won't be able to de- or encrypt anything 01
3 9iKeyWorks0 12Ikeymain.exe1 00 67A4Tech iKeyWorks Software 7.64.00.00, A4Tech Co.,Ltd.. IKeymain.exe 01
3 9iKeyWorks0 12IKEYMAIN.EXE1 00 43A4Tech wireless keyboard driver and utility46http://www.a4tech.com/a4techenglish/index.html0
1 6Jvqzoc0  9Ikigw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ikkupyq0 11ikkupyq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117boy lovers of bsd0 13ilikeboys.exe1 00 28Added by the  MYTOB.LY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LY&VSect=P0
1 7iLLeGaL0 11iLLeGaL.exe1 00126Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C0
1 4ilmk0  8ilmk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8reluvage0 12ilulupac.exe1 00136Added by the W32/Sdbot-UJ worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuj.html0
3 6iLyric0 10iLyric.exe1 00114iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button33http://www.ilyric.net/winamp.html0
1 9im_autorn0  8im_1.exe1 00 36Added by the Troj/BagleDl-BJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojbagledlbj.html0
1 9im_autorn0  8im_2.exe1 00 36Added by the Troj/BagleDl-BO Trojan.59http://www.sophos.com/virusinfo/analyses/trojbagledlbo.html0
215iM Start Center0 11iM_Tray.exe1 00187Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start - Programs - iM Networks - iM Radio Tuner 01
1 5WIN320  9image.exe1 00135Added by the  W32/Sdbot-AAQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotaaq.html0
418Image &amp;Restore0 11IMAGE32.exe1 00152Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run 01
414Image &Restore0 11IMAGE32.exe1 00152Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run 01
324ImageDrive-{hex numbers}0 14ImageDrive.exe1 00 58Nero ImageDrive from Ahead - virtual CD/DVD drive software43http://www.nero.com/en/631910958042754.html0
3 8Imagefox0 12imagefox.exe1 00 89ImageFox 2.0 is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes76http://www.acdsystems.com/English/Products/ImageFox/index.htm?LAN=EnglishX200
110Imagemgt320 14Imagemgt32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
2 7imekrig0 11imekrig.exe1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
211IMEKRMIG6.10 12IMEKRMIG.EXE1 00 86Microsoft Korean IME 2002 6.1.2600.0, Microsoft Corporation. Microsoft Korean IME 2002 01
2 5iMesh0 18iMeshClient.exe -s225StartUp menu\Current user0 62iMesh Client 4.0, iMesh.Com Inc. iMesh Client for PC platforms39http://www.absolutestartup.com/startup/1
112IMEvtMgr.exe0 12IMEvtMgr.exe1 00148Added by the Troj/Keylog-AR keylogging Trojan.  This infections logs keystrokes to C:\windows\_key.txt and mouse movements to c:\windows\_mouse.txt.58http://www.sophos.com/virusinfo/analyses/trojkeylogar.html0
3 7ImgIcon0 11ImgIcon.exe1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
317Iomega Disk Icons0 11IMGICON.EXE1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
318Iomega Drive Icons0 11IMGICON.EXE1 00  0 01
313ZipDisk Icons0 11IMGICON.EXE1 00  0 01
313ZipDisk Icons0 11IMGICON.EXE1 00  0 01
318Iomega Drive Icons0 11ImgIcon.exe111HKEY_LM\Run0 43Iomega imgicon 6, 3, 0, 56, Iomega. imgicon39http://www.absolutestartup.com/startup/1
1 4dark0  9imgrt.scr1 00 81Added by the Troj/Bancban-DU password-stealing trojan targetting Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbandu.html0
1 4dark0  9imgst.scr1 00109Added by the Troj/Bancban-CK password-stealing trojan.  This infections targets customers of Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbanck.html0
2 8ImgStart0 12ImgStart.exe1 00 99Used by Iomega drives. Details of its purpose can be found here. Available via Start -&gt; Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
222Iomega Startup Options0 12IMGSTART.EXE1 00 95Used by Iomega drives. Details of its purpose can be found here. Available via Start - Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
315Iomega ImIconXP0 12imiconxp.exe1 00228Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks47http://www.iomega.com/software/revsystemsw.html0
2 7imjpmig0 11IMJPMIG.EXE1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
210Imjpmig8.10 11IMJPMIG.EXE1 00  073http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
2 7imjpmig0 54imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload2 00 67Microsoft IME 2002 8.0.2620.0, Microsoft Corporation. Microsoft IME 01
210IMJPMIG8.10 42IMJPMIG.EXE /Spoil /RemAdvDef /Migration322 00 67Microsoft IME 2002 8.1.4202.0, Microsoft Corporation. Microsoft IME 01
1 6imlkhf0 10imlkhf.exe111HKEY_LM\Run0 79TODO: <Product name> 0, 0, 7, 0, TODO: <Company name>. TODO: <File description?39http://www.absolutestartup.com/startup/1
012immcheck.exe0 12immcheck.exe1 00 60Related to I-FORCE driver for force feedback steering wheel? 01
3 4IMOL0 11IMOLApp.exe1 00 37IncrediMail for Office Outlook Add-On53http://www.incredimail.com/english/help/sysadmin.html0
2 4IMOL0 14IMOLApp.exe /c211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 4IMOL0 14IMOLApp.exe /c2 00  0 01
421Remote Update Monitor0 12imonitor.exe1 00190Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer35http://www.sophos.com/products/sav/0
3 8imontray0 12imontray.exe1 00216System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards 01
320Intel Active Monitor0 12imontray.exe1 00216System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards 01
2 8MSPY20020 12ImScInst.exe1 00108Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word 01
2 8MSPY20020 18imscinst.exe /SYNC211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310IMSCMIG40W0 28IMSCMIG.EXE /SetPreload /Log211HKEY_LM\Run0 80΢ČíĆ´ŇôĘäČë·¨°˛×°ą¤żß 6.0.0.2524, Microsoft Corporation. ΢ČíĆ´ŇôĘäČë·¨°˛×°ą¤ľß39http://www.absolutestartup.com/startup/1
1 3bbc0 10imsins.exe1 00128Added by the Troj/Hupigon-U Trojan. This infection also installs the files C:\Windows\imsins.dll and C:\Windows\imsins_Hook.DLL.58http://www.sophos.com/virusinfo/analyses/trojhupigonu.html0
116MSN Funny Images0 11imsngsr.exe1 00146Added by the W32/Agobot-TT worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.57http://www.sophos.com/virusinfo/analyses/w32agobottt.html0
3 7IMStart0 11IMStart.exe1 00 35InterMute security software related44http://www.intermute.com/products/index.html0
1 9IMprocess0 10IM-svr.EXE1 00 83Added by the Troj/IM-SR Trojan. Sends advertisements via instant messenger clients.54http://www.sophos.com/virusinfo/analyses/trojimsr.html0
113MSN IM Update0 12imupdate.exe1 00 47Added by the W32/VB-ATA Windows Messenger worm.54http://www.sophos.com/virusinfo/analyses/w32vbata.html0
1 6IMwire0 12imwireup.exe1 00 28SafeSurfing parasite variant48http://pestpatrol.com/pestinfo/s/safesurfing.asp0
2 4InCD0  8incd.exe1 00187Ahead InCD packet writing software. Similar to DirectCD. On my system there isn't an entry, on another visitor's there is. Run manually before insert an appropriately formatted CD-RW disk20http://www.nero.com/0
2 4InCD0  8InCD.exe111HKEY_LM\Run0 39Nero AG InCD 4, 3, 11, 1, Nero AG. InCD39http://www.absolutestartup.com/startup/1
2 7IncMail0 11IncMail.exe1 00228IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality45http://www.incredimail.com/english/index.html0
211Incredimail0 15incredimail.exe1 00228IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality45http://www.incredimail.com/english/index.html0
310mrublaster0 16indexcleaner.exe1 00123MRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder46http://www.wilderssecurity.com/mrublaster.html0
114Indexindicator0 18Indexindicator.exe1 00 37Added by the LAZAR trojan downloader.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html0
114Indexindicator0 25Indexindicator.exe /check2 00 43ml" target="_blank"LAZAR trojan downloader. 01
211IndexSearch0 15IndexSearch.exe1 00 56Associated with PaperPort scanner software from ScanSoft 01
211IndexSearch0 15IndexSearch.exe111HKEY_LM\Run0 52PaperPort 9.0, ScanSoft, Inc.. PaperPort IndexSearch39http://www.absolutestartup.com/startup/1
022Fujitsu Hotkey Utility0 16IndicatorUty.exe1 00 38Used to map certain keys to functions? 01
1 4inej0  8inej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
138{081FE200-A103-11D7-A46D-C770E4459F2F}0 13inetapi64.dll1 00 97Added by the Troj/LegMir-AG Trojan.br /br /Uses CLSID: b{081FE200-A103-11D7-A46D-C770E4459F2F}/b.58http://www.sophos.com/virusinfo/analyses/trojlegmirag.html0
3 9inetcntrl0 13inetcntrl.exe1 00 30Bsafe Online - internet filter 01
3 8InetConf0 12inetconf.exe1 00  2?? 01
3 5Inetd0 11INETD32.EXE1 00262Windows Inet Daemon from Hummingbird Communications. &quot;Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons&quot;. Provides PCs with the full functionality of a UNIX workstation55http://www.hummingbird.com/products/nc/inetd/index.html0
113Inet DataBase0 11Inetdbs.exe1 00 23Added by the QEDS WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.qeds@mm.html0
113Inet Delivery0 10inetdl.exe1 00 34Added by the Adware.IntDel adware.57http://www.sarc.com/avcenter/venc/data/adware.intdel.html0
113inet delivery0 12inetdl_2.exe1 00 20Inet_Delivery adware57http://www.sarc.com/avcenter/venc/data/adware.intdel.html0
1 6INET E0  9inete.exe1 00 48Added by the W32/Rbot-DCL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdcl.html0
114Windows Update0 11inetinf.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
312inetinfo.exe0 12inetinfo.exe1 00240Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more) 01
110[not used]0 12inetinfo.exe1 00 40Added by the Troj/Proxy-GG proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxygg.html0
1 3run0 12inetinfo.exe1 00123.html" target="_blank"BINGHE backdoor Trojan!  It has the ability to log your keystrokes, steal data, and execute commands. 01
1 6System0 12inetinfo.exe1 00 43Added by the Troj/ParDrop-A dropper Trojan.58http://www.sophos.com/virusinfo/analyses/trojpardropa.html0
124Windows Security Updater0 12inetinfo.exe1 00 48Added by the W32/Rbot-BPP worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbpp.html0
115Windows Updater0 12inetinfo.exe1 00 50Added by the Troj/Sdbot-AMX worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojsdbotamx.html0
119inetinfomon manager0 15inetinfomon.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
124Microsoft System Checkup0 11inetman.exe1 00 25Added by the DONK.O WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.o.html0
1 7inetmgr0 11inetmgr.exe1 00 51Actual Names (AdvSearch) Internet Keywords parasite52http://www.pestpatrol.com/pestinfo/a/actualnames.asp0
115Internet Server0 11inetsrv.exe1 00 12Added by the23Troj/StartPa-EM TROJAN!0
221Compaq Internet Setup0 14inetwizard.exe1 00 89For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list 01
114Bron-Spizaetus0  9inf31.exe1 00 48Added by the WORM_RONTOKBRO.M mass-mailing worm.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRONTOKBRO%2EM&VSect=T0
1 4run=0 10info32.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7Info32x0 11Info32x.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
124Microsoft Update Machine0 11infoDLL.exe1 00143Added by the W32/Rbot-EH trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboteh.html0
123Microsoft Special offer0 12infoebay.exe1 00 42Added by a variant of the  WIN32.RBOT WORM64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 5Getca0 12InfoMyCa.exe111HKEY_LM\Run0 491, 0, 0, 3, . Set / Get WPA data to / from system39http://www.absolutestartup.com/startup/1
138(F084FD46-EB63-4CC0-B814-99C16EE76BD1)0 10InfoMz.Ime1 00 95Added by the Troj/Delf-WC Trojan.br /br /Uses CLSID: b(F084FD46-EB63-4CC0-B814-99C16EE76BD1)/b.56http://www.sophos.com/virusinfo/analyses/trojdelfwc.html0
133Microsoft Synchronization Manager0 10InfoNT.exe1 00208Added by the W32/Sdbot-TR IRC backdoor trojan.  When started this infection connects to an IRC server where it waits for remote commands to execute.  This infection logs keystrokes to a file named keylog.txt.56http://www.sophos.com/virusinfo/analyses/w32sdbottr.html0
310infopenmsn0 13InfoPenIM.exe1 00 87InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand37http://www.infopen.com.tw/english/es/0
312Infoplay.exe0 12Infoplay.exe1 00199Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed? 7#FF00000
1 7NVagent0 11Informe.exe1 00 29Added by the W32.Vig.C virus.70http://www.sarc.com/avcenter/venc/data/w32.vig.c.html#technicaldetails0
1 8Symantec0 11Informe.exe1 00  070http://www.sarc.com/avcenter/venc/data/w32.vig.c.html#technicaldetails0
1 5infus0  9infus.exe1 00 21Adult content dialler 01
3 7Infuzer0 11Infuzer.exe1 00386Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"36http://www.infuzer.com/IDC/features/0
1 6infwin0 10infwin.exe1 00 23Msview parasite variant48http://www.doxdesk.com/parasite/Transponder.html0
411ini910u.sys0 11ini910u.sys1 00 55INITIO ini910u SCSI miniport driver added by Microsoft. 01
010ScanInicio0 10Inicio.exe1 00279Part of Panda Anti-Virus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active29http://www.pandasoftware.com/0
310SCANINICIO0 10Inicio.exe111HKEY_LM\Run0 42Inicio Programado 1.0.0.0, Panda Software.39http://www.absolutestartup.com/startup/1
410SCANINICIO0 10Inicio.exe111HKEY_LM\Run0 57Panda Platinum Internet Security 8.0.0.0, Panda Software.39http://www.absolutestartup.com/startup/1
111Win_Library0 10INISvc.exe1 00 25Added by the ANARCH WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anarch@mm.html0
1 3MMC0 10inisys.exe1 00122Added by the W32/Agobot-SU worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32oscaboti.html0
312TrojanShield0  8Init.exe1 00 12TrojanShield28http://www.trojanshield.com/0
119Microsoft Update 330  8init.exe1 00132Added by the W32/Rbot-ATT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatt.html0
117Unix File Support0  9init3.exe1 00 12Added by the37W32/Rbot-ZN WORM/IRC backdoor Trojan!0
115[Various Names]0 10init32.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6init320 10Init32.exe1 00 33Added by the  W32.WINEX.A TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/w32.winex.a.trojan.html0
110[not used]0 11init32m.exe1 00 63Added by the Troj/Dloader-JT or Troj/Dlsw-B trojan downloaders.59http://www.sophos.com/virusinfo/analyses/trojdloaderjt.html0
123Windows Service Manager0 11initsvc.exe1 00 48Added by the W32/Rbot-BWT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbwt.html0
110[not used]0 10inject.exe1 00225Added by Troj/Small-EH it also installs RSHELL32.DLL, both are hidden in the Windows system folder.  Once run, .DLL may modify a system component to penetrate a firewall and provide a new  remote shell which can be exploited.57http://www.sophos.com/virusinfo/analyses/trojsmalleh.html0
1 5injob0 10injobs.exe1 00 33Added by the Trojan.Binjo trojan.73http://www.sarc.com/avcenter/venc/data/trojan.binjo.html#technicaldetails0
211Ink Monitor0 14InkMonitor.exe1 00140Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line 01
211Ink Monitor0 14InkMonitor.exe111HKEY_LM\Run0 81Online Ink Purchase Utility 3.7.0.0, BillP Studios. Ink Monitor by Bill Pytlovany39http://www.absolutestartup.com/startup/1
1 9MBwpRUf8O0  9inkrm.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8InkSaver0 17InkSaver.exe hide211HKEY_LM\Run0 68InkSaver 2.0.0.0, Strydent Software, Inc.. InkSaver Configuration UI39http://www.absolutestartup.com/startup/1
2 8InkWatch0 12InkWatch.exe1 00140Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line 01
4 6InoRPC0 10InoRpc.exe1 00 44Associated with eTrust Antivirus/InoculateIT92http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
4 5InoRT0 11InoRT9x.exe1 00196Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage - see here92http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
3 7InoTask0 11InoTask.exe1 00278Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates - see here92http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
115[Various Names]0 14InpriseMon.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8outlooks0 10InSane.exe1 00 27Added by the  SWOOP TROJAN!60http://www.symantec.com/avcenter/venc/data/trojan.swoop.html0
3 7insCOA50 11insCOA5.exe1 00  2?? 01
117windows incontext0 12InSearch.exe1 00  7Z-Quest74http://securityresponse.symantec.com/avcenter/venc/data/adware.zquest.html0
218Nielsen NetRatings0 11insight.exe1 00236Nielsen NetRatings -  "Provides real-time research and analysis about Internet users, delivering the timely, actionable data you need to make critical business decisions on your competition, your Web site’s audience and your customers".53http://www.nielsen-netratings.com/mktg.jsp?section=ps0
112InstaFinderK0 21InstaFinderK_inst.exe1 00 37VistaBar/Instafinder parasite related45http://www.doxdesk.com/parasite/VistaBar.html0
121EasySearch Start Page0 11install.exe1 00 40Added by the Adware.Umaxsearch hijacker.61http://www.sarc.com/avcenter/venc/data/adware.umaxsearch.html0
112Initial Page0 11install.exe1 00 35EasySearch browser hijack installer 01
1 7Install0 11Install.exe1 00 53Added by the Troj/Bancban-HG Internet banking Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanhg.html0
114Windows Update0 11install.exe1 00 70Added by the Troj/Banker-IB password-stealing Trojan for online banks.58http://www.sophos.com/virusinfo/analyses/trojbankerib.html0
1 7bootcfg0 15Install.log.vbs1 00 31Added by the  VBS.YPSAN.D WORM!62http://www.symantec.com/avcenter/venc/data/vbs.ypsan.d@mm.html0
115[Various Names]0 12install2.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
218InstallAurealDemos0 21InstallAurealDemos.js1 00 60Used to initialize the Aureal A3D demos InstallShield wizard 01
311plaxoupdate0 15InstallStub.exe1 00175Installstub.exe is is  Plaxo's core executable program, which is used to check for new or updated information from the Plaxo Network. This program also interacts with Outlook.29http://www.plaxo.com/products0
311PlaxoUpdate0 18InstallStub.exe -a2 00 46Plaxo InstallStub 2.1.0.80, Plaxo. InstallStub 01
3411 Click Fixer PLUS Install Wizard Support0 17InstallWizard.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
213InstantAccess0 12INSTAN~1.EXE1 00 76From TextBridge Pro 9.0 OCR scanner software. Available via Start - Programs 01
213InstantAccess0 15INSTAN~1.EXE /h2 00  0 01
213InstantAccess0 15INSTAN1.EXE /h2 00  0 01
312InstantDrive0 16InstantDrive.exe1 00140Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer’s hard drive. Part of InstantCD/DVD burning software26http://www.pinnaclesys.com0
3 5VOBID0 16InstantDrive.exe1 00140Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer’s hard drive. Part of InstantCD/DVD burning software26http://www.pinnaclesys.com0
111Hyper Start0 16instantmsgrs.exe1 00 26Added by the RBOT-NH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnh.html0
114mousedrive.exe0 16instantmsgrs.exe1 00133Added by the W32/Forbot-ER worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forboter.html0
118instant messengers0 16instantmsgtr.exe1 00 54Added by the   W32/Agobot-PC WORM/IRC backdoor trojan!57http://www.sophos.com/virusinfo/analyses/w32agobotpc.html0
115InstantPleasure0 19instantpleasure.exe1 00 21Adult content dialler 01
118InstantPleasureXXX0 22instantpleasurexxx.exe1 00 21Adult content dialler 01
1 6instit0 10instit.bat1 00 28Added by the OPASERV.H WORM!66http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html0
1 6instit0 10INSTIT.BAT1 00 28Added by the OPASERV.K WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.K0
116micr0s servicese0 12instmsgr.exe1 00 30Added by the W32/Rbot-TR worm.55http://www.sophos.com/virusinfo/analyses/w32rbottr.html0
312InstUtlR.exe0 12InstUtlR.exe1 00  2?? 01
1 5Websx0 12Int*****.exe1 00 46Adult content dialler - where ***** are random 01
1 7Classes0  8int1.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 8Threaded0 11intcp32.exe1 00 28Added by the RANDEX.UG WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ug.html0
113Inet Delivery0 10Intdel.exe1 00  7Spyware 01
113Inet Delivery0 12intdel_2.exe1 00  7Spyware 01
324Intense Registry Service0 19IntEdReg.exe /CHECK2 00 51Intense Educational Ltd - Language Office Software.25http://www.intense.co.uk/0
018ILO_Office_Manager0 20IntEdReg.exe /OFFMAN2 00  025http://www.intense.co.uk/0
111Windows Fix0 13integator.exe1 00 28Added by the SDBOT.ZAB WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZAB0
111intel32.exe0 11intel32.exe1 00 60Added by a variant of the SmitFraud alias  FAKEALE-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakealec.html0
112intell32.exe0 12intell32.exe1 00115Added by the Trojan.Desktophijack.C trojan. This infection modifies the Windows desktop to display a false warning.83http://www.sarc.com/avcenter/venc/data/trojan.desktophijack.c.html#technicaldetails0
113intell321.exe0 13intell321.exe1 00150Installed by various Smitfraud variants to issue fake task bar security alerts stating that you are infected and need a special software to remove it. 01
118intelliflag_be.exe0 18Intelliflag_be.exe1 00 42Added by the  Spyware.Intelliflag SPYWARE!80http://securityresponse.symantec.com/avcenter/venc/data/spyware.intelliflag.html0
3 8IntelMEM0 12IntelMEM.exe1 00321Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line 01
3 8IntelMeM0 12IntelMEM.exe111HKEY_LM\Run0101Intel Modem Event Monitor Application 0, 1, 0, 10, Intel Corporation. Modem Event Monitor Application39http://www.absolutestartup.com/startup/1
328Intel Product Number Utility0 23IntelProcNumUtility.exe1 00284Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here58http://www.intel.com/support/processors/pentiumiii/psu.htm0
113Local Service0 11Intenat.exe1 00131Added by the Troj/Nuclear-J backdoor Trojan. This infection also creates a file called Notepad.txt in your Windows %System% folder.58http://www.sophos.com/virusinfo/analyses/trojnuclearj.html0
1 9InterBase0 13INTERBASE.EXE1 00 45Added by the Troj/RemShell-B backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojremshellb.html0
114SecurityCenter0 13INTERBASE.EXE1 00  059http://www.sophos.com/virusinfo/analyses/trojremshellb.html0
1 8Interdll0 12Interdll.exe1 00 36Added by the DELF family of TROJANS!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html0
1 8internat0 12internat.dic1 00 37Added by the Backdoor.Djump backdoor.58http://www.sarc.com/avcenter/venc/data/backdoor.djump.html0
212internat.exe0 12internat.exe1 00 38Language selection icon in system tray 01
212Internat.exe0 12Internat.exe111HKEY_CU\Run0120Microsoft(R) Windows (R) 2000 Operating System 5.00.2920.0000, Microsoft Corporation. Keyboard Language Indicator Applet39http://www.absolutestartup.com/startup/1
1 6CnsMax0 12Internat.exe1 00192Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%64http://www.symantec.com/avcenter/venc/data/backdoor.pointex.html0
1 8internat0 12internat.exe1 00192Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%56http://www.sophos.com/virusinfo/analyses/trojlydraf.html0
112Internat.exe0 12internat.exe1 00230Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.netsnake.html0
119Network Connections0 12internat.exe1 00149Added by Troj/VB-ZD along with another file run from the system folder, "Path to Trojan/rundll32.exe", named Background Intelligent Transfer Service.54http://www.sophos.com/virusinfo/analyses/trojvbzd.html0
1 7SVCHOST0 12internat.exe1 00 35Added by the Backdoor.AntiLam.20.K.65http://www.sarc.com/avcenter/venc/data/backdoor.antilam.20.k.html0
123Windows Taskbar Manager0 12internat.exe1 00 30Added by the PROTORIDE-H WORM!59http://www.sophos.com/virusinfo/analyses/w32protorideh.html0
110internat320 14internat32.exe1 00 45Added as result of a  Octa-B trojan infection55http://www.sophos.com/virusinfo/analyses/trojoctab.html0
326Internet DVR Control Panel0 30Internet DVR Control Panel.exe222StartUp menu\All users0 87ProDVD Control Panel Application 1, 105, 2, 409, . ProDVD Control Panel MFC Application39http://www.absolutestartup.com/startup/1
112blah service0 12internet.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8Internet0 12Internet.exe1 00 12Added by the69Troj/Singu-I. It will steal passwords and listen for remote commands.0
117Internet Explorer0 12Internet.exe1 00 44Added by the Troj/Feutel-AA backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelaa.html0
117Internet Linkwork0 12Internet.exe1 00 35Added by the Troj/Agent-AMU Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentamu.html0
117Internet Services0 12internet.exe1 00131Added by the W32/Mytob-AU worm.  This infection connects to an IRC server on startup where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobau.html0
112Internet.exe0 12Internet.exe1 00 29Added by the MAGICCALL VIRUS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.magiccall.html0
114Micrcoft Updat0 12Internet.exe1 00132Added by the W32/Rbot-ANA worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotana.html0
121NetworkAssociates Inc0 12internet.exe1 00 26Added by the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 6Runtt10 12Internet.exe1 00 74Added by the Troj/Lineage-Q password stealing trojan for the game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineageq.html0
1 8tdongbot0 12Internet.exe1 00138Added by the Backdoor.Sdbot.AS worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.61http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.as.html0
126Windows connection manager0 12Internet.exe1 00133Added by the W32/Rbot-APN worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapn.html0
324True Internet Color Icon0 17internetcolor.exe1 00270Part of Colorific &amp; 3Deep from LightSurf Technologies (nee E-Color). &quot;With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images&quot;34http://www.colorific.com/index.htm0
110IEFeatures0 20Internetfeatures.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 9MSVersion0 20INTERNETFEATURES.exe1 00  077http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 9MSVersion0 20INTERNETFEATURES.exe1 00  077http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
112ControlPanel0 46internst32.exe internet.dll,LoadNetworkProfile2 00 41Added by the Adware.StartPage.B hijacker.62http://www.sarc.com/avcenter/venc/data/adware.startpage.b.html0
112ControlPanel0 50internst32.exe internet.dll,LoadNetworkProfile</a>2 00 41Added by the Adware.StartPage.B hijacker.62http://www.sarc.com/avcenter/venc/data/adware.startpage.b.html0
1 7Internt0 11Internt.exe1 00 41Added by the PEEPER or CARUFAX.A TROJANS!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html0
117internet services0 13interserv.exe1 00 28Added by the  RBOT.BNT WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BNT&VSect=P0
115intersoft msngr0 18intersoftmsngr.exe1 00 33Added by the  W32/AGOBOT-NW WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnw.html0
116Internet Service0 12intersvc.exe1 00 28Added by the SPYBOT-DE WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotde.html0
3 9InterWARN0 13interwarn.exe1 00250InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start - Programs39http://www.interwarn.com/interwarn.html0
113[random name]0 12intfaxui.exe1 00 37Added by the Spyware.Apropos spyware.59http://www.sarc.com/avcenter/venc/data/spyware.apropos.html0
1 7Classes0  8intl.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 6Intmgr0 10Intmgr.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 7intnets0 11intnets.exe1 00 81Added by the Adware.Adtest browser hijacker.  Found in the Windows system folder.57http://www.sarc.com/avcenter/venc/data/adware.adtest.html0
112The Intranet0 12intranet.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 7Gremlin0 12intrenat.exe1 00 28Added by the DOOMJUICE WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html0
1 8Intrenat0 12Intrenat.exe1 00 48Added by the LEMIR.E and Troj/LegMir-AC TROJANS!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.e.html0
424Norton Personal Firewall0 12IntroWiz.exe1 00 60Part of Norton Personal Firewall or Norton Internet Security 01
139Generic Host Process for Win32 Services0 11intspvc.exe1 00 27Added by the DINFOR.D WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.d.worm.html0
114InvisibleDrvNT0 18InvisibleDrvNT.sys1 00111Added by the Troj/Haxdor-Fam Trojan.  This driver utilizes rootkit stealthing technology to hide other malware.59http://www.sophos.com/virusinfo/analyses/trojhaxdorfam.html0
4 5RunCA0 14InvokeSvc3.exe1 00 77Wireless-G USB Wireless Network Adapter related - would appear to be required 01
4 9wusb54gv20 14InvokeSvc3.exe1 00 77Wireless-G USB Wireless Network Adapter related - would appear to be required 01
1 4invy0  8invy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 4iobi0 14iobiClient.exe1 00 41iobi_Home a mail/voice service by Verizon35https://www22.verizon.com/iobihome/0
4 8checkvcr0 11IOMagic.exe1 00 61Driver for the  I/OMagic Personal Video Recorder (DR-PCTV100)23http://www.iomagic.com/0
311Iomon98.exe0 11Iomon98.exe1 00 74PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang 01
1 9[unknown]0  7ION.EXE1 00202Added by the W32/Sdbot-ID worm. When started this infection connects to an IRC server where it waits for remote commands.  This program will log keystrokes to a file called c:\windows\system\keylog.txt.56http://www.sophos.com/virusinfo/analyses/w32sdbotid.html0
1 4ioud0  8ioud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212Iomega Watch0 11IOWATCH.EXE1 00 53Used by Iomega drives. Available via Start - Programs 01
1 6ioyccp0 10ioyccp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311iProtectYou0  6ip.exe1 00 81iProtectYou - internet filtering/parental control and network monitoring software39http://www.softforyou.com/ip-index.html0
1 2IP0  6IP.EXE1 00 31Added by a WORM, W32/Agobot-QO.57http://www.sophos.com/virusinfo/analyses/w32agobotqo.html0
1 6Ip4Sec0  6ip.sys1 00 60Added by the Trojan.Satiloler.E information-stealing Trojan.79http://www.sarc.com/avcenter/venc/data/trojan.satiloler.e.html#technicaldetails0
122Configuration Loader100  7ip7.exe1 00  8Added by15W32/Agobot-ANZ.0
114IPC Connection0 11ipcconn.exe1 00133Added by the W32/Rbot-AEG worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaeg.html0
1 9ipcfg.exe0  9ipcfg.exe1 00 79Adware - recognized by McAfee antivirus as a variant of the AdClicker-BM trojan54http://vil.mcafeesecurity.com/vil/content/v_130215.htm0
111Reg Service0  9ipcfg.exe1 00122Added by the W32/Agobot-SO worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32agobotso.html0
138internet protocol configuration loader0 10ipcl32.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
115IPInSightLAN 010 12ipclient.exe1 00229Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resource - hence the "X" status34http://www.dslreports.com/faq/12470
315IPInSightLAN 010 15IPClient.exe -l211HKEY_LM\Run0 68Visual IP InSight 5.5.100.92, Visual Networks. IP Session Statistics39http://www.absolutestartup.com/startup/1
115IPInSightLAN 010 15IPClient.exe -l2 00 66Visual IP InSight 5.8.0.13, Visual Networks. IP Session Statistics 01
1 6IpCtrl0 11ipcon32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7IPtable0 14ipconfig32.exe1 00134Added by the W32/Tilebot-AP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotap.html0
121Windows driver update0 14Ipconfig32.exe1 00121Added by the W32/Sdbot-JV worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotjv.html0
1 8IPConfig0 13ipconfigs.exe1 00 48Added by the Backdoor.Hacarmy.C backdoor trojan.62http://www.sarc.com/avcenter/venc/data/backdoor.hacarmy.c.html0
1 9(Default)0 11ipconfx.exe1 00 33Added by the Troj/Sharp-M Trojan.56http://www.sophos.com/virusinfo/analyses/trojsharpm.html0
116Logitech Desktop0 10IPCONN.EXE1 00 51Added by the W32/Sdbot-WE WORM/IRC backdoor Trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwe.html0
1 4ipcp0  8ipcp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3ipf0  7ipf.exe1 00 47Added by the Troj/DwnLdr-BWA downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojdwnldrbwa.html0
3 5wfips0 11iphider.exe1 00249ICQ (messaging/chat program) anti-bomb software. &quot;WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed.&quot; For more information about ICQ bombs see here39http://www.yammie.cc/ibinfo/ibinfo8.asp0
1 9ipmon.exe0  9ipmon.exe1 00 37Added by the RECERV or R3C.B TROJANS!63http://www.symantec.com/avcenter/venc/data/backdoor.recerv.html0
219IPInSightMonitor 010 11ipmon32.exe1 00151Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information34http://www.dslreports.com/faq/12470
219IPInSightMonitor 010 11IPMon32.exe1 00 57Visual IP InSight 5.5.33.226, Visual Networks. IP Monitor 01
1 7Ipnuker0 11Ipnuker.vbs1 00135Added by the VBS.Inker.B@mm mass-mailing worm.  This worm will also swap your mouse buttons, change icons, and lower security settings.75http://www.sarc.com/avcenter/venc/data/vbs.inker.b@mm.html#technicaldetails0
311iPodManager0 15iPodManager.exe1 00135Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods 01
212iPod Service0 15iPodService.exe1 00107This service is used by Itunes for using your Ipod.  If you do not use Itunes you can disable this service. 01
116ipod usb service0 15iPODService.exe1 00271Added by a variant of the  WIN32.RBOT WORM! -  Do NOT confuse with the Apple iPod process of the same name.  The legitimate iPod file will always be located in the Program FilesiPodbin folder,  and is implemented as a system service,  thus NOT listed in Msconfig/Startup!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115ipod usb driver0 11IPODUSB.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
011iPodWatcher0 15iPodWatcher.exe1 00 76Associated with Apple's iPod MP3 player. Detects when the iPod is connected? 01
1 5ipreg0  9ipreg.exe1 00 53Added by the Troj/Zagaban-H password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojzagabanh.html0
1 77sFf38T0 11iprentr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
211iprint tray0 12iprntctl.exe1 00132Novell®  iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net.62http://www.novell.com/products/netware/printing/quicklook.html0
112Policy Agent0  9ipsec.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
319windows ip security0  9ipsec.exe1 00130Related to the  VPN_IPSec_utility Used to create Security Policy (SP) entries and Security Association (SA) entries in the kernel.61http://research.microsoft.com/msripv6/docs/ipsec/ipsec_ut.htm0
311ipsecdialer0 52IPSECD~1.EXE -run_only_if_connected -auto_initiation2 00 92The Cisco  VPN_Client lets local users gain Administrator privileges on the operating system54http://www.cisco.com/en/US/products/sw/secursw/ps2308/0
324Cisco Systems VPN Client0 15ipsecdialer.exe1 00 89Cisco VPN Client - lets local users gain Administrator privileges on the operating system54http://www.cisco.com/en/US/products/sw/secursw/ps2308/0
324Cisco Systems VPN Client0 40ipsecdialer.exe "-run_only_if_connected"2 00 81Cisco Systems VPN Client 3.5.2 (C), Cisco Systems, Inc.. Cisco Systems VPN Client 01
324Cisco Systems VPN Client0 59ipsecdialer.exe "-run_only_if_connected" "-auto_initiation"2 00 81Cisco Systems VPN Client 3.6.6 (A), Cisco Systems, Inc.. Cisco Systems VPN Client 01
4 8IPSecMon0 12IPSecMon.exe1 00177Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet84http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp0
1 8IP Stack0 11ipstack.exe1 00 28Added by the AGOBOT.CW WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW0
1 4Iinl0  8iptl.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
2 3IPW0  7IPW.exe1 00  2?? 01
1 4IPFW0  8ipwf.exe1 00 36Added by the Troj/Dloader-UC Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderuc.html0
112Client Agent0 12ipxwping.exe1 00 43Added by the Troj/PPdoor-N backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojppdoorn.html0
1 5iprun0  7iPY.exe1 00 30Added by  iProtectYou SPYWARE!80http://securityresponse.symantec.com/avcenter/venc/data/spyware.iprotectyou.html0
2 8IQES.exe0  8iqes.exe1 00  2?? 01
138{70fbd528-2d3c-4a00-9b8c-bbf441e534be}0  8iqzv.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{70fbd528-2d3c-4a00-9b8c-bbf441e534be}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
1 6ir_ftp0 10ir_ftp.exe1 00 26Added by the IRFTP TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.irftp.html0
1 8irassync0 12irasyncd.exe1 00 29Added by  Adw.NewAds.IRASSync95http://research.sunbelt-software.com/threat_display.cfm?name=Adw.NewAds.IRASSync&threatid=426240
113IRBMe Sucks!!0  9IRBMe.exe1 00133Added by the W32/Randex-Y worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexy.html0
128Randex virus built for IRBMe0  9irbme.exe1 00 28Added by the RANDEX.RH WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.rh.html0
4 6IREIKE0 10IreIKE.exe1 00177Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet84http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp0
317Infra-red Monitor0  9IRMON.EXE1 00 86System Tray access to infra-red devices. Not required unless you use infra-red devices 01
3 5IrMon0  9IRMON.EXE1 00 86System Tray access to infra-red devices. Not required unless you use infra-red devices 01
111ssgrate.exe0  8irun.exe1 00 33Added by the MITGLIEDER.D TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.d.html0
1 9ssate.exe0  9irun4.exe1 00 27Added by the BEAGLE.J WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html0
111ssgrate.exe0  9irun4.exe1 00 33Added by the MITGLIEDER.F TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.f.html0
1 5irvvm0  9irvvm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ir_ftp0 10irwftp.exe1 00 29Added by the BANCOS.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.h.html0
3 6IrXfer0 10IrXfer.exe1 00 39Microsoft Infrared Transfer application 01
311Info Select0  6is.exe1 00 59Info Select from Micro Logic - personal information manager32http://www.miclog.com/isover.htm0
4 9STOPzilla0 16IS3WLHandler.dll1 00 18Part of STOPzilla.25http://www.stopzilla.com/0
116Microsoft Update0  8Isac.exe1 00 26Added by the RBOT-AU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotau.html0
4 7CAISafe0  9isafe.exe1 00 46Part of Computer Associates eTrus EZ Antivirus49http://www1.my-etrust.com/products/Antivirus.cfm?0
316ISAM SMT Service0 11isamsmt.exe111HKEY_LM\Run0 541.00, IBM Global Services. ISAM Software Metering Tool39http://www.absolutestartup.com/startup/1
1 4Anti0  9ISASS.EXE1 00 31Added by the W32/Bropia-M worm. 01
1 9GLSetIT320  9isass.exe1 00 43Added by a variant of the OPTIX PRO TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=394820
1 5Isass0  9Isass.exe1 00 26Added by the FUTRO TROJAN!62http://www.symantec.com/avcenter/venc/data/backdoor.futro.html0
123microsoft hosts service0  9Isass.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119microsoft ie sasser0  9ISASS.EXE1 00 28Added by the  SDBOT.MX WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MX&VSect=P0
1 6NvMsnW0  9Isass.exe1 00 31Added by the W32/Bropia-M worm.56http://www.sophos.com/virusinfo/analyses/w32bropiam.html0
1 6NvMsnW0  9Isass.exe1 00 31Added by the W32/Bropia-M worm.56http://www.sophos.com/virusinfo/analyses/w32bropiam.html0
1 4boby0  9Isass.scr1 00 53Added by the Troj/Bancban-OH Internet banking Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanoh.html0
1 7lsass320 11Isass32.exe1 00 32Added by the  W32.KELVIR.M WORM!60http://www.symantec.com/avcenter/venc/data/w32.kelvir.m.html0
1 8LSASS 320 11ISASS32.pif1 00 38Added by the W32/Assiral-C email worm.57http://www.sophos.com/virusinfo/analyses/w32assiralc.html0
112MSControl3d10 10isasse.exe1 00133Added by the W32/Rbot-APE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotape.html0
425microsoft firewall client0 11ISATRAY.EXE1 00 49MS Internet Security and Acceleration Server 2000 01
424MICROSOFT FIREWALLCLIENT0 11ISATRAY.EXE1 00 49MS Internet Security and Acceleration Server 2000 01
010isbmgr.exe0 10ISBMgr.exe1 00 66Belongs to Sony's ISB Utility. what does it do and is it required? 01
310ISBMgr.exe0 10ISBMgr.exe111HKEY_LM\Run0 44ISB Utility 1, 0, 0, 2180, Sony Corporation.39http://www.absolutestartup.com/startup/1
2 6isdbdc0 10isdbdc.exe1 00 91For Compaq PC's. May install properties in dial-up networking when you register with an ISP 01
410isDeleteMe0  9isDel.bat1 00115Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product. 01
1 4hsim0 11isearch.exe1 00 20Unidentified malware 01
110SystemInit0 10iservc.exe1 00 25Added by the FIZZER WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html0
1 3cms0 11iserver.exe1 00 36Added by the Troj/Dloader-WK Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwk.html0
1 6zsmsgs0 12iservice.exe1 00 35Added by the Troj/Bancos-BU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosbu.html0
1 6xevivi0 11isesobo.exe1 00134Added by the W32/Sdbot-US trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotus.html0
3 7ishield0 11iShield.exe1 00109GuardWare  iShield blocks pornographic images when you surf the Internet on your computer using a web browser50http://www.guardwareinc.com/ishield/isaboutus.html0
138{2250D9C6-4CC7-4826-8EFD-1D04AFC7F7F0}0 10ISiNET.DLL1 00 98Added by the Troj/DelfDrop-A Trojan.br /br /Uses CLSID: b{2250D9C6-4CC7-4826-8EFD-1D04AFC7F7F0}/b.59http://www.sophos.com/virusinfo/analyses/trojdelfdropa.html0
2 8ISLP2STA0 12ISLP2STA.EXE1 00102Possibly a left over from Windows Update for wireless NIC (maybe Linksys) drivers? Not required though 01
114Regional Value0  8isng.exe1 00134Added by the W32/Sdbot-OW worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotow.html0
313ServiceConfig0 10ispbeg.exe1 00225Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation 01
012News Service0 11ispnews.exe1 00 27F-Secure antivirus related.44http://www.f-secure.com/solutions/home.shtml0
210isreminder0 11ISPopup.exe1 00117Related to GuardWare  iShield - this is the registration reminder for the trial version,  so not required in startup.41http://castlecops.com/s11820-iShield.html0
1 9ISPSystem0 14ISPSupport.exe1 00 60Added by the W32Mytob-HH mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobhh.html0
3 7iSpyNOW0 11ispynow.exe1 00 53iSpyNOW - remote monitoring and surveillance software23http://www.ispynow.com/0
1 7Israfel0 11Israfel.vbs1 00 40Added by the GAGGLE.D or GAGGLE.E WORMS!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html0
423Internet Sharing Server0 12iss_srvr.exe1 00126a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm"Intel AnyPoint internet sharing software 01
213ISUSScheduler0  9issch.exe1 00162InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version 01
213ISUSScheduler0 16issch.exe -start2 00110InstallShield Update Service 4, 50, InstallShield Software Corporation. InstallShield Update Service Scheduler 01
111issenc32svr0 12issEnc32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
321ISSI EZUpdate Service0 12issimsvc.exe111HKEY_LM\Run0 482.06, IBM Global Services. ISSI EZUpdate Service39http://www.absolutestartup.com/startup/1
3 7ISStart0 11ISStart.exe1 00357LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation 01
321LogitechGalleryRepair0 11ISStart.exe1 00357LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation 01
319LogitechVideoRepair0 11ISStart.exe1 00  0 01
321LogitechGalleryRepair0 11ISStart.exe111HKEY_LM\Run0 82Logitech QuickCam 8.2.0.1192, Logitech Inc.. Logitech QuickCam Startup Application39http://www.absolutestartup.com/startup/1
319LogitechVideoRepair0 11ISStart.exe111HKEY_LM\Run0 82Logitech QuickCam 8.4.1.1092, Logitech Inc.. Logitech QuickCam Startup Application39http://www.absolutestartup.com/startup/1
4 5ISSVC0  9ISSVC.exe1 00 38Part of Norton Internet Security Suite 01
121istinstall_zazzer.exe0 21istinstall_zazzer.exe1 00 40Unidentified adware downloader/installer 01
111IST Service0 10istsvc.exe1 00 16ISTBar foistware43http://www.doxdesk.com/parasite/ISTbar.html0
214ISUSPM Startup0 10ISUSPM.exe1 00162InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version 01
214ISUSPM Startup0 19isuspm.exe -startup2 00115InstallShield Update Service 4, 50, InstallShield Software Corporation. InstallShield Update Service Update Manager 01
1 6System0  8ISVC.EXE1 00 12Added by the23Troj/LdPinch-AZ trojan.0
213DigitalWizard0 12ISWizard.exe1 00131InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content 01
1 7isyckdo0 11isyckdo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7isystem0 11isystem.exe1 00 44Added by the Troj/Chorus-A browser hijacker.57http://www.sophos.com/virusinfo/analyses/trojchorusa.html0
110Win System0 14IsysUninst.exe1 00 52Added by the Troj/Banker-IJ Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerij.html0
222InterTrust Quick Start0 12it_cpq~1.exe1 00135InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business36http://www.intertrust.com/index.html0
120Notification Utility0 10itbill.exe1 00 36Identified by Dr.Web as Adware.Fuel. 01
310IRPMonitor0 11itcnmon.exe1 00  2?? 01
1 7Systems0  9itDDD.exe1 00 46Added by the Troj/Dloader-P downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderpp.html0
1 8itgxdsqm0 12itgxdsqm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
314Internet Timer0 10ITIMER.exe1 00 62Shareware dial-up connection call cost calculator from Ratsoft35http://www.ratsoft.freeserve.co.uk/0
3 3Itk0  7Itk.exe1 00151In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it32http://www.itksoft.com/index.asp0
316Praize Messenger0 10itLoad.exe1 00 92a target="_blank" href="http://www.praize.com/IM/"Praize IM Christian chat instant messenger 01
3 6ITouch0 10iTouch.exe1 00 50iTouch 2.22.289, Logitech Inc.. iTouch Application 01
3 6iTouch0 10iTouch.exe1 00318iTouch loads the iTouch configuration program for Logitech keyboards. It’s needed if your keyboard has shortcut buttons and if you use them. It’s also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock 01
317zBrowser Launcher0 10iTouch.exe1 00193For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them 01
317zBrowser Launcher0 10iTouch.exe111HKEY_LM\Run0 50iTouch 2.22.289, Logitech Inc.. iTouch Application39http://www.absolutestartup.com/startup/1
319ItsDeductible7PopUp0 16ItsD7.exe  PopUp222StartUp menu\All users0 33ItsDeductible 7.02, Intuit, Inc..39http://www.absolutestartup.com/startup/1
218ItsDeductiblePopUp0 17ItsDeductible.exe1 00225ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip30http://www.itsdeductible2.com/0
1 4itsh0  8itsh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ITUNES0  9itune.exe1 00 50Added by the W32/Rbot-ZU WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzu.html0
1 6itunes0 10itunes.exe1 00251Added by a variant of the  WIN32.RBOT WORM! - NOTE -  this file will be placed in de Windows\System32 or Winnt\System32 folder,  and should NOT be confused with the (legitimate) Apple iTunes process,  always located in the Program Files\iTunes folder.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8itunesff0 12itunesff.exe1 00 64Identified by NOD32 as the Win32/Dialer.EB adult premium dialer. 01
313iTunes Helper0 16iTunesHelper.exe1 00219Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation 01
413iTunes Helper0 16iTunesHelper.exe1 00219Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation 01
412ituneshelper0 16iTunesHelper.exe1 00  0 01
111iTunesMusic0 15iTunesMusic.exe1 00 91Added by the W32.Spybot.NLX worm.  This worm also has rootkit functionality to hide itself.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
118information update0  6iu.exe1 00 70Reported by Kaspersky Anti-Virus as Downloader.Win32.Centim.ch TROJAN! 01
1 7iuqjqxt0 11iuqjqxt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5iuvuc0  9iuvuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112W32/Rbot-BJN0 10ivhost.exe1 00 48Added by the W32/Rbot-BJN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbjn.html0
1 5ivooo0  9ivooo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213ivpservicemgr0 12ivpsvmgr.exe1 00290Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray.  This is Toshiba’s equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates.  Not required. 01
3 3IVt0  7IVt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119Internet Washer Pro0  6iw.exe1 00155Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 200330http://www.internetwasher.com/0
117InternetWasherPro0  6iw.exe1 00155Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 200330http://www.internetwasher.com/0
213eWare Startup0 14iWareStart.exe1 00 34eWare iWare task bar. Not required36http://www.eware.com/about/index.asp0
3 9ISDNwatch0 10IWatch.exe1 00263FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"63http://www.avm.de/en/press/announcements/2003/2003_05_19_1.php30
3 9ISDNWatch0 10IWatch.exe1 00 48ISDNWatch 2.01.21, AVM Berlin. ISDNWatch Monitor 01
316IW ControlCenter0 10iwctrl.exe1 00269Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis27http://www.pinnaclesys.com/0
3 6iwctrl0 10iwctrl.exe1 00  027http://www.pinnaclesys.com/0
110StartupBin0 12iwnujdss.exe1 00 31Added by the W32/Sdbot-XZ worm.56http://www.sophos.com/virusinfo/analyses/w32sdbotxz.html0
1 3Sts0 13iwnujdss2.exe1 00121Added by the W32/Sdbot-YI worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyi.html0
1 6iwvipp0 10iwvipp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214Camio Viewer x0 12IXApplet.exe1 00148Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version 01
312Camio Viewer0 15IXApplet.exe -s222StartUp menu\All users0 53Camio Viewer 1.0.0 (440), Jasc Software. Camio Viewer39http://www.absolutestartup.com/startup/1
317wextract_cleanup00 10IXP000.TMP115HKEY_LM\RunOnce0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
114scvhost loader0 11ixplore.exe1 00 29Added by the SDBOT-CY TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html0
119system restore dlls0 12ixplorer.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8ixplores0 12ixplores.exe1 00152Added by the W32/SdBot-CE backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotce.html0
1 7ixproxy0 11ixproxy.exe1 00 40Added by the Troj/Xorpix-A proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojxorpixa.html0
1 5ixwpr0  9ixwpr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7iydmdxl0 11iydmdxl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6N2913c0 13j[RANDOM].exe1 00 50Added by the W32.Rontokbro.X@mm mass-mailing worm.79http://www.sarc.com/avcenter/venc/data/w32.rontokbro.x@mm.html#technicaldetails0
1 7Jufualt0  6j2.exe1 00 49Added by the W32/Sdbot-ALJ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotalj.html0
311efax dllcmd0 13J2GDllCmd.exe1 00 27eFax_Messenger fax software52http://www.efax.com/en/efax/twa/page/download?rqcp=10
315eFax DllCmd 3.50 16J2GDllCmd.exe /R222StartUp menu\All users0 99eFax Messenger (tm) 3.5.231.0, j2 Global Communications, Inc.. eFax Messenger - DLL Command Utility39http://www.absolutestartup.com/startup/1
314efax tray menu0 11J2GTray.exe1 00 37eFax_Messenger fax software tray menu52http://www.efax.com/en/efax/twa/page/download?rqcp=10
318eFax Tray Menu 3.50 11J2GTray.exe122StartUp menu\All users0 84eFax Messenger (tm) 3.5.231.0, j2 Global Communications, Inc.. eFax Messenger - Tray39http://www.absolutestartup.com/startup/1
1 9[unknown]0 10JACFG2.EXE1 00237Added by the  W32/Rbot-AL trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection also attempts to terminate known AV software so that it remains undetected.55http://www.sophos.com/virusinfo/analyses/w32rbotal.html0
114ja cfg util v20 10jacfg2.exe1 00 31Added by the  W32/RBOT-AL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotal.html0
115[various names]0 10JAguAr.exe1 00 89TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here44http://www.doxdesk.com/parasite/WareOut.html0
138(78E611A2-E484-4A0D-811E-C40100A3F452)0 10jajlee.dll1 00 96Added by the Troj/Fasong-B Trojan.br /br /Uses CLSID: b(78E611A2-E484-4A0D-811E-C40100A3F452)/b.57http://www.sophos.com/virusinfo/analyses/trojfasongb.html0
3 6Jammer0 10jammer.exe1 00223Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"39http://www.agnitum.com/products/jammer/0
1 9Jammer2nd0 13Jammer2nd.exe1 00 27Added by the NETSKY.Z WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.z@mm.html0
2 4BKxW0 10jamtku.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118*JanisRuckenbrodII0  9janis.com1 00 23Added by the POPS WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.pops.html0
127Microsoft Word Profissional0 22Java Plug In close.exe2 00 53Added by the Troj/Banker-EL password-stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerel.html0
1 6JavaVM0  8java.exe1 00249Added by the MYDOOM.M or MYDOOM.N WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html0
133Microsoft Synchronization Manager0  8java.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
115Service Monitor0 12javams32.exe1 00 42Added by the Troj/Delf-NK backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfnk.html0
115Service Monitor0 12javams64.exe1 00133Added by the W32/Sdbot-AFO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafo.html0
118SunJavaUpdateSched0 10javamx.exe1 00 31Added by the W32/Sdbot-WI WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotwi.html0
114JavaPlatform640 12JavaPlatform1 00 41Added by the W32/Kassbot-M backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32kassbotm.html0
1 8Etraffic0 11JavaRun.exe1 00 32Marketing software from TopMoxie24http://www.etraffic.com/0
1 8topmoxie0 11JavaRun.exe1 00  024http://www.etraffic.com/0
126Enables Javascript Support0 14javascript.exe1 00 31Added by the W32/Codbot-V worm.56http://www.sophos.com/virusinfo/analyses/w32codbotv.html0
210javate.exe0 10javate.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111Java applet0 10javaup.exe1 00133Added by the W32/Sdbot-ACF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacf.html0
130Microsoft Java Virtual Machine0 10javavm.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 8Swap Nut0  9javaw.exe1 00233SwapNut is a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network 01
120java virtual machine0  9javaw.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6jawa320 10jawa32.exe1 00 27Added by the AGENT.BG WORM!71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
1 7jawa3220 10jawa32.exe1 00 51Added by a variant of the  Backdoor.Agent.bg trojan70http://www.liutilities.com/products/wintaskspro/processlibrary/jawa32/0
1 9jb???.exe0  9jb???.exe1 00 85The ??? in the file name are three random letters.  Added by the Troj/Jubik-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojjubika.html0
1 4jbny0  8jbny.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111JC Services0 11jcsvc32.exe1 00142Added by the W32/Sdbot-TT network worm.  When the infection starts it connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbottt.html0
124Service Registry NT Save0 13jdbgmgrnt.exe1 00 35Added by the Troj/Bancos-CG TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancoscg.html0
1 7MSAdmin0 11jdbgmrg.exe1 00 86Added by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.A0
1 9MSConfigr0 11jdbgmrg.exe1 00 86Added by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.C0
1 4jejl0  8jejl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 1a0  9jesse.exe1 00 29Added by the W32/Melo-A worm.54http://www.sophos.com/virusinfo/analyses/w32meloa.html0
314Jet-PhotoShell0  9JetPS.exe125StartUp menu\Current user0 92Jet-Photo Shell 1.2, COWON System, Inc.. Jet Photo Shell - Shell Extension for Digital Image39http://www.absolutestartup.com/startup/1
310jetToolBar0  9JetTB.exe122StartUp menu\All users0 49jetToolBar 3, 8, 0, 0, JetAudio, Inc.. jetToolBar39http://www.absolutestartup.com/startup/1
1 3Bfu0  7Jfk.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 8jftkdomr0 12jftkdomr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Pfk0  7Jgk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jgvadmp0 11jgvadmp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4jidr0  8jidr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4jier0  8jier.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7WINDOWS0  7jif.exe1 00133Added by the WORM_MYTOB.NE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ENE&VSect=T0
2 2JB0 12Jiffybar.exe1 00 44&quot;Get Paid As You surf&quot; application 01
1 8jihkcpqh0 12jihkcpqh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Hqd0  7Jjd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
122msjava critical update0 11jjfixer.exe1 00 37Troj/Hector-A is a downloader Trojan.57http://www.sophos.com/virusinfo/analyses/trojhectora.html0
1 6jjuams0 10jjuams.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6jjvtjx0 10jjvtjx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Fsn0  7Jkf.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5jkhhg0  9jkhhg.dll1 00 35Added by the Troj/ConHook-N Trojan.58http://www.sophos.com/virusinfo/analyses/trojconhookn.html0
124Daemons Updates Services0  8jkiw.exe1 00108Added by the W32/Rbot-RJ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrj.html0
138(78E611A2-E484-4A0D-811E-C40100A3F452)0  9jknla.dll1 00 96Added by the Troj/Fasong-C Trojan.br /br /Uses CLSID: b(78E611A2-E484-4A0D-811E-C40100A3F452)/b.57http://www.sophos.com/virusinfo/analyses/trojfasongc.html0
1 3Qnu0  7Jkv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6jmegom0 10jmegom.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311Creata Mail0 10JMSrvr.exe1 00131Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express41http://www.bluemountain.com/mail/index.pd0
1 8jnambuqc0 12jnambuqc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6jnjljy0 10jnjljy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jnwknod0 11jnwknod.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310JobHisInit0 14JobHisInit.exe1 00 73Used by Ricoh network printers to enable network printing from the client 01
3 9Jog Serve0 12JogServ2.exe1 00124Jog Dial on a Sony Vaio laptop.  The dial can select various functions such as control audio. Needed if you use its features 01
3 8JogServ20 12JogServ2.exe1 00124Jog Dial on a Sony Vaio laptop.  The dial can select various functions such as control audio. Needed if you use its features 01
115[Various Names]0 12jopplerg.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
128Launch Norton AntiVirus 20000  9jorgf.exe1 00132Added by the W32/Rbot-AUI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaui.html0
1 3jov0  7jov.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5jovke0  9jovke.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
211Game Device0 12JOYUPDRV.EXE1 00 40Genius game controller profile activator 01
1 7jpmyqqb0 11jpmyqqb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5jqsbk0  9jqsbk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Systes0 17jrdtifkkxbbsa.exe1 00132Added by the W32/Rbot-ADC worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotadc.html0
1 4Jreg0 10Jreg2b.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 3Lml0  7Jrl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6jrrqql0 10jrrqql.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8jryetdrj0 12jryetdrj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
128JavaScript Debugging Service0 12JsDbgMan.exe1 00 45tml" target=_blankDERDEO.E mass-mailing worm. 01
1 8jsdyybch0 12jsdyybch.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jsjcruh0 11jsjcruh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8jslhinos0 12jslhinos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jtytwse0 11jtytwse.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119MICROSFT NT SUPPORT0 14jtzbpfnkxk.EXE1 00 48Added by the W32/Rbot-CMI worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcmi.html0
1 7jugjkgo0 11jugjkgo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6juktwg0 10juktwg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Jumper Defualt0 12jumsvc32.exe1 00 12Added by the38W32/Sdbot-TM WORM/IRC backdoor trojan!0
431USB SECURITY DEVICE CoInstaller0 11JupitCo.exe1 00 91ButterflyMedia USB Flash drive related - required for the password security feature to work79http://www.butterflymedia.com/USBFlashDriveManual/ButterflyFlashDriveManual.htm0
1 4JuPo0  9jupos.exe1 00153Added by the W32/Sdbot-CAG backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotcag.html0
2 7jusched0 11jusched.exe1 00150Checks with Sun's Java updates site to see if newer Java versions are available. Visit  http://java.sun.com or just run the Java Plug-In Control Panel19http://java.sun.com0
218SunJavaUpdateSched0 11jusched.exe1 00  019http://java.sun.com0
218SunJavaUpdateSched0 11jusched.exe111HKEY_LM\Run0127Java(TM) 2 Platform Standard Edition 5.0 Update 2 5.0.20.9, Sun Microsystems, Inc.. Java(TM) 2 Platform Standard Edition binary39http://www.absolutestartup.com/startup/1
1 3Sun0 11jusched.exe1 00172Identified as the Codbot-Y worm and IRC backdoor.  This should not be confused with the legitimate file found here in the C:\Program Files\Java\jreversionnumber\bin folder. 01
1 4wmon0 11jusched.exe1 00 97Added by the W32/Agobot-OW WORM/IRC backdoor trojan and using a new servicename called wsaconfig.57http://www.sophos.com/virusinfo/analyses/w32agobotow.html0
115javaupdatesched0 13jusched32.exe1 00 28Added by the  Troj/Bckdr-CKB58http://www.sophos.com/virusinfo/analyses/trojbckdrckb.html0
111WINTASK DLL0 13jusched32.exe1 00136Added by the W32.Mytob.AI@mm worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ai@mm.html#technicaldetails0
112jushed32.exe0 12jushed32.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
315jussdroputility0 12JussDrop.exe1 00116Related to  DropShots Inc. A subscription based service for family to connect, converse and share photos and videos.25http://www.dropshots.com/0
3 8JustUrls0 12justurls.exe111HKEY_CU\Run0127Justurls Application 5, 2, 0, 0, Eastern Digital Pty. Ltd.  Australia   http://easterndigitalsoftware.com. Justurls Application39http://www.absolutestartup.com/startup/1
1 5jutsu0  9jutsu.exe1 00 26Added by the RBOT-LS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotls.html0
323Jv16pt Network Resident0 18jv16pt_network.exe1 00102jv16 PowerTools' network resident program. Only needed if you are using the program's network features46http://www.vtoy.fi/jv16/shtml/powertools.shtml0
121microsoft corporation0  9jview.exe1 00 26Added by the  W32/Rbot-AOD56http://www.sophos.com/virusinfo/analyses/w32rbotaod.html0
1 8jvrvqnrg0 12jvrvqnrg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9wintask320 12Jwintask.com1 00154Added by the W32/Nafbot-A P2P worm.  This infection will also modify your hosts file so that you are unable to reach various antivirus vendor's web sites.56http://www.sophos.com/virusinfo/analyses/w32nafbota.html0
111jWv2pPn.exe0 11jWv2pPn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8jxef11040 12jxef1104.exe1 00 33Added by the W32/Xipi-A P2P worm.54http://www.sophos.com/virusinfo/analyses/w32xipia.html0
2 5Jzi160  9jzi16.exe1 00  2?? 01
114K2ps_full.task0 13K2ps_full.exe1 00 31Added by the JUNTADOR.K TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K0
2 9K6CPU.EXE0  9K6CPU.EXE1 00 44Authenticates CPU as K6 in system properties 01
2 2K90  6K9.exe122StartUp menu\All users0 26K9 1, 2, 1, 0, KeirNet. K939http://www.absolutestartup.com/startup/1
1 3kak0  7kak.hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
118autoupdate service0  8kaka.exe1 00 34Added by the  TROJ/SYMPE-B TROJAN!56http://www.sophos.com/virusinfo/analyses/trojsympeb.html0
3 8Kalibump0 12Kalibump.exe1 00181Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy20http://www.kali.net/0
1 7kalvsys0 30kalv****.exe [* = random char]2 00 39EliteBar/SearchMiracle adware installer92http://www.giantcompany.com/antispyware/research/spyware/spyware-SearchMiracle.EliteBar.aspx0
1 7kalvsys0 31kalv***32.exe [* = random char]2 00 39EliteBar/SearchMiracle adware installer92http://www.giantcompany.com/antispyware/research/spyware/spyware-SearchMiracle.EliteBar.aspx0
110[not used]0  8kane.exe1 00106Added by the Backdoor.Dckane backdoor. This infection also installs the file c:\windows\system32\kane.dll.76http://www.sarc.com/avcenter/venc/data/backdoor.dckane.html#technicaldetails0
1 6kaoqkd0 10kaoqkd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0  9Kargo.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110[not used]0 12karnal32.dll1 00112Added by the W32.Monikey@mm mass-mailing worm.  This worm attempts to gather information found on your computer.75http://www.sarc.com/avcenter/venc/data/w32.monikey@mm.html#technicaldetails0
116Kasper Antivirus0 19KASPERANTIVIRUS.EXE1 00 34Added by the  SPYBOTER.GEN TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spyboter.gen.html0
111KasperskyAv0 13kaspersky.exe1 00 91Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky AntiVirus76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.t@mm.html0
125Windows Messenger Service0 13kaspersky.exe1 00133Added by the W32/Mytob-DP worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobdp.html0
119Kaspersky Antivirus0 15KasperskyAV.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114KasperskyAVEng0 18Kasperskyaveng.exe1 00 27Added by the NETSKY.V WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.v@mm.html0
1 9antivirus0 11kaspery.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111KatchEm.exe0 11KatchEm.exe1 00 76An overwriting virus.  This virus will overwrite all .exe files with itself. 01
413KAVPersonal500  7Kav.exe1 00 33Kaspersky Anti-Virus Personal 5.033http://www.kaspersky.com/personal0
413KAVPersonal500  7kav.exe1 00 87Kaspersky Anti-Virus Personal Pro 5.0.0.0, Kaspersky Lab. Kaspersky Anti-Virus GUI Part 01
413KAVPersonal500 17kav.exe /minimize211HKEY_LM\Run0 83Kaspersky Anti-Virus Personal 5.0.0.0, Kaspersky Lab. Kaspersky Anti-Virus GUI Part39http://www.absolutestartup.com/startup/1
4 5KAV500 45kav.exe -run -n PersonalPro -v 5.0.0.0 -chkss211HKEY_LM\Run0 94Kaspersky Anti-Virus Personal Pro 5.0 5.0.20.0, Kaspersky Lab. Personal Pro Tray GUI Component39http://www.absolutestartup.com/startup/1
1 9NvCplScan0  9kav32.exe1 00122Added by the W32/Forbot-EW network worm, also adding NvCplScan as the display & service names of a new service it creates.57http://www.sophos.com/virusinfo/analyses/w32forbotew.html0
1 5lsass0  9kavmm.exe1 00250Added by an unidentified WORM or TROJAN! - NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described  here .  Contrary to this impostor,  the legitimate file will always be located in the Kaspersky Lab folder in Program Files.52http://www.processlibrary.com/directory/files/kavmm/0
421kaspersky anti-hacker0  9KAVPF.exe1 00 31Kaspersky  Anti-Hacker firewall35http://www.kaspersky.com/antihacker0
4 5KAVPF0  9KAVPF.exe111HKEY_CU\Run0 68Kaspersky Anti-Hacker 1.5.0.0, Kaspersky Labs. Kaspersky Anti-Hacker39http://www.absolutestartup.com/startup/1
4 6kavpfw0 10KavPFW.exe1 00 26KingSoft Personal Firewall27http://www.kingsoft.com/en/0
4 8kavstart0 12KAVStart.exe1 00 26KingSoft Personal Firewall27http://www.kingsoft.com/en/0
4 6kavsvc0 10kavsvc.exe1 00 19Kaspersky antivirus33http://www.kaspersky.com/personal0
115WIn32S Java DLL0 10kavsvx.exe1 00 52Added by the W32/Agobot-RZ worm/IRC backdoor trojan.57http://www.sophos.com/virusinfo/analyses/w32agobotrz.html0
2 5KAZAA0  9kazaa.exe1 00198KAZAA is a file-sharing program which unfortunately being ad-based includes &quot;Cy-door&quot; adware. Check here for information about &quot;Cy-door&quot; and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
112Kazaa lptt010  9kazaa.exe1 00277Variant of the  RapidBlaster parasite (in a &quot;kazaa&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not the valid KaZaA file sharing program which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
112Kazaa ml097e0  9kazaa.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
2 5KAZAA0 18kazaa.exe /SYSTRAY2 00 69Kazaa Media Desktop 2, 6, 7, 0, Sharman Networks. Kazaa Media Desktop 01
2 9kazaalite0 13kazaalite.exe1 00174Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms44http://www.webattack.com/get/kazaalite.shtml0
2 6KaZooM0 10KaZooM.Exe1 00179KaZoom from  Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"30http://www.bluehavenmedia.com/0
115InternalSystray0  9Kazza.exe1 00191Added by a variant of the OPTIX TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=161060
1 9Messenger0 14KB08953265.exe1 00 37Added by the Trojan.Esteems.F Trojan.77http://www.sarc.com/avcenter/venc/data/trojan.esteems.f.html#technicaldetails0
138{686BC654-BC45-D597-22DC-CA34BD693002}0  8kb32.com1 00 96Added by the Troj/Tometa-E Trojan.br /br /Uses CLSID: b{686BC654-BC45-D597-22DC-CA34BD693002}/b.57http://www.sophos.com/virusinfo/analyses/trojtometae.html0
112explorer.exe0  8kb32.exe1 00125This infection hijacks Internet Explorer to redirect to search-area.com.  More information can be found here - Troj/Malche-A.57http://www.sophos.com/virusinfo/analyses/trojmalchea.html0
4 8KB8917110 12KB891711.EXE1 00393This security update is to address the following vulnerability Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution.  As of right now it is unknown if this entry is a buggy installation routine or if this file needs to continue running in order to patch the vulnerability.  Until this information is received, you should allow this update to continue starting up.64http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx0
3 3KBD0  7KBD.EXE1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
3 3KBD0  7KBD.EXE111HKEY_LM\Run0 73Hewlett-Packard Company KBD EXE 1.0.2.0, Hewlett-Packard Company. KBD EXE39http://www.absolutestartup.com/startup/1
310FLMTRUSTKB0 12KbdAp32A.exe1 00185Keyboard utility for a Trust brand wireless keyboard.  If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard. 01
1 8kbddrv320 12kbddrv32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 9kbddrvinf0 13kbddrvinf.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
215TypingSatellite0 10KBOOST.exe1 00156Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -&gt; Programs27http://www.typingmaster.com0
215TypingSatellite0 10KBOOST.EXE1 00 57Typing Satellite 6.30, TypingMaster Inc. Typing Satellite 01
1 6kbvfgb0 10kbvfgb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6KCeasy0 10KCeasy.exe1 00158KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella24http://kceasy.com/about/0
1 6Update0  9kchts.EXE1 00 33Added by the W32/Clantard-A worm.58http://www.sophos.com/virusinfo/analyses/w32clantarda.html0
3 5cpqek0 10kcpqek.exe1 00 61For Compaq PC's.  Easy Access button support for the keyboard75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
3 8KillCopy0 21kcresume.exe /startup211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3kdc0  7kdc.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
1 5kdhfc0  9kdhfc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7kdhivgl0 11kdhivgl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5kdjcu0  9kdjcu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
125Mabochine Deybug Malnager0  7kdm.exe1 00129An Sdbot WORM variant adds the file, and the IRC backdoor TROJAN component allows for unauthorized remote access to the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotsd.html0
114Microzoft_Ofiz0 13KdzEregli.exe1 00 25Added by the AMUS.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.amus.a@mm.html0
117AVXSearch service0 10ke7dnl.sys1 00 44Added by the Troj/Haxdoor-BH rootkit Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbh.html0
116AVSearch service0 10kednl6.sys1 00 45Added by the Troj/Haxdoor-AT backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorat.html0
1 9Keenvalue0 13Keenvalue.exe1 00 28Keenvalue spyware - see here42http://www.infobeat.com/infobar/terms.html0
111Disk Keeper0  8keep.exe1 00 77Mslware - recognized by  Kaspersky antivirus as Trojan-Dropper.Win32.Small.ve36http://www.kaspersky.com/personalpro0
317Logitech SetPoint0  7KEM.exe1 00191Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys 01
3 8KEMailKb0 12KEMailKb.EXE1 00168Controls the buttons at the top of the  Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down69http://www.mic-innovations.com/micro_inv/large_image_pages/kb650i.htm0
2 5Kemet0  9kemet.exe1 00  2?? 01
129windows task manager emulator0 11kennewr.exe1 00 33Added by the  W32/SPYBOT-FA WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotfa.html0
319KEN Taskbar Service0 12kentbsrv.exe111HKEY_LM\Run0 43AVM KEN! 3.00.84.2001, AVM Berlin. kentbsrv39http://www.absolutestartup.com/startup/1
3 8KERclink0 12KERclink.exe125StartUp menu\Current user0 33KERclink 2.00.0039, MidTen Media.39http://www.absolutestartup.com/startup/1
1 8kernel320 10kern32.exe1 00 29Added by the BADTRANS.A WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.A0
117Windows Kernel 640 12kernal64.exe1 00 47Added by the W32/Yimp-B Instant Messaging worm.54http://www.sophos.com/virusinfo/analyses/w32yimpb.html0
110[not used]0 13Kerne0110.exe1 00 82Added by the Troj/Lineage-FU password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagefu.html0
110[not used]0 11Kerne12.exe1 00 36Added by the Troj/Lineage-AS Trojan.59http://www.sophos.com/virusinfo/analyses/trojlineageas.html0
110[not used]0 12Kerne121.exe1 00 82Added by the Troj/Lineage-BW password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagebw.html0
110[not used]0 13Kerne1211.exe1 00 82Added by the Troj/Lineage-CA password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageca.html0
110[not used]0 11Kerne14.exe1 00 82Added by the Troj/Lineage-BA password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageba.html0
110[not used]0 13Kerne1412.exe1 00 54Added by the Troj/Lineage-OJ password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojlineageoj.html0
1 4Plob0 10kernel.com1 00 32Added by the OPTIXPRO.12 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.120
1 8kernel320 10kernel.dli1 00 31Added by the NETDEVIL.B TROJAN!67http://www.symantec.com/avcenter/venc/data/backdoor.netdevil.b.html0
1 8Kernel320 10Kernel.dll1 00 28Added by the REDLOF.M VIRUS!49http://vil.mcafee.com/dispVirus.asp?virus_k=994760
112kernel12.exe0 12kernel12.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6Win32G0 12Kernel32.com1 00 29Added by the ESTRELLA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html0
1 8kernel320 12kernel32.dlI1 00 32Added by the NETDEVIL.15 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netdevil.15.html0
1 8Kernel320 12Kernel32.exe1 00 48Added by a number of VIRUSES, WORMS and TROJANS! 01
1 8Services0 12kernel32.exe1 00 39Added by the Troj/EliteKey-B keylogger.59http://www.sophos.com/virusinfo/analyses/trojelitekeyb.html0
114Windoes Kernel0 12kernel32.exe1 00 41Added by the  KICKIN.A (or CYDOG.C) WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html0
1 7Windows0 12Kernel32.exe1 00 28Added by the  TENDOOLF WORM!78http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_TENDOOLF.A0
127Win32 Kernel core component0 12Kernel32.pif1 00 24Added by the MOKS VIRUS!69http://securityresponse.symantec.com/avcenter/venc/data/w32.moks.html0
1 8Kernel320 12Kernel32.win1 00 40Added by the GAGGLE.D or GAGGLE.E WORMS!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html0
123Distributed File System0 15kernel32dll.exe1 00 38Added by the MYFIP-C or MYFIP.K WORMS!55http://www.sophos.com/virusinfo/analyses/w32myfipc.html0
136Distributed Link Tracking Extensions0 15kernel32dll.exe1 00106Added by the W32/Myfip-I WORM wirh a service display name of "Distributed Link Tracking Extensions", also.55http://www.sophos.com/virusinfo/analyses/w32myfipi.html0
1 8Kernel320 13kernel32s.exe1 00 29Added by the SDBOT-PU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbckdrcic.html0
122Microsoft Kernel Patch0 13kernel3ox.exe1 00142Added by the W32/Rbot-UJ network worm.  When this infection starts it connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotuj.html0
1 9Kernell320 11Kernell.dll1 00 30Added by the DESTINY.A TROJAN!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DESTINY.A0
114Service System0 13kernels32.exe1 00 73Added by the Troj/Bancos-DA password-stealing trojan for Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbancosda.html0
1 6System0 13kernels32.exe1 00 31Added by the DLOADER-FC TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html0
111SystemTools0 13kernels32.exe1 00 33Added  by the  DLOADER-FC TROJAN!107http://ww0
1 6System0 13kernels64.exe1 00 33Added by the Troj/Vixup-V Trojan.56http://www.sophos.com/virusinfo/analyses/trojvixupv.html0
1 6System0 12kernels8.exe1 00 34Added by the Troj/Vixup-BN Trojan.57http://www.sophos.com/virusinfo/analyses/trojvixupbn.html0
125Microsoft Update Emulator0 14kernelvmon.exe1 00144Added by the W32/Rbot-CH trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotch.html0
1 7Kernelw0 13Kernelw32.exe1 00 26Added by the INDOR.E WORM!67http://www.symantec.com/avcenter/venc/data/w32.hllw.indor.e@mm.html0
125Microsoft Update Emulator0 12kern-mxe.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3Laz0  9Kernn.exe1 00 53Added by the Troj/Bancos-LN password stealing TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosln.html0
110[not used]0 21KesenjanganSosial.exe1 00 45Added by the W32/Brontok-K mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokk.html0
117MicroSoft Toolbar0  7key.exe1 00133Added by the W32/Rbot-AEW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaew.html0
4 9KeyAccess0 12keyacc32.exe1 00256KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure" 01
1 9Keybdcntl0 13keybdcntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
115[Various Names]0 11keybdll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
129Microsoft TaskManager Updater0 12keyboard.exe1 00132Added by the W32/Rbot-ALU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalu.html0
134Microsoft Windows Keyboard service0 12keyboard.exe1 00 48Added by the W32/Rbot-CRF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcrf.html0
112NLS Keyboard0 12keyboard.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
113keyboard_enum0 17keyboard_enum.exe1 00 43Added by the Troj/Bdoor-GP backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html0
3 8Srv32Win0 13KeyCaptor.exe1 00135Added by the Spyware.KeyCaptor surveillance program.  You should uninstall this program immediately if you did not install it yourself.61http://www.sarc.com/avcenter/venc/data/spyware.keycaptor.html0
319SiS Windows KeyHook0 11keyhook.exe1 00133SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings 01
112WinEssential0 11Keyhost.exe1 00 33Hijacker - hailing from jraun.com 01
1 6VC_Log0 10keylog.exe1 00 37Added by the Adware.Starware spyware.61http://www.sarc.com/avcenter/venc/data/spyware.paqkeylog.html0
1 3ABC0 13keylogger.exe1 00139Monitors keystrokes so you can check if someone has typed anything while your away from your PC. Reported as spyware by SpyCop in their FAQ32http://www.spycop.com/index.html0
3 91Win32Cfg0 16Keyloggerpro.exe1 00 34KeyloggerPro - monitoring software28http://www.keyloggerpro.com/0
312CherryKeyMan0 10KeyMan.exe1 00108Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys34http://www.cherrycorp.com/english/0
3 6keymap0 10keymap.exe1 00182System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game 01
124Microsoft System Checkup0 10Keymgr.exe1 00 25Added by the DONK.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.m.html0
3 9KeyPatrol0 13KeyPatrol.exe1 00122KeyPatrol - detects Key Loggers ("keyboard loggers" or "keyloggers") using both behavioral and pattern-matching algorithms36http://www.pestpatrol.com/KeyPatrol/0
1 4keyq0  8keyq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
227Stardock Keyboard Launchpad0 17Keys.exe /startup225StartUp menu\Current user0 56Keyboard Lauchpad v1.2, Stardock.net. Keyboard Launchpad39http://www.absolutestartup.com/startup/1
1 7keyserv0 11keyserv.exe1 00130Added by the  Spyware.KeyThief SPYWARE!, Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.64http://www.symantec.com/avcenter/venc/data/spyware.keythief.html0
010ChromeMark0  9keysh.exe1 00 75Related to this. Don't know what keysh.exe does though and if it's required 7#FF00000
3 4klog0 10Keyspy.exe1 00114Added by the  Hacktool.KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself!82http://securityresponse.symantec.com/avcenter/venc/data/hacktool.keyloggpro.b.html0
3 4pskl0 10keyspy.exe1 00139Added by the Spyware.KeyboardLogger surveillance software.  If you did not install this software, then you should uninstall it immediately.66http://www.sarc.com/avcenter/venc/data/spyware.keyboardlogger.html0
317Toshiba Key State0 12KEYSTATE.EXE1 00200Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -&gt; Programs 01
3 9keystroke0  9keystroke1 00127QuickLaunch is a spyware program that logs keystrokes and captures screenshots.  If you didn't install this yourself remove it.59http://sarc.com/avcenter/venc/data/spyware.quicklaunch.html0
3 9keystroke0 13keystroke.exe1 00136Added by the Spyware.QuickLaunch surveillance software.  If you did not install this software, then you should uninstall it immediately.63http://www.sarc.com/avcenter/venc/data/spyware.quicklaunch.html0
2 8Key Text0 11KeyText.exe1 00113Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start - Programs34http://www.mjmsoft.com/keytext.htm0
2 7keytext0 11KeyText.exe1 00113Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start - Programs34http://www.mjmsoft.com/keytext.htm0
112WinEssential0 11keyword.exe1 00 18Jraun.com hijacker73http://securityresponse.symantec.com/avcenter/venc/data/adware.jraun.html0
115[Various Names]0 17KeywordFinder.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114Service System0 13kgbfsm344.exe1 00 73Added by the Troj/Bancos-FS password-stealing Trojan for Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbancosfs.html0
1 6kgcgyv0 10kgcgyv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7kgjdi270 12kgjdie27.exe1 00 28Added by the  Sdbot.AP WORM!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ap.html0
1 4kgml0  8kgml.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8kgqyiofm0 12kgqyiofm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Winsock2 driver0 13kgzgjkpcw.exe1 00 28Added by the SDBOT.T TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.t.html0
121SETPOINT Logitech Inc0 11KHALMNP.exe1 00 12Added by the38W32/Rbot-AAX WORM/IRC backdoor trojan!0
035Logitech Hardware Abstraction Layer0 12Khalmnpr.exe1 00253Logitech Bluetooth mouse Hardware Abstraction layer. A "hardware abstraction layer" is an interface that enables adding support for new devices and new ways of connecting devices to the computer, without modifying every application that uses the device. 01
235Logitech Hardware Abstraction Layer0 12KHALMNPR.EXE111HKEY_LM\Run0 95Productivity Software Common Files 2.12.735, Logitech Inc.. Logitech Hardware Abstraction Layer39http://www.absolutestartup.com/startup/1
2 7khooker0 11khooker.exe1 00156SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required 01
211SiS KHooker0 11khooker.exe1 00  0 01
211SiS KHooker0 11khooker.exe111HKEY_LM\Run0157SIS (R) Compatible Super VGA keyboard daemon for Windows 2000/XP 0.0.0.2098, Silicon Integrated Systems Corporation. SiS Compatible Super VGA Keyboard Daemon39http://www.absolutestartup.com/startup/1
2 3kdx0  9KHost.exe1 00344KonTiki Secure Delivery Plug In related. &quot;The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers&quot;95http://help.kontiki.com/enduser/group.jsp;jsessionid=445B8C402E10C9AFBC8E053A3BBC395C?node=18290
2 3kdx0 14KHost.exe -all2 00 61Delivery Manager 4.20.51004.0, Kontiki Inc.. Delivery Manager 01
110[not used]0 12kiamarsi.exe1 00 34Added by the Troj/Detest-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojdetesta.html0
311KICKMON.EXE0 11KICKMON.EXE1 00162KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required 01
115[Various Names]0 11killall.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6Dlload0 10killer.exe1 00 35Added by the Troj/KillAV-FK Trojan.58http://www.sophos.com/virusinfo/analyses/trojkillavfk.html0
1 6cartao0 11killing.exe1 00 47Added by the Troj/Dloader-QN downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderqn.html0
310Kill Popup0 13KillPopup.exe1 00 26KillPopup - pop-up stopper42http://www.killpopup.shareware-rating.com/0
112SCRNSAVE.EXE0  9kimmo.scr1 00 35Added by the Troj/Antinny-N Trojan.58http://www.sophos.com/virusinfo/analyses/trojantinnyn.html0
114System Startup0 11kimochi.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112kimochiz.exe0 12kimochiz.exe1 00 35Added by the  TROJ/MDROP-BB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojmdropbb.html0
210Kinberlink0 14Kinberlink.exe1 00 60Kinberlink network messaging. Available via Start - Programs45http://www.kinberlin.com/kinberlink/index.asp0
1 7kjrawyp0 11kjrawyp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116Microsoft Update0  7Kkk.exe1 00134Added by the  W32/Rbot-AHL worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotahl.html0
111KKM Service0  7kkm.exe1 00 30Added by the W32/Nanpy-I worm.55http://www.sophos.com/virusinfo/analyses/w32nanpyi.html0
1 5klkje0  9klkje.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8WinAC v40 12klsuicbn.exe1 00 28Added by the FORBOT-CS WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcs.html0
210BtcMaestro0 12KMaestro.exe111HKEY_LM\Run0 53BTC Kmaestro 1, 0, 0, 0, BTC. KeyMaestro main program39http://www.absolutestartup.com/startup/1
310KeyMaestro0 12kmaestro.exe1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
1 6System0  7kmc.dll1 00163Added by the Troj/Dropper-BT dropper Trojan. This infection also makes the file C:\Windows\csrss.exe.br /br /Uses CLSID: b(126024AD-DC8A-48F7-9CD2-4A6FFB867874)/b.59http://www.sophos.com/virusinfo/analyses/trojdropperbt.html0
1 4kmmp0  8kmmp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4kmmt0  8kmmt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113KeimoServices0 11kmsvc32.exe1 00 12Added by the39W32/Sdbot-AHE WORM/IRC backdoor trojan!0
311kmw_run.exe0 11kmw_run.exe1 00 97Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features 01
311kmw_run.exe0 11kmw_run.exe111HKEY_LM\Run0 78KMW 6.11.4.1, Kensington Technology Group. Kensington MouseWorks Win32 Support39http://www.absolutestartup.com/startup/1
312kmw_show.exe0 12kmw_show.exe1 00 97Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features 01
1 6WinSrv0  8kn0x.exe1 00 27Added by the HOBBIT.F WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.F0
322Kodak software updater0 26Kodak Software Updater.exe222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
4 8KodakCCS0 12KodakCCS.exe1 00 27Kodak DC File System Driver 01
1 5kojbe0  9kojbe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123Bron-Spizaetus-5118REPM0 18komodo-6321422.exe1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
312Konfabulator0 16Konfabulator.exe125StartUp menu\Current user0 46Konfabulator 1.8.3, Pixoria Inc.. Konfabulator39http://www.absolutestartup.com/startup/1
222Konni Symbol Autostart0 15KonniSymbol.exe1 00139Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 536http://www.besoftware.com/index.html0
2 4cnet0 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 8GameSpot0 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 7kontiki0 11kontiki.exe1 00  095http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 5zdnet0 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
4 8KPDrv4XP0 12KPDrv4XP.EXE1 00 94Dritek Keyboard Device Update Utility 1, 0, 1, 221, Dritek System Inc.. Update Keyboard Driver 01
4 8KPDrv4XP0 12KPDrv4XP.exe1 00 26MediaKey USB Keypad Driver 01
1 4kpem0  8kpem.sys1 00 46Added by the Trojan.Duganss Trojan downloader.75http://www.sarc.com/avcenter/venc/data/trojan.duganss.html#technicaldetails0
1 8krdfyhra0 12krdfyhra.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6KREC320 10krec32.exe1 00 45StarrCommander Pro Keystroke logging software 01
118Microsoft Document0  9krisp.exe1 00 27Added by the SDBOT-RQ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotrq.html0
110krisvc.exe0 10krisvc.exe1 00 63Added by the Infostealer.Kurofoo.B information stealing Trojan.82http://www.sarc.com/avcenter/venc/data/infostealer.kurofoo.b.html#technicaldetails0
1 5krlee0  9krlee.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8startkey0  8krnl.exe1 00 35Added by the Troj/Bifrose-S Trojan.58http://www.sophos.com/virusinfo/analyses/trojbifroses.html0
110[not used]0 10krnl32.dll1 00 67Added by the  Troj/Vipgsm-J keylogger and password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojvipgsmj.html0
1 8Kernel320 10krnl32.exe1 00 23Added by the EPON WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.epon@mm.html0
114kernel manager0 11krnlmgr.exe1 00 33Added by the  TROJ_JUNY.A TROJAN!83http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNY.A&VSect=P0
3 7Krnlmod0 11Krnlmod.exe1 00187Keylogger - see  here. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't, treat it as "X" and uninstall or remove via Spybot S&D (for example)58http://www.pestpatrol.com/PestInfo/W/Windows_Keylogger.asp0
2 7Whbrhzn0  8Krrs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Ksrv320 10Ksrv32.exe1 00133Added by the W32/Agobot-PI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotpi.html0
3 7KClient0 11kstatus.exe1 00197KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet 01
116KTAX Auto Loader0  8ktax.exe1 00133Added by the W32/Sdbot-MZ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmz.html0
1 4ktaz0  8ktaz.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ktbmmo0 10ktbmmo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ktboeij0 11ktboeij.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8ktchnsnk0 12ktchnsnk.exe1 00144HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted 01
1 8ktkgaymo0 12ktkgaymo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
426Start RF Wireless Keyboard0 10ktrexe.exe1 00 47Yuanxun Electronics RF wireless keyboard driver 01
1 7kumsmvb0 11kumsmvb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Ece0  7Kuo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6kvevqg0 10kvevqg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6kvgnlx0 10kvgnlx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7KvMonXP0 17KVMonXP.kxp /auto211HKEY_LM\Run0 55Jiangmin AntiVirus 9, 0, 0, 505, JiangMin Ltd.. KVmonxp39http://www.absolutestartup.com/startup/1
316kerio vpn client0 14kvpnclient.exe1 00 16Kerio VPN Client33http://www.kerio.com/kwf_vpn.html0
1 6kvvynr0 10kvvynr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9KeyWallet0 11KWallet.exe1 00150KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually34http://www.keywallet.com/index.php0
3 5kx5090 15kx509_kfwk5.exe1 00 42Kerberos Secure Authentication for Windows49http://www.mcmcse.com/win2k/guides/kerberos.shtml0
1 8kxawsgas0 12kxawsgas.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7kxksnos0 11kxksnos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8kX Mixer0 11kxmixer.exe1 00 94Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards 01
1 9bsogvsqfn0 10kxqcdy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 12kxrnxl32.dll1 00 32Added by the Troj/Gina-K Trojan.55http://www.sophos.com/virusinfo/analyses/trojginak.html0
120kyk control settings0 11KYSVCXD.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113[random name]0  9l?ass.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11l?gonui.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 6strtas0  8l071.exe1 00110Added by the W32/Rbot-BHU worm and IRC backdoor.  This infection also installs the msdirectx.sys rootkit file.56http://www.sophos.com/virusinfo/analyses/w32rbotbhu.html0
1 6strtas0  8l074.exe1 00174Added by the Troj/Agent-II Trojan.  This infection also installs the rootkit file C:\Windows\System32\msdirectx.sys which is used to hide files, processes, and registry keys.57http://www.sophos.com/virusinfo/analyses/trojagentii.html0
1 7runload0  8l0ad.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 4suck0  8l0ad.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 6load320  8l32x.exe1 00 52Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.z@mm.html0
1 7L4r1$$a0 11L4r1$$a.pif1 00 38Added by the W32/Assiral-C email worm.57http://www.sophos.com/virusinfo/analyses/w32assiralc.html0
1 6laltin0 18L90112201.Stub.exe1 00 98Adware downloader/installer,  Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530767750
1 8DBGA0EEG0 12Laabph32.dll1 00119Added by the W32/Doxpar-E password-stealing network worm.br /br /Uses CLSID: b(54206BCE-0715-687D-5BFC-660B572D5F06)/b.56http://www.sophos.com/virusinfo/analyses/w32doxpare.html0
010SystemBoot0 10ladies.htm1 00 36Unknown but sounds very suspicious?? 01
124norton personal firewall0  7lah.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Login0  8lala.exe1 00 43Added by the Troj/Bugspr-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbugspra.html0
111vdat update0  9lalaa.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6lamyen0 10lamyen.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7lanbrup0 11lanbrup.exe1 00 18SafeSurfing adware80http://securityresponse.symantec.com/avcenter/venc/data/spyware.safesurfing.html0
110lan driver0 15landriver32.exe1 00 27Added by the  RBOT.BT WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BT&VSect=P0
1 8LanGuard0 12languard.exe1 00 17Adware downloader 01
114TCP Monitoring0 11LanNSvc.exe1 00 29Added by the RANDEX.AAS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aas.html0
122Windows Update Manager0 10lansas.exe1 00 49Added by the WORM_RBOT.EKK worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRBOT%2EEKK&VSect=T0
3 9LanSpeed20 13LanSpeed2.exe1 00 86Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card) 01
124Microsoft Update Machine0 11LANWAKE.EXE1 00 26Added by the RBOT-QZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqz.html0
124Microsoft LAN32 Protocol0  9lanXp.exe1 00126Added by W32/Rbot-SS, it will terminate processes and perform a variety of other functions under control of a remote attacker.55http://www.sophos.com/virusinfo/analyses/w32rbotss.html0
310laokey.exe0 10LaoKey.exe1 00160Lao Script for Windows  (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications.33http://www.tavultesoft.com/lswin/0
118LARISSA ANTI VIRUS0 22LARISSA_ANTI_VIRUS.exe1 00 29l" target=_blankALLEM trojan! 01
3 7ZeroAds0 11LAS0Ads.exe1 00 86ZeroAds - culls ads, cookies and pop-ups. Required for the cookie interception to work36http://zeroads.com/flash/default.asp0
119Windows_Help_Server0  9lasas.exe1 00 87Added by the Troj/Delf-JQ trojan downloader.  This infection also logs your keystrokes.56http://www.sophos.com/virusinfo/analyses/trojdelfjq.html0
118Gray_Pigeon_Server0  8lass.exe1 00102Added by the Troj/Feutel-AS backdoor Trojan. This infection also creates the file C:\windows\lass.dll.58http://www.sophos.com/virusinfo/analyses/trojfeutelas.html0
121microsoft server base0  8lass.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115microsoftkeysds0 10lass32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6.mscdr0  9lassa.exe1 00 28Added by the WEBUS.C TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.webus.c.html0
110NavAgent320 11lasvr32.exe1 00 26Added by the FEMOT.D WORM!64http://www.symantec.com/avcenter/venc/data/w32.femot.d.worm.html0
110[not used]0 10Latent.com1 00 53Added by the Troj/Agent-ADU password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentadu.html0
2 5Later0  9later.exe1 00  2?? 01
3 7LaunApp0 11LaunApp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 01
2 6Launcg0 10launcg.exe1 00  2?? 01
322PCSuiteTrayApplication0 34Launch Application 2.exe -onlytray211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 9Traceless0 10launch.exe1 00174Traceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box56http://users.bigpond.com/pvantarakis/traceless/index.htm0
312Screen Guard0 10launch.exe1 00 51Part of Access Denied security and privacy software22http://www.johnru.com/0
316IZSoftTrayHelper0 10Launch.exe111HKEY_CU\Run0 55Launch Application 1, 0, 0, 2, . Launch MFC Application39http://www.absolutestartup.com/startup/1
419MailScan Dispatcher0 10Launch.exe1 00183MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned49http://www.mspl.net/antivirus/mailscan/ms4adv.asp0
324SMS Application Launcher0 12LAUNCH32.EXE1 00 84Microsoft Systems Management Server - used to manage computers on a network remotely45http://www.microsoft.com/smserver/default.asp0
112RUNGogoTools0 16LaunchAdware.exe1 00 20Unidentified adware. 01
3 8LaunchAp0 12LaunchAp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
222pcsuitetrayapplication0 21LaunchApplication.exe1 00221System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu. 01
222PCSuiteTrayApplication0 31LaunchApplication.exe -onlytray2 00 56Launch Application 6, 0,24, 0, Nokia. Launch Application 01
1 7runback0 12LaunchBD.exe1 00 75MyBackDrop - is or bundles a  GoGotools adware variant. See  privacy_policy26http://www.mybackdrop.com/0
3 8Webshots0 16Launcher.exe  /t225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
013PrimaLauncher0 12Launcher.exe1 00 35Associated with PrimaScan scanners.25http://www.primascan.com/0
222Vegas Palms - Launcher0 12Launcher.exe1 00 27Vegas Palms on-line cassino26http://www.vegaspalms.com/0
222Vegas Palms - Launcher0 12Launcher.exe1 00 27Vegas Palms on-line cassino26http://www.vegaspalms.com/0
313PrimaLauncher0 12Launcher.exe1 00 35Associated with PrimaScan scanners.25http://www.primascan.com/0
317OE_Plugin_Startup0 12Launcher.exe111HKEY_LM\Run0 55SpamCatcher Universal 4.0.0.0, Mailshell Inc.. Launcher39http://www.absolutestartup.com/startup/1
1 8Launcher0 12launcher.exe1 00 71Spyware component related to DownloadWare and found in Program FilesKFH 01
315Entropia Client0 21Launcher.exe -Startup211HKEY_LM\Run0 59Launcher Application 1, 0, 0, 1, . Launcher MFC Application39http://www.absolutestartup.com/startup/1
310LaunchList0 14LaunchList.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313ATI Launchpad0 12launchpd.exe1 00174Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu 01
313ATI Launchpad0 12launchpd.exe111HKEY_CU\Run0 82ATI Multimedia Center 9.08, ATI Technologies Inc.. ATI Multimedia Center Launchpad39http://www.absolutestartup.com/startup/1
2 6MadExe0 12LaunchRA.exe1 00 25Dell Resolution Assistant 01
1 4laxd0  8laxd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
412laxmsp32.exe0 12laxmsp32.exe1 00119Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work  01
1 7towfezv0 10Lbczxs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8lblyjyud0 12lblyjyud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116Winsock32 driver0  7lcd.exe1 00 27Added by the SPYBOT.B WORM!56http://www.sophos.com/virusinfo/analyses/w32spybotb.html0
1 3LCD0  9LCD32.exe1 00 62Added by the WORM_MYTOB.QF mass-mailing worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EQF&VSect=T0
3 4LCDC0  8LCDC.exe1 00146LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins28http://www.lcdc.cc/about.htm0
3 4LCDC0 10LCDC.exe 0211HKEY_LM\Run0 671.0.0.0, DPS Ltd. www.dps.uk.com. LCDC - Drive it to the edge baby!39http://www.absolutestartup.com/startup/1
325ScreenManager Pro for LCD0 11Lcdctrl.exe111HKEY_LM\Run0 72EIZO LCD Utility 1.18, EIZO NANAO CORPORATION. ScreenManager Pro for LCD39http://www.absolutestartup.com/startup/1
4 9LCDPlayer0 12LCDPlyer.exe1 00 26Related to  SuperAdBlocker30http://www.superadblocker.com/0
2 5lcfep0  9lcfep.exe1 00221Tivoli ‘TME’ System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" 01
2 6Tivoli0  9LCFEP.EXE1 00  0 01
3 6lclock0 10lclock.exe1 00 85LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock.85http://www.softpedia.com/get/Desktop-Enhancements/Clocks-Time-Management/LClock.shtml0
1 3Vqg0  7Lcn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4lcnf0  8lcnf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Vhq0  7Lcr.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7lcshkrn0 11lcshkrn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118microsofts service0 11lcsrv16.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 4Lcss0  8lcss.exe1 00 31Added by the W32/Wenper-B worm.56http://www.sophos.com/virusinfo/analyses/w32wenperb.html0
1 5lcvga0  9lcvga.exe1 00 29Added by the HOSTOL-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojhostola.html0
1 5lcxuk0  9lcxuk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 2ld0  6ld.exe1 00 63CoolWebSearch parasite related - redirects to fastwebfinder.com53http://www.spywareinfo.com/~merijn/cwschronicles.html0
120configuration loader0  9ldasp.exe1 00 29Added by the  AGOBOT.BH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BH&VSect=P0
111fontsloader0 11ldfnt32.hta1 00 20Unidentified malware 01
314inventory scan0 12LDISCN32.EXE1 00 45LANDesk  Management_Suite software component.37http://www.landesk.com/Products/LDMS/0
2 3LDM0 11ldmconf.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
226Logitech Desktop Messenger0 11ldmconf.exe1 00  0 01
226Logitech Desktop Messenger0 18LDMConf.exe /start2 00 75Logitech Desktop Messenger 2.30.04, Logitech. LDM Configuration Application 01
226Logitech Desktop Messenger0 18LDMConf.exe /start225StartUp menu\Current user0 75Logitech Desktop Messenger 2.01.02, Logitech. LDM Configuration Application39http://www.absolutestartup.com/startup/1
1 8WebCheck0  7ldr.dll1 00105Added by the Troj/Radium-A backdoor Trojan.br /br /Uses CLSID: b{FF00E8A3-2BE6-11D2-8003-92E340524100}/b.57http://www.sophos.com/virusinfo/analyses/trojradiuma.html0
1 5ldr640  9ldr64.dll1 00 34Added by the W32.Beagle.DV Trojan.74http://www.sarc.com/avcenter/venc/data/w32.beagle.dv.html#technicaldetails0
1 7ldriver0 11ldriver.exe1 00 44Added by the Troj/Chorus-A browser hijacker.57http://www.sophos.com/virusinfo/analyses/trojchorusa.html0
327Lector Film Player ver. 1.40 20LectorFilmPlayer.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 5lecvg0  9lecvg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8LED TRAY0 11LEDTRAY.EXE1 00183Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work 01
2 8LeechGet0 12LeechGet.exe1 00 25LeechGet download manager23http://www.leechget.de/0
2 8LeechGet0 20LeechGet.exe -intray2 00  0 01
1 6leeman0 10leeman.exe1 00 40Added by the Troj/Cosiam-D proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamd.html0
111ActiveX Key0 11lemonyt.exe1 00 45Added by the Backdoor.Banito Trojan backdoor.76http://www.sarc.com/avcenter/venc/data/backdoor.banito.html#technicaldetails0
1 4lemr0  8lemr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8lemxbosi0 12lemxbosi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110LetsSearch0 14LetsSearch.exe1 00 39BrowserAid/BrowserPal foistware variant47http://www.doxdesk.com/parasite/BrowserAid.html0
3 9LetterBox0 13LetterBox.exe125StartUp menu\Current user0 34LetterBox 4.03.0004, Ultima Thule.39http://www.absolutestartup.com/startup/1
1 5Letum0  9Letum.exe1 00 34Added by the MSIL.Letum.A@mm worm.76http://www.sarc.com/avcenter/venc/data/msil.letum.a@mm.html#technicaldetails0
125Internet Explorer Updater0 10lexbac.exe1 00 29Added by the DOWNLOAD TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/download.trojan.html0
119tknetdriver monitor0 10lexbce.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
413LexBce Server0 11LEXBCES.EXE1 00 62bNote: /b Notice the space after depend= .  This is necessary. 01
1 8lexplore0  8lexplore1 00116Added by the Bropia.A WORM! This worm spreads through MSN Messenger.  File is found in the Windows system directory.46http://www.f-secure.com/v-descs/bropia_a.shtml0
120Configuration Loader0 12lexplore.exe1 00133Added by the W32/Rbot-AGX worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagx.html0
126Internet Explore Microsoft0 12lEXPLORE.EXE1 00142Added by the W32/Rbot-AOF worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaof.html0
111KernellApps0 12lexplore.exe1 00 85Added by Troj/Bancban-BS,  it is found in the Windows system folder, in a new folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbs.html0
127Microsoft Internet Explorer0 12lEXPLORE.EXE1 00132Added by the W32/Rbot-AMM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamm.html0
127Windws Configuration Loader0 12LEXPLORE.exe1 00 26Added by the SODABOT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sodabot.html0
1 8apiclass0 13lexplore_.exe1 00  057http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
1 8regmutex0 13lexplore_.exe1 00 27Added by the  Troj/MSNOpt-A57http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
1 8ShellRun0 13lexplore_.exe1 00 43Added by the Troj/MSNOpt-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
1 5winex0 13lexplore_.exe1 00 27Added by the  Troj/MSNOpt-A57http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
110SysUtilits0 13lexplorer.exe1 00170Added by the W32/Kassbot-K worm and IRC backdoor.  This should not be confused with the legitimate iexplore.exe found in the C:\Program Files\Internet Explorer directory.57http://www.sophos.com/virusinfo/analyses/w32kassbotk.html0
2 6lexpps0 10lexpps.exe1 00300For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges 01
3 8LexStart0 12lexstart.exe1 00223Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance 01
114WINDOWS SYSTEM0 11lf66prc.exe1 00137Added by the W32.Mytob.GC@mm worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.gc@mm.html#technicaldetails0
320Configuration Loader0  9lfass.exe1 00  2?? 01
1 3Lfh0  7Lfh.exe1 00 12Added by the21Troj/Zaurga-A TROJAN!0
3 8Lfsndmng0 12lfsndmng.exe1 00193LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"62http://www.lightningfax.com/products/lightningfax/features.htm0
113LoginPassport0 12Lgnpsp32.exe1 00 27Added by the REDIST.C WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html0
110load-guard0 10LGuarg.exe1 00 30Added by the  VBS.YENO.C WORM!61http://www.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html0
110load-guard0 14LGuarg.exe.vbs1 00 30Added by the  VBS.YENO.C WORM!61http://www.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html0
017HomeCentre WakeUp0 12LGWAKEUP.EXE1 00 72Associated with the no longer supported Xerox HomeCentre printer/scanner 01
215Logitech Wakeup0 12lgwakeup.exe1 00561Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start -&gt;Programs and still be able to scan images 01
3 8LgWDskTp0 12LgWDskTp.exe111HKEY_LM\Run0 62Wireless Desktop Software 1.0.4.1, Logitech Inc.. LgWDskTp.exe39http://www.absolutestartup.com/startup/1
1 5licli0  6li.exe1 00 56Added by the Troj/LowZone-CD/a security lowering Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzonecd.html0
124Microsoft System Checkup0 12libsys32.exe1 00133Added by the W32/Sdbot-ACK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotack.html0
124Microsoft System Checkup0 13libsysmgr.exe1 00 28Added by the SDBOT-CAF WORM!57http://www.sophos.com/virusinfo/analyses/w32sdbotcaf.html0
112WinLibUpdate0 13libupdate.exe1 00 69Added by the BIONET series of TROJANS such as BIONET.31 or BIONET.31078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BIONET.310
114WinLibUpdate320 15libupdate32.exe1 00 31Added by the BIONET.405 TROJAN! 01
111WinLibUpdte0 12libupdte.exe1 00 31Added by the BIONET.318 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.3180
125Local Internet Connection0  7LIC.exe1 00 12Added by the18W32/Sdbot-YA WORM.0
1 4lich0  8lich.exe1 00 78Added by the Troj/QLowZon-BN Trojan which lowers Internet Explorer's security.59http://www.sophos.com/virusinfo/analyses/trojqlowzonbn.html0
2 4Path0  8lide.exe1 00  2?? 01
129http://www.lienvandekelder.be0 22Lien Van de Kelder.exe2 00 61Added by the W32/Mytob-CP email worm and IRC backdoor trojan.56http://www.sophos.com/virusinfo/analyses/w32mytobcp.html0
129http://www.lienvandekelder.be0 21Lien Vande Kelder.exe2 00133Added by the W32/Mytob-AQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobaq.html0
129http://www.lienvandekelder.be0 18Lien vd Kelder.exe2 00 62Added by the W32/Mytob-M mass-mailing trojan and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32mytobm.html0
129http://www.lienvandekelder.be0  8Lien.exe1 00147Added by the W32/Mytob-CZ mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobcz.html0
129http://www.lienvandekelder.be0 13Lientjeuh.exe1 00146Added by the W32/Mytob-P mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32mytobp.html0
129http://www.lienvandekelder.be0 19LienVandeKelder.exe1 00160Added by the W32/Mytob-AZ mass-mailing worm and backdoor trojan.  When started, this infection connects to an IRC where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobaz.html0
129http://www.lienvandekelder.be0 11LienVdK.exe1 00131Added by the W32/Mytob-Uworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32mytobu.html0
218LifeDrive™ Manager0 20LifeDriveMgrTray.exe125StartUp menu\Current user0 95LifeDrive™ Manager Tray Application 1.0.0.2, palmOne, Inc.. LifeDrive™ Manager Tray Application39http://www.absolutestartup.com/startup/1
1 8lifhmbxo0 12lifhmbxo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4lifm0  8lifm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Lightning Download0 13Lightning.exe1 00143Lightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer44http://www.lightningdownload.com/index.shtml0
3 8$sys$lim0  7lim.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
3 9Limeshop00 13Limeshop0.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212LimeWire x.x0 12LimeWire.exe1 00174LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware24http://www.limewire.com/0
1 8LimeWire0 12LimeWire.exe1 00132Added by the W32/Rbot-AGH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagh.html0
319LimeWire On Startup0 21LimeWire.exe -startup225StartUp menu\Current user0 45LimeWire 1, 0, 0, 2, Lime Wire, LLC. LimeWire39http://www.absolutestartup.com/startup/1
112li-multi****0 16li-multi****.exe1 00 34Adult web-dialler - **** is random 01
221Line Speed Meter V3.00 18LineSpeedMeter.exe1 00 81LineSpeedMeter - detect the download and upload speed of your internet connection48http://www.tcpiq.com/tcpiq/linespeed/Default.asp0
1 6linker0 13LinkMaker.exe1 00 12Adware.Links76http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.links.html0
1 5links0  9links.exe1 00 54Added by the Troj/LowZone-BI security lowering Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzonebi.html0
212ISDN Monitor0 11Linksts.exe1 00294Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon 01
1 7Linksts0 11linksts.exe1 00294Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon 01
212ISDN Monitor0 18Linksts.exe W 10242 00  0 01
124Microsoft Update Machine0  9linux.exe1 00 26Added by the RBOT-IM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotim.html0
1 5Linux0  9Linux.vbs1 00 33Added by the LOVELETTER.AS VIRUS!42http://vil.nai.com/vil/content/v_98684.htm0
1 4Lisa0  8Lisa.exe1 00 33downloads code from the internet. 01
119List checker 32 BIT0 10list32.exe1 00133Added by the W32/Rbot-AHO worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaho.html0
213ListProAlarms0 17ListProAlarms.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
3 8nihomeam0 16LiteClientAM.exe1 00207A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet, Made by  Netintelligence_Ltd31http://www.netintelligence.com/0
310Readmeidle0 18LiteGlobalSoap.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 8profiler0 11liteout.exe1 00110Added by the Troj/Zapchas-G TROJAN, one of two files run by a registry key it creates.  The other is prof.exe.58http://www.sophos.com/virusinfo/analyses/trojzapchasg.html0
112li-thund****0 16li-thund****.exe1 00 34Adult web-dialler - **** is random 01
2 3LIU0  7LIU.exe1 00189Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway 01
315Live Weather II0 19Live Weather II.exe225StartUp menu\Current user0 45DesktopX Widget 1, 0, 0, 1, . DesktopX Widget39http://www.absolutestartup.com/startup/1
114System Servlce0  8live.exe1 00 50Added by the Troj/IRCBot-GX worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojircbotgx.html0
2 8LiveNote0 12livenote.exe1 00  0 01
2 8LiveNote0 12Livenote.exe1 00 45Asus graphics card driver live update feature 01
111LiveSexCams0 15LiveSexCams.exe1 00 34Premium rate adult content dialler 01
327Iomega Automatic Backup Pro0 17LiveSystem.exe -s211HKEY_CU\Run0108Iomega Automatic Backup 2.0 2, 0, 0, 75, Iomega Corporation. Iomega Automatic Backup 2.0 for Windows 2000/XP39http://www.absolutestartup.com/startup/1
218AceGain LiveUpdate0 14LiveUpdate.exe1 00292AceGain_LiveUpdate. "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences."27http://gameone.acegain.com/0
310LiveUpdate0 14LiveUpdate.exe1 00 66Web-update utility as used by various types of software - see here32http://liveupdate.openwares.org/0
320Openwares LiveUpdate0 14LiveUpdate.exe1 00  032http://liveupdate.openwares.org/0
320Openwares LiveUpdate0 14LiveUpdate.exe1 00 67Application LiveUpdate 1, 0, 0, 1, Openwares. Openwares' LiveUpdate 01
118Bouncer RunStartup0 14LiveUpdate.exe1 00374VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
213BTCLiveUpdate0 25LiveUpdate.exe /autostart211HKEY_CU\Run0 32LiveUpdate 1.0.0.0, . LiveUpdate39http://www.absolutestartup.com/startup/1
116SDAutoLiveupdate0 16LiveUpdateSD.exe1 00178Max Spyware Detector,   bogus "Spyware remover"  - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"15Spyware remover0
111li-vita****0 15li-vita****.exe1 00 34Adult web-dialler - **** is random 01
1 8ljejpxox0 12ljejpxox.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ljgdwnkd0 12ljgdwnkd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Rje0  7Ljn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Akv0  7Lka.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 4lkbi0  8lkbi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5lkiku0  9lkiku.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Lar0  9Llass.exe1 00 27Added by the INOR-A TROJAN!55http://www.sophos.com/virusinfo/analyses/trojinora.html0
1 7Cbznznq0  8Llpu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6llsass0 10llsass.exe1 00198Added by the  TROJ/PROXY-GG TROJAN! - NOTE:  this malware actually changes the default value data of the Registry "Run"  key in order to force Windows to launch it at boot.  Name field may be empty.57http://www.sophos.com/virusinfo/analyses/trojproxygg.html0
317LapLink Scheduler0 11LLSCHED.EXE1 00 66LAPLINK GOLD 11,05,32,00, LapLink, Inc.. Quick Scheduler Component 01
317LapLink scheduler0 11Llsched.exe1 00 86Utility that automatically performs file transfers as unattended background operations 01
1 6llvset0 10llvset.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111LMA Manager0 14lmamanager.exe1 00147Added by the W32/Tilebot-AD worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.58http://www.sophos.com/virusinfo/analyses/w32tilebotad.html0
1 5lMAPl0  9lMAPl.exe1 00166An Agobot WORM/IRC backdoor variant will add this file, terminating processes, disabling anti-virus & secrity programs and providing for remote access to an attacker.57http://www.sophos.com/virusinfo/analyses/w32agobotre.html0
120Microsoft Management0  8lmas.exe1 00 28Added by the FORBOT-CZ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcz.html0
117Windows Host Name0  9lmass.exe1 00 28Added by the  GAOBOT.O WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.O0
1 3Qvt0  7Lme.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6lmfgia0 10lmfgia.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
422ArcGIS License Manager0  9lmgrd.exe1 00171Part of the Macrovision FLEXlm software. This software is installed as part of the licensing of the A href="http://www.esri.com/software/arcgis/index.html"ArcGis software.68http://www.macrovision.com/services/support/flexlm/lmgrd.shtml#intro0
413murphy shield0  9lmgui.exe1 00 51Firewall part of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
1 7LmHosts0 11lmhosts.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
127Microsoft Lmhosting Service0 11lmhosts.exe1 00 26Added by the RBOT-RC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrc.html0
123TCP/IP NetBIOS Provider0 10lmhsvc.exe1 00 34Added by the W32.Dalbug.Worm worm.93http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html#technicaldetails0
110DR service0 13lmitvsoeo.exe1 00134Added by the W32/Rbot-CZT worm and IRC backdoor.  The filename may sometimes be different, but the registry name will remain the same.56http://www.sophos.com/virusinfo/analyses/w32rbotczt.html0
211LiveMonitor0 12LMonitor.exe1 00 88MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information 01
211LiveMonitor0 12LMonitor.exe1 00 69UpdateMonitor Application 1, 0, 0, 3, . UpdateMonitor MFC Application 01
2 8LMonitor0 12LMonitor.exe1 00 88MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information 01
1 6MovieM0 10lmovie.exe1 00 31Added by the W32/Bagle-CO worm.56http://www.sophos.com/virusinfo/analyses/w32bagleco.html0
0 8lmpdpsrv0 12lmpdpsrv.exe1 00 61Related to a Lexmark printer/scanner. Printer sharing server? 01
3 8LMPDPSRV0 12LMPDPSRV.EXE111HKEY_LM\Run0 57Printer Driver Plus 1.0.0.245, DeviceGuys. PDP RPC Server39http://www.absolutestartup.com/startup/1
124Microsoft Update Machine0  9lmrss.exe1 00 26Added by the RBOT-DY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdy.html0
1 4lmrt0  8lmrt.exe1 00 19Unidentified adware 01
1 7q36i36O0 12lms2cenu.exe1 00 33Added by the SECONDTHOUGHT VIRUS! 01
2 9lm status0 12LMSTATUS.EXE1 00 57Xerox WorkCenter XE - language monitor status application 01
2 8LMSTATUS0 12LMSTATUS.EXE1 00 90Lexmark Status Monitor. Checks the current status of Lexmark printers (and other devices?) 01
315XE 8x LM Status0 10lmsxxe.exe1 00 45Xerox XE8 series laser printer status monitor 01
1 3lmu0  7LMU.exe1 00 64Downloader trojan, recognized by Kaspersky antivirus as Agent.bg50http://www.tkqlhce.com/ig104ft1zt0GINJPQOHGOJHHQHM0
112SysService320  9ln32k.dll1 00 26Added by the KINDAL VIRUS!43http://vil.nai.com/vil/content/v_100207.htm0
311Launchboard0 11lnchbrd.exe1 00351LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions 01
124Daemons Updates Services0  8lnql.exe1 00108Added by the W32/Rbot-RJ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrj.html0
1 6strtas0  8lo71.exe1 00178Added by the W32/Sdbot-AGS worm and IRC backdoor.  This infection will also install the rootkit file C:\Windows\System32\msdirectx.sys to hide files, processes and registry keys.57http://www.sophos.com/virusinfo/analyses/w32sdbotags.html0
128Windows Shell Library Loader0 22load shell.dll /c /set2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
125Win64 Compatibility Check0 14load win64.drv2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
110[not used]0  8load.exe1 00 30Added by the W32/Nimda-A worm.55http://www.sophos.com/virusinfo/analyses/w32nimdaa.html0
1 5IMAPI0  8load.exe1 00 35Added by the Troj/Downdel-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojdowndela.html0
110win32servv0  8load.exe1 00 41Added by an unidentified trojan or adware 01
1 6load320 10load32.exe1 00 49Added by the NIBU, BAMBO TROJANS and DUMARU WORM!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.html0
120Configuration Loader0 13loadcfg32.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 7loaddll0 11loaddll.exe1 00 26Added by  Winvest SPYWARE!76http://securityresponse.symantec.com/avcenter/venc/data/spyware.winvest.html0
111SystemTasks0 10loaded.exe1 00 21Adult content dialler 01
112ClrSchLoader0 10Loader.exe1 00 31Clearsearch variant of  IGetNet39http://www.igetnet.com/iGetNet_Home.asp0
1 6loader0 10loader.exe1 00 77Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe 01
1 7reg_key0 15loader_name.exe1 00 53Added by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.y@mm.html0
127dynamic link library loader0 12Loader32.exe1 00 34Added by the  BACKDOOR.KOL TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kol.html0
1 8loader320 12Loader32.exe1 00 32Added by an unidentified TROJAN! 01
1 8*loadfax0 11loadfax.exe1 00104Added by the Troj/Winflux-C backdoor Trojan.  This program will load automatically in safe mode as well.58http://www.sophos.com/virusinfo/analyses/trojwinfluxc.html0
1 9LoadFonts0 13LoadFonts.vbs1 00 69Homepage hijacker that changes your homepage to an adult content site 01
4 9FP Loader0 10loadfp.exe1 00 57FoolProof Security - PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
115loadgolfcourses0 19LoadGolfCourses.exe1 00 47PlayMiniGolf.com foistware - stealth installed! 01
1 8dwMyTest0 10LOADHW.EXE1 00 54Added by the Troj/Wlook-A information-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojwlooka.html0
3 9KK Loader0 10loadkk.exe1 00214KeyKey XP Professional from KeyKey.com. &quot;Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user.&quot;33http://www.keykey.com/index1.html0
3 6LoadQM0 10loadqm.exe1 00377Installed with MSN Explorer and loads the  MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it63http://support.microsoft.com/default.aspx?scid=KB;EN-US;q3094180
1 9loads.exe0  9loads.exe1 00 31Popuppers.com adware downloader 01
111LoadService0 15LoadService.exe1 00 35Added by the Troj/Dloadr-UP Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrup.html0
118Protected Exchange0 11loadsvc.exe1 00 33Added by the Troj/Urbin-C trojan.56http://www.sophos.com/virusinfo/analyses/trojurbinc.html0
3 7LOAD WB0 10LOADWB.EXE1 00294Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it28http://www.windowblinds.net/0
215BrowserWebCheck0 10loadwc.exe1 00 57Checks to make sure that IE is still your default browser 01
1 6strtas0  8loc1.exe1 00185Added by the W32/Rbot-AZU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This infection also uses the rootkit msdirectx.sys.56http://www.sophos.com/virusinfo/analyses/w32rbotazu.html0
122Windows Streams Server0 12localsrv.exe1 00 27Added by the SDBOT.LN WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=60777&VName=WORM_SDBOT.LN0
122Windows Local Services0 12localsvc.exe1 00 36Added by the Troj/Dloader-NY trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderny.html0
1 5Modem0 13locatesvc.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
325Microsoft Location Finder0 18LocationFinder.exe1 00465Microsoft Location Finder is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware. When launched by a user, Microsoft Location Finder uses WiFi access points - or reverse IP lookup when WiFi is not available - to center and display the person's location on an MSN Virtual Earth map, enabling the user to quickly and easily search in their present location.108http://ww0
1 6strtas0  9lock1.exe1 00134Added by the W32/Sdbot-ADQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotadq.html0
110freexstyle0 11lockbar.exe1 00120Added by the W32.Loxbot.D worm and IRC backdoor.  This infection installs the rootkit file msdirectx.sys to hide itself.73http://www.sarc.com/avcenter/venc/data/w32.loxbot.d.html#technicaldetails0
110freexstyle0 10lockbr.exe1 00 48Added by the W32.Loxbot.C worm and IRC backdoor.73http://www.sarc.com/avcenter/venc/data/w32.loxbot.c.html#technicaldetails0
310Lock My PC0 10lockpc.exe1 00136Lock_My_PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse26http://www.fspro.net/lmpc/0
1144flagvgainside0 14locks that.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9freestyle0  9lockx.exe1 00 53Added by the W32/Maibot-A AOL instant messenger worm.56http://www.sophos.com/virusinfo/analyses/w32maibota.html0
1 7stratas0  9lockx.exe1 00143Added by the W32/Sdbot-ADD worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotadd.html0
1 6strtas0  9lockx.exe1 00229Added by the W32/Rbot-APL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  When first run this infection creates the files %System%msdirectx.sys and %SystemDrive%xz.bat.56http://www.sophos.com/virusinfo/analyses/w32rbotapl.html0
2 7lodytuj0 11lodytuj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6lofgyh0 10lofgyh.exe1 00127Added by the W32/Sdbot-TP. When started this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbottp.html0
112Winlogin.exe0  7log.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
126Microsoft Windows updaterD0 11log32zx.exe1 00 27Added by the MYDOOM.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
112winlogin.exe0 11logfile.exe1 00 29Added by the AGENT.AH TROJAN! 01
312HSLAB Logger0 10logger.exe1 00107Added by the Spyware.HSLABLogger spyware.  bIf you did not install this software you should uninstall it./b63http://www.sarc.com/avcenter/venc/data/spyware.hslablogger.html0
216Logitech Utility0 12Logi_MwX.Exe111HKEY_LM\Run0 64MouseWare 9.75.294, Logitech Inc.. Logitech Launcher Application39http://www.absolutestartup.com/startup/1
3 8Logi_Mwx0 12Logi_MwX.exe1 00  0 01
316Logitech Utility0 12Logi_MwX.exe1 00186Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled 01
114WINDOWS SYSTEM0  9logic.exe1 00136Added by the W32.Mytob.IC@mm worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ic@mm.html#technicaldetails0
118login screen saver0  9login.scr1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8logitech0 12Logitech.exe1 00 28Added by the  RBOT.BJH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJH&VSect=P0
3 3LDM0 28LogitechDesktopMessenger.exe111HKEY_CU\Run0 72Logitech Desktop Messenger 2.1.2.0, Logitech. Logitech Desktop Messenger39http://www.absolutestartup.com/startup/1
320Easy Synchronization0 20LogitechEasySync.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Logitechs0 13Logitechs.exe1 00 40Added by an unidentified WORM or TROJAN! 01
117Logitech Wireless0 15logitechwls.exe1 00128Added by the W32/Mytob-BS worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobbs.html0
223LogitechImageStudioTray0 12LogiTray.exe1 00 57Logitech Image Studio - installed with Logitech QuickCams 01
223LogitechImageStudioTray0 12LogiTray.exe1 00 76Logitech ImageStudio 7.3.0.1113, Logitech Inc.. ImageStudio Tray Application 01
217LogitechVideoTray0 12LogiTray.exe1 00 57Logitech Image Studio - installed with Logitech QuickCams 01
2 8LogiTray0 12LogiTray.exe1 00  0 01
311logmein gui0 18LogMeInSystray.exe1 00277RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone.32http://www.remotelyanywhere.com/0
311LogMeIn GUI0 18LogMeInSystray.exe111HKEY_LM\Run0 61LogMeIn 2.00.461, 3am Labs, Inc.. LogMeIn Desktop Application39http://www.absolutestartup.com/startup/1
314Customizer20000  9logon.exe1 00199Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"55http://www.hot-shareware.com/utilities/customizer-2000/0
1 9Logon.exe0  9logon.exe1 00 27Added by the ZINS.A TROJAN!88http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_ZINS.A0
114update run dos0  9logon.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
117update run msword0  9LOGON.EXE1 00248Added by the W32/Rbot-NJ trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotnj.html0
125Windows Logon Application0  9logon.exe1 00 44Added by the W32/Poebot-J WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotj.html0
121windows logon manager0  9logon.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8WinLogon0  9logon.exe1 00  0 01
1 8WinLogon0  9logon.exe1 00 70Added by the Troj/Abox-A Trojan!  File is found in the Windows folder. 01
1 8logon0320 12logon032.dll1 00174Identified as a variant Trojan.PWS.Egold.  This Trojan when run will act as a rootkit and hide the files c:\windows\system32\logon032.dll and c:\windows\system32\wnlogon.sys. 01
312logon loader0 15LogonLoader.exe1 00  036http://logonloader.danielmilner.com/0
319logon loader random0 15LogonLoader.exe1 00 45Logon_Loader - customize Boot & Login Screens36http://logonloader.danielmilner.com/0
319Logon Loader Random0 23LogonLoader.exe /random211HKEY_LM\Run0 181.0.1887.17536,  .39http://www.absolutestartup.com/startup/1
130Microsoft Logon User Interface0 12logonnui.exe1 00 48Added by the W32/Rbot-BCC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcc.html0
311LogonStudio0 15logonstudio.exe1 00261WinCustomize LogonStudio - &quot;Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users&quot;45http://www.stardock.com/products/logonstudio/0
311LogonStudio0 23logonstudio.exe /RANDOM2 00 49LogonStudio 1.00.0064, Stardock and Luca Saggese. 01
311LogonStudio0 23LogonStudio.exe /RANDOM211HKEY_LM\Run0 49LogonStudio 1.00.0064, Stardock and Luca Saggese.39http://www.absolutestartup.com/startup/1
114windows update0 12logonuit.exe1 00 28Added by the  Troj/LegMir-AO58http://www.sophos.com/virusinfo/analyses/trojlegmirao.html0
3 8LogWatch0 12logwat95.exe1 00220Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll - see here. Not required if you already have a newer version or the patch has been applied61http://support.ca.com/Download/patches/licenseit/LO51215.html0
1 6loifqk0 10loifqk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
124outlook express protocol0  8look.exe1 00 32Added by the  W32/RBOT-ACS WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotacs.html0
423Look &#039;n&#039; Stop0 13looknstop.exe1 00 31Look 'n' Stop personal firewall38http://www.looknstop.com/En/index2.htm0
413Look 'n' Stop0 13looknstop.exe1 00 31Look 'n' Stop personal firewall38http://www.looknstop.com/En/index2.htm0
413Look 'n' Stop0 19looknstop.exe -auto2 00 86Look 'n' Stop Personal Firewall 2, 0, 0, 5, Soft4Ever. Look 'n' Stop Personal Firewall 01
110Lookup_Sys0 13lookupsys.exe1 00 11P04n trojan 01
123microsoftm eegs cuntrol0  8loor.pif1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5lopby0  9lopby.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4abtu0 13lopsearch.exe1 00 67Loads the executable for Lop.com. lopsearch.exe is the beta version35http://www.spywareinfo.com/lop.html0
115[Various Names]0 11LOPTCON.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6LOAD320 10Lorena.exe1 00 27Added by the MAPSON.C WORM!65http://www.symantec.com/avcenter/venc/data/w32.mapson.c.worm.html0
1 7runloud0  8loud.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 4LOVE0  8LOVE.EXE1 00 31Added by the Troj/VB-ZQ Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbzq.html0
1 6kv30000  9lover.vbe1 00 27Added by the ZSYANG.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/vbs.zsyang.b@mm.html0
127Local Procedure Call Mapper0  7LPC.exe1 00135Added by the W32/Rbot-UZ worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotuz.html0
1 7lpdpexb0 11lpdpexb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Lpdriver0 12lpdriver.sys1 00133Added by the W32/Tilebot-H worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tileboth.html0
1 6lpexht0 10lpexht.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7lpjskte0 11lpjskte.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Lpr0 10Lpr123.exe1 00 47Added by the REMPSTEAL password stealer TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html0
1 6Lpr1230 10Lpr123.exe1 00 47Added by the REMPSTEAL password stealer TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html0
3 3LPS0  7Lps.exe1 00 94Local Port Scanner - "With LPS you're able to check your computer for open or listening ports" 01
0 9Reg Check0  7lpt.exe1 00 31Related to Supanet ISP software23http://www.supanet.com/0
3 6LPtask0 10lptask.exe1 00 99Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted45http://www.sanegroup.com/sanegroup/lppro.html0
1 6lpuajr0 10lpuajr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115lrbz utility 320 10lrbz32.exe1 00 33Added by the  W32/AGOBOT-JQ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotjq.html0
113ms config v130 10lrbz32.exe1 00 34Added by the  W32.GAOBOT.AOL WORM!58http://www.sarc.com/avcenter/venc/data/w32.gaobot.aol.html0
115micrsoft cfg 320 12lrbzus32.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 3Jog0  7Lrl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6lrrdhd0 10lrrdhd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Quickzip0  6Ls.exe1 00 38MsConnect browser hijacker and dialler 01
1 3lsa0  7lsa.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114norton updater0  7lsa.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116Win32 LSA Driver0  7lsa.exe1 00133Added by the W32/Forbot-FJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfj.html0
112lsa Services0 11lsa2srv.exe1 00 54The path to windows may be different on your computer. 01
116Microsoft Update0  8lsac.exe1 00 28Added by the GAOBOT.XW WORM!88http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=484280
118WindowsProtocolLog0 10lsadst.exe1 00 42Added by the Troj/Stinx-S backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxs.html0
110LsaManager0 10lsamgr.exe1 00 45Added by the WORM_BAGLE.EV mass-mailing worm.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBAGLE%2EEV&VSect=T0
124COM+ System Applications0  8lsas.exe1 00 28Added by the AGOBOT.SE WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SE0
1 8ShellSpl0  8lsas.exe1 00 26Added by the Troj/Yaler-A.56http://www.sophos.com/virusinfo/analyses/trojyalera.html0
1 6SYSTEM0  8lsas.exe1 00 28Added by the SPYBOT.CJ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CJ0
116Windows Explorer0  8Lsas.exe1 00146Added by the GAOBOT.AO WORM! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 36780 10lsas32.exe1 00 35Added by the Troj/Slsorve-B trojan.58http://www.sophos.com/virusinfo/analyses/trojslsorveb.html0
1 5lsass0 10lsasrv.exe1 00 28Added by the MYDOOM.AG WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ag@mm.html0
1 9.TEXTCONV0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 8.WMAudio0  9lsass.exe1 00  062http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 3brl0  9lsass.exe1 00143Added by the TROJ_DLOADER.CPD downloading Trojan. This should not be confused with the legitimate Microsoft file c:\Windows\System32\lsass.exe.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOADER%2ECPD&VSect=T0
1 7ccpApps0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
118DLL Enhancer Drive0  9lsass.exe1 00 44Added by the Troj/Bdoor-CGM backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojbdoorcgm.html0
112FriendlyType0  9lsass.exe1 00  062http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
142Local Security Authority Subsystem Service0  9lsass.exe1 00231Added by the W32/Tilebot-AK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This file should not be confused with the legitimate lsass.exe residing in the %System% folder.58http://www.sophos.com/virusinfo/analyses/w32tilebotak.html0
111lsa service0  9LSASS.exe1 00141Added by the  W32.Ahker.G WORM!  **Note - this is NOT the legitimate Windows  lsass.exe process, which should NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.g@mm.html0
126LSA Shell (Export Version)0  9LSASS.exe1 00 82Added by the W32/Ahker-F worm.  This infections spreads by email and P2P networks.55http://www.sophos.com/virusinfo/analyses/w32ahkerf.html0
1 5lsass0  9lsass.exe1 00134Added by the RATSOU.B TROJAN! Note - this is not the legitimate  Lsass.exe system file should normally NOT figure in Msconfig/Startup!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html0
127Microsoft Authority Service0  9lsass.exe1 00134Added by the W32.Kalel.B@mm mass-mailing worm. bBe careful that you do not delete the legitimate file c:\windows\system32\lsass.exe./b75http://www.sarc.com/avcenter/venc/data/w32.kalel.b@mm.html#technicaldetails0
119Microsoft UPDATER320  9lsass.exe1 00132Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ar.html0
119MicrosoftSourceSafe0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
110MS-Outlook0  9lsass.exe1 00131Added by the TROJ_DLOADER.BXQ Trojan. This infection should not be confused with the legitimate file C:\Windows\System32\lsass.exe.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOADER%2EBXQ&VSect=T0
115NortonAntivirus0  9LSASS.exe1 00176Added by the W32.Pexmor@mm mass-mailing worm. This file should not be confused with the legitimate Windows file of the same name that is located in the Windows %System% folder.74http://www.sarc.com/avcenter/venc/data/w32.pexmor@mm.html#technicaldetails0
1 4Prog0  9lsass.exe1 00  062http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 9RegDoneEx0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 6Runner0  9lsass.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
111SondBlaster0  9lsass.exe1 00140Added by the BKDR_PROSTI.A backdoor. This infection should not be confused with the legitimate Microsoft file c:\windows\system32\lsass.exe.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FPROSTI%2EAA&VSect=T0
114System Handler0  9LSASS.EXE1 00128Added by the NIMOS WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.nimos.worm.html0
113System Kernel0  9lsass.exe1 00 42Added by the Troj/VBbot-G backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojvbbotg.html0
114System Process0  9lsass.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
1 3ToP0  9LSASS.exe1 00190Added by the PWSteal.Wowcraft.C password-stealing Trojan for the online game World of Warcraft.  This infection should not be confused with the legitimate C:\Windows\system32\lsass.exe file.79http://www.sarc.com/avcenter/venc/data/pwsteal.wowcraft.c.html#technicaldetails0
1 7Traybar0  9lsass.exe1 00131Added by the MYDOOM.L WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.l@mm.html0
1 6Update0  9lsass.exe1 00  0 01
1 8Userinit0  9lsass.exe1 00146Added by the Troj/Viran-B backdoor Trojan.  This infection also installs the files c:\windows\system32\divx5.dll and c:\windows\system32\h323.txt.56http://www.sophos.com/virusinfo/analyses/trojviranb.html0
121Windows lsass Service0  9lsass.exe1 00 26Added by the W32/Rbot-AGD.56http://www.sophos.com/virusinfo/analyses/w32rbotagd.html0
134Windows Security Authority Service0  9lsass.exe1 00 46Added by the W32.Kalel.A@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.kalel.a@mm.html#technicaldetails0
115WindowsUpdatem10  9lsass.exe1 00 53Added by the Troj/Agent-AAJ password stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentaaj.html0
1 7WinExec0  9lsass.exe1 00 31Added by the W32/Crutle-B worm.56http://www.sophos.com/virusinfo/analyses/w32crutleb.html0
112WinXPService0  9lsass.exe1 00159Added by the Troj/Zapchas-AS backdoor Trojan. This infection should not be confused with the legitimate lsass.exe file found in the C:\Windows\System32 folder.59http://www.sophos.com/virusinfo/analyses/trojzapchasas.html0
1 110  9lsass.scr1 00 38Added by the  PWSteal.Bancos.V TROJAN!64http://www.symantec.com/avcenter/venc/data/pwsteal.bancos.v.html0
116MS lsass Startup0 12lsass135.exe1 00 26Added by the RBOT.WM WORM!89http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.WM0
117ms lsass6 startup0 13lsass1356.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
113lsass service0 10lsass2.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
112NDIS Adapter0 10lsass2.exe1 00  079http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
114darkness lsass0 11LsasS23.exe1 00 40Added by an unidentified WORM or TROJAN! 01
114lsass2k Update0 11lsass2k.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7lsass320 11lsass32.exe1 00 54Added by the Troj/Banker-BFB password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankerbfb.html0
119Microsoft UPDATER320 11LSASS32.EXE1 00152Added by the W32/Sdbot-CC backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotcc.html0
114lsass64bit.exe0 14lsass64BiT.exe1 00 33Added by the  W32/FORBOT-CK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotck.html0
119Services Controller0 10lsassa.exe1 00 31Added by the CIADOOR.122 VIRUS! 01
112LSASS Daemon0 10LSASSd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 6System0 10lsasse.exe1 00 84A variant of the Rbot WORM adds this, opening a backdoor that utilizes IRC channels.55http://www.sophos.com/virusinfo/analyses/w32rbotyl.html0
111msupdater250 11lsasser.exe1 00132Added by the W32/Rbot-ATS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotats.html0
117LsassFTPzz daemon0 14LsassFtpdz.exe1 00145Added by the W32/Rbot-ARL worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotarl.html0
1 7lsassig0 11lsassig.exe1 00 52Added by the Troj/Bancos-EC Internet Banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosec.html0
1 7Default0 10lsassM.exe1 00135Added by the W32/Rbot-UW worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotuw.html0
1 9LSASS SVR0 10lsasss.exe1 00 32Added by the  W32/Sasser-E worm.56http://www.sophos.com/virusinfo/analyses/w32sassere.html0
1 6lsasss0 10lsasss.exe1 00 44Added by the  Troj/Geekmy-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojgeekmya.html0
110lsasss.exe0 10lsasss.exe1 00 27Added by the SASSER.E WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SASSER.E0
117Microsoft Winsock0 10lsasss.exe1 00132Added by the W32/Rbot-BAI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbai.html0
118Microsofts Updates0 10lsasss.exe1 00133Added by the W32/Rbot-AEX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaex.html0
1 8System320 10lsasss.exe1 00120Added by the W32/Rbot-XW WORM/IRC backdoor Trojan, exploiting OS vulnerabilities that have patches available to correct.55http://www.sophos.com/virusinfo/analyses/w32rbotxw.html0
119Windows Taskmanager0 10lsassx.exe1 00 94Added by the W32/Rbot-WX WORM and IRC backdoor Trojan, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwx.html0
118Adope File Manager0  9lsasv.exe1 00 40Added by an unidentified WORM or TROJAN! 01
130Computing Technologie Firewall0 10lsauth.exe1 00131A Sdbot WORM variant adds this file. It has backdoor components, using an IRC channel to allow unauthorized access to the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotwx.html0
213lsburnwatcher0 17lsburnwatcher.exe1 00 43Used for automatically updating HP programs 01
310LSBWatcher0 17lsburnwatcher.exe111HKEY_LM\Run0 75LightScribe 4, 10, 14, 0, Hewlett-Packard Company. LightScribe Burn Watcher39http://www.absolutestartup.com/startup/1
1 5f3dsl0 10LSD_F3.DLL1 00118Added by the Troj/Goldun-G password stealing trojan.  If you have this infection you should change all your passwords.57http://www.sophos.com/virusinfo/analyses/trojgoldung.html0
116Microsoft Office0  9lserv.exe1 00 27Added by the SDBOT.MH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MH&VSect=T0
123Microsoftf DDEs Control0  8lses.exe1 00 73Identified as a variant of Backdoor.Win32.Rbot.gen worm and IRC backdoor. 01
1 5lsess0  9lsess.exe1 00 33Added by the  W32.SINNAKA.A WORM!64http://www.symantec.com/avcenter/venc/data/w32.sinnaka.a@mm.html0
1 6Sysino0  9lsess.exe1 00 28Added by the FORBOT-BF WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbf.html0
115windows firewal0  9Lsess.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Generic Host Service0 10lshost.exe1 00 26Added by the RBOT.LU WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LU&VSect=T0
115LSASS Authority0 13lshosts32.exe1 00 59Added by Troj/Sdbot-UY. Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojsdbotuy.html0
1 6lsmass0 10lsmass.exe1 00 47Added by the Troj/Wallop-B IRC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojwallopb.html0
1 9lsmss.exe0  9lsmss.exe1 00 40Added by the Troj/Proxy-GG proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxygg.html0
1 6LSPFix0 14LSPmonitor.exe1 00 78eAcceleration Stop-Sign related - foistware. Read their privacy statement here37http://www.eacceleration.com/privacy/0
110LSPmonitor0 14LSPmonitor.exe1 00  037http://www.eacceleration.com/privacy/0
159Loads files to memory for later outputing over the endpoint0 10LSPOOL.EXE1 00129Added by the W32/Codbot-B backdoor. When started this infection connects to an IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32codbotb.html0
1 4lspp0  8lspp.exe1 00187Added by the A href="http://www.sarc.com/avcenter/venc/data/adware.lspp.html"Adware.LSPP Adware.  This delivers advertisements on your computer and may download other programs to install. 01
118Microsoft Services0  8lsrv.exe1 00 26Added by the RBOT-BK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotbk.html0
224lssas Monitoring Startup0  9lssas.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114AdobeReaderPro0  9lssas.exe1 00 48Added by the W32/Rbot-CLB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotclb.html0
1 9DllLoader0  9lssas.exe1 00 43Added by the Troj/Bdoor-JE backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorje.html0
131Local Security Authority Servce0  9lssas.exe1 00 31Added by the W32/Poebot-T worm.56http://www.sophos.com/virusinfo/analyses/w32poebott.html0
132Local Security Authority Service0  9lssas.exe1 00 67W32/Poebot-A is a network WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32poebota.html0
1 6lssass0  9lssas.exe1 00 28Added by the AGOBOT.RL WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RL0
128Microsoft Management Console0  9lssas.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
118Microsoft Services0 10lsserv.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7lsshgsu0 11lsshgsu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118Microsoft Services0  9lssrv.exe1 00 26Added by the RBOT.CW WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CW&VSect=T0
1 6.mscdr0 12lsvchost.exe1 00 28Added by the WEBUS.D TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.webus.d.html0
1 7.mscdsr0 12lsvchost.exe1 00103Added by the Troj/Bdoor-CR backdoor trojan.  This infection listens on an IRC server awaiting commands.57http://www.sophos.com/virusinfo/analyses/trojbdoorcr.html0
115lsass authority0 12lsvhosts.exe1 00 29Added by the  SDBOT.BCE WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCE&VSect=P0
1 4LSvr0  8LSvr.exe1 00 20PowerStrip foistware47http://www.doxdesk.com/parasite/PowerStrip.html0
413XircWinModem40 12ltcm000c.exe1 00182WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
4 9LT DAEMON0 12ltdaemon.exe1 00108Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used 01
1 6LTDMgr0 10LTDMgr.exe1 00 20PowerStrip foistware47http://www.doxdesk.com/parasite/PowerStrip.html0
3 5LtMoh0  9Ltmoh.exe1 00 61LtMoh Application 1.73B, Agere Systems. LtMoh MFC Application 01
3 5LtMoh0  9Ltmoh.exe1 00122Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet 01
318V.92 Modem On Hold0  9Ltmoh.exe1 00122Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet 01
4 5LTMSG0  9ltmsg.exe1 00202One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information 7popular0
411LTWinModem10  9ltmsg.exe1 00  034http://808hi.com/56k/winmodems.asp0
4 5LTMSG0 11LTMSG.exe 7211HKEY_LM\Run0 52Agere Systems ltmsg 3, 0, 0, 4, Agere Systems. ltmsg39http://www.absolutestartup.com/startup/1
411LTWinModem10 11ltmsg.exe 92 00 65LUCENT TECHNOLOGIES ltmsg 1, 0, 1, 12, LUCENT TECHNOLOGIES. ltmsg 01
2 7LTSMMSG0 11LTSMMSG.exe1 00128Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too 01
3 7LTSMMSG0 11LTSMMSG.exe111HKEY_LM\Run0 97TOSHIBA SoftModem Messaging Applet  3.1.118.2 04/18/2003 10:06:28, LT. SoftModem Messaging Applet39http://www.absolutestartup.com/startup/1
316Lotus QuickStart0 12ltsstart.exe122StartUp menu\All users0 95Lotus QuickStart Executable 1.0.0.4, Lotus Development Corporation. Lotus QuickStart Executable39http://www.absolutestartup.com/startup/1
1 8QuickZip0  6lu.exe1 00 38MsConnect browser hijacker and dialler 01
1 6Visual0  9Lube.html1 00 55Added by the WM97/Lebone-A  Microsoft Word macro virus.57http://www.sophos.com/virusinfo/analyses/wm97lebonea.html0
1 8luelacxp0 12luelacxp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7luguard0 11LUGuard.exe1 00155PC-Duo  Remote_Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet.67http://www.vector-networks.com/pc-duo-enterprise/remote-control.php0
1 6luniti0 10luniti.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7Lusetup0 11LUSetup.exe1 00159Symantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot74http://service1.symantec.com/support/sharedtech.nsf/docid/19990519111108130
1 6luxghb0 10luxghb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
315Lingvo Launcher0 20Lvagent.exe /STARTUP211HKEY_LM\Run0 54Lingvo 9.0.2.76, ABBYY (BIT Software). Lingvo Launcher39http://www.absolutestartup.com/startup/1
3 6LVComs0 10lvcoms.exe1 00148Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera 01
3 6LVCOMS0 10LVCOMS.EXE111HKEY_LM\Run0 57Logitech QuickCam 6.0.0.1208, Logitech Inc.. LVCom Server39http://www.absolutestartup.com/startup/1
0 7LVCOMSX0 11LVCOMSX.EXE1 00 24Logitech webcam related. 01
2 7LVCOMSX0 11LVCOMSX.EXE111HKEY_LM\Run0 57Logitech QuickCam 8.4.1.1092, Logitech Inc.. LVCom Server39http://www.absolutestartup.com/startup/1
310LiquidView0 10lviewj.exe1 00214Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor 01
310LiquidView0 17lviewj.exe -nogui2 00  0 01
1 7lvpbhvk0 11lvpbhvk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6msserv0 10lvsrev.exe1 00132Added by the Troj/Browmon-B trojan. This infection is stealthed via the rootkit file C:\Windows\System32\drivers\InvisibleDrvNT.sys.58http://www.sophos.com/virusinfo/analyses/trojbrowmonb.html0
3 8LWBMOUSE0 12LWBWHEEL.exe1 00 369.4.0.0, . Mouse Control Application 01
3 8LWBMOUSE0 12lwbwheel.exe1 00 71Mouse driver - required if you use non-standard Windows driver features 01
222Start Wingman Profiler0 10lwemon.exe1 00144Logitech Wingman software required to operate Logitech joysticks and gamepads.  Unless you're a hard-core gamer, it's best to leave it unchecked 01
222Start WingMan Profiler0 16lwemon.exe /noui2 00 81Logitech WingMan Software 4.60.349, Logitech Inc.. Logitech WingMan Event Monitor 01
222Start Wingman Profiler0 28lwemon.exe&nbsp;&nbsp;&nbsp;1 00144Logitech Wingman software required to operate Logitech joysticks and gamepads.  Unless you're a hard-core gamer, it's best to leave it unchecked 01
1 5lwpqd0  9lwpqd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
219Lwinst Run Profiler0 10lwtest.exe1 00 84Logitech Wingman Profiler for the Logitech joysticks. Available via Start - Programs 01
222Start Wingman Profiler0 10lwtest.exe1 00144Logitech Wingman software required to operate Logitech joysticks and gamepads.  Unless you're a hard-core gamer, it's best to leave it unchecked 01
0 8lxamsp320 12lxamsp32.exe1 00 33Associated with a Lexmark Printer 01
312lxamsp32.exe0 12lxamsp32.exe111HKEY_LM\Run0 76Lexmark shpc32.exe 0, 98, 1, 0, Lexmark International. SHPC32 - Port Monitor39http://www.absolutestartup.com/startup/1
320Lexmark X5100 Series0 12lxbabmgr.exe1 00148System Tray application that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut 01
315Lexmark X74-X750 12lxbabmgr.exe1 00  0 01
320Lexmark X5100 Series0 12lxbabmgr.exe111HKEY_LM\Run0 99Button Manager Executable 0.1.1.1, Lexmark International, Inc.. Lexmark X5100 Series Button Manager39http://www.absolutestartup.com/startup/1
0 7LXbbmgr0 11LXbbmgr.exe1 00 31Lexmark printer button manager? 01
320Lexmark X6100 Series0 12lxbfbmgr.exe1 00100Button Manager Executable 0.1.25.0, Lexmark International, Inc.. Lexmark X6100 Series Button Manager 01
420lexmark x6100 series0 12lxbfbmgr.exe1 00 69Lexmark X6100 printer button manager - required for correct operation 01
220Lexmark X1100 Series0 12lxbkbmgr.exe111HKEY_LM\Run0 99Button Manager Executable 0.1.1.1, Lexmark International, Inc.. Lexmark X1100 Series Button Manager39http://www.absolutestartup.com/startup/1
319lexmark **** series0 12lxbkbmgr.exe1 00151Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be 01
3 7LXBLKsk0 11LXBLKsk.exe1 00 16Lexmark related. 01
319lexmark **** series0 12lxbmbmgr.exe1 00184Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut 01
319Lexmark 4200 Series0 12lxbmbmgr.exe111HKEY_LM\Run0 99Button Manager Executable 0.1.25.0, Lexmark International, Inc.. Lexmark 4200 Series Button Manager39http://www.absolutestartup.com/startup/1
319Lexmark 3100 Series0 12lxbrbmgr.exe1 00 98Button Manager Executable 0.1.1.1, Lexmark International, Inc.. Lexmark 3100 Series Button Manager 01
319Lexmark 3100 Series0 12lxbrbmgr.exe1 00 62Lexmark printer button manager. Required for correct operation 01
4 8lxbrbmgr0 12lxbrbmgr.exe1 00  0 01
3 7LXBRKsk0 11LXBRKsk.exe1 00 24Lexmark printer related. 01
319lexmark **** series0 12lxbtbmgr.exe1 00184Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut 01
319Lexmark 5200 series0 12lxbtbmgr.exe111HKEY_LM\Run0 99Button Manager Executable 1.0.10.0, Lexmark International, Inc.. Lexmark 5200 Series Button Manager39http://www.absolutestartup.com/startup/1
3 4run=0 12LXBTppls.exe1 00 43Reportedly part of Lexmark printer software 01
3 8LXBTCATS0 28LXBTtime.dll,_RunDLLEntry@16111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
434Lexmark 2200 Series Button Manager0 12lxbvbmgr.exe1 00 62Lexmark printer button manager. Required for correct operation 01
2 4run=0 12lxdboxcp.exe1 00102Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS 01
1 4lxeq0  8lxeq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5mload0 12lxmstart.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
2 8LXSUPMON0 12LXSUPMON.EXE1 00 56Lexmark Printer. The printer should work fine without it 01
2 8LXSUPMON0 16LXSUPMON.EXE RUN2 00 80Lexmark Supplies Monitor 3.0.105.1, Lexmark International Inc.. Supplies Monitor 01
121microsoft update v2.60  9lxxex.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
011lycosinside0 15Lyc_SysTray.exe1 00 19Lycos_eMail related89http://email.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=email&zu=http://mail.lycos.com/0
311lycosInside0 15Lyc_SysTray.exe111HKEY_CU\Run0 35Lycos Live 1.00.0328, Lycos Europe.39http://www.absolutestartup.com/startup/1
1 7lyjyfkw0 11lyjyfkw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
314lyrahd2trayapp0 18LYRAHD2TrayApp.exe1 00 30Related to RCA Lyra MP3 Player 01
116LzioMediaUpdater0 20LzioMediaUpdater.exe1 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
113[random name]0 12m?config.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0  9m?dtc.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
2 7Migeuaf0 11m?iexec.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6m_hook0 10m_hook.sys1 00 47Added by the W32.Beagle.DZ kernel-mode rootkit.74http://www.sarc.com/avcenter/venc/data/w32.beagle.dz.html#technicaldetails0
1 2FX0  7m00.exe1 00 53Added by an unknown adware. May be smitfraud related. 01
122Userinterface Report3r0  9m0use.exe1 00133Added by the W32/Mytob-DI worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobdi.html0
2 5mmpti0 11m1mmpti.exe1 00107Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards 01
1 6NvCplD0 10m2gr32.exe1 00 41Switch premium rate adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 7m32info0 11m32info.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
141microsoft windows xp configuration loader0 11m32svco.exe1 00 34Added by the  W32/SDBOT.WORM.4854872http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1323100
2 6M3Tray0 10m3tray.exe1 00 52Movielink - internet movie rental System Tray access25http://www.movielink.com/0
118Messenger Explorer0  8m41n.exe1 00142Added by the Troj/Sdbot-SA backdoor trojan. When started, this infection will connect to a remote IRC server and wait for commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotsa.html0
124m4n70s personal firewall0 10m4n70s.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9USBHWINFO0  7mac.exe1 00 35Added by the Troj/LowZone-I trojan.58http://www.sophos.com/virusinfo/analyses/trojlowzonei.html0
1 6mac1280 10mac128.sys1 00 42Added by the Troj/Klutz-A backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojklutza.html0
125Macromedia Dreamweaver XM0 11macdwXM.exe1 00  8Added by14W32/Agobot-RI.0
3 6MacExp0 10MacExp.exe122StartUp menu\All users0 86Macro Express 3.0, Insight Software Solutions. Macro Express®, a Windows macro program39http://www.absolutestartup.com/startup/1
1 5Sysqq0  9mache.exe1 00 51Added by the Troj/QQRob-X password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobx.html0
2 6MacLic0 10MacLic.exe1 00 81Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks58http://www.dataviz.com/products/conversionsplus/index.html0
2 7MacName0 11MacName.exe1 00 81Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks58http://www.dataviz.com/products/conversionsplus/index.html0
1 6RegRun0 12mActiveX.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
334Mediafour Mac Volume Notifications0 12Macvntfy.exe1 00162Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod40http://www.mediafour.com/products/xplay/0
334Mediafour Mac Volume Notifications0 18MACVNTFY.EXE /auto211HKEY_LM\Run0100Mediafour Mac Volume Notifications 5.0.10, Mediafour Corporation. Mediafour Mac Volume Notifications39http://www.absolutestartup.com/startup/1
4 7MAD.EXE0  7MAD.EXE1 00291MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up? 01
312madotate.exe0 12madotate.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 3Gha0  7Mae.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
314MAFWTaskbarApp0 12MAFWTray.exe1 00 81Related to the M-Audio Firewire Interface.  Located in the Windows system folder. 01
3 8MagicDsk0 12MAGICDSK.EXE1 00114Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons 01
231Enable Wireless Keyboard Driver0 12Magickey.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
361Activer l&#039;ensemble clavier et souris sans fil Labtec.lnk0 12MagicKey.exe1 00 92A program that allows you to map certain button on the Labtec keyboard to certain functions. 01
356Activer l'ensemble clavier et souris sans fil Labtec.lnk0 12MagicKey.exe1 00 92A program that allows you to map certain button on the Labtec keyboard to certain functions. 01
336Kabellosen Labtec-Desktop aktivieren0 12MagicKey.exe122StartUp menu\All users0 57Versato Application 1, 0, 0, 1, . Versato MFC Application39http://www.absolutestartup.com/startup/1
312magiclinker30 12MagicLnk.exe1 00 28ThaiSoftware Thai Dictionary44http://www.bangkokbest.com/So-Dictionary.htm0
3 7Versato0 12MagicRun.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 8Magitime0 12Magitime.exe1 00 89Magitime - connection tracking utility which monitors online time, expense, data transfer47http://www.geocities.com/magistone/magitime.htm0
110Mail_Check0 14Mail_Check.exe1 00 27Added by the PANOIL.C WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PANOIL.C0
3 8MailBell0 12mailbell.exe1 00290MailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)30http://www.emtec.com/mailbell/0
211MailCleaner0 15MAILCLEANER.EXE1 00290MailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh" - not recommended as it bundles Gator/Gain/Claria adware 01
112Windows Help0 12mailinfo.exe1 00133Added by the W32/Forbot-FK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfk.html0
111mailman.exe0 11mailman.exe1 00 36Added by the  Troj/Banker-CA TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerca.html0
111mailskinner0 15mailskinner.exe1 00116MailSkinner - an application by  Electronic_Group , notorious for its premium rate "drive by" installed porn dialers27http://www.mailskinner.com/0
228Quick Heal e-mail Protection0 11MailSvr.exe111HKEY_LM\Run0 85Quick Heal 1, 0, 0, 1, Cat Computer Services Pvt Ltd. Outlook Express Mail Protection39http://www.absolutestartup.com/startup/1
313MailWasherPro0 14MailWasher.exe125StartUp menu\Current user0 35MailWasher 4.1.9, eCosm. MailWasher39http://www.absolutestartup.com/startup/1
3 4MAIN0  8main.exe1 00145SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan22http://www.spycop.com/0
316SpyCop ScanCheck0  8MAIN.EXE1 00145SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan22http://www.spycop.com/0
325SuperCool Compress Backup0  8Main.exe1 00 87SuperCool Zip Backup software is a data backup,restore and file synchronization program43http://www.supercoolbookmark.com/zipbackup/0
1 72Search0  8main.exe1 00 48Identified as Adware-Spyware/2Search.c.2 adware. 01
111MSNMESENGER0  8Main.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
1 4Main0  8Main.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
1 6main160 10main16.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 6main320 10main32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
311APC_SERVICE0 12mainserv.exe1 00108PowerChute® Personal Edition - "safe system shutdown software with sophisticated power management functions"65http://www.apcc.com/tools/download/software_comp.cfm?sw_sku=SDW750
1 5Cmpnt0 10mainsv.exe1 00 34Added by the Troj/Tompai-C Trojan.57http://www.sophos.com/virusinfo/analyses/trojtompaic.html0
110mainviewex0 14mainviewex.exe1 00 27Added by the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
1 9Antivirus0  8maja.exe1 00 27Added by the NETSKY.H WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.h@mm.html0
1 7ValuSet0  9MaJde.exe1 00134Added by the W32/Sdbot-OU worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotou.html0
115system firewall0 13makeini32.exe1 00125Added by the W32/Agobot-PS worm. Acts as an IRC bot which allows backdoor functionality.  Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotps.html0
112Host Process0  8mame.exe1 00133Added by the W32/Rbot-APH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaph.html0
216mamylinkĽň˝é.txt0 16mamylinkĽň˝é.txt125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 7Version0 10manage.exe1 00 20JRAUN adware variant73http://securityresponse.symantec.com/avcenter/venc/data/adware.jraun.html0
315ManageDesk Lite0 19ManageDesk Lite.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
322LogitechSoftwareUpdate0 18ManifestEngine.exe1 00104Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras. Probably not required 01
322LogitechSoftwareUpdate0 23ManifestEngine.exe boot2 00 69Logitech QuickCam 8.4.7.1034, Logitech Inc.. Logitech Software Update 01
3 7Matador0 12mantispm.exe1 00 58MailFrontier Desktop (Matador) email spam blocker software49http://www.mailfrontier.com/products_matador.html0
136Handling the loading of the MAPI API0 10MAPI32.EXE1 00255Added by the W32/Codbot-C backdoor.  When started this infection connects to a remote IRC server where it waits for commands.  This infection is also known to steal passwords, so if you are infected with this, you should immediately change your passwords.56http://www.sophos.com/virusinfo/analyses/w32codbotc.html0
221ADSL Diagnostic Tools0 12mapiicon.exe1 00 81System tray access to ADSL modem diagnostic tools. Available via Start - Programs 01
321pdfmachine dispatcher0 11mapisnd.exe1 00 31pdfMachine Windows print driver47http://www.download.com/3000-2116-10062200.html0
1 9mapisvc320 13mapisvc32.exe1 00 69Added by the KX VIRUS and also recognised by Symantec as  FPAI adware72http://securityresponse.symantec.com/avcenter/venc/data/adware.fapi.html0
128microsoft application center0  9mappc.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116microsoft map pc0  9mappc.exe1 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119microsoft mapped pc0 12mappedpc.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7Ntcheck0 13mapserver.exe1 00 43Added by the Troj/Tompai-B backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojtompaib.html0
316runmarc8mmanager0 12marc8m95.exe1 00102MARC Sound System Manager for the  Marc_8_MIDI sound card - allows for easy adjustment of the settings44http://www.marian.de/en/products/marc_8_midi0
216Runmarc8mManager0 12marc8mnt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cronos0 10MARCO!.SCR1 00 28Added by the OPASERV.G WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G0
324Remote Desktop Computing0 10marspc.exe1 00 31Marspc Remote Desktop Computing46http://www.downlinx.com/proghtml/345/34592.htm0
121NTSF MICROSOFT SYSTEM0  9marya.exe1 00132Added by the W32/Rbot-AXY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxy.html0
1 6kfienq0  9masbl.bat1 00 26Added by the KIFER TROJAN!70http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.html0
212masqform.exe0 12masqform.exe1 00102PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms 01
116WindowsKeyUpdate0 10master.exe1 00 24Added by the JOSAM WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.josam.worm.html0
317Master Volume Spy0 19MASTERVOLUMESPY.EXE1 00 68Volume control for the Gateway Destination "DestiVu" media interface 01
220Resolution Assistant0 10matcli.exe1 00559Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide 01
322AOL Broadband Check-Up0 10matcli.exe1 00496matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide 01
331Blueyonder Instant Support Tool0 10matcli.exe1 00523matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file. Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide 01
317BT Broadband Help0 10matcli.exe1 00519matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide 01
318HP Instant Support0 10matcli.exe1 00522matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file. HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide 01
313Net Assistant0 10matcli.exe1 00759A href="http://productsandservice.aliant.net/PS/nb/english/productsandservices/ps_2.jsp?section=51&subsection=1&bodycont=productsandservices%2ffacts_51_7.jsp&curbody=51"Aliant Net Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". The Aliant Net Assistant Tool is required to run with the Help and Support program. If you uncheck Aliant and and then run Help and Support it will add another Aliant entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. Normally found in C:\Program Files\Aliant\Net Assistant\bin\matcli.exe. 01
321SBC Self Support Tool0 10matcli.exe1 00496matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file. The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide 01
329Verizon Online Support Center0 10matcli.exe1 00566matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file. Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide 01
214BT Yahoo! Help0 16matcli.exe -boot222StartUp menu\All users0111Motive System 5.8.1.asst_classic.asst_matcli, Motive Communications, Inc.. Motive Chorus Command Line Interface39http://www.absolutestartup.com/startup/1
321SBC Self Support Tool0 16matcli.exe -boot2 00111Motive System 5.6.1.asst_classic.asst_matcli, Motive Communications, Inc.. Motive Chorus Command Line Interface 01
329Verizon Online Support Center0 16matcli.exe -boot2 00113Motive System 5.0.2.4.asst_classic.asst_matcli, Motive Communications, Inc.. Motive Chorus Command Line Interface 01
1 8rundl3320 22math.exe ...pluged.exe2 00 28Added by the DOOMJUICE WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html0
120RealPlayer Ath Check0 11mathchk.exe1 00 45Added by the W32/MyDoom-AJ WORM/IRC backdoor!57http://www.sophos.com/virusinfo/analyses/w32mydoomaj.html0
324Matrix Screen Locker (s)0 10matrix.exe122StartUp menu\All users0 56Matrix Screen Locker 1.4 1.4, BaroufaSoft. Screen Locker39http://www.absolutestartup.com/startup/1
111msn service0 13matrixcam.exe1 00 22Added by the  MYTOB.JH85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JH&VSect=T0
1 8romahere0 14matrixhere.exe1 00 55SuperSpider hijacker - a CoolWebSearch parasite variant44http://doxdesk.com/parasite/SuperSpider.html0
218Matrox PowerDesk 80 28Matrox.PowerDesk.exe /silent2 00 70For Matrox video cards. Quick access to tweak your card to your liking 01
218Matrox PowerDesk 80 28Matrox.PowerDesk.exe /silent211HKEY_LM\Run0 78PowerDesk Application 8.07.01.060, Matrox Graphics Inc.. PowerDesk Application39http://www.absolutestartup.com/startup/1
418Start Maven Client0 14mavenAgent.exe122StartUp menu\All users0 51Maven Client 1.0.7.361, Maven Networks. Maven Agent39http://www.absolutestartup.com/startup/1
319Start Maven Updater0 16mavenUpdater.exe125StartUp menu\Current user0 53Maven Client 1.0.7.361, Maven Networks. Maven Updater39http://www.absolutestartup.com/startup/1
1 9MaxAlerts0  7max.exe1 00 24Bonzi MaxALERT - spyware 01
318Notebook Maximizer0 21maximizer_startup.exe1 00 99Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency 01
4 7mayapan0 11MayaPan.Exe1 00 32Audiotrak  Maya soundcard driver53http://www.soundcard-drivers.com/drivers/50/50137.htm0
3 8MoodBook0  6mb.exe1 00 66MoodBook is a free Windows utility that brings art to your desktop24http://www.moodbook.com/0
1 6mbdokr0 10mbdokr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8mblhinpp0 12mblhinpp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 5MBM 40  8MBM4.exe1 00157Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start - Programs 01
3 5MBM 50  8MBM5.exe1 00157Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start - Programs27http://mbm.livewiredev.com/0
3 5MBM 50  8MBM5.EXE1 00 56Motherboard Monitor 5 5.0, Alex van Kaam. MBM 5 Core EXE 01
3 5mbnet0  9mbnet.exe1 00 48MBNet (Portugal) Credit Card Processing software 01
316Mailbox Verifier0 12mboxvrfy.exe1 00297Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance) 7http://0
3 7MBProbe0 11mbrpobe.exe1 00143MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start - Programs41http://mbprobe.livewiredev.com/about.html0
1 7mbxbwcm0 11mbxbwcm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5mbyma0  9mbyma.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210MouseCount0  6MC.exe1 00170MouseCount by Kittyfeet Software. &quot;Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year.&quot; Not required39http://www.kittyfeet.com/mousecount.htm0
3 8mouseElf0  6MC.exe1 00 88Genius NetScroll mouse driver - required if you use non-standard Windows driver features50http://www.geniusnet.com.tw/product/mouse_line.htm0
1 3dns0 21mc-110-12-0000079.exe1 00 46Added by the TrojanDownloader.Agent.rv TROJAN! 01
110services320 21mc-110-12-0000079.exe1 00  0 01
1 9mchlnjDrv0  8mc22.tmp1 00 44Added by the Troj/Feutel-AS backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelas.html0
1 3dns0 20mc-58-12-0000080.exe1 00 63Shorty adware component,  also detected as the AGENT.FD TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/adware.shorty.html0
1 3dns0 20mc-58-12-0000093.exe1 00 27Nail/Aurora related malware 01
1 3dns0 20mc-58-12-0000140.exe1 00 62Shorty adware component, also detected as the AGENT.FD TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/adware.shorty.html0
110services320 20mc-58-12-0000140.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/adware.shorty.html0
114mcafe Software0  9mcafe.exe1 00 48Added by the W32/Rbot-BAV worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbav.html0
120Windows Media Player0 11mcafe32.exe1 00 99Added by the W32/Rbot-XG WORM/backdoor, it connects to an IRC channel to allow unauthorized access.55http://www.sophos.com/virusinfo/analyses/w32rbotxg.html0
3 3ARC0 18McAfee AntiSpyware215HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
124mcafee Software Intrenet0 10mcafee.exe1 00132Added by the W32/Rbot-ATR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatr.html0
120mcAfee.Instan.Update0 21mcAfee.Update.exe.exe1 00 32Added by the W32/Minusia-A worm.57http://www.sophos.com/virusinfo/analyses/w32minusiaa.html0
110[not used]0 12mcafee32.exe1 00117w32rbotxe drops a TROJAN, creating several files in %Program Files%, %Windir%, and %system% in addition to this file.55http://www.sophos.com/virusinfo/analyses/w32rbotxe.html0
125mcafee windows protection0 12mcafee32.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
116mcafee antivirus0 12McAfeeAV.exe1 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
127mcafee antivirus protection0 12mcafeeAV.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119McAfee Antivirus 320 14MCAFEEAV32.EXE1 00133Added by the W32/Spybot-EH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spyboteh.html0
120Windows Media Player0 11mcafeee.exe1 00107A variant of the RBot WORM/backdoor adds this, allowing remote control by an attacker using an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotsq.html0
114McAfeeScanPlus0 18McAfeeScanPlus.exe1 00 38Added by the Backdoor.Mepcod backdoor.76http://www.sarc.com/avcenter/venc/data/backdoor.mepcod.html#technicaldetails0
116Mcaffe Antivirus0 13Mcafeescn.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
124Sygate Personal Firewall0 16Mcafeeupdate.exe1 00 26Added by the RBOT.YN WORM!106http://de0
119Mcafee Auto Protect0 15mcafeshield.exe1 00 31Added by the  W32/RBOT-UH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotuh.html0
118windows serv patch0 14Mcaffe2005.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6McAfee0 12McAffeAv.exe1 00 48Added by the W32.Netsky.AN@mm mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.netsky.an@mm.html#technicaldetails0
117MCAFFE FLD LOADER0 13MCAFFEFLD.EXE1 00204Added by the W32/Rbot-PY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection logs keysrokes to a file called SYSZZY32.TXT.55http://www.sophos.com/virusinfo/analyses/w32rbotpy.html0
310McAgentExe0 11mcagent.exe1 00220From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed 01
310MCAgentExe0 11mcagent.exe111HKEY_LM\Run0 74McAfee SecurityCenter 5, 1, 0, 0, McAfee, Inc. McAfee SecurityCenter Agent39http://www.absolutestartup.com/startup/1
3 8Mail.com0 11mcalert.exe1 00 88Mail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived?23http://mail01.mail.com/0
320MultiCAM Initializer0 12MCamBoot.exe1 00263The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled40http://www.vistaimaging.com/multicam.htm0
312Mcappins.exe0 12mcappins.exe1 00 29McAfee Application Installer. 01
4 7CleanUp0 26mcappins.exe /v=3 /cleanup211HKEY_LM\Run0 82McAfee Application Installer 5, 0, 0, 0, McAfee, Inc. McAfee Application Installer39http://www.absolutestartup.com/startup/1
117Multimedia Codecs0  7mcc.exe1 00 24Added by the MCC TROJAN!94http://www.giantcompany.com/antispyware/research/spyware/spyware-Trojan.PornDownloaderMCC.aspx0
127Microsoft Internet Explorer0 12mccagent.exe1 00 36Added by the Troj/Dloader-UD Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderud.html0
1 7Winammp0  8mccm.exe1 00 48Added by the Troj/IRCBot-HH IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojircbothh.html0
118Microfinder lptt010  7mcf.exe1 00182Variant of the  RapidBlaster parasite (in a &quot;mcf&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
118Microfinder ml097e0  7mcf.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
1 6mcfCC40 10mcfCC4.dll1 00 77Added by the W32/Goldax- Peer to Peer (P2P) worm with backdoor functionality.56http://www.sophos.com/virusinfo/analyses/w32goldaxa.html0
110MCFservice0 10mcfdrv.sys1 00 77Added by the W32/Goldax- Peer to Peer (P2P) worm with backdoor functionality.56http://www.sophos.com/virusinfo/analyses/w32goldaxa.html0
1 6mcfG7A0 10mcfG7A.dll1 00 45Added by the Troj/Haxdoor-AK backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorak.html0
1 8mcgtmlev0 12mcgtmlev.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8MChanger0 12MChanger.exe1 00 81Media Changer - utility that allows you to change wallpapers, sounds, themes, etc 01
135Microsoft (C) HTML Application host0  9mchta.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
0 4msci0 10mcinfo.exe1 00 33McAfee Internet Security related. 01
2 3MCL0  7MCL.exE122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
310MClipboard0 14MClipboard.exe125StartUp menu\Current user0 26Multiple Clipboards 2.2, .39http://www.absolutestartup.com/startup/1
310MClipboard0 23MClipboard.exe /autorun2 00 78MClipboard 2.1, F-Group Software. MClipboard is the quickest clipboard manager 01
125Microsoft Console Manager0  7mcm.exe1 00 44Added by the Troj/WinShel-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojwinshela.html0
1 4mcm30  8mcm3.exe1 00 34ShopAtHome/SAHagent adware variant62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530760820
110OpenMstart0 11mcmgr32.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
412VSOCheckTask0 12MCMNHDLR.EXE1 00 91Part of McAfee's  SecurityCenter and Virusscan Online. Must be enabled for scanning to work51http://us.mcafee.com/root/product.asp?productid=msc0
412VSOCheckTask0 23mcmnhdlr.exe /checktask211HKEY_LM\Run0 75McAfee VirusScan 9, 1, 0, 0, McAfee, Inc.. McAfee VirusScan Command Handler39http://www.absolutestartup.com/startup/1
119Configuration Owner0 11MCOMFIX.EXE1 00121Added by the W32/SdBot-IM worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotim.html0
1 8ieupdate0 32MCP****.exe [**** = random char]2 00 26Added by the ASOXY TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.asoxy.html0
1 8ieupdate0 12mcpdll32.exe1 00 24Adware downloader trojan 01
4151A:Stardock MCP0 13mcpserver.exe1 00138Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications 01
0 8McRegWiz0 12mcregwiz.exe1 00 25McAfee antivirus related. 01
2 8McRegWiz0 21mcregwiz.exe /autorun211HKEY_LM\Run0 56Registration Wizard Module 1, 0, 0, 7, . McRegWiz Module39http://www.absolutestartup.com/startup/1
116mcrosoftr update0 13Mcrosoftr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112Start Upping0 10mcrt32.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
419McAfee.com McShield0 12mcshield.exe1 00 49Associated with McAfee's Internet Security suite. 01
117cmssSystemProcess0 10mcsmss.exe1 00 42Added by a variant of the AGENT.EI TROJAN!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.EI&VSect=T0
1 4NDAv0  8MCSV.COM1 00 56Added by the W32/Sumom-C instant messenger and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
1 4SDAv0  8MCSV.COM1 00 56Added by the W32/Sumom-C instant messenger and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
1 6System0  9mcsys.dll1 00 95Added by the Troj/Pindrop-A Trojan.br /br /Uses CLSID: bF480C1AD-71AE-4756-9275-99616251AF3C/b.58http://www.sophos.com/virusinfo/analyses/trojpindropa.html0
211MCUpdateExe0 12McUpdate.exe111HKEY_LM\Run0 82McAfee SecurityCenter 5, 1, 0, 0, McAfee, Inc. McAfee SecurityCenter Update Engine39http://www.absolutestartup.com/startup/1
311McUpdateExe0 12mcupdate.exe1 00136From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions 01
311MCUpdateExe0 12McUpdate.exe1 00 82McAfee SecurityCenter 6, 0, 0, 0, McAfee, Inc. McAfee SecurityCenter Update Engine 01
436McAfee SecurityCenter Update Manager0 12mcupdmgr.exe1 00 91Associated with McAfee's Internet Security suite.  May control the updating of the program. 01
412mcupdmgr.exe0 12MCUPDMGR.EXE1 00 46McAfee antivirus SecurityCenter Update Manager 01
4 7McVsRte0 10mcusrt.exe1 00135Part of McAfee's SecurityCenter. Must remain checked but one&nbsp; user reports Windows glitches with no response from McAfee as to why51http://us.mcafee.com/root/product.asp?productid=msc0
443McAfee.com VirusScan Online Realtime Engine0 11mcvsrte.exe1 00116Associated with McAfee's Internet Security suite.  This is the real-time scanning engine and should not be disabled! 01
412ActiveShield0 12MCVSSHLD.EXE1 00 55McAfee VirusScan On-line. See also the McAgentExe entry 01
4 8mcvsshld0 12mcvsshld.exe1 00  0 01
416VirusScan Online0 12mcvsshld.exe1 00 55McAfee VirusScan On-line. See also the McAgentExe entry 01
416VirusScan Online0 12mcvsshld.exe111HKEY_LM\Run0 81McAfee VirusScan 9, 1, 0, 0, McAfee, Inc.. McAfee VirusScan ActiveShield Resource39http://www.absolutestartup.com/startup/1
316VirusScan Online0 22mcvsshld.exe /disabled211HKEY_LM\Run0104McAfee VirusScan 8, 0, 0, 0, Networks Associates Technology, Inc. McAfee VirusScan ActiveShield Resource39http://www.absolutestartup.com/startup/1
112MD IE Plugin0  6md.exe1 00 21Adult content dialler 01
1 8SystemMD0  6md.exe1 00 17Homepage hijacker 01
1 7file0_00  7MD1.exe1 00 29Added by the  Troj/Dloader-OR59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
217mddiskprotect.exe0 17MDDiskProtect.exe1 00137MediaFour  MacDrive for Windows - easily open, edit and save files from Mac-formatted disks,  format Mac disks and burn Mac CDs and DVDs!44http://www.mediafour.com/products/macdrive6/0
317MDDiskProtect.exe0 17MDDiskProtect.exe111HKEY_LM\Run0 82Mediafour MacDrive 6.0.5.1, Mediafour Corporation. Mediafour MacDrive Disk Protect39http://www.absolutestartup.com/startup/1
126Microsoft Digital Cryptors0 11mdigits.exe1 00152Added by the W32/Sdbot-CQ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotcq.html0
1 4mdlj0  8mdlj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321Machine Debug Manager0  7mdm.exe1 00335Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See  here to disable 4hang0
3 4MDM70  7mdm.exe1 00352Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See  here to disable 4hang0
110[not used]0  7mdm.exe1 00 40Added by the Troj/Proxy-GG proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxygg.html0
1 4load0  7mdm.exe1 00123.html" target="_blank"BINGHE backdoor Trojan!  It has the ability to log your keystrokes, steal data, and execute commands. 01
121Machine Debug Manager0  7MDM.EXE1 00 49Added by the W32/Sdbot-APE worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotape.html0
1 3mdm0  7mdm.exe1 00110Added by the LYDRA-F TROJAN! Note - this is not the valid Machine Debug Manager which shares the same filename56http://www.sophos.com/virusinfo/analyses/trojlydraf.html0
1 3MDM0  7MDM.exe1 00 63Added by the Troj/Kilt-A, designed to exploit the mIRC program!55http://www.sophos.com/virusinfo/analyses/trojkilta.html0
1 3Mdm0  7Mdm.vbs1 00 42Added by the WHITEHO VIRUS or TRAPPY WORM!42http://vil.nai.com/vil/content/v_99145.htm0
1 6Mdmdll0 10mdmdll.exe1 00 28Added by the CRYPTER TROJAN!71http://www.pestpatrol.com/PestInfo/t/trojandownloader_win32_crypter.asp0
1 8Mdmdll320 12mdmdll32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
121modem driverz updates0 10mdmdrv.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
121Machine Debug Manager0  8mdms.exe1 00229Added by the W32/SdBot-CH backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute. This should not be confused with the valid file c:\windows\system32\mdm.exe.56http://www.sophos.com/virusinfo/analyses/w32sdbotch.html0
117SysMemory manager0  8mdms.exe1 00 33Added by the Troj/Cimuz-B trojan.56http://www.sophos.com/virusinfo/analyses/trojcimuzb.html0
212ModemUtility0 12mdmsetpe.exe1 00 48System Tray configuration icon for Aztech modems 01
411Application0 12mdmsetsp.exe1 00 24Aztech Labs modem driver 01
1 3MDN0  7mdn.exe1 00 44Backdoor.Win32.Rbot.gen is a backdoor agent.62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530900190
125Microsoft Dynamic Network0  7MDN.exe1 00 49Added by the W32/Sdbot-AUQ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotauq.html0
1 3MDN0  8MDNS.exe1 00119l" target=_blankSPYBOT.JPB worm with backdoor and DDOS abilities.  Spreads via weak network shares and vulnerabilities. 01
1 3MDN0  8MDNZ.exe1 00 45me=WORM_RBOT.AQD" target=_blankRBOT.AQD WORM! 01
1 8mdojtgmr0 12mdojtgmr.sys1 00 64Added by the Keylogger.Mose keylogger with rootkit capabilities.75http://www.sarc.com/avcenter/venc/data/keylogger.mose.html#technicaldetails0
1 7mds.exe0  7mds.exe1 00 38Added by the Troj/Mads-A proxy trojan.55http://www.sophos.com/virusinfo/analyses/trojmadsa.html0
115Microsoft Agent0 10mdss32.exe1 00 36Added by the  Troj/Keylog-AG TROJAN!58http://www.sophos.com/virusinfo/analyses/trojkeylogag.html0
1 8mdwmdmsp0 12mdwmdmsp.exe1 00 88Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am36http://www.kaspersky.com/personalpro0
1 4D2cS0 10mdxcpm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
126MS DVD DirectX Dll Drivers0  9mdxdl.exe1 00 12Added by the105W32/Sdbot0
2 4MECA0  8Meca.exe1 00 30Meca instant messenging client31http://www.meca.com/Default.htm0
1 5medgs0 10MEDGS1.exe1 00 43PacerD_Media/Pacimedia.com adware component55http://www.benedelman.org/spyware/installations/pacerd/0
1 6Ioadqm0 16Media Player.exe2 00 25Added by the HAWAWI WORM!63http://www.symantec.com/avcenter/venc/data/w32.hawawi.worm.html0
112Media Player0  9media.exe1 00 31Added by the FLDMEDIA-A TROJAN!59http://www.sophos.com/virusinfo/analyses/trojfldmediaa.html0
1 9(Default)0 16media_driver.exe1 00 25Added by the TUPEG VIRUS!70http://securityresponse.symantec.com/avcenter/venc/data/w32.tupeg.html0
112media_driver0 16media_driver.exe1 00189Added by the  TUPEG VIRUS! - NOTE:  this malware actually changes the default value data of the Registry "Run"  key in order to force Windows to launch it at boot.  Name field may be empty.70http://securityresponse.symantec.com/avcenter/venc/data/w32.tupeg.html0
115[Various Names]0 11media64.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
112Media Access0 13MediaAccK.exe1 00 30A windupdate adware infection. 01
315KBD MediaCenter0 12MEDIACTR.EXE1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
320RevolteMediaDetector0 17MediaDetector.exe111HKEY_LM\Run0 80Révolte Picture Manager 1.0.0.14, Révolte Development. Automatic Camera Detector39http://www.absolutestartup.com/startup/1
113media gateway0 16MediaGateway.exe1 00 56180Solutions Windupdates adware variant - also see  here46http://www.pcpitstop.com/news/dave/2005-07.asp0
3 8MediaKey0 12MediaKey.exe1 00 68Multimedia keyboard manager. Required if you use the multimedia keys62http://www.futurepowerusa.com/support/kb_911/help/overview.htm0
310PCMService0 20MediaLifeService.exe111HKEY_LM\Run0 85Logitech MediaLife 3.0 3.00.0000, Logitech Corp.. Logitech MediaLife Resident Program39http://www.absolutestartup.com/startup/1
212MediaMonitor0 12Mediam~1.exe1 00 82Installed by Smartdisk MVP CD burning software. Software will work fine without it 01
113media_manager0 12mediaman.exe1 00222a target="_blank" href="http://www.mini-player.com/"Mini-Player,  IMESH related foistware, see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371"here 01
116Microsoft Update0 10mediap.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
310Media Pass0 13MediaPass.exe111HKEY_LM\Run0 43LoaderX Module 1, 0, 0, 1, . LoaderX Module39http://www.absolutestartup.com/startup/1
110Media Pass0 13MediaPass.exe1 00106This is a Trojan Downloader that appears to be part of the Windupdates family of adware delivery products. 01
110Media Pass0 14MediaPassK.exe1 00106This is a Trojan Downloader that appears to be part of the Windupdates family of adware delivery products. 01
120Windows Media Player0 15MediaPIayer.exe1 00 92Added by the SDBOT-QO TROJAN! - note, the executable is called 'MediapIayer', with an 'i' !)57http://www.sophos.com/virusinfo/analyses/trojsdbotqo.html0
130Microsoft Windows Media Player0 15mediaplayer.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115[various names]0 17mediaplayer32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
117mediapluscash.exe0 17mediapluscash.exe1 00 37MediaMotor/Popuppers adware component77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
1 9loads.exe0 11medload.exe1 00 31Popuppers.com adware downloader 01
1 5MELIS0  9melis.exe1 00 35Added by the W32/Niklas-U P2P worm.64http://www.bleepingcomputer.com/startups/admin.php?act=add_entry0
1 7Windows0  9mella.bat1 00138ml" target=_blankALLEM mass-mailing worm.  It finds addresses to send to in the Microsoft Outlook address book.  It also spreads via MIRC. 01
3 3pst0 12memaker2.exe1 00128Added by the Spyware.SpymodePCSpy surveillance software. This program should be uninstalled if it was not installed by yourself.64http://www.sarc.com/avcenter/venc/data/spyware.spymodepcspy.html0
1 95-1-61-960 16members-area.exe1 00 21Adult content dialler 01
3 7DellMCM0 11memcard.exe111HKEY_LM\Run0 67Dell Memory Card Manager 1.0.10.0, . Memory Card Manager Executable39http://www.absolutestartup.com/startup/1
4 9Fix-it AV0 12memcheck.exe1 00242Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources 01
4 9Fix-It AV0 12MemCheck.exe111HKEY_LM\Run0 84Fix-It Utilities 5.0.0.7, V Communications, Inc.. SystemSuite Virus Scanner MemCheck39http://www.absolutestartup.com/startup/1
128WINDOWS SYSTEM MEMORY LOADER0 13memloader.exe1 00134Added by the  W32/Mytob-IN worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobin.html0
1 6LMMngr0 10memlow.sys1 00137Part of the Troj/Haxdoor-AE rootkit.  This is installed as a system driver service so will not be seen in the services.msc control panel.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorae.html0
310memmonster0 12memmnstr.exe1 00 84MemMonster is a memory manager which enables your computer to work more efficiently.43http://www.daolnwod.com/memmonster_2923.htm0
319TuneUp MemOptimizer0 16memoptimizer.exe1 00178Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard 01
319TuneUp MemOptimizer0 26MemOptimizer.exe autostart2 00 67TuneUp Utilities 4.0.0.0, TuneUp Software GmbH. TuneUp MemOptimizer 01
112Memory Check0 10memore.exe1 00 29Added by the KILLAV.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.c.html0
311memoryboost0 15MemoryBoost.exe1 00 11MemoryBoost42http://www.tenebril.com/consumer/memboost/0
114Memory Manager0 17memorymanager.pif1 00 78Added by the Troj/Delf-JJ Trojan!  File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
111MemoryMeter0 15MemoryMeter.exe1 00 40Autoinstalling spyware by Total Velocity29http://www.totalvelocity.com/0
114Memory Watcher0 17MemoryWatcher.exe1 00 21MemoryWatcher spyware55http://www.pestpatrol.com/pestinfo/m/memory_watcher.asp0
113memreader.exe0 13memreader.exe1 00133Added by the W32/Agobot-TY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotty.html0
110MEMreaload0 14MEMreaload.exe1 00 37Added by the LAZAR trojan downloader.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html0
110MEMreaload0 40MEMreaload.exe /checkmouse /updateration2 00 43ml" target="_blank"LAZAR trojan downloader. 01
210MemScanner0 14MemScanner.exe1 00 64SpyHunter - spyware remover of somewhat dubious repute, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note0
124Microsoft Update Machine0 11memstat.exe1 00 26Added by the RBOT-OM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotom.html0
115keyboard driver0 18memswapmanager.pif1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
325Systweak Memory Optimizer0 13memtuneup.exe1 00 43Part of  SysTweak Advanced System Optimizer30http://www.systweak.com/asov2/0
3 8MemTurbo0 12memturbo.exe1 00140MemTurbo memory optimizer. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind24http://www.memturbo.com/0
3 8MemTurbo0 25MemTurbo.exe /starthidden2 00 58MemTurbo Application 3, SoftwareOnline.com, Inc.. MemTurbo 01
2 8MenuSnap0 12MenuSnap.exe1 00246MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start - Programs and right-clicking and choosing "Sort by Name" if availabe31http://www.rietta.com/menusnap/0
4 7biomenu0 10menusw.exe1 00 80Related to  Sony_VAIO Passwords, encryption, and a biometric fingerprint sensor.69http://vaio-online.sony.com/prod_info/vgn-bx168gp/solid_security.html0
111msn upddate0 12mesenger.exe1 00 48Added by the W32/Rbot-AVZ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotavz.html0
1 9Messenger0  8mesg.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
315Message_Blocker0 16messageblock.exe1 00192Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"40http://www.ograhl.com/en/messageblocker/0
1 9Messenger0 13messenger.exe1 00 26Added by the KUTEX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kutex.html0
110mmessenger0 13messenger.exe1 00 29Added by the  AGOBOT.GM WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GM&VSect=P0
113MSN messenger0 13messenger.exe1 00 91Added by an unidentified TROJAN! Note - this is not the real MSN Messenger, see this thread59http://forums.techguy.org/showthread.php?s=&threadid=1090540
113System driver0 13Messenger.exe1 00 42Added by a variant of the SMALL.BJ TROJAN! 01
113Yahoo Updater0 13Messenger.exe1 00134Added by the W32/Forbot-FE worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfe.html0
1 8Yahoo!!!0 13Messenger.exe1 00 46Added by the Troj/Dloadr-TG keylogging Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrtg.html0
311Messenger 20 14messenger2.exe125StartUp menu\Current user0 83IM2 Messenger 1, 3, 0, 0, Secure Software. IM2 Messenger. The ultimate IM software.39http://www.absolutestartup.com/startup/1
318MessengerDiscovery0 22MessengerDiscovery.exe1 00 74MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features34http://www.messengerdiscovery.com/0
117Windows messenger0 14messengers.exe1 00137Added by the W32.Mytob.EI@mm worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ei@mm.html#technicaldetails0
1 7SystemB0 20MessengerStopper.exe1 00 18MessStopper adware58http://sarc.com/avcenter/venc/data/adware.messstopper.html0
3 8Metacafe0 26MetacafeAgent.exe /startup222StartUp menu\All users0 180.19.29.0      , .39http://www.absolutestartup.com/startup/1
125Windows MeTaLRoCk service0 13metalrock.exe1 00 29Added by the TASTYRED TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.tastyred.html0
148MeTaLRoCk (irc.musirc.com) has sex with printers0 20metalrock-is-gay.exe1 00 27Added by the RANDEX.Q WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q0
3 3MEW0  7MEW.EXE125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 5LMMng0 10mewlow.sys1 00 96The Troj/Haxdoor-Q TROJAN/backdoor creates this file, and service with a servicename of  mewlow.58http://www.sophos.com/virusinfo/analyses/trojhaxdoorq.html0
111MS Explorer0 12mexplore.exe1 00 26Added by the YAHA.AE WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ae@mm.html0
112PowerProfile0 10mfcp30.exe1 00135Added by the Troj/Rindas-A TROJAN and found in the Windows system folder.  It allows access to a compromised PC by way of IRC channels.57http://www.sophos.com/virusinfo/analyses/trojrindasa.html0
1 6mfin320 10mfin32.exe1 00 40MyFreeInternetUpdate - adware downloader 01
226CorelMedia FoldersIndexer80 12MFINDE~1.EXE1 00  0 01
226CorelMedia FoldersIndexer80 13MFindexer.exe1 00 98Part of CorelDraw bundles for indexing media files - similar to &quot;fast find&quot; in MS Office 01
113spam firewall0 13mfirewall.exe1 00 23Added by the  SDBOT.AOU86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AOU&VSect=T0
220MightyFAX Controller0 11MFNTCTL.EXE1 00119Mighty FAX from RKS Software - &quot;installs a printer driver so that you can fax directly from Windows software&quot;50http://www.rkssoftware.com/mightyfax/overview.html0
121Microsoft Incroporate0  7mfs.exe1 00132Added by the W32/Rbot-ANF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanf.html0
1 3Nto0  7Mga.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 5Mgabg0  9Mgabg.exe1 00 18Matrox BIOS Guard. 01
221Matrox Control Center0 11mgactrl.exe1 00 48For Matrox video cards. Quick access to settings 01
217Matrox Diagnostic0 11mgadiag.exe1 00 51For Matrox video cards. Quick access to diagnostics 01
3 8MGA Hook0 11Mgahook.exe1 00 29MATROX Graphics card related. 01
216Matrox QuickDesk0 12mgaqdesk.exe1 00 70For Matrox video cards. Quick access to tweak your card to your liking 01
213MGA Quickdesk0 12MGAQDESK.EXE1 00 70For Matrox video cards. Quick access to tweak your card to your liking 01
214MGA_CD_Install0 12mgasetup.exe1 00 67Matrox Millennium video driver. Not required once drivers installed 01
314MatroxUmbrella0 12mgasetup.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 8mgavctrl0 12mgavrtcl.exe1 00 26McAfee's Virus Scan Online 01
411mgavrtclexe0 12mgavrtcl.exe1 00  0 01
4 8mgavctrl0 11mgavrte.exe1 00 26McAfee's Virus Scan Online 01
411mgavrtclexe0 11mgavrte.exe1 00 26McAfee's Virus Scan Online 01
1 7mgmtapi0 11mgmtapi.exe1 00 20Unidentified malware 01
111RandomWin320 12mgnwin32.exe1 00 27Added by the SDBOT-DV WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotdv.html0
123Microsoft HTTP Protocol0  9mgsev.exe1 00222Added by the W32.Spybot.AGEN AOL Instant Messenger worm.  This worm has virtual machine detection where it will terminate itself if it is run on a VMware virtual machine.  This infection also utilizes the rofl.sys rootkit.76http://www.sarc.com/avcenter/venc/data/w32.spybot.agen.html#technicaldetails0
4 9BullGuard0  8mgui.exe1 00 28Part of  Bullguard antivirus25http://www.bullguard.com/0
1 7mhdefpm0 11mhdefpm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110MHDOGStart0 11mhdogst.EXE1 00 88Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS 01
112System Guard0 11mhguard.exe1 00133Added by the W32/Rbot-AGU worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagu.html0
2 6MHINIT0 10MHINIT.EXE1 00 42Part of the Cybermedia Clean Sweep package 01
3 7CHotkey0 11mHotkey.exe1 00 72Chicony Multimedia Driver 3, 0, 0, 0, Chicony. Chicony Multimedia Driver 01
3 7CHotKey0 11mhotkey.exe1 00148Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features 01
229Microsoft Greetings Reminders0 12MHPRMIND.EXE1 00 44Microsoft Home Publishing greetings reminder 01
229Microsoft Greetings  Reminder0 12MHPRMINF.EXE1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
1 6lindow0 13miamore32.dll1 00 44Identified as Trojan-Clicker.Win32.Agent.ct. 01
1 4mibq0  8mibq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116microsoft update0 13Micr0s0ft.exe1 00 30Added by the  AGOBOT.AAR WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAR&VSect=P0
117Microsoft Service0 13microhost.exe1 00 26Added by the RBOT-LC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlc.html0
112SystemBackup0 12MicroLog.exe1 00 31Added by the MICROLOG.A TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MICROLOG.A0
124Required Service Drivers0 11micront.exe1 00 12Added by the131W32/Rbot-ABD0
126Microsft Internet Explorer0 30Microsft Internet Explorer.hta2 00 42Added by the JS/Unicle-A javascript virus.54http://www.sophos.com/virusinfo/analyses/jsunicle.html0
1 6system0 20Microsoft Office.exe2 00 53Added by the Troj/Bancban-LH Internet banking Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanlh.html0
116Microsoft Office0 20Microsoft Office.hta2 00121HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! 01
113svssshost.exe0 18Microsoft Services2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119Microsoft Webserver0 23Microsoft Webserver.exe2 00 45Added by the Troj/Hupigon-FU backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigonfu.html0
117microsoft windows0 21Microsoft Windows.hta2 00121HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! 01
120Configuration Loader0 13microsoft.exe1 00 28Added by the GAOBOT.JB WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.jb.html0
117Dcom System Patch0 13microsoft.exe1 00127Added by the W32/Sdbot-X worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32sdbotx.html0
119Microsoft Executing0 13microsoft.exe1 00 28Added by the AGOBOT.UV WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UV0
116Microsoft Office0 13microsoft.exe1 00 43Added by the Troj/Banker-VF banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankervf.html0
133Microsoft Synchronization Manager0 13microsoft.exe1 00134Added by the W32/Sdbot-OM worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotom.html0
116Microsoft Update0 13Microsoft.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
114windows update0 13Microsoft.exe1 00 82added by the Troj/PWSLmir-F TROJAN to steal information and send it out via email.58http://www.sophos.com/virusinfo/analyses/trojpwslmirf.html0
116Microsoft Update0 13Microsoft.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9microsoft0 13microsoft.hta1 00121HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! 01
115microsoft32.exe0 15Microsoft32.exe1 00 27Unidentified worm or trojan 01
112microsoft4200 16microsoft420.exe1 00 27Added by the MENACE.B WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.B0
1 5mslog0 16MicrosoftLog.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
118Microsoftmsn32.exe0 18microsoftmsn32.exe1 00 29Added by the CERTIF-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojcertifc.html0
116ms configuration0 17microsoftsa32.exe1 00 32Added by the  W32.KELVIR.X WORM!60http://www.symantec.com/avcenter/venc/data/w32.kelvir.x.html0
117Microsoft Scanreg0 20microsoftscanreg.exe1 00 28Added by the FRANRIV.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRANRIV.A0
119win32 debug manager0 16microsoftupd.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
116Microsoft Update0 14Microsoftx.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7SYSTEMS0 15MICROSYSTEM.EXE1 00 46Added by the WORM_MYDOOM.BL mass-mailing worm.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYDOOM%2EBL&VSect=T0
111Microupdate0 15MICROUPDATE.EXE1 00 45Added by the WORM_MYTOB.PX mass-mailing worm.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EPX&VSect=T0
014SetDefaultMIDI0 11MIDIDef.exe1 00 44Related to a Soundblaster Audigy soundcards. 01
314SetDefaultMIDI0 11MIDIDef.exe111HKEY_CU\Run0 67Creative Audio Product 2, 8, 2, 0, Creative Technology Ltd. mididef39http://www.absolutestartup.com/startup/1
115Firewall Policy0 13MidiDef32.exe1 00 49Added by the Troj/Piebot-A worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/trojpiebota.html0
2 4jotl0 13millenzje.exe1 00  2?? 01
2 7MimBoot0 11mimboot.exe1 00 61Starts Musicmatch Jukebox at bootup - can be started manually26http://www.musicmatch.com/0
3 8MouseImp0 12MImpHost.exe1 00113MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device" 01
1 6Mincer0 10Mincer.exe1 00 45Added by the WM97/Minceme-A Word macro virus.58http://www.sophos.com/virusinfo/analyses/wm97mincemea.html0
122Microsoft Ming Service0  8ming.exe1 00131Added by the W32/Rbot-AWS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute56http://www.sophos.com/virusinfo/analyses/w32rbotaws.html0
1 7MINIBUG0 11MINIBUG.EXE1 00 41Displays ads inside Weatherbug - see here94http://spybot.safer-networking.de/index.php?lang=en&page=knowledgebase/threats/spybots-minibug0
212MINIFERT.EXE0 12MINIFERT.EXE1 00 15Part of Backweb 01
3 7minilog0 11MINILOG.EXE1 00171If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use 01
2 9MiniMavis0 19MiniMavis.exe  Main222StartUp menu\All users0109Mavis Beacon Personal Coach v 2.0 2, 0, 0, 1, TLC Education Properties LLC. Mavis Beacon Personal Coach v 2.039http://www.absolutestartup.com/startup/1
2 9MiniMavis0 13MiniMavis.exe1 00 25Mavis Beacon typing tutor 01
2 8MiniNote0 12MININOTE.EXE1 00106Mini NoteTab was the first in the family of &quot;NoteTab&quot; text and HTML editors from Fookes Software43http://www.fookes.com/software/mininote.htm0
3 7MiniPad0 20MiniPad.exe -startup225StartUp menu\Current user0 57MiniPad Application 3, 3, 1, 1, . MiniPad MFC Application39http://www.absolutestartup.com/startup/1
1 7MiniPCI0 11MiniPCI.sys1 00 36Added by the Troj/NtRootK-M rootkit.58http://www.sophos.com/virusinfo/analyses/trojntrootkm.html0
110miniportrt0 15miniport_mp.exe1 00 19Malware - see  here51http://www.protext.com/support/Miniport_mpVirus.htm0
114MiniServer.exe0 14MiniServer.exe1 00 44Added by the Troj/LittleW-E backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojlittlewe.html0
214Mini-Webserver0 17MiniWebServer.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
3 7Mini-XP0 11Mini-XP.exe111HKEY_CU\Run0 51Minimizer-XP 1.01, Totalidea Software. Minimizer-XP39http://www.absolutestartup.com/startup/1
210miranda im0 13miranda32.exe1 00 32Miranda Instant Messaging client26http://www.miranda-im.org/0
114ToolbarInstall0 14MirarSetup.exe1 00149Added by the Mirar adware.  This program will install a toolbar and display advertisements with the same subject matter as websites you are visiting.56http://www.sarc.com/avcenter/venc/data/adware.mirar.html0
123Mirate Sp 2 Information0 13miratesp2.exe1 00 26Added by the RBOT.QH WORM!87http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QH0
1 6ctfmon0  8mIRC.dll1 00 43Added by the Troj/Delbot-E backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojdelbote.html0
111feelalright0  8mirc.exe1 00 37Added by the W32/IRCFlood-M IRC worm.58http://www.sophos.com/virusinfo/analyses/w32ircfloodm.html0
1 6Nvidia0  8mirc.exe1 00 86Added by Troj/Delbot-A, a TROJAN/IRC backdoor, and found in the windows system folder.57http://www.sophos.com/virusinfo/analyses/trojdelbota.html0
1 7Startup0  8mirc.exe1 00 13Windowsup.reg 01
1 6SYSTEM0  8mirc.exe1 00 42Added by the Troj/Sobet-B backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojsobetb.html0
111taskmgr.exe0  8mirc.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
115Winsock2 driver0 10MIRC32.exe1 00 28Added by the SPYBUZZ TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.spybuzz.html0
119Microsoft Updatting0 14miroupdate.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 5mirra0 22Mirra.Client.exe -hide222StartUp menu\All users0 53Mirra 2.0.29.9812, Mirra, Inc.. Mirra Client Software39http://www.absolutestartup.com/startup/1
236Barra de atalhos do Microsoft Office0 11misc.exe -o222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
3 8misiCTRL0 12misiCTRL.exe1 00 26Miro video driver related.49http://www.video-drivers.com/drivers/26/26750.htm0
219miroVIDEO Tray Tool0 12misitray.exe1 00280Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions 01
3 8misiTRAY0 12misiTRAY.exe1 00 26Miro video driver related.49http://www.video-drivers.com/drivers/26/26750.htm0
213C-Media Mixer0  9Mixer.exe1 00217C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start - Settings - Control Panel or Start - Programs 01
2 5Mixer0  9Mixer.exe1 00233C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start - Settings - Control Panel or Start - Programs 01
116Microsoft Update0  9mixer.exe1 00133Added by the W32/Rbot-AIR worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotair.html0
213C-Media Mixer0 18Mixer.exe /startup2 00 62Mixer 1.58, C-Media Electronic Inc. (www.cmedia.com.tw). Mixer 01
2 8Mixghost0 12mixghost.exe1 00114Management software for Altec Lansing speakers.  If a change is needed, the user can launch it from the Start menu 01
1 6mjgqqr0 10mjgqqr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7MemoKit0  6MK.EXE1 00452Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
3 7memokit0  6mk.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
3 7CHotKey0 10MK9805.EXE1 00148Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features 01
311MailScanner0 12mks_mail.exe111HKEY_LM\Run0 76mks_mail 1, 7, 0, 0, MKS sp. z o. o.. mks_mail - skaner poczty przychodzącej39http://www.absolutestartup.com/startup/1
3 8MKS_MENU0 12mks_menu.exe111HKEY_LM\Run0 53mks_vir tray 1, 0, 0, 1, MKS Sp. z o.o.. mks_vir tray39http://www.absolutestartup.com/startup/1
1 9ml00!.exe0  9ml00!.exe1 00 59Malware, detected by  Panda antivirus as Trj/Downloader.BWD51http://www.pandasoftware.com/products/titanium2005/0
316ml1helperstartup0 12ML1HEL~1.EXE1 00  038http://www.screenscenes.com/index.html0
316ml1helperstartup0 13ML1Helper.exe1 00224Midnight_Lake Screen saver. The freeware version comes with  GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...38http://www.screenscenes.com/index.html0
3 7Matador0 12mlfbuddy.exe1 00 36MailFrontier - anti-spam application49http://www.mailfrontier.com/products_matador.html0
110[not used]0  8mlg1.exe1 00 49Added by the W32/Kelvir-I instant messaging worm.56http://www.sophos.com/virusinfo/analyses/w32kelviri.html0
1 3m660  9mlr66.exe1 00 35Added by the Troj/Agent-ACR Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentacr.html0
313iriver autodb0 13MLService.exe1 00 41Associated with the  iRiver Music Manager22http://www.iriver.com/0
1 8mlwoekia0 12mlwoekia.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118Gray_Pigeon_Server0  6mm.exe1 00 44Added by the Troj/Feutel-AM backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelam.html0
0 9mm_server0 13mm_server.exe111HKEY_LM\Run0 73Musicmatch Jukebox 10.00.2058, Musicmatch, Inc.. Musicmatch® Music Server39http://www.absolutestartup.com/startup/1
2 6MMTray0 11mm_tray.exe1 00123MusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator85http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&mode=input&BTD=1&DID=0
2 6MMTray0 11mm_tray.exe111HKEY_LM\Run0 55Musicmatch Jukebox 9.00.5059, Musicmatch, Inc.. mm_tray39http://www.absolutestartup.com/startup/1
1 6motoin0 19mm15201518.Stub.exe1 00 32Delfin_Promulgate adware variant74http://securityresponse.symantec.com/avcenter/venc/data/adware.delfin.html0
121Microsoft Movie Maker0 10Mmaker.exe1 00 77Added by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft program73http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.c.html0
1 9USBHWINFO0  7mmc.exe1 00 35Added by the Troj/LowZone-I trojan.58http://www.sophos.com/virusinfo/analyses/trojlowzonei.html0
1 8mmcndmgr0 12mmcndmgr.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 4clre0  8mmdc.exe1 00 29Added by the  Troj/PurScan-AI59http://www.sophos.com/virusinfo/analyses/trojpurscanai.html0
1 7mmemdrv0 11mmemdrv.exe1 00 25Added by the  SecondSight67http://www.symantec.com/avcenter/venc/data/spyware.secondsight.html0
310MMERefresh0 14MMERefresh.exe1 00226Part of Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R26http://www.digidesign.com/0
314MinMaxExtender0  9Mmext.exe1 00 37MinMaxExtender - window handling tool48http://www.geocities.com/revenger_inc/mmext.html0
217Windows Compliant0 10mmglhe.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
110OpenMstart0 10mmgr32.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 8MMGSrv320 12mmgsrv32.exe1 00 12Added by the32Troj/LdPinch-AX TROJAN/backdoor!0
1 6Mmgsvc0 10mmgsvc.exe1 00 14Mmgsvc spyware84http://www.giantcompany.com/antispyware/research/spyware/spyware-Spyware.Mmgsvc.aspx0
3 5MMhid0  9mmhid.dll1 00493This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP53http://www.microsoft.com/hwdev/tech/input/audctrl.asp0
3 4MMHK0  8mmhk.exe1 00101A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys? 01
2 8MMHotKey0 12MMHotKey.exe1 00  0 01
3 7KM9801U0 12MMHotKey.exe1 00190Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen 01
310ACTIVBOARD0 11MMKeybd.exe1 00 56Netropa Hot Key 1.00, Netropa Corp.. Netropa(tm) Hot Key 01
310Activboard0 11MMKeybd.exe1 00176Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys 01
3 9DellTouch0 11MMKeybd.exe1 00 73Dell multimedia keyboard manager. Required if you use the additional keys 01
3 8FLMK08KB0 11MMKEYBD.EXE1 00  0 01
316Keyboard Manager0 11MMKeybd.exe1 00 68Multimedia keyboard manager. Required if you use the additional keys 01
3 7MMKeybd0 11MMKeybd.exe1 00 68Multimedia keyboard manager. Required if you use the additional keys 01
314Multimedia KBD0 11MMKeybd.exe1 00  0 01
319MULTIMEDIA KEYBOARD0 11MMKeybd.exe1 00 68Multimedia keyboard manager. Required if you use the additional keys 01
319MULTIMEDIA KEYBOARD0 11MMKeybd.exe111HKEY_LM\Run0 56Netropa Hot Key 1.00, Netropa Corp.. Netropa(tm) Hot Key39http://www.absolutestartup.com/startup/1
4 8FLMK08KB0 11MMKEYBD.EXE111HKEY_LM\Run0 57MOffice Application 1, 0, 0, 1, . MOffice MFC Application39http://www.absolutestartup.com/startup/1
114Windows update0  8mmln.exe1 00 48Added by the W32/Rbot-BIU worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbiu.html0
2 3Mmm0  7Mmm.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6eZmmod0  8mmod.exe1 00136Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
1 4mmod0  8mmod.exe1 00136Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
111Twain image0  9mmp32.exe1 00 26DailyWinner adware related48http://www.doxdesk.com/parasite/DailyWinner.html0
321Realtime Audio Engine0 12mmrtkrnl.exe1 00 36Associated with ALCATech  BPM_Studio62http://www.alcatech.com/html/rebuild.php?src=products_pro.html0
2 5MMRun0  9mmrun.exe1 00  2?? 01
221MS management console0  7mms.exe1 00 95Suspicious as the Microsoft Management Console is "mmc.exe" and doesn't normally run at startup 01
1 6sysmem0 10mmsete.exe1 00 30Added by the W32/Nopir-D worm.55http://www.sophos.com/virusinfo/analyses/w32nopird.html0
1 4mmsg0 12mmsg.exe.exe1 00 32Added by the W32/Minusia-A worm.57http://www.sophos.com/virusinfo/analyses/w32minusiaa.html0
137microsoft network services controller0 11mmsvc32.exe1 00 31Added by the  W32/NANPY-A WORM!55http://www.sophos.com/virusinfo/analyses/w32nanpya.html0
3 8MMSystem0 24mmsystem.dll"", RunDll32211HKEY_LM\Run0 32bsVirus 3.00.0023, Tastysoft SD.39http://www.absolutestartup.com/startup/1
2 6mmtask0 10mmtask.exe1 00110Part of  MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator97http://www.musicmatch.com/download/plus/jukebox_intro.htm?os=pc&amp;mode=input&amp;BTD=1&amp;DID=0
2 6mmtask0 10mmtask.exe111HKEY_LM\Run0 76TODO: <Product name? 1.0.0.1, TODO: <Company name?. TODO: <File description>39http://www.absolutestartup.com/startup/1
123MicrosoftMultimediaTask0 10Mmtask.exe1 00 83Adware downloader - not the valid MusicMatch Jukebox which shares the same filename 01
114MMtask Service0 10mmtask.exe1 00 91Added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename58http://www.sophos.com/virusinfo/analyses/trojbackgata.html0
115SchedulingAgant0 10MMTASK.EXE1 00 87Added by the YAB.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A0
4 6MMTASK0 10mmtask.tsk1 00284A check on the file's properties reveals &quot;Multimedia background task support module&quot;. MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc 01
2 6MMTray0 10MMTray.exe1 00 73Part of  Morgan Multimedia Codecs. Only required when the codecs are used33http://www.morgan-multimedia.com/0
2 8mmtray2k0 12mmtray2k.exe1 00  0 01
2 8MMTray2K0 12MMTray2K.exe1 00 73Part of  Morgan Multimedia Codecs. Only required when the codecs are used33http://www.morgan-multimedia.com/0
2 9mmtraylsi0 13mmtraylsi.exe1 00 62Morgan Multimedia MMTray 3, 0, 0, 0, Morgan Multimedia. MMTray 01
2 9MMTrayLSI0 13MMTrayLSI.exe1 00 73Part of  Morgan Multimedia Codecs. Only required when the codecs are used33http://www.morgan-multimedia.com/0
114mediamotor.exe0  9mmups.exe1 00 25Roimoi/Media-Motor adware53http://www.spynet.com/spyware/spyware-MediaMotor.aspx0
1 3XiD0  7mmx.exe1 00 28Added by the ANALOGX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.analogx.html0
1 6mmx4320 10mmx432.dll1 00 53Added by the Trojan.Goldun. password-stealing Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.goldun.j.html#technicaldetails0
126MMX Virtualization Service0 10mmx464.sys1 00 53Added by the Trojan.Goldun. password-stealing Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.goldun.j.html#technicaldetails0
127MMX2 Virtualization Service0 10mmx464.sys1 00  076http://www.sarc.com/avcenter/venc/data/trojan.goldun.j.html#technicaldetails0
1 6mmxF320 10mmxF32.dll1 00 46Added by the Troj/Haxdoor-BO backdoor rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbo.html0
127MMX2 virtualization service0 10mmxF64.sys1 00 37Added by the Troj/Haxdor-Gen rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdorgen.html0
116mmxp2passion.exe0 16mmxp2passion.exe1 00 37MediaMotor/Popuppers adware component77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
1 4mnck0  8mnck.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Goldensoft_MndlSvr0 11MndlSvr.exe1 00216Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking 01
1 7mFilter0  9MNeck.exe1 00123Added by the Troj/Clicker-AG Trojan.  This infection also installs the files C:\log.log and c:\Windows\System32\noctrn.dll.59http://www.sophos.com/virusinfo/analyses/trojclickerag.html0
1 7mnklins0 11mnklins.exe1 00 28Transponder parasite related48http://www.doxdesk.com/parasite/Transponder.html0
2 3Fpx0 11mnmsrvc.exe1 00132Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations 01
1 5MNPol0  9mnpol.exe1 00 21Adult content dialler 01
3 3MNS0  7MNS.exe1 00213Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more31http://www.mobilenetswitch.com/0
1 5mnsvc0  9mnsvc.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
1 7mnsvcsp0 11mnsvcsp.exe1 00 39Added by the Troj/SCKeyLog-B keylogger.59http://www.sophos.com/virusinfo/analyses/trojsckeylogb.html0
124Microsoft Windows Update0 12mnswinsx.exe1 00132Added by the W32/Rbot-AWH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawh.html0
112VirusScanner0  9mnsys.exe1 00133Added by the W32/Sdbot-AFQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafq.html0
119Microsoft WinUpdate0 13mntcgf032.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
115[Various Names]0  8MNTP.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
210MoneyAgent0 11mnyexpr.exe1 00 15Microsoft Money 01
210MoneyAgent0 11mnyexpr.exe111HKEY_CU\Run0 80Microsoft® MSN Money Deluxe 12.00.0613, Microsoft Corp.. Microsoft Money Express39http://www.absolutestartup.com/startup/1
314Easy Messaging0 28MobilePhoneSuite.exe --nogui211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7mobsync0 11mobsync.exe1 00142MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages 01
223Synchronization Manager0 11mobsync.exe1 00 40Find more information about its use here62http://support.microsoft.com/default.aspx?scid=kb;en-us;2561390
223Synchronization Manager0 18mobsync.exe /logon2 00106Microsoft Synchronization Manager 5.00.2195.6627, Microsoft Corporation. Microsoft Synchronization Manager 01
113MOBSYNC32.EXE0 13mobsync32.exe1 00 27Added by the FINERO TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.finero.html0
121Synchronization Agent0 12mobsynca.exe1 00134Added by the W32/Randex-E worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexe.html0
1 5ACCRA0  9Mocih.exe1 00 29Added as a new service by the70Troj/Chimo-B TROJAN, with a displayname of  Trace network connections.0
3 6mod_sm0 10mod_sm.cmd125StartUp menu\Current user0 67Cloaker, Cloaker, Cloaker! 3, 0, 0, 0, Hewlett-Packard Co.. Cloaker39http://www.absolutestartup.com/startup/1
3 8MODEMBTR0 12MODEMBTR.EXE1 00 60Modem Booster from inKline Global to improve ISP connections25http://inklineglobal.com/0
313Modem Booster0 12ModemBtr.exe111HKEY_LM\Run0 55Modem Booster 5.0, INKLINE SOFTWARE LABS. Modem Booster39http://www.absolutestartup.com/startup/1
1 8Modeminf0 12Modeminf.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
314AModemLockDown0 17ModemLockDown.exe1 00 10See  Here.44http://modemlockdown.techconz.com/index.html0
1 7modhonu0 11modhonu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9[unknown]0 13modifiche.vbs1 00 32Added by the VBS/Haptime-E worm.57http://www.sophos.com/virusinfo/analyses/vbshaptimee.html0
123Windows Security Module0 10module.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6tgbcde0 12module32.exe1 00 28Added by the REIGN.R TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=400980
316flmoffice4dmouse0 11moffice.exe1 00 50Mouse properties for Logytech Typhoon Office Mouse 01
311ModemOnHold0  7MOH.EXE1 00 36NetWaiting Modem-on-Hold Application 01
2 5iPalm0  7mon.exe1 00172Installed with a Panasonic iPalm digital camera. Used to uploaded photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded71http://www.panasonic.com/consumer_electronics/digital_cameras/ipalm.asp0
115[Various Names]0 12MON76234.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
210MoneyAgent0 17Money Express.exe2 00  0 01
210MoneyAgent0 17money express.exe2 00 48Part of MS Money. Available via Start - Programs 01
310MoneyAgent0 17Money Express.exe211HKEY_CU\Run0 11Money agent39http://www.absolutestartup.com/startup/1
312MoneyStartUp0 17Money Startup.exe2 00 15Microsoft Money 01
313Money Express0 16moneyexpress.exe1 00 48Part of MS Money. Available via Start - Programs 01
114realone_nt20030 11moniker.exe1 00 26Added by the SNONE.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.snone.a.html0
115[Various Names]0 11moniter.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
210ENCMONITOR0 11monitor.exe1 00118The Encompass Monitor. This program is the Connect Direct Program.  It is more trouble than it is worth and few use it 01
215Pagis Scheduler0 11Monitor.exe1 00 59Scheduler for the Pagis scanning suite from Scansoft.&nbsp;30http://www.scansoft.com/pagis/0
321Ulead AutoDetector v20 11monitor.exe111HKEY_LM\Run0 61Ulead AutoDetector 2.0.0.0, Ulead Systems, Inc.. AutoDetector39http://www.absolutestartup.com/startup/1
1 7monitor0 11monitor.exe1 00 43Browser hijacker, redirecting to NCM Search 01
123Windows USB Hub Manager0 11Monitor.exe1 00 48Added by the W32/Rbot-BPN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbpn.html0
226Belkin PCMCIA WLAN Monitor0 13monitorbk.exe1 00 71Belkin USB Network Adapter Management utility - can be started manually 01
110Monitormgt0 14Monitormgt.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
017MP_STATUS_MONITOR0 12monitr32.exe1 00 28Related to Cannon Multi-Pass 01
317MP_STATUS_MONITOR0 12monitr32.exe1 00 28Related to Cannon Multi-Pass 01
3 8monitr320 12monitr32.exe111HKEY_LM\Run0 48Canon MultiPASS 4.30, Canon Inc.. Status Monitor39http://www.absolutestartup.com/startup/1
317MP_STATUS_MONITOR0 14monitr32.exe I2 00 63Canon MultiPASS 3.20, Canon Information Systems. Status Monitor 01
424Alps Electric USB Server0 11Monserv.exe1 00 61Alps Electric USB Server - required according to this article62http://support.microsoft.com/default.aspx?scid=kb;en-us;2006920
210moon phase0  8moon.exe1 00 60Moon Phase - tray icon that indicates the phases of the moon30http://www.locutuscodeware.com0
1 9w32alanis0  8mope.scr1 00 25Added by the SINALA WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sinala@mm.html0
213ProgramWindow0 13more comp.exe2 00  2?? 01
113Internet Send0 12More log.exe2 00 18Unidentfied adware 01
1 6Msys320 21morfitwebentrance.exe1 00277Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage 26http://www.morfit.com/Eng/0
2 8Morpheus0 12morpheus.exe1 00276MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes &quot;I have seen no instance of any since using it&quot; 01
2 8Morpheus0 17Morpheus.exe -min2 00  0 01
1 8morphstb0 12morphstb.exe1 00 90Adware downloader  - detected by  Kaspersky antivirus as  Trojan-Downloader.Win32.Stubby.c36http://www.kaspersky.com/personalpro0
1 8mosearch0 12mosearch.exe1 00301Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here62http://support.microsoft.com/support/kb/articles/Q282/1/06.asp0
1 5mosss0  9mosss.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5motie0  9motie.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
218Motive SmartBridge0 12MotiveSB.exe1 00 86Casema System 5.6.17.asst_classic.smartbridge, Casema, Inc.. Casema SnelHelp Berichten 01
218Motive SmartBridge0 12MotiveSB.exe1 00210System tray icon for the Virtual Assistant from AT&amp;T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required21http://www.attbi.com/0
2 8MotiveSB0 12MotiveSB.exe1 00206System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required21http://www.attbi.com/0
313MotiveMonitor0 10motmon.exe1 00434Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required 01
3 6MotMon0 10motmon.exe1 00434Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required 01
015mustek mdc 30000 11Mounter.exe1 00 59Related to software for the Mustek  MDC_3000 digital camera46http://www.ciao.co.uk/Mustek_MDC_3000__53033020
1 5mouse0  9mouse.exe1 00133Added by the W32/Rbot-AHJ worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotahj.html0
1 4run=0 22mouse_configurator.win1 00 27Added by the GAGGLE.E WORM!76http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.e@mm.html0
014FLMLABTECMOUSE0 12mouse32a.exe1 00 39Mouse utility for a Labtec brand mouse. 01
013FLMTRUSTMOUSE0 12mouse32a.exe1 00 38Mouse utility for a Trust brand mouse. 01
2 9Mouse 32A0 12Mouse32A.exe1 00 82Mouse driver to control mouse functions from Azona. Available via Start - Programs 01
313FLMTRUSTMOUSE0 12mouse32a.exe1 00 38Mouse utility for a Trust brand mouse. 01
3 8LWBMOUSE0 12MOUSE32A.EXE1 00 108.0.0.0, . 01
3 8LWBMOUSE0 12MOUSE32A.EXE1 00 71Mouse driver - required if you use non-standard Windows driver features 01
236Enable Wireless Optical Mouse Driver0 11MouseAp.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
120Mouse Button Monitor0 11mousebm.exe1 00133Added by the W32/Sdbot-ACG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacg.html0
1 8mousebut0 12mousebut.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
119Mouse Click Monitor0 11mousecm.exe1 00134Added by the W32/Sdbot-ZQ worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzq.html0
1 9Mousecntl0 13mousecntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
120Mouse Cursor Monitor0 12mousecrm.exe1 00 32Added by the W32/Sdbot-ABQ worm.57http://www.sophos.com/virusinfo/analyses/w32sdbotabq.html0
1 8mousedrv0 12mousedrv.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
3 8mouseElf0 12mouseElf.exe1 00129System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features 01
119Mouse Hardware Sync0 11mousehs.exe1 00 43Added by the Troj/Bdoor-HU backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorhu.html0
120Mouse Button Monitor0 11mousemm.exe1 00 30Added by the W32.Esbot.A worm.72http://www.sarc.com/avcenter/venc/data/w32.esbot.a.html#technicaldetails0
122Mouse Movement Monitor0 11mousemm.exe1 00132Added by the W32/Cuebot-E worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32cuebote.html0
1 8mousepad0 12mousepad.exe1 00 36Added by the Troj/Winsysba-E Trojan.59http://www.sophos.com/virusinfo/analyses/trojwinsysbae.html0
1 8mousepad0 13mousepad1.exe1 00 36Added by the Troj/Winsysba-E Trojan.59http://www.sophos.com/virusinfo/analyses/trojwinsysbae.html0
121Mouse Synchronization0 13mousesync.exe1 00 30Added by the W32/Esbot-A worm.55http://www.sophos.com/virusinfo/analyses/w32esbota.html0
2 4Tips0 13mousetips.exe1 00 33Suggests tips on using your mouse 01
123Windows Mouse Utilities0 14mouseutils.exe1 00131Added by the W32/Rbot-ABU worm.  This infection connects to an IRC server on startup where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotabu.html0
3 8Mousinfo0 12mousinfo.exe1 00 62MS mouse information tool - for troubleshooting mouse problems 01
113MovieNetworks0 17MovieNetworks.exe1 00250MovieNetworks will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:\Program Files\MovieNetworks directory29http://www.movienetworks.com/0
110Movieplace0 14Movieplace.exe1 00 18MoviePlace malware68http://research.pestpatrol.com/PestInfo/Pest_Detail.asp?id=4530606620
127Microsoft Internet Explorer0 10movies.exe1 00 53Added by the Troj/Bancos-DZ password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosdz.html0
220Mozilla Quick Launch0 11Mozilla.exe1 00 31Netscape 6 and Mozilla browsers 01
220Mozilla Quick Launch0 18Mozilla.exe -turbo2 00 55Mozilla 1.7.12: 2005091517, Mozilla Foundation. Mozilla 01
115[Various Names]0 16mozilla-text.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 8SiSAudio0  9MP_S3.exe1 00 84WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems 01
310MP3 Dancer0 13MP3Dancer.exe125StartUp menu\Current user0 46Totem Media MP3Dancer , Totem Media. MP3Dancer39http://www.absolutestartup.com/startup/1
2 7Drvsoft0 11MP3GRIM.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 4abtu0 12mp3serch.exe1 00 67Loads the executable for Lop.com. mp3serch.exe is the final version35http://www.spywareinfo.com/lop.html0
4 3MPB0  7MPB.exe1 00127File is found on Evesham computers and is used to assign programs to 4 different buttons. Found in C:\WINDOWS\System32\MPB.exe. 01
218Motive SmartBridge0  9mpbtn.exe1 00206System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required21http://www.attbi.com/0
119windows workstation0  8mpci.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115sis mpc service0 10mpcsvc.exe1 00 32Added by an unidentified TROJAN! 01
110[not used]0  9mpdat.exe1 00231Added by the W32/Rbot-WG worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.  These infections also log keystrokes, so if you are infected you should change all your passwords.55http://www.sophos.com/virusinfo/analyses/w32rbotwg.html0
4 6MPFExe0  7mpf.exe1 00 24McAfee Personal Firewall 01
3 9Favorites0 10Mpf.exe /S2 00 66My Personal Favorites 4.0, Webroot Software. My Personal Favorites 01
3 9Favorites0 10Mpf.exe /S211HKEY_LM\Run0 66My Personal Favorites 4.0, Webroot Software. My Personal Favorites39http://www.absolutestartup.com/startup/1
121Macfee Security Patch0 13Mpfsheild.exe1 00 26Added by the RBOT-NP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnp.html0
3 6MPFExe0 11MpfTray.exe111HKEY_LM\Run0 95McAfee Personal Firewall (MPF) 6.0.0.14, McAfee Security. McAfee Personal Firewall Tray Monitor39http://www.absolutestartup.com/startup/1
4 6MPFExe0 11MpfTray.exe1 00 24McAfee Personal Firewall 01
4 7MPFTray0 11MpfTray.exe1 00  0 01
1 4LTM20 12MPGSRV32.EXE1 00 31Added by the LITMUS.201 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.2010
1 7MapiDrv0 10mpisvc.exe1 00 27Added by the MIPSIV TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mipsiv.html0
112MPL32 driver0  9MPL32.exe1 00 28Added by the LOONY-M TROJAN!56http://www.sophos.com/virusinfo/analyses/trojloonym.html0
1 7mplay640 11mplay64.exe1 00 36Added by the  Trojan.MPlay64 TROJAN!53http://www.superadblocker.com/M/MPLAY64.EXE-6741.html0
1 7iLLeGaL0 11Mplayer.exe1 00126Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C0
119Win32 Configuration0 11mplayer.exe1 00 12Added by the112W32/Forbot0
3 8MplSetup0 12MplSetup.exe1 00 73Used by Ricoh network printers to enable network printing from the client 01
114windows update0 13mplupdate.exe1 00 34Added by the  W32.HLLW.MOEGA WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html0
315myprint mileage0  7mpm.exe1 00 44Reports battery status on a portable printer 01
325HPWH myPrintMileage Agent0  7mpm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111MPM manager0  7MPM.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
3 6MPower0 10MPower.exe1 00310MPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". Some users swear by programs such as this but I suggest you read this article and make up your own mind24http://www.mindbeat.com/0
120mediapipe p2p loader0 10mpp2pl.exe1 00 55Reported by  Ewido_Security_Suite as Spyware.MetaDirect24http://www.ewido.net/en/0
1 6MPREXE0 10MPREXE.EXE1 00 86Added by the OPASERV.T WORM! Note - this is not the legitimate  Mprexe.exe system file78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
410MPREXE.exe0 10mprexe.exe1 00405WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here and here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus70http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q1780840
1 7MprHTML0 11MprHTML.exe1 00 44Added by a variant of the VAGRNOCKER TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.120
2 5rmmon0 11mprmmon.exe1 00 81Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card 01
1 7mpr msg0 12mprmsg32.exe1 00 32Added by the  W32.MYTOB.CF WORM!63http://www.symantec.com/avcenter/venc/data/w32.mytob.cf@mm.html0
114mprocessor.exe0 14mprocessor.exe1 00 28InstallDollars.com foistware 01
4 6mpsonn0 10MpsOnn.exe1 00 20Canon printer driver 01
2 3MPT0  7MPT.exe1 00  2?? 01
115MPtask Services0 10mptask.exe1 00 33Added by the LALA or AOT TROJANS!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.html0
2 6MPTBox0 10MPTBOX.EXE1 00 40Cannon Multi-Pass toolbox - a button bar 01
2 6MPTBox0 10MPTBox.exe1 00 67Canon MultiPASS 3.20, Canon Information Systems. MultiPASS Tool Box 01
110MP Tcloaks0 13mptcloaks.exe1 00142Added by the W32/SdBot-GK worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotgk.html0
110MP Tcloaxs0 13mptcloaxs.exe1 00 28Added by the RANDEX.CT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.CT0
112MP Tclockvvv0 15mptclockvvv.exe1 00152Added by the W32/Sdbot-DJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdj.html0
112mptsgsvc.exe0 12mptsgsvc.exe1 00 70Hacker_Tool - detected by  TDS-3 antitrojan as "HackTool.Win32.Hidd.j"46http://www.f-secure.com/v-descs/hacktool.shtml0
1 8mpvigtbk0 12mpvigtbk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
120Windows Media Player0  8mpwe.exe1 00 31Added by the  W32/RBOT-TT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbottt.html0
2 7MPXTray0 12mpxptray.exe1 00186Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc 01
1 6mqbkup0 10mqbkup.exe1 00 28Added by the OPASERV.K WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html0
1 8qbkupdbs0 10mqbkup.exe1 00 28Added by the OPASERV.K WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html0
126Windows Network Controller0 11Mqguard.exe1 00 28Added by the FORBOT-CL WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcl.html0
1 6mqpppr0 10mqpppr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114WINDOWS SYSTEM0 10mqSSl;.exe1 00 48Added by the W32/Mytob-GF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobgf.html0
317MirrorFolderShell0 10mrfshl.exe1 00 28MirrorFolder backup software59http://download.e-not.net/utilities/11696/mirrorfolder.html0
329ecopy desktop printer service0 12mrmlnc32.exe1 00215eCopy Suite software connects your Canon imageRUNNER or document scanner to your company’s e-mail and other networked enterprise applications for easy, instantaneous distribution and management of scanned documents.39http://www.ecopy.com/products/index.htm0
130Syga432te Pe432rsonal Firewall0 12MrNo4236.exe1 00133Added by the W32/Rbot-AQY worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaqy.html0
340mRouterConfig for Siemens Data Suite SX10 17mRouterConfig.exe111HKEY_LM\Run0 55mRouter 1, 0, 0, 1, Intuwave Ltd.. mRouterConfig Module39http://www.absolutestartup.com/startup/1
1 9klrun.exe0  8mrowk.ex1 00 94Added by the W32/SillyKaza-A P2P worm.  This worms spreads via the Kazaa file sharing network.59http://www.sophos.com/virusinfo/analyses/w32sillykazaa.html0
1 7SVCHOST0 13mrowyekdc.exe1 00 25Added by the GOTORM WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gotorm.html0
1 8Explorer0  8MRSA.exe1 00 43Added by the W32/Mirsa-A mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32mirsaa.html0
1 8Keyboard0  8MRSA.exe1 00 43Added by the W32/Mirsa-A mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32mirsaa.html0
1 7Notepad0  8MRSA.exe1 00 43Added by the W32/Mirsa-A mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32mirsaa.html0
1 6System0  8MRSA.exe1 00  055http://www.sophos.com/virusinfo/analyses/w32mirsaa.html0
214MediaRing Talk0 10mrtalk.exe1 00 89Media Ring Talk, voice recognition software, Resource hog. Available via Start - Programs 01
2 7mrtMngr0 11mrtMngr.exe1 00 67Maintenance Release Task Manager for Intuit’s QuickBooks or Quicken 01
224MRU-Blaster Silent Clean0 14mrublaster.exe1 00 59MRU-Blaster - performs silent cleaning of MRU lists at boot46http://www.wilderssecurity.com/mrublaster.html0
224MRU-Blaster Silent Clean0 22mrublaster.exe -silent2 00 46MRU-Blaster v1.5 1.05.0009, . MRU-Blaster v1.5 01
113MS Office.hta0 13MS Office.hta2 00 34Added by the Troj/Psyme-CH Trojan.57http://www.sophos.com/virusinfo/analyses/trojpsymech.html0
110Ms Spool320 14MS SPOOL32.EXE2 00 28Added by the ASASSIN TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.assasin.html0
111MS IIS 5.010 10MS_IIS.exe1 00 28Added by Backdoor.FTP_Ana.B. 7target=0
138{08315C1A-9BA9-4B7C-A432-26885F78DF28}0 11Ms_Info.Obj1 00115Added by the Troj/LegMir-BR password-stealing Trojan.br /br /Uses CLSID: b{08315C1A-9BA9-4B7C-A432-26885F78DF28}/b.58http://www.sophos.com/virusinfo/analyses/trojlegmirbr.html0
110MS_LARISSA0 14MS_LARISSA.exe1 00 82Added by the W32/Assiral-A Infection!  File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32assirala.html0
112MS_SETUP.EXE0 12MS_SETUP.EXE1 00 27Added by the CHARGE TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.charge.html0
110cms_update0 13ms_update.exe1 00 21eBoard adware variant57http://www.sarc.com/avcenter/venc/data/adware.eboard.html0
114ms0645431887240 18ms064543188724.exe111HKEY_LM\Run0 29winbo32 1.00.0003, EnBrowser.39http://www.absolutestartup.com/startup/1
110win32servv0  7ms1.exe1 00 41Added by an unidentified trojan or adware 01
1 4ms320  8ms32.exe1 00 44Added by the Troj/Nuclear-N backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojnuclearn.html0
116Windows Security0  8ms32.pif1 00133Added by the W32/Rbot-ARN worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotarn.html0
118Microsoft Features0 11ms32cfg.exe1 00 26Added by the RBOT.HO WORM!97http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.HO&VSect=T0
1 9systemdrv0 11ms32sys.exe1 00 68Added by an unidentified WORM or TROJAN - most likely GAOBOT variant76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.html0
113Video Process0 11MS32x16.exe1 00 26Added by the RBOT.RH WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RH0
124Microsoft Update Control0  8Ms64.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8ms64.exe0  8ms64.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6MS75310 10ms7531.exe1 00 17Homepage hijacker 01
1 8MSPQFile0 11MSA****.TMP1 00 70Homepage hijacker. See here for more information. **** can be anything89http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=776;start=100
120Windows Media Player0  7msa.exe1 00 26Added by the RBOT-SI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsi.html0
138(1DC4096D-5B5F-479C-BC9C-EB70E4F613B3)0 11MSA13g5.dll1 00144Added by the Troj/Lineage-DW password-stealing Trojan for the online game Lineage.br /br /Uses CLSID: b(1DC4096D-5B5F-479C-BC9C-EB70E4F613B3)/b.59http://www.sophos.com/virusinfo/analyses/trojlineagedw.html0
113desktopupdate0 12MSA64CHK.dll1 00 20MatrixDialer related49http://www.doxdesk.com/parasite/MatrixDialer.html0
1 7takemp30 12MSA64CHK.dll1 00  049http://www.doxdesk.com/parasite/MatrixDialer.html0
1 5MSACM0  9msacm.exe1 00 28Added by the OPASERV-O WORM!57http://www.sophos.com/virusinfo/analyses/w32opaservo.html0
119microsft confige 320 17msaconfigurez.exe1 00 28Added by the  RBOT.CLC WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CLC&VSect=P0
133Microsoft Macro Protection SubSsy0 18msacroprots386.exe1 00 26Added by the RBOT-KE WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html0
1 9msadcheck0 15msadcheck32.exe1 00 50Browser hijacker, redirecting to search-system.com 01
1 8AboutSys0 11msaddon.dll1 00 68Added by the Adware.BocaiToolbar search hijacker and popup delivery.63http://www.sarc.com/avcenter/venc/data/adware.bocaitoolbar.html0
1 7msadp320 11msadp32.exe1 00 45Added as result of a  Octa-B trojan infection55http://www.sophos.com/virusinfo/analyses/trojoctab.html0
110[not used]0  8msag.com1 00138Added by the Backdoor.Beasty.C backdoor.  This backdoor listens on port 666.br /br /Uses CLSID: b{54AD0222-BB51-31EF-BBFA-06AA12E6115C}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.beasty.c.html0
115[Various Names]0  8msag.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8My Agent0 11msagent.exe1 00 30Added by the NEGASMS.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A0
1 9msagentxp0 13MSAgentXP.exe1 00 33Reported by  Ewido_Security_Suite24http://www.ewido.net/en/0
113Ahker Service0 11msahker.exe1 00 43Added by the W32/Ahker-C mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32ahkerc.html0
120Windows Media Player0  9msams.exe1 00 28Added by the  RBOT.AHR WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.AHR0
131Microsoft AOL Instant Messenger0 11MSAOL32.exe1 00 12Added by the34W32/Rbot-AAI WORM/backdoor trojan!0
133AOL Instant Messenger dll runtime0 14MSAOL32dll.exe1 00132Added by the W32/Rbot-ATA worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotata.html0
121MS Windows AOL Driver0 12MSAOLdrv.exe1 00132Added by the W32/Rbot-ASP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasp.html0
3 5msaim0 11msaolim.exe1 00 89MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!66http://www.symantec.com/avcenter/venc/data/spyware.messagespy.html0
110[not used]0  9msapi.exe1 00 37Added by the Troj/LegMir-W infection.57http://www.sophos.com/virusinfo/analyses/trojlegmirw.html0
129Microsoft Application Manager0 11msapl32.exe1 00 35Added by the Troj/Bropia-AE trojan.58http://www.sophos.com/virusinfo/analyses/trojbropiaae.html0
111msnmsgs.exe0  9msapp.exe1 00 90Added by the Troj/Dloader-IE TROJAN!  This file can be found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderie.html0
1 8WinApp320  9msapp.exe1 00 26Added by the RSBOT TROJAN!62http://www.symantec.com/avcenter/venc/data/backdoor.rsbot.html0
137{44AE4113-C121-10CC-1F32-A0BC12E2014}0 11msapplg.exe1 00 95Added by the Troj/Delf-KS Trojan.br /br /Uses CLSID: b{44AE4113-C121-10CC-1F32-A0BC12E2014D}/b.56http://www.sophos.com/virusinfo/analyses/trojdelfks.html0
121Microsoft SpA Service0 10msapps.exe1 00131Added by the W32/Rbot-VI worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotvi.html0
1 9msappts320 13msappts32.exe1 00 44Added by the Troj/Elburro-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojelburroa.html0
416Windows Defender0 11MSASCui.exe1 00 49Microsoft's Windows Defender Antispyware program. 01
124MS Auto-IPSec Protection0 11MSASP32.exe1 00133Added by the W32/Rbot-AER worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaer.html0
120Windows Media Player0 11msass43.exe1 00108Added by the W32/Rbot-RT worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrt.html0
1 5load=0 10msater.exe1 00 27Added by the RETSAM TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.retsam.html0
116ms autoloader 320 12MSAuto32.exe1 00 29Added by the  SPYBOT.BD WORM!91http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.BD0
134Microsoft Automatic Update Serivce0 11msautou.exe1 00221Added by the W32/Rbot-AOB worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute. This infection also creates the file svkp.sys in your Windows %System% folder.56http://www.sophos.com/virusinfo/analyses/w32rbotaob.html0
116Microsoft Update0 14msawindows.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
115MS Backup Agent0  9msbac.exe1 00133Added by the Troj/IRCBot-HG worm and IRC backdoor. This infection also utilizes the rootkit file C:\Windows\System32\drivers\mkey.sys58http://www.sophos.com/virusinfo/analyses/trojircbothg.html0
1 4MSBB0  8msbb.exe1 00 19Advertising spyware 01
1 8msbb.exe0  8msbb.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
126System Information Manager0  8Msbb.exe1 00 50Added by a variant of the BACKDOOR.IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
1 5msbcs0  9msbcs.exe1 00 46Added by the Troj/Dadobra-G downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojdadobrag.html0
160Microsoft Background Intelligent Transfer Update Version 2.00 12msbitsec.exe1 00 49Added by the W32/Sdbot-AJS worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotajs.html0
119windows auto update0 11msblast.exe1 00 28Added by the BLASTER.B WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html0
317MSN Messenger 7.00 11MsblIco.Exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
110[not used]0  9msbnc.exe1 00 43Added by the Troj/Agent-PL backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentpl.html0
110OLE Module0  9msbnk.dll1 00142Added by the Troj/Bankhof-B information stealing Trojan targetting German banks.br /br /Uses CLSID: b{190EE07F-D388-410c-A42D-11BD588E10FE}/b.58http://www.sophos.com/virusinfo/analyses/trojbankhofb.html0
330microsoft broadband networking0 12MSBNTray.exe1 00 47Microsoft Broadband Networking Tray Application 01
113MsBootMgr.exe0 13MsBootMgr.exe1 00 35to the %Root% and %System% folders. 01
1 9NvCplScan0  9msc32.exe1 00 28Added by the FORBOT-DD WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdd.html0
110MS Updates0 11mscache.exe1 00 22Spyware web downloader 01
110[not used]0 13mscarrt32.exe1 00 49Added by the W32/Oscabot-K worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32oscabotk.html0
1 9Checkdisk0  9mscas.exe1 00 33Added by the Troj/Vagon-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojvagona.html0
111System Tray0 11msccn32.exe1 00189Added by the  PALYH.A WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com. Note - this is not the valid SystemTray (SysTray.exe)43http://vil.nai.com/vil/content/v_100307.htm0
1 8mscdex320 12mscdex32.exe1 00 16Unknown malware. 01
122windows system mscdvvs0 11mscdvvs.exe1 00 28Added by the  MYTOB.MD WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.MD&VSect=P0
125System Efficiency Monitor0 13mscedit32.exe1 00 28Added by the SDBOT.P TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.p.html0
119windows shellext.320 11mschost.exe1 00 28Added by the BLASTER.K WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.k.worm.html0
3 6MPSExe0 12mscifapp.exe1 00147McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering" 01
3 6MPSExe0 23mscifapp.exe /embedding2 00 92McAfee Privacy Service 7.0.0.28, Networks Associates Technology, Inc. McAfee Privacy Service 01
110Client Man0 10Msckin.exe1 00 39Added by the Spyware.ClientMan spyware.61http://www.sarc.com/avcenter/venc/data/spyware.clientman.html0
1 6msclac0 10msclac.exe1 00121Added by the W32/SdBot-JM worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotjm.html0
130Microsoft Client Agent Service0 12msclient.exe1 00111Added by the W32/Tilebot-BP worm and IRC backdoor.  This infection will also install the rofl.sys rootkit file.58http://www.sophos.com/virusinfo/analyses/w32tilebotbp.html0
129client for microsoft networks0 14msclient32.exe1 00 27Added by the  W32/Sdbot-BXQ57http://www.sophos.com/virusinfo/analyses/w32sdbotbxq.html0
123Microsoft Digital Clock0 11msclock.exe1 00 28Added by the NACKBOT-D WORM!57http://www.sophos.com/virusinfo/analyses/w32nackbotd.html0
123Microsoft client for NT0  9msclt.exe1 00 48Added by the W32/Rbot-DID worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdid.html0
110ClientMan10 10mscman.exe1 00199Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK,  "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!" 01
1 6mscman0 10mscman.exe1 00199Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK,  "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!" 01
1 4scan0 10mscman.exe1 00214Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK,&nbsp; &quot;able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!&quot; 01
110msnmsg.exe0 11mscmd32.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
111MSN Manager0 10mscmgr.exe1 00 62Unidentified malware - causes multiple browser windows to open 01
1 5mscms0  9mscms.exe1 00 34Added by the Troj/Agent-MS Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentms.html0
223Content Monitoring Tool0 13msCMTSrvc.exe1 00147An application that is bundled with certain Compaq computers that downloads and displays "Hot Deals" when new merchandise is available from Compaq. 01
3 4mscn0  8mscn.exe1 00 76Part of the SafeChildNet internet filtering program - required if you use it 01
119Microsoft Update 320 10mscnfg.exe1 00132Added by the W32/Rbot-ALM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalm.html0
122microsoft config 32bit0 12mscnfg32.exe1 00 30Added by the  W32/RBOT-Z WORM!54http://www.sophos.com/virusinfo/analyses/w32rbotz.html0
127Microszoft Update Machinezs0 10mscnsz.exe1 00143Added by the W32/Rbot-FO trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotfo.html0
1 5Mscnt0  9mscnt.exe1 00 21Adult content dialler 01
1 8Mscolour0 12mscolour.exe1 00 25Added by the GEMA TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=405740
110MSCoolServ0 12mscolsrv.exe1 00 34Added by the Troj/RaHack-A trojan.57http://www.sophos.com/virusinfo/analyses/trojrahacka.html0
111COM Service0 11mscom32.com1 00 29Added by the BEASTY.H TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.h.html0
138(23246306-E6FB-4869-88ED-B4D4B5041EC1)0 11mscom32.dll1 00107Added by the Troj/Agent-KZ downloader Trojan.br /br /Uses CLSID: b(23246306-E6FB-4869-88ED-B4D4B5041EC1)/b.57http://www.sophos.com/virusinfo/analyses/trojagentkz.html0
117Windows Dcom2 Fix0 11mscom32.exe1 00 26Added by the RBOT-QT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqt.html0
125System Efficiency Monitor0 13mscommand.exe1 00 26Added by the KWBOT.P WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.p.worm.html0
1 7MSCommX0 11mscommx.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110MSN Update0  9mscon.exe1 00 26Added by the RBOT-QA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqa.html0
116Microsoft Config0 10msconf.exe1 00 26Added by the RBOT.PV WORM!89http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.PV0
116Microsoft Config0 10MSCONF.EXE1 00 26Added by the RBOT-LG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlg.html0
131Microsoft Configuration Utility0 10msconf.exe1 00134Added by the W32/Rbot-AFX worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafx.html0
112AppInit_DLLs0 11msconfd.dll1 00 77Added by the Adware.CWSMSConfd hijacker!  This is for the NT/XP/2000 version.61http://www.sarc.com/avcenter/venc/data/adware.cwsmsconfd.html0
116Microsoft Update0 11msconfg.exe1 00 25Added by the RBOT.H WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=396620
113MSCONFG32.EXE0 13MSCONFG32.EXE1 00 31Added by the OPTIX.04.C TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.c.html0
112Win32 Cnfg320 12msconfgh.exe1 00133Added by the WORM_MYTOB.NB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ENB&VSect=T0
2 8MSConfig0 12msconfig.exe1 00203Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode 01
216MSConfigReminder0 12msconfig.exe1 00203Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode 01
130Microsoft Java Virtual Machine0 12MsConfiG.exe1 00155Added by the  W32/Forbot-DV WORM/BACKDOOR!  The file is found in the Windows system folder. This infection also installs a service called draeco.sytes.net.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
130Microsoft Java Virtual Machine0 12MsConfiG.exe1 00155Added by the  W32/Forbot-DV WORM/BACKDOOR!  The file is found in the Windows system folder. This infection also installs a service called draeco.sytes.net.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
1 8Msconfig0 12msconfig.exe1 00 95Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.html0
1 8msconfig0 12msconfig.exe1 00209CoolWebSearch parasite related. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting53http://www.spywareinfo.com/~merijn/cwschronicles.html0
115Msconfig lptt010 12msconfig.exe1 00259Variant of the  RapidBlaster parasite (in a "msconfig" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Windows Msconfig which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
115Msconfig ml097e0 12msconfig.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
1 5msdev0 12msconfig.exe1 00207Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAU&VSect=T0
1 6winrun0 12msconfig.exe1 00 97Added by the WINUR.A WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winur.html0
2 8MSConfig0 18msconfig.exe /auto211HKEY_LM\Run0103Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. System Configuration Utility39http://www.absolutestartup.com/startup/1
121intel service drivers0 14msconfig16.exe1 00 47Added by the  Trojan_MSCONFIG16_Process TROJAN!56http://www.superadblocker.com/M/MSCONFIG16.EXE-6417.html0
124Compaq32 Service Drivers0 14msconfig32.exe1 00143Added by the W32/Sdbot-ADC worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotadc.html0
124Microsoft Windows Update0 14msconfig32.exe1 00 32Added by the W32/Tilebot-P worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotp.html0
1 8MSConfig0 14MSCONFIG32.EXE1 00 37Unidentified adware, spyware or virus 01
1 8MS-patch0 14msconfig32.exe1 00132Added by the W32/Rbot-AUF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotauf.html0
121Intec Service Drivers0 15msconfig32x.exe1 00 48Added by the W32/Rbot-BCR worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcr.html0
1 8msconfig0 14MSCONFIG35.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
110MSConfig450 14MSConfig45.exe1 00 29Added by the SDBOT.OJ TROJAN!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=56539&VName=BKDR_SDBOT.OJ0
1 9msconfigs0 13MsConfigs.exe1 00106Added by the W32/Alcra-A worm. This worm spreads by copying itself to folders shared for P2P applications.55http://www.sophos.com/virusinfo/analyses/w32alcraa.html0
112win32 secure0 15msconfigsvc.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
120Microsoft Configuewe0 15msconfiguwe.exe1 00 49Added by the W32/Sdbot-BPK worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotbpk.html0
119microsoft config 320 15msconfigx32.exe1 00 62Reported as Trojan.MSConfigX32.Process, possible Rbot variant. 01
111wininet.dll0 12mscornet.exe1 00 33Added by the Troj/Zlob-AO Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobao.html0
1 4msmc0 10mscpbo.exe1 00 26ClientMan parasite variant42http://doxdesk.com/parasite/ClientMan.html0
123microsoft crond service0 10MSCRON.EXE1 00 34Unidentified AIM-based worm/trojan 01
110MSCSCLIENT0 14mscsclient.exe1 00 92Added by the Adware.CashSaver  spyware/redirector.  File found in the Windows System folder.60http://www.sarc.com/avcenter/venc/data/adware.cashsaver.html0
1 6Mscsgs0 10MSCSGS.EXE1 00 24Added by the ZEZER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html0
1 8Mscsgs320 12MSCSGS32.EXE1 00 24Added by the ZEZER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.zezer.worm.html0
114ClickTheButton0 11MSCStat.exe1 00 35ClickTheButton Downloader-MY adware43http://vil.nai.com/vil/content/v_126801.htm0
110mscsvc.exe0 10mscsvc.exe1 00 28Added by the Troj/Banker-CK.58http://www.sophos.com/virusinfo/analyses/trojbankerck.html0
1 8msctfg320 12msctfg32.exe1 00108Added by the W32/Rbot-RN worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrn.html0
111msctl32.dll0 11msctl32.dll1 00 39Added by the Backdoor.Rustock backdoor.77http://www.sarc.com/avcenter/venc/data/backdoor.rustock.html#technicaldetails0
138(0C81EA61-20F8-4DDC-81BF-AF0923078398)0  9msctr.dll1 00181Added by the Troj/Bankhof-E password-stealing Trojan.  This infection installs the file C:\Windows\System32\rdrlib.dll.br /br /Uses CLSID: b(0C81EA61-20F8-4DDC-81BF-AF0923078398)/b.58http://www.sophos.com/virusinfo/analyses/trojbankhofe.html0
1 8Msctrl320 12Msctrl32.scr1 00 25Added by the REDIST WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.redist@mm.html0
117Internet Protocol0 15MSCTRL32OCX.EXE1 00141Added by the A href="http://www.sophos.com/virusinfo/analyses/trojbdoorbk.html"  rel="nofollow" target="_blank"Troj/Bdoor-BK backdoor trojan. 01
111MediaSource0 15MSCTRL32OCX.EXE1 00123Added by the A href="http://www.sophos.com/virusinfo/analyses/trojbdoorbk.html" target="_new"Troj/Bdoor-BK backdoor trojan. 01
125Microsoft Update Schedule0 12mscunt32.exe1 00 48Added by the W32/Rbot-BLE worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotble.html0
112System MScvb0 11mscvb32.exe1 00 26Added by the SOBIG.C WORM!62http://www.symantec.com/avcenter/venc/data/w32.sobig.c@mm.html0
114Microsoft Cvrt0 12mscvrt32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 5MSCVT0  9MSCVT.exe1 00 28Added by the SLIDESHOW WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.slideshow.html0
1 9diskcheck0 13msdarkend.exe1 00 40Added by an unidentified WORM or TROJAN! 01
111Testing 1230 10msdata.dat1 00 25Added by the NITS.A WORM!58http://www.symantec.com/avcenter/venc/data/w32.nits.a.html0
129microsoft datalog application0 10msdata.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
111ms database0 12MSDATA32.EXE1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
128ms windows data list process0 12MSDATLST.exe1 00 40Added by an unidentified WORM or TROJAN! 01
2 5Zebus0 10msdc32.exe1 00 42Runs a HTML tutorial on the Zebus web-site 01
1 6msdcom0 10MSDcom.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 9MS Config0 13msdconfig.exe1 00 48Added by the W32/Rbot-CZH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotczh.html0
125microsoft desktop manager0 12msdesk32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
130microsoft development debugger0  9msdev.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5msdev0  9msdev.exe1 00 28Added by the FORBOT-CR WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcr.html0
1 7msvsc320  9msdev.exe1 00 26Added by the RBOT-GJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgj.html0
132Sygate Personal Firewall Startup0  9msdev.exe1 00109Added by the  W32/Rbot-QY worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotqy.html0
114WINDOWS SYSTEM0 11msdev32.exe1 00137Added by the W32.Mytob.EH@mm worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.eh@mm.html#technicaldetails0
124Microsoft Device Manager0 14MSDEVMGD32.EXE1 00 79Added by W32/Domwis-F, a WORM/IRC backdoor TROJAN! Found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/w32domwisf.html0
124Microsoft Device Manager0 14msdevmgr32.exe1 00 83Added by the Backdoor.Lateda.B  Backdoor infection! Found in the Windows directory.78http://www.sarc.com/avcenter/venc/data/backdoor.lateda.b.html#technicaldetails0
134Microsoft Null Development Monitor0 13msdevnull.exe1 00195Added by the W32/Rbot-AGE worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.  This particular Rbot also uses rootkit technology to hide itself.56http://www.sophos.com/virusinfo/analyses/w32rbotage.html0
120Microsoft Diagnostic0 10msdiag.exe1 00108Added by the W32/Rbot-RV worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrv.html0
120Microsoft Diagnostic0 12msdiag32.exe1 00 97Added by W32/Rbot-UC,  a network worm and IRC backdoor Trojan found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32rbotuc.htmll0
112msdirect.exe0 12msdirect.exe1 00 52Added by the Troj/Certif-L password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifl.html0
1 9msdirectx0 13msdirectx.sys1 00125This infection hijacks Internet Explorer to redirect to search-area.com.  More information can be found here - Troj/Malche-A.57http://www.sophos.com/virusinfo/analyses/trojmalchea.html0
116Media Plug x.1.20  8msdm.exe1 00 31Added by the MULDROP.352 VIRUS! 01
111VnCplUpdate0  8msdm.exe1 00147Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in  this advisory72http://www.dslreports.com/forum/remark,8021632~root=security,1~mode=flat0
1 6Msdmxm0 10msdmxm.exe1 00 26Adult premium rate dialler 01
121machine debug manager0  8msdn.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9msdn help0  8msdn.exe1 00 31Added by the  AGOBOT.AIB  WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AIB&VSect=P0
111MSDN Driver0 10msdndr.pif1 00 36Added by the Troj/HacDef-EQ rootkit.58http://www.sophos.com/virusinfo/analyses/trojhacdefeq.html0
119Microsoft DNS Query0  9msdns.exe1 00 39Added by a variant of the WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 5msdns0  9msdns.exe1 00 48Added by Troj/Dloader-VK ,  a downloader Trojan.60http://www.sophos.com/virusinfo/analyses/trojdloadervk.htmll0
128MS Domain Name Server Deamon0 12MSDNSD32.exe1 00 48Added by the W32/Rbot-CMZ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcmz.html0
114Msdn Update 320 12msdnupdate321 00133Added by the W32/Tilebot-M worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tilebotm.html0
127System Document Application0 14msdocument.exe1 00 83Added by the W32.Randex.COX infection.  File is found in the Windows system folder.75http://www.sarc.com/avcenter/venc/data/w32.randex.cox.html#technicaldetails0
138(3FDEB171-8F86-4669-B664-69B8DB553683)0  9MsDos.DLL1 00144Added by the Troj/Lineage-NS password-stealing Trojan for the online game Lineage.br /br /Uses CLSID: b(3FDEB171-8F86-4669-B664-69B8DB553683)/b.59http://www.sophos.com/virusinfo/analyses/trojlineagens.html0
1 8MsSystem0  9msdos.exe1 00 35Adult content downloader - see here43http://vil.nai.com/vil/content/v_100801.htm0
122MSDOS Security Service0  9msdos.pif1 00 48Added by the W32/Rbot-AMP IRC and backdoor worm.56http://www.sophos.com/virusinfo/analyses/w32rbotamp.html0
123MS-DOS Security Service0 10ms-dos.pif1 00132Added by the W32/Rbot-AMR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamr.html0
114MS-DOS Service0 10MS-DOS.pif1 00133Added by the W32/Rbot-AII worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaii.html0
113MSDOS Service0  9MSDOS.PIF1 00133Added by the W32/Rbot-AIY worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaiy.html0
122MS-DOS Windows Service0 10MS-DOS.PIF1 00132Added by the W32/Rbot-AJW worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotajw.html0
121MSDOS Windows Service0  9MSDOS.PIF1 00132Added by the W32/Rbot-AKF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakf.html0
115[various names]0 11msdos32.exe1 00 59Added by a variant of the WIN32.AGENT.AH downloader TROJAN! 01
1 7Msdos320 11Msdos32.pif1 00 25Added by the RECORY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.recory@mm.html0
1 8msdos4230 12msdos423.exe1 00 27Added by the MENACE.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MENACE.A0
1 7Windows0 11msdos98.exe1 00 29Added by the  PWSTEAL TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.trojan.html0
111load system0 12MSDOSDLL.EXE1 00 47Added by the Backdoor.Badcodor backdoor trojan.61http://www.sarc.com/avcenter/venc/data/backdoor.badcodor.html0
2 8MSDosdrv0 12msdosdrv.exe1 00 25Added by the BACROS WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.bacros.html0
111COM Service0 10msdrce.com1 00 29Added by the BEASTY.I TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.i.html0
115Micrsoft Driver0 12msdriver.exe1 00 12Added by the31W32/Sdbot-XD WORM/IRC backdoor!0
110[not used]0  9msdrv.exe1 00 37Added by the Troj/CmjSpy-U keylogger.57http://www.sophos.com/virusinfo/analyses/trojcmjspyu.html0
116Ms Sound Drivers0  9msdrv.exe1 00 51Added by the W32/Sdbot-WR WORM/IRC backdoor Trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwr.html0
1 9msdirectx0  9msdrv.exe1 00 12Added by the53W32/Sdbot-WR as a service, with the same displayname.0
1 7msysdrv0  9msdrv.exe1 00 41Added by the Win32.VB.wf backdoor TROJAN! 01
128MS DVD DirectX Sound Drivers0 11msdrvdx.exe1 00109Added by the W32/Sdbot-XJ WORM/IRC backdoor trojan. It will install msdirectx as a new service & displayname.56http://www.sophos.com/virusinfo/analyses/w32sdbotxj.html0
123Windows Driver Services0 12msdrvs32.exe1 00 28Added by the WOOTBOT.L WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.L0
118Windows Automation0 10msdspr.exe1 00 27Added by the SOLAME.A WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.solame.a.html0
133Microsoft Distributed Transaction0  8msdt.exe1 00134Added by the W32/Tilebot-BQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotbq.html0
123Norton Drive Protection0 10msdt32.exe1 00146Added by the W32/Forbot-GB worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.57http://www.sophos.com/virusinfo/analyses/w32forbotgb.html0
2 5MSDTC0  9msdtc.exe1 00146MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server 01
1 5ccrss0  9MSDTC.exe1 00 29Added by the W32/Stap-A worm.54http://www.sophos.com/virusinfo/analyses/w32stapa.html0
133Microsoft Distributed Transaction0 10msdtce.exe1 00 87Added by the Troj/ServU-CT  backdoor trojan that sets up a FTP server on your computer.57http://www.sophos.com/virusinfo/analyses/trojservuct.html0
1 7IECheck0 10MSDTCs.exe1 00 12Added by the38W32/Tirbot-D WORM/IRC backdoor trojan!0
113MSN Messenger0 10msdtsc.exe1 00 46Added by the Troj/Keylog-BM keylogging Trojan.58http://www.sophos.com/virusinfo/analyses/trojkeylogbm.html0
113MSNS PLUS XP20 10msdupd.exe1 00 48Added by the W32/Rbot-BCE worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbce.html0
127Device Configuration Loader0 11msdvc32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
116microsoftdvdhelp0  9msdvd.exe1 00133Added by the W32/Sdbot-AFG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafg.html0
1 9SoundView0 13msdview32.exe1 00 17Trojan downloader 01
116Micr0s0ft Ms D0s0  8msdx.exe1 00133Added by the W32/Rbot-AON worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaon.html0
110msdy32.dll0 10msdy32.dll1 00204Added by the W32/Feebs-M worm. This infection also creates the following files: C:\Windows\System32\msoe.exe and C:\Windows\System32\msry.exe.br /br /Uses CLSID: b{18D587C0-5332-89C5-61AE-0A734D699959}/b.55http://www.sophos.com/virusinfo/analyses/w32feebsm.html0
128MICROSFT RAMA UPDATE SUPPORT0 10MSED32.EXE1 00131Added by the W32/Rbot-AWR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute56http://www.sophos.com/virusinfo/analyses/w32rbotawr.html0
1 5msiew0  9mseiw.exe1 00 29Added by the  LITTLOG TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.littlog.html0
1 7Msemu320 11Msemu32.exe1 00 36Unidentified spyware/adware/hijacker 01
113blahh service0 12msengine.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9mserv.exe0  9mserv.exe1 00135Added by the Troj/KillProc-E trojan.  This program is used to terminate security related software so they can not run on your computer.59http://www.sophos.com/virusinfo/analyses/trojkillproce.html0
121Multimedia extensions0 12mservice.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
113mservices.exe0 13mservices.exe1 00 28Added by the  SDBOT.WJ WORM!83http://it.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.WJ0
111USB Updates0 13mservices.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Configuration Loader0 10mservs.exe1 00134Added by the W32/Sdbot-NM worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnm.html0
122Microsoft EV32 Service0 10MSev32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115mswkork Service0 11msework.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115Microsoft Excel0 11msexcel.exe1 00 61Added by the RBOT-TQ worm with backdoor trojan functionality.55http://www.sophos.com/virusinfo/analyses/w32rbottq.html0
1 6Update0 13msexplore.exe1 00133Added by the W32/Sdbot-JG worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotjg.html0
111MsnExplorer0 14MSEXPLOREN.EXE1 00 34Added by the  TROJ/BDOOR-EB TROJAN57http://www.sophos.com/virusinfo/analyses/trojbdooreb.html0
1 7SvcH0st0 14msexploren.exe1 00 33Added by the BACKDOOR-CGZ TROJAN!54http://vil.mcafeesecurity.com/vil/content/v_127365.htm0
121ms msn menssenger 7.00 12MSEXPORT.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
131Microsoft Decryption Technology0 11Msfenoe.exe1 00 28Added by the SPYBOT-DG WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotdg.html0
112USB Drivers10 14msfierwall.exe1 00 17An SDbot variant. 01
1 6Msfind0 10Msfind.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8MSFind320 12msfind32.exe1 00 24Added by the CAYAM WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cayam@mm.html0
021file indexing service0 14msfindfile.exe1 00 52New version of MS FindFast and still a resource hog? 01
113msfindosa.exe0 13msfindosa.exe1 00 34Added by the DOWNLOADER-BS TROJAN!42http://vil.nai.com/vil/content/v_99960.htm0
1 9USBDrives0 14msfirewali.exe1 00 99An SDBot variant.  These infections connect to IRC servers and wait for remote commands to execute. 01
111MS FIREWALL0 14msfirewall.exe1 00 27Added by the SDBOT-QH WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqh.html0
121network device driver0 14msfirewall.exe1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
111USB Updates0 15msfirewalls.exe1 00146Added by a variant of the RBOT WORM! When started, this infection will connect to an IRC server where it will wait for remote commands to execute.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111COM Service0 10msflyx.com1 00 44Added by the Troj/BeastDo-O backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojbeastdoo.html0
116Win32 FRT Driver0 10msfr32.exe1 00 38Added by a variant of the FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
116MS Configuration0 12MSFramer.exe1 00 28Added by the RANDEX.OL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ol.html0
111MS FIREWALL0 13msfrewall.exe1 00 27Added by the SDBOT-PU WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpu.html0
110TCPservice0 12msftcpip.sys1 00 45Added by the Troj/Haxdoor-AI backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorai.html0
1 8ethernet0  9msftp.exe1 00 29Added by the  SDBOT.BXJ WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BXJ&VSect=P0
124MicroSoft Windowz Update0 16MsFtUpdateXP.exe1 00 50Added by the W32/Tilebot-BL worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotbl.html0
124Windows Firewall Manager0  8msfw.exe1 00 26Added by the RBOT.WR WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WR0
116NAV Auto Protect0 10msfwe1.exe1 00 28437" target=_blankRBOT WORM! 01
120configuration loader0  7msg.exe1 00 28Added by the  SDBOT.BT WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BT&VSect=P0
317EW Message Server0  9msg32.exe1 00112Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices 01
130microsoft windows game updater0 12msgame32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9startmenu0 10msgaol.exe1 00 38Added by the  WIN32.TACTSLAY.C TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
1 6msgate0 10msgate.exe1 00121Added by the W32/Sdbot-OK worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotok.html0
1 5msgb10  9msgb1.exe1 00 30Added by the DLUCA.GEN TROJAN! 01
211realplayer20 12MsgCenterExe1 00101RealNetworks  RealPlayer related - disabling this application will not affect Real Player in any way.20http://www.real.com/0
122microsoft configure 320 15msgconfigre.exe1 00136Added by a variant of the  GAOBOT/AGOBOT WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
120microsoft configs 320 15msgconfigrs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 4msmc0 10msgdmf.exe1 00 26ClientMan parasite variant42http://doxdesk.com/parasite/ClientMan.html0
1 7msgex320 11msgex32.exe1 00 45Added by the W32/Appflet-A mass mailing worm.57http://www.sophos.com/virusinfo/analyses/w32appfleta.html0
116activex streamer0 10msgfix.exe1 00 28Added by the  SDBOT.NQ WORM!90http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.NQ0
120Configuration Loader0 10msgfix.exe1 00 53Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aus.html0
113Event Monitor0 10msgfix.exe1 00127Added by the W32/Sdbot-DY. When started this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotdy.html0
128Windows Configuration Loader0 10msgfix.exe1 00134Added by the W32/Sdbot-NP worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnp.html0
113change-me-now0 11msgfix1.exe1 00 27Added by the SDBOT.ZD WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD0
113Messenger Fix0 12msgfix16.exe1 00134Added by the W32/Randex-JJ worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotjj.html0
120Configuration Loader0 12msgfix32.exe1 00 49Added by the W32/Sdbot-AGH worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagh.html0
110Msg Fixage0 12msgfixed.exe1 00 27Added by the SDBOT.ZD WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD0
110Msg Fixage0 13msgfixing.exe1 00134Added by the W32/Sdbot-IP worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotip.html0
120Configuration Loader0 11MSGFIXP.EXE1 00142Added by the W32/Sdbot-HS worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdboths.html0
113Configuration0 11msgfixs.exe1 00134Added by the W32/Sdbot-NN worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnn.html0
127Microsoft Gina V Encryption0 11MSGINAV.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
3 8WM_LOGIN0 12MSGLOGIN.EXE1 00 57Part of McAfee Firewall. What is it for and is it needed? 01
114Win TaskLoader0  9msgmr.exe1 00 50Added by the W32/Mytob-D WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32mytobd.html0
1 7MSREGIT0  8Msgp.exe1 00 32Added by the KRYPGHOS.13 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_KRYPGHOS.130
213MessengerPlus0 11MsgPlus.exe1 00256MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!23http://www.msgplus.net/0
214MessengerPlus20 11MsgPlus.exe1 00  023http://www.msgplus.net/0
214MessengerPlus30 11MsgPlus.exe1 00 57Messenger Plus! 3 3, 60, 0, 144, Patchou. Messenger Plus! 01
214MessengerPlus30 11MsgPlus.exe1 00256MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!23http://www.msgplus.net/0
1 5CLSID0 11msgplus.exe1 00 21Adult content dialler 01
214MessengerPlus30 21MsgPlus.exe /WinStart211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
128Microsoft MSGPLUS32 Protocol0 13msgplus32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
412CheckMsgPlus0 32MsgPlusH.dll, VerifyInstallation2 00128Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.50http://www.patchou.com/msgplus/faq.htm#stopconnect0
125Microsoft Taskbar Manager0  8MSGR.EXE1 00218Added by the BKDR_SDBOT.JD worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.  This infection also logs your keysrokes to C:\Windows\System32\Keylog.txt85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.JD&Vsect=T0
118Messenger start-up0 10Msgran.exe1 00 25Added by the GRAMOS WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.gramos.html0
1 9Svchost320 12msgrsv32.exe1 00 64Added by Troj/Ranck-BH, which functions as an HTTP proxy TROJAN!57http://www.sophos.com/virusinfo/analyses/trojranckbh.html0
1 9svshost320 12msgrsv32.exe1 00 29Added by the RANKY.AJ TROJAN! 01
1 8WinCSRSS0 11MSGRT32.EXE1 00 30Added by the REWINDO-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojrewindoa.html0
123Windows Service Manager0  8msgs.exe1 00128Added by the W32/Oscabot-E worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32oscabote.html0
1 7msgsm320 11msgsm32.exe1 00145Added by the W32/Rbot-ASG worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotasg.html0
1 4load0 11msgsr32.exe1 00 12Added by the38W32/Sdbot-QR WORM/IRC backdoor trojan.0
1 8Msgsrv160 12Msgsrv16.exe1 00 36Added by the DELF family of TROJANS!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html0
1 8Internat0  8msgsrv321 00 44Added by the Troj/Nyrubot-A backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojnyrubota.html0
1 4LTM20 12MSGSRV32.EXE1 00161Added by the LITMUS.A TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:\Windows\System89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.A&amp;VSect=T0
412MSGSRV32.exe0 12msgsrv32.exe1 00250Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background62http://support.microsoft.com/support/kb/articles/q138/7/08.asp0
1 8Internat0 13msgsrv32.exe.1 00 44Added by the Troj/Nyrubot-A backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojnyrubota.html0
1 4LTM20 13MSGSRV320.EXE1 00 29Added by the LITMUS.C TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.C0
1 8msgsvr320 12msgsvr32.exe1 00167Added by the DEADHAT.B WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:\Windows\System) on a Win9x/Me machine79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.b.html0
3 6msgtag0 10MSGTAG.exe1 00 87MSGTAG is an application that tells you when your emails have been received and opened.27http://www.msgtag.com/home/0
3 6MSGTAG0 19MSGTAG.exe /startup211HKEY_CU\Run0 17MSGTAG 1.0.0.0, .39http://www.absolutestartup.com/startup/1
128MICROSFT RAMA UPDATE SUPPORT0 14MSGUPDAT32.EXE1 00 48Added by the W32/Rbot-BBB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbb.html0
133MICROSFT ANTIVIRUS UPDATE SUPPORT0 14MSGUPDATED.EXE1 00133Added by the W32/Rbot-APZ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapz.html0
116windows firewall0 14msgupdater.exe1 00146Added by the W32/Sdbot-ADZ worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.57http://www.sophos.com/virusinfo/analyses/w32sdbotadz.html0
114microsoft idcn0 10mshe1p.exe1 00 32Added by an unidentified TROJAN! 01
121Microsoft Help System0 12mshelp32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8mshelp320 12mshelp32.exe1 00 42Added by a  CoolWebSearch parasite variant46http://doxdesk.com/parasite/CoolWebSearch.html0
124Hardware Monitor Service0  9mshms.exe1 00 42Added by the Troj/Wollf-A backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojwollfa.html0
123microsoft driver update0 10Mshome.exe1 00 27Added by the SDBOT.BL WORM! 01
116Microsoft Client0 10mshost.exe1 00 48Added by the W32/Rbot-AND worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotand.html0
1 7XP_CORE0 10mshost.exe1 00 35Added by the Troj/LanFilt-J trojan.58http://www.sophos.com/virusinfo/analyses/trojlanfiltj.html0
1 5mssp30 12mshost32.exe1 00 33Added by the Troj/IBank-E Trojan.56http://www.sophos.com/virusinfo/analyses/trojibanke.html0
133Microsoft Security Hot Fix Update0 12mshotfix.exe1 00 15Affilred adware58http://sarc.com/avcenter/venc/data/pf/adware.affilred.html0
325microsoft hotmail monitor0 12mshotmon.exe1 00 28Added by the  MYTOB.LY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LY&VSect=P0
120Adobe Update Manager0  9mshss.exe1 00 42Added by the Troj/Wollf-B backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojwollfb.html0
1 5MSHT@0  9MSHT@.EXE1 00 29Added by the MAGISTR.A VIRUS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A0
110SystemBoot0 25Mshta.exe ...filename.hta2 00 21Adult content dialler 01
127microsoft hyptertext helper0 10mshtha.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 7MSAgent0  9mshtm.exe1 00 51Browser hijacker - redirecting to buldog-search.com 01
1 6Update0  9mshtm.exe1 00  0 01
1 7MS HTML0 10msHtml.exe1 00 32Added by the PESTDOOR.31 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_PESTDOOR.310
122MS HTML Location Class0 12MSHTML32.exe1 00143The W32/Rbot-YD WORM/IRC backdoor adds this to allow a remote operater to setup a SOCKS4 server,  download and run files and enact DoS attacks.55http://www.sophos.com/virusinfo/analyses/w32rbotyd.html0
110[not used]0 12mshttcpl.exe1 00 44Added by the Troj/PPdoor-AR backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojppdoorar.html0
122Compaq Service Drivers0  7msi.exe1 00 48A new variant of the Rbot worm and IRC backdoor. 01
1 7msi.exe0  7msi.exe1 00165Added by the Troj/Bancban-CT trojan.  If you are infected with this you should immediately change all of your online banking passwords and look for unusual activity.59http://www.sophos.com/virusinfo/analyses/trojbancbanct.html0
114Windows Update0  7msi.exe1 00 52Added by the Troj/Banker-XB Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerxb.html0
122WindowsRegKey%$ update0 10msi332.exe1 00 26Added by the RBOT-IX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotix.html0
1 7msident0 11msident.exe1 00 29Unidentified adware or trojan 01
1 6msidle0 10msidle.exe1 00 28Added by the OPASERV-O WORM!57http://www.sophos.com/virusinfo/analyses/w32opaservo.html0
112MsIdle32.exe0 12MsIdle32.exe1 00 12Added by the96W32/Verify-B WORM/backdoor, which also adds MsBootMgr.exe to %Root% and %System% file locations.0
122Microsoft Ansti Update0  8msie.exe1 00 26Added by the RBOT-LE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotle.html0
118Microsoft Features0  8msie.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Microsoft upnp Update0  8msie.exe1 00 26Added by the RBOT-LQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlq.html0
124Microsoft Windowz Update0  8msie.exe1 00 50Added by the W32/Tilebot-CT worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotct.html0
112msie parsers0 12MSIE32ab.exe1 00 28Added by the  SDBOT.MV WORM!90http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.MV0
1 9[unknown]0 11msie32c.exe1 00142Added by the W32/SdBot-FY worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotfy.html0
1 9IEXPLORER0 11msiecfg.exe1 00 43Added by the Troj/Bdoor-JU backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorju.html0
110Rundll32_70 12MSIEFR40.DLL1 00 46BrowserAid "Featured Results" hijacker variant61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
124Internet Explorer Helper0 12msiehelp.exe1 00 32Added by the Troj/Iyus-P Trojan.55http://www.sophos.com/virusinfo/analyses/trojiyusp.html0
1 7MSIEXEC0 11MSIEXEC.EXE1 00116Added by VBS/Yosenio-A.  The VIRUS will overwrite files on the infected computer, adding .vbs to the file extension.57http://www.sophos.com/virusinfo/analyses/vbsyosenioa.html0
1 9GLSetIT320 13msiexec16.exe1 00 30Added by the OPTIX PRO TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=394820
1 7MSIEXEC0 13MSIEXEC32.exe1 00 28Added by the AINESEY.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.ainesey.a@mm.html0
110Windows TM0 13msiexec32.exe1 00155Added by the  W32/Forbot-DV WORM/BACKDOOR!  The file is found in the Windows system folder. This infection also installs a service called draeco.sytes.net.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
1 8Threaded0 11MSIExxx.exe1 00133Added by the W32/Sdbot-MY worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmy.html0
112windows usbd0 15msifirewall.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 8msiishlp0 12MSIISHLP.EXE1 00 99A service added by the Troj/Bdoor-GML TROJAN/backdoor, it's display name is "Microsoft IIS helper".58http://www.sophos.com/virusinfo/analyses/trojbdoorgml.html0
1 9msimn.exe0  9MSIMN.EXE1 00 41Added by the W32/Forbot-TY worm/backdoor.57http://www.sophos.com/virusinfo/analyses/w32forbotty.html0
1 7MSIMN320 11MSIMN32.EXE1 00 70Hijacker - recognized by  Kaspersky antivirus as Trojan.Win32.Agent.cx36http://www.kaspersky.com/personalpro0
2 4MSIN0  8MSin.exe1 00  0 01
1 6Msinet0 10Msinet.exe1 00142Added by the W32/Rbot-AOA worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaoa.html0
410FltProcess0 10msinet.exe1 00161Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done27http://www.cyberpatrol.com/0
114Microsoft Info0 10msinf0.exe1 00153Added by the Troj/Sdbot-ET backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotet.html0
1 6MSInfo0 10msinfo.exe1 00 30Added by the ALADINZ.M TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.m.html0
1 8msinfmgr0 13msinfomgr.sys1 00 71Added by the W32.Naras virus with keylogging and rootkit functionality.70http://www.sarc.com/avcenter/venc/data/w32.naras.html#technicaldetails0
113Bymer.Scanner0 10Msinit.exe1 00 24Added by the BYMER WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bymer.html0
1 6msinit0 10msinit.exe1 00 50Added by the W32/Tilebot-BJ worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotbj.html0
116Internet Loader10 15MSInstall61.exe1 00 26Added by the KWBOT.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.b.worm.html0
1 7MsClock0 11msinter.exe1 00 36Added by the Troj/Dloadr-AEI Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloadraei.html0
111TaskMonitor0 11Msinter.exe1 00 27Added by Backdoor.DarkSky.C62http://www.sarc.com/avcenter/venc/data/backdoor.darksky.c.html0
117Intrenet Explorer0 10msints.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121microsoft int service0 12MsIntSrv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8SCANREGW0 12msisexec.exe1 00 62Added by the roj/GWGhost-BA password-stealing backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgwghostba.html0
131Microsoft Service InstallShield0 12msisrv32.exe1 00248Added by the W32/Rbot-ML trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotml.html0
116AntiVirus Update0 10msisvc.exe1 00143Added by the W32/Rbot-HX trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothx.html0
110MS-Connect0 11msite18.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
115[Various Names]0 10ms-its.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
116Microsoft Update0 12msiwin84.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
123MS Internet Executor 320 12MSIXEC32.exe1 00133Added by the W32/Rbot-AEQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaeq.html0
116Microsoft JavaVM0 11msjarun.exe1 00 26Added by the RBOT-JW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjw.html0
130Microsoft Java Virtual Machine0 13msjavarxp.exe1 00 12Added by the59W32/Forbot-DL, using the servicename of Norton Anti-hacker.0
410UsB driver0 12msjavx86.exe1 00 69Added by W32/Agobot-PQ. FIle is located in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotpq.html0
110MSOffice320  9msjcf.exe1 00 33Added by the Troj/Raker-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojrakera.html0
111COM Service0 10msjclh.com1 00 25Added by the PLUX TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.plux.html0
136Portable Media Serial Number Service0 11msjet62.dll1 00 50Added by the W32/Dbit-B virus and backdoor Trojan.54http://www.sophos.com/virusinfo/analyses/w32dbitb.html0
1 4msjp0 10MSJP32.exe1 00 43Added by the Troj/Ranck-DE backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckde.html0
130Microsoft Java Virtual Machine0  9msjvm.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
311MSKAGENTEXE0 12MskAgent.exe1 00 25Part of McAfee Spamkiller47http://us.mcafee.com/root/package.asp?pkgid=1560
311MSKAGENTEXE0 12MskAgent.exe111HKEY_LM\Run0107McAfee SpamKiller 5, 0, 0, 0, Networks Associates Technology, Inc. McAfee SpamKiller Agent Interface module39http://www.absolutestartup.com/startup/1
314MSKDetectorExe0 12MSKDetct.exe1 00 25Part of McAfee Spamkiller47http://us.mcafee.com/root/package.asp?pkgid=1560
314MSKDetectorExe0 21MSKDetct.exe /startup211HKEY_LM\Run0 71McAfee SpamKiller 6.0, McAfee, Inc.. McAfee SpamKiller Account Detector39http://www.absolutestartup.com/startup/1
314MSKDetectorExe0 23MSKDetct.exe /uninstall2 00 75McAfee SpamKiller 6.1.0.0, McAfee, Inc.. McAfee SpamKiller Account Detector 01
124Internet Explorer Plugin0 14Mskernel16.exe1 00 39Added by the Backdoor.Backage backdoor.60http://www.sarc.com/avcenter/venc/data/backdoor.backage.html0
110MSKernel320 14MSKernel32.vbs1 00 44Added by the  LOVELETTER (I LOVE YOU) VIRUS!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER0
119MSKernelAutoUpdater0 25MSKernelUpdate_435353.vbs1 00 12Added by the38VBS/Ediboy-C Visual Basic script WORM!0
121Windows kev Messenger0  9mskev.exe1 00 12Added by the119W32/Sdbot-0
127Microsoft Spooler SubSystem0 12mskik32c.exe1 00 48Added by the W32/Rbot-BBR worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbr.html0
133Microsoft WinXP Spooler SubSystem0 10mskiks.exe1 00 48Added by the W32/Rbot-CWU worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcwu.html0
1 4mskj0  8mskj.exe1 00 28Added by the  Kaemon TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.kaemon.html0
110mskk32.dll0 10mskk32.dll1 00 92Added by the W32/Feebs-Q worm.br /br /Uses CLSID: b(A535CED7-A46C-D381-027C-CC9B3EB1B15E)/b.55http://www.sophos.com/virusinfo/analyses/w32feebsq.html0
312MSKServerExe0 11MSKSrvr.exe1 00 25Part of McAfee Spamkiller47http://us.mcafee.com/root/package.asp?pkgid=1560
1 8mslagent0 12mslagent.exe1 00 25Added by SIMCSS.B adware!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.simcss.b.html0
133windows workstation start service0 12mslanmgr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9mslarissa0 13MSLARISSA.pif1 00 29Added by the  ASSIRAL.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html0
1 7MS HTML0  9mslat.exe1 00 32Added by the LATINUS.SVR TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.SVR0
118windows automation0 11mslaugh.exe1 00 28Added by the BLASTER.E WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.e.worm.html0
111CiaBackdoor0  9msldr.com1 00 17Added by a VIRUS! 01
111SecureLogin0 10Mslg32.exe1 00 25Added by the REDZED WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.redzed@mm.html0
1 7Runmsni0 12Msline32.exe1 00 36Added by the Backdoor.Omed.B trojan.76http://www.sarc.com/avcenter/venc/data/backdoor.omed.b.html#technicaldetails0
111LoadManager0 10msload.exe1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
112LoadingAgent0 12msload32.exe1 00 90Added by the OBLIVION TROJAN! This executable is one of the most common but there are more78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html0
117Zip Driver Loader0 12msload32.exe1 00 90Added by the OBLIVION TROJAN! This executable is one of the most common but there are more78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.oblivion.html0
117MS Config Service0 14Msloader32.exe1 00 26Added by the RBOT-KJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkj.html0
114Mslogon lptt010 11mslogon.exe1 00187Variant of the  RapidBlaster parasite (in a &quot;Mslogon&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Mslogon ml097e0 11mslogon.exe1 00177Variant of the  RapidBlaster parasite (in a "Mslogon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
1 6MsLS320 10MsLS32.exe1 00 50Added by the W32/Tilebot-BS worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotbs.html0
119Microsoft LSA layer0 11MSLSA32.exe1 00 31Added by the W32/Rbot-AKZ worm.56http://www.sophos.com/virusinfo/analyses/w32rbotakz.html0
120Microsoft AUT Update0 11MSlti16.exe1 00 26Added by the RBOT.EB WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EB&VSect=T0
120Microsoft AUT Update0 11MSlti32.exe1 00 25Added by the RBOT-X WORM!54http://www.sophos.com/virusinfo/analyses/w32rbotx.html0
116Microsoft Update0 11Mslti32.exe1 00 26Added by the RBOT-LX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlx.html0
113Video Process0 11MSlti64.exe1 00 28Added by the AGOBOT.UE WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.UE0
1 6MsLX320 10MsLX32.exe1 00 49Added by the W32/Sdbot-AFS worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotafs.html0
117Microsoft Netview0 12mslynx32.exe1 00134Added by the W32/Randex-R worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexr.html0
1 2270  9msm32.exe1 00 35Added by the Troj/Slsorve-E Trojan.58http://www.sophos.com/virusinfo/analyses/trojslsorvee.html0
131Microsoft Protection Subsystems0  9msm32.exe1 00143Added by the W32/Rbot-JU trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotju.html0
137Microsoft Macro Protection Subsystems0 17Msmacroprot32.exe1 00 26Added by the RBOT.KN WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KN0
137Microsoft Macro Protection Subsystems0 17msmacroprotxz.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
117Microsoft Manager0 13msmanager.exe1 00133Added by the W32/Mytob-EV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobev.html0
1 6avnort0  9msmbw.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5ltwob0  9msmbw.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5serpe0  9msmbw.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 4msmc0  8msmc.exe1 00 26ClientMan parasite variant42http://doxdesk.com/parasite/ClientMan.html0
121MicroSoft Media Tools0 11MSmedia.exe1 00273Added by the W32/Tilebot-BC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. This infection is bundled with the rootkit c:\windows\system32\rdriv.sys which is used to hide certain files, processes, or registry keys.58http://www.sophos.com/virusinfo/analyses/w32tilebotbc.html0
124microsoft media player 90 13msmedia32.exe1 00 32Added by the  W32/RBOT-ADO WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotado.html0
125Microsoft Message Machine0 12msmesg32.exe1 00 28Added by the  SPYBOT.BI WORM91http://se.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.BI0
1 6MSMsgs0 12msmessgs.exe1 00 34Added by the Troj/Small-EW Trojan.57http://www.sophos.com/virusinfo/analyses/trojsmallew.html0
139Microsoft Messenger Management Controls0 12msmgmctl.exe1 00133Added by the W32/Rbot-APA worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapa.html0
2 5msmgr0  9msmgr.exe1 00  2?? 01
1 9MsManager0 11msmgr32.exe1 00 26Added by the YAHA.AF WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.af@mm.html0
1 7WINTASK0 11msmgrxp.exe1 00 12Added by the37W32/Mytob-Z WORM/IRC backdoor trojan!0
1 5Msmgt0  9msmgt.exe1 00 30Total Velocity adware/hijacker29http://www.totalvelocity.com/0
1 3b990  8msmm.exe1 00 26ClientMan parasite variant42http://doxdesk.com/parasite/ClientMan.html0
120Network Host Service0 13msmnart32.exe1 00133Added by the W32/Rbot-CJV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotcjv.html0
012Roxio Engine0 12MSMNGR32.EXE1 00 90Not believed to be a valid Roxio program - more likely a variant on the  WOMANIZ.A TROJAN! 7#FF00000
111msmanager320 12msmngr32.exe1 00 42Added by the RANDON-R (or WOMANIZ.A) WORM!59http://www.us.sophos.com/virusinfo/analyses/w32randonr.html0
1 8MSMNTGNT0 12MSMNTGNT.EXE1 00 52Added by the Troj/Banker-IE Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerie.html0
1 8MSMNTJBE0 12MSMNTJBE.EXE1 00 35Added by the Troj/Bancos-EF Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosef.html0
1 8MSMNTJNG0 12MSMNTJNG.EXE1 00 34Added by the Troj/Graber-G Trojan.57http://www.sophos.com/virusinfo/analyses/trojgraberg.html0
1 8MSMNTMTS0 12MSMNTMTS.EXE1 00 53Added by the Troj/Banker-GZ password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankergz.html0
1 8MSMNTUSH0 12MSMNTUSH.EXE1 00 35Added by the Troj/Banker-IC Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeric.html0
119MSN Registry loader0 11msmnwin.exe1 00 34Added by the Troj/Bropia-N trojan.57http://www.sophos.com/virusinfo/analyses/trojbropian.html0
1 5msmon0  9msmon.exe1 00 40Added by a variant of the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
121Microsoft Windows GUI0 12msmonk32.exe1 00 27Added by the SDBOT-PE WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpe.html0
1 8msmovies0 12MsMovies.exe1 00 74Malware - detected by  Kaspersky antivirus as Trojan-Dropper.Win32.WinAD.h36http://www.kaspersky.com/personalpro0
1 5AvSer0 12msmpatch.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6DsmSer0 12msmpatch.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6rollbk0 12msmpatch.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
114MS Unix Binary0 13msmq2inst.exe1 00 88Added by the W32/Rbot-YF WORM/IRC backdoor, it will allow remote control to an attacker.55http://www.sophos.com/virusinfo/analyses/w32rbotyf.html0
115Message Queuing0  9msmqs.exe1 00 29Added by the FREEFORS TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.freefors.html0
1 6mssoul0 11msmscc2.exe1 00133Added by the DAPIZL.A banker WORM! (A "banker worm" is designed to pillage banking information and send it back to the perpetrators!) 01
127microsoft messenger service0 11msmsg32.exe1 00 28Added by the  RBOT.BOK WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BOK&VSect=P0
116Microsoft Office0 10MSMSGR.exe1 00 28Added by the GAOBOT.BB WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bb.html0
125Microsoft System Services0 10msmsgr.exe1 00 50Added by the W32/Rbot-ZH WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzh.html0
113MSN Messenger0 10msmsgr.exe1 00 99Added by the W32/Rodal-A worm.  This worm spreads via MIRC and uses IRC to get commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rodala.html0
127MSN Messenger User Controls0 10msmsgr.exe1 00 46Added by the W32.Kelvir.HI MSN Messenger worm.74http://www.sarc.com/avcenter/venc/data/w32.kelvir.hi.html#technicaldetails0
111MSN service0 10msmsgr.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8[random]0 11msmsgr2.exe1 00 34Added by the Troj/Small-EB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmalleb.html0
1 5_cat40 11msmsgr2.exe1 00 35Added by the  TROJ/SMALL-EB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmalleb.html0
121Intec Service Drivers0 14msmsgredss.exe1 00 49Added by the W32/Sdbot-AGL worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagl.html0
114mssyslanhelper0 13msmsgri32.exe1 00 27Added by the RANDEX.D WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html0
121System Initialization0 13msmsgri32.exe1 00 54Added by the  RANDEX.D WORM or ROXY or ROXY.B TROJANS!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html0
121intec service drivers0 11msmsgrs.exe1 00 27Added by the  W32/Sdbot-ADN57http://www.sophos.com/virusinfo/analyses/w32sdbotadn.html0
111NvCplDaemon0 11msmsgrs.exe1 00 36Added by the Troj/Dloader-YI Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderyi.html0
1 5_cat30 12msmsgrxp.exe1 00 58Added by a variant of the  TROJ/SMALL-DT downloader TROJAN57http://www.sophos.com/virusinfo/analyses/trojsmalldt.html0
3 6MSMSGS0 10msmsgs.exe1 00220Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start - Programs. Go to Windows Messenger  Tools  Options  Preferences and uncheck "Run this program when Windows starts"63http://www.microsoft.com/windowsxp/windowsmessenger/default.asp0
3 6MSMSGS0 10msmsgs.exe111HKEY_CU\Run0 55Messenger Version 4.7, Microsoft Corporation. Messenger39http://www.absolutestartup.com/startup/1
313MSN Messenger0 10msmsgs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 10MSMSGS.EXE1 00101Added by the Troj/Bancban-BW password stealing trojan. This trojan affects users of Brazillian banks.55http://www.sophos.com/virusinfo/analyses/trojzlobg.html0
1 7IPfigre0 10msmsgs.exe1 00148Added by a SDBot variant.  This type of infection is known to act as a backdoor.  it also creates a Windows service if you have XP,NT,2000 or 20003. 01
117Messenger Service0 10msmsgs.exe1 00116Added by the W32/Sdbot-ZB. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotzb.html0
113MSN Messenger0 10msmsgs.exe1 00152Added by the Troj/Dloader-LN trojan downloader.  This infection also adds itself to the  HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell key.59http://www.sophos.com/virusinfo/analyses/trojdloaderln.html0
124Msn Update Manager (Sp2)0 10MSMSGS.EXE1 00 28Added by the AGOBOT-NL WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnl.html0
111notepad.exe0 10msmsgs.exe1 00 12Added by the120Troj/Zlob-I0
1 8RegSvr320 10msmsgs.exe1 00 82bHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell/b 01
1 9Scheduler0 10MSMSGS.EXE1 00118Troj/Hostbank-A modifies the HOSTS file to redirect certain banking and ebay sites. Found in %windir%\system32\config. 01
117windows messenger0 10msmsgs.exe1 00 50Added as result of a  W32/Forbot-BD worm infection57http://www.sophos.com/virusinfo/analyses/w32forbotbd.html0
111wininet.dll0 10msmsgs.exe1 00 33Added by the Troj/Zlob-CJ Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobcj.html0
3 6MSMSGS0 22msmsgs.exe /background2 00 68Messenger Version 4.7.3001, Microsoft Corporation. Windows Messenger 01
1 8msmsgsrv0 12msmsgsrv.exe1 00 34Added by the  BACKDOOR-CQO TROJAN!43http://vil.nai.com/vil/content/v_132938.htm0
1 6msmsgr0 11msmsgss.exe1 00 60Reported by Kaspersky Anti-Virus as Backdoor.Win32.Rbot.ajj. 01
1 8MSMsgSvc0 12MSMSGSVC.exe1 00 89Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN! 01
127windows32 messenger service0 10msmsgv.exe1 00 28Added by the  RBOT.ANS WORM!107http://uk0
1 5msmsn0  9msmsn.exe1 00 46Added by the Troj/Dloadr-WP downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrwp.html0
122Microsoft Messenger XP0 11MSMSN32.exe1 00 25Added by the W32/Rbot-ZP.55http://www.sophos.com/virusinfo/analyses/w32rbotzp.html0
121MS MSN Menssenger 7.00 10MSMSN7.exe1 00108Added by the W32/Rbot-ACA worm. This infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaca.html0
1 7msmsngr0 11msmsngr.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
114msmautoprotect0 11msmssgs.exe1 00 36Added by the Troj/Bifrose-AJ TROJAN!59http://www.sophos.com/virusinfo/analyses/trojbifroseaj.html0
1 7Control0  7msn.exe1 00 23Added by Backdoor.Ducy.57http://www.sarc.com/avcenter/venc/data/backdoor.ducy.html0
1 3MSN0  7MSN.exe1 00 24Added by the MINIT WORM!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.minit.html0
117Win32 USB2 Driver0  7msn.exe1 00129Added by the W32/Forbot-EX  worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotex.html0
1 3MSN0  9msn16.exe1 00103W32/Sbbot-VN   is a network worm with backdoor Trojan functionality found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvn.html0
110Media Load0  9msn32.exe1 00 39Added by a unidentified WORM or TROJAN! 01
128MICROSFT RAMA UPDATE SUPPORT0  9MSN32.EXE1 00132Added by the W32/Rbot-AWJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawj.html0
113win32 regedit0  9msn32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
114Windows System0  9msn32.exe1 00 48Added by the W32/Mytob-FX worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobfx.html0
115msn32 x service0 10MSN32x.EXE1 00 30Added by an unidentified WORM! 01
113Video Process0  8msn5.exe1 00133Added by the W32/Agobot-TW worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobottw.html0
113Media Service0  9msn64.exe1 00 28Added by the SPYBOT.EV WORM!91http://hu.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.EV0
113msn8m startup0  9msn8m.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
134microsoft networking agent for sp20 11msnac32.exe1 00 34Added by the  W32.SPYBOT.PEN WORM!62http://www.symantec.com/avcenter/venc/data/w32.spybot.pen.html0
230msn administration for windows0 12msnadp32.exe1 00 28Added by the  BROPIA.W WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.W&VSect=P0
2 8msnappau0 12msnappau.exe1 00110Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar 01
110Msnarrator0 14msnarrator.exe1 00 71Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NARAT.A0
1 8App32dll0 12msnavc32.exe1 00 15Unknown adware! 01
128Microsoft Windows DLL 32-BIT0 14msncheck32.exe1 00 31Added by the W32/Sdbot-XX worm.56http://www.sophos.com/virusinfo/analyses/w32sdbotxx.html0
111MSN Checker0 14msnchecker.exe1 00 49Added by the W32/Sdbot-AGB worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagb.html0
128Microsoft .NET Confingurator0 11msnconf.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
122Windows32 Net Database0 10msnd32.exe1 00 51Added by the W32/Rbot-AAL WORM/IRC backdoor trojan!56http://www.sophos.com/virusinfo/analyses/w32rbotaal.html0
214MSN Quick View0  9Msndc.exe1 00 44Quick way to connect to MSN internet service 01
1 9Msn Patch0  9msndp.exe1 00 27Added by the RBOT.AAI WORM!83http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_RBOT.AAI0
111Msn Patches0  9msndr.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 9msndrvsys0 13msndrvsys.exe1 00 35Added by the Troj/Brogger-D Trojan.64http://www.sophos.com/virusinfo/analyses/trojbroggerd.html  rel=0
1 7InetMSN0  9msnet.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
117Microsoft Network0  9msnet.exe1 00 28Added by the MOCKBOT.A WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.mockbot.a.worm.html0
1 5MSNET0  9msnet.exe1 00 22Added by the BOA WORM!71http://securityresponse.symantec.com/avcenter/venc/data/trojan.boa.html0
1 6MS-Net0  9msnet.exe1 00143Added by the W32/Rbot-HZ trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothz.html0
115[Various Names]0 15MsNetHelper.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110[not used]0 14msnethlp32.exe1 00 94Added by the Troj/Mitglie-DQ Trojan. This Trojan will start every time you run a .EXE program.59http://www.sophos.com/virusinfo/analyses/trojmitgliedq.html0
1 5Spore0 10MsNews.vbs1 00  075http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.a@mm.html0
115Service Monitor0 12msnfilen.exe1 00 31Added by the W32/Rbot-ALE worm.56http://www.sophos.com/virusinfo/analyses/w32rbotale.html0
2 8MsnFixer0 11msnfixjs.js1 00  0 01
1 8avupdate0 10msnftp.exe1 00104An Rbot variant.  This infections connects to an IRC server where it awaits commands from a remote user.33http://www.malwareblog.com/?p=1050
1 8ethernet0 10msnger.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
120windows media driver0 10msnger.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110Msn Config0  9msngf.exe1 00 26Added by the RBOT-QG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqg.html0
124msn configuration loader0 10msngms.exe1 00 32Added by the  W32.KELVIR.T WORM!60http://www.symantec.com/avcenter/venc/data/w32.kelvir.t.html0
113System-Config0 11msngmsg.exe1 00133Added by the W32/Sdbot-MD worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmd.html0
127Microsoft Instant Messenger0 15msngmsngr32.exe1 00 23ankSPYBOTER.GEN TROJAN! 01
126Microsoft MSNGR32 Protocol0 11msngr32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
110MSNGrabber0 14MSNgrabber.exe1 00 26Added by the ENVID.A WORM!62http://www.symantec.com/avcenter/venc/data/w32.envid.a@mm.html0
115Messenger Block0 14msngrblock.exe1 00 24Added by the PATOO WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.patoo@mm.html0
127microsoft internet explorer0 10msngrt.exe1 00 49Added as result of a  W32/SdBot-GU worm infection56http://www.sophos.com/virusinfo/analyses/w32sdbotgu.html0
116Media X Services0 10MSNGRx.exe1 00 28Added by the  RBOT.AUL WORM!90http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.AUL0
1 4data0  9msngs.exe1 00 32Added by the  W32/RBOT-ADQ WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotadq.html0
1 8msngta320 12msngta32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113MSN Home Page0 11MSNHome.exe1 00152Added by the W32/Sdbot-DR backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdr.html0
319Windows System Tray0  8msni.exe1 00 33Iambigbrother monitoring software29http://www.iambigbrother.com/0
120Msn Processe Manager0 10msni32.exe1 00133Added by the W32/Rbot-ADX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotadx.html0
2 5MSNIA0 12MSNIASVC.EXE1 00105Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG 01
113MSN Messenger0 12msnimsgr.exe1 00 48Added by the W32/Rbot-BFM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfm.html0
116MSN Messenger 320  9msniu.exe1 00132Added by the W32/Rbot-AWB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawb.html0
117MSN Messenger 3230 10msniu3.exe1 00132Added by the W32/Rbot-AXB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxb.html0
113blahx service0 12msnjompa.exe1 00 29Added by the  SDBOT.AML WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AML0
116Security Patches0  9msnkn.exe1 00 26Added by the RBOT.WW WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WW0
114WINDOWS SYSTEM0  8msnl.exe1 00136Added by the W32.Mytob.IK@mm worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ik@mm.html#technicaldetails0
318MSN Desktop Search0 23msnlAdmin.exe  /startup222StartUp menu\All users0 93MSN Toolbar Suite 02.00.0001.1203, Microsoft Corporation.. MSN Desktop Search Tool Tray Admin39http://www.absolutestartup.com/startup/1
1 7Runmsni0 13Msnline32.exe1 00 38Added by the Backdoor.Omed.B backdoor.76http://www.sarc.com/avcenter/venc/data/backdoor.omed.b.html#technicaldetails0
1 7RunMsnl0 13Msnline32.exe1 00 36Added by the Backdoor.Omed backdoor.57http://www.sarc.com/avcenter/venc/data/backdoor.omed.html0
115Windows Updater0 11msnlive.exe1 00108Added by the W32/Tilebot-CN worm and IRC backdoor.  This infection also installs the rootkit file rdriv.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotcn.html0
113msnload32.exe0 13msnload32.exe1 00 29Added by the BANCOS.M TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.m.html0
110[not used]0 10msnlwr.com1 00138Added by the Backdoor.Beasty.G backdoor.  This backdoor listens on port 666.br /br /Uses CLSID: b{44CC0112-AB51-22EF-BA32-20AA12E6115C}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.beasty.g.html#technicaldetails0
118microsoft internet0  8msnm.exe1 00 22W32/Sdbot worm variant43http://vil.nai.com/vil/content/v_100454.htm0
1 9strmsnnrs0 12msnmcgrs.exe1 00 35Added by the  TROJ/RBOT-ACT TROJAN!57http://www.sophos.com/virusinfo/analyses/trojrbotact.html0
1 9strmsnnms0 12msnmegrs.exe1 00 27Added by the  Troj/Sdbot-YU57http://www.sophos.com/virusinfo/analyses/trojsdbotyu.html0
1 9strmsoums0 13msnmegrse.exe1 00128Added by the Troj/Sdbot-ZK worm. When started, this infection connects to a remote IRC server and waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotzk.html0
1 3MSN0 16msnmesengers.exe1 00 26Added by the RBOT-ME WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotme.html0
129msn message background loader0 11msnmesg.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112MSN Messages0 11msnmesg.exe1 00127Added by the W32/Rbot-ACN worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotacn.html0
124Microsoft Windows Update0 16msnmessenger.exe1 00 27Added by the SDBOT.AJ WORM!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.aj.html0
112msnmessenger0 16msnmessenger.exe1 00 74Added by the Troj/Bancban-KJ information stealing Trojan for online banks.59http://www.sophos.com/virusinfo/analyses/trojbancbankj.html0
113svshostdriver0 22msnmessengerupdate.exe1 00226Added by the Troj/Sdbot-BI backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.  This infection also steals cd keys from popular games and applications.57http://www.sophos.com/virusinfo/analyses/trojsdbotbi.html0
1 7Offices0 12msnmgd32.exe1 00132Added by the  W32/Forbot-DV WORM/BACKDOOR! The file is found in the Windows system folder. This infection also installs Run entries.57http://www.sophos.com/virusinfo/analyses/w32forbotdv.html0
121Msn Messenger Service0 10msnmgr.exe1 00 73Identified as a variant of Backdoor.Win32.Rbot.gen worm and IRC backdoor. 01
1 6msnmgr0 10msnmgr.exe1 00 35Added by the Troj/Bifrose-K Trojan.58http://www.sophos.com/virusinfo/analyses/trojbifrosek.html0
117Run Msn Messenger0 10msnmgr.exe1 00 34T.HA" target=_blankAGOBOT.HA WORM! 01
118Windows XP Manager0 10msnmgr.exe1 00124Added by the W32/Kassbot-L worm. bThis infection utilizes  rootkit stealth techniques via the c:\windows\system32\rdriv.sys.57http://www.sophos.com/virusinfo/analyses/w32kassbotl.html0
111msn service0 12msnmgr16.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
125microsoft system services0 11msnmgsr.exe1 00 32Added by the  W32.KELVIR.K WORM!60http://www.symantec.com/avcenter/venc/data/w32.kelvir.k.html0
129MSN Messenger Service Starter0 11msnmgsr.exe1 00133Added by the W32/Rbot-AOS worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaos.html0
118Microsoft Help SVC0 11msnmngr.exe1 00 27Added by the SDBOT-PQ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpq.html0
124Microsofts Help Services0 11msnmngr.exe1 00132Added by the W32/Sdbot-PJworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotpj.html0
329BitDefender for MSN Messenger0 10msnmon.exe1 00110Bitdefender anti-virus for MSN Messenger. Unless you have MSN Messenger running all the time start it manually52http://www.bitdefender.com/html/bd_msn_messenger.php0
123Windows Service Manager0 10msnmrg.exe1 00223Added by the W32/Oscabot-G worm. When started this infection connects to an IRC server where it waits for remote commands.  This infection also uses AOL Instant Messenger to send links to the infection via instant messages.57http://www.sophos.com/virusinfo/analyses/w32oscabotg.html0
111MSN Updater0  9msnms.exe1 00 28Added by the FORBOT-CG WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcg.html0
129microsoft server applacations0 10msnmsg.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3msn0 10msnmsg.exe1 00 26Added by the RBOT-GO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgo.html0
113Plug And Play0 10msnmsg.exe1 00 26Added by the RBOT-ID WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotid.html0
116Windows Registry0 10msnmsg.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111msntoolbaar0 13msnmsgesc.exe1 00 28Added by the  RBOT.BMF WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BMF&VSect=P0
218Windows RegConfg320 13msnmsgnrd.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
1 9msnmsgq320 11msnmsgq.exe1 00 43Trojan,  possibly EliteBar parasite related 01
2 7msnmsgr0 11msnmsgr.exe1 00 60MSN Messenger 7.0.0813, Microsoft Corporation. MSN Messenger 01
2 7msnmsgr0 11msnmsgr.exe1 00207MSN Messenger utility. If you don't use MSN Messenger, this can be annoying. Available via Start - Programs. Go to MS Messenger  Tools  Options  Preferences and uncheck "Run this program when Windows starts"25http://messenger.msn.com/0
120Configuration Loader0 11msnmsgr.exe1 00130Added by the W32/Sdbot-SO worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotso.html0
1 6ctfmon0 11msnmsgr.exe1 00 43Added by the Troj/Bdoor-JV backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorjv.html0
124Microsoft Windows Update0 11MSNMSGR.EXE1 00115Added by the W32/Sdbot-WM worm.  This worm targets remote network shares and allows backdoor functionality via IRC.56http://www.sophos.com/virusinfo/analyses/w32sdbotwm.html0
1 3MSN0 11msnmsgr.exe1 00130Not to be confused with the legitimate filename, this is added by W32/Mytob-A, a WORM/backdoor and exploits users of IRC channels.55http://www.sophos.com/virusinfo/analyses/w32mytoba.html0
113MSN Messenger0 11msnmsgr.exe1 00 30Added by the  AGOBOT.AOQ WORM!110http://uk.0
114Msn Messengers0 11MSNMSGR.EXE1 00 26Added by the RBOT.KX WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KX&VSect=T0
114msnmsgr32-.exe0 12msnmsgr-.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
2 7MsnMsgr0 23MsnMsgr.Exe /background211HKEY_CU\Run0 60MSN Messenger 7.0.0777, Microsoft Corporation. MSN Messenger39http://www.absolutestartup.com/startup/1
111MSN service0 13msnmsgr16.exe1 00108Added by the W32/Rbot-RZ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrz.html0
1 8MSNMSGR50 12MSNMSGR5.exe1 00 26Added by the RBOT.PQ WORM!102http://uk0
1 9MSN Start0 12msnmsgr7.exe1 00 26Added by the RBOT-PH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotph.html0
113MSN Messenger0 12msnmsgrc.exe1 00 48Added by the W32/Rbot-CNP worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcnp.html0
112blah service0 12msnmsgrr.exe1 00 26Added by the RBOT.PZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.PZ&VSect=T0
1 7MsnMsgr0 12MsnMsgrs.exe1 00 28Added by the NETSKY-AD WORM!64http://www.symantec.com/avcenter/venc/data/w32.netsky.ad@mm.html0
110strmsnmsgr0 12msnmsgrs.exe1 00127Added by the W32/Rbot-ACQ worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotacq.html0
111strmsnmsgrs0 13msnmsgrsc.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
131Windows Secure Messaging System0 15msnmsgrsrvc.exe1 00 26Added by the RBOT-RE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotre.html0
1 932 Driver0 11msnmsgs.exe1 00209This is an SDBot variant that attempts to connect to the IRC server chit.badpenguin.net and join channel #fucked with password open.  This allows a remote user in that channel to take control of your computer. 01
1 3MSN0 11msnmsgs.exe1 00 26Added by the RBOT-KL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkl.html0
113Msn Messenger0 11msnmsgs.exe1 00 28Added by the LOONY-P TROJAN!56http://www.sophos.com/virusinfo/analyses/trojloonyp.html0
113MSN MESSENGER0 11msnmsgs.exe1 00 25Added by the W32/Mytob-Q.55http://www.sophos.com/virusinfo/analyses/w32mytobq.html0
111msnmsgs.exe0 11msnmsgs.exe1 00 52Added by the Troj/Banker-HK Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerhk.html0
1 9msnmsgsgs0 13msnmsgsgs.exe1 00 58Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN! 01
1 3MSN0 11MSNMSGX.EXE1 00108Added by the W32/Rbot-PZ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotpz.html0
113Media service0 12msnmsgxr.exe1 00 27Added by the SDBOT.TF WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.TF0
113MSN Messanger0 11msnmsng.exe1 00 27Added by the SDBOT.XN WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XN0
113msn messenger0 12msnmsngr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113Msn Messenger0 11msnmsnr.exe1 00 34Added by the Troj/Mesoto-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojmesotoa.html0
129MSN Messenger Service Starter0 11msnmsnr.exe1 00 46Added by the Troj/Banker-GG keylogging Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankergg.html0
1 7msnsmgr0 10MsnMsr.exe1 00 33Added by the Troj/Loony-N Trojan.56http://www.sophos.com/virusinfo/analyses/trojloonyn.html0
119syspersonalfirewall0 12msnmssgr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
123Microsoftf DDEs Control0  8msnn.exe1 00132Added by the W32/Rbot-AXT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxt.html0
116WinUpdate Loader0  9msnnm.exe1 00 30Added by the REVCUSS.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.revcuss.c.html0
111Msn Updater0 14msnplugins.exe1 00 26Added by the RBOT-HS WORM!55http://www.sophos.com/virusinfo/analyses/w32rboths.html0
116Msn Plus Updater0 11msnplus.exe1 00 26Added by the RBOT-MU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmu.html0
112USB Driverz20 12msnplus1.exe1 00 12Added by the119W32/Sdbot-0
2 8msnproxy0 12MSNProxy.exe1 00 69MSNProxy - SOCKS4 proxy for MSN Messenger. Desktop shortcut available41http://sourceforge.net/projects/msnproxy/0
114ms unix binary0 16msnq3insller.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114Microsoft QMGR0 11msnqmgr.exe1 00 38Added by the IRCBOT-S backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojircbots.html0
114Windows Office0 12msnrgd32.exe1 00 54Added by a variant of the Mytob worm and IRC backdoor. 01
1 9msnsched20 13msnsched2.exe1 00 12Added by the38W32/Rbot-AAT WORM/IRC backdoor trojan!0
110msnscr.exe0 10msnscr.exe1 00 34Added by the Troj/Certif-P Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifp.html0
113ATI AS Filter0  9msnse.exe1 00 48Added by the W32/Rbot-CCY worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotccy.html0
117Microsoft msnseru0 11msnseru.exe1 00133Added by the W32/Rbot-APB worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapb.html0
114AdobeReaderPro0 12msnserve.exe1 00 49Added by the W32/Sdbot-AKH worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotakh.html0
115Service Monitor0 12msnserve.exe1 00147Added by the W32.Spybot.YQW worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.75http://www.sarc.com/avcenter/venc/data/w32.spybot.yqw.html#technicaldetails0
110MSNService0 14MSNService.exe1 00 27Added by the CARPET.C WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.carpet.c.html0
129Microsoft Service Information0 15MSNSERVICES.EXE1 00134Added by the W32/Sdbot-NQ worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnq.html0
114Windows Update0 12msnsever.exe1 00133Added by the W32/Rbot-AHN worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotahn.html0
1 3msn0 10msnsgr.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6msnsgs0 10msnsgs.exe1 00 34Added by the Troj/Cheuko-B trojan.57http://www.sophos.com/virusinfo/analyses/trojcheukob.html0
1 7msnshed0 11msnshed.exe1 00 53Added by the W32/Rbot-YN, a WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotyn.html0
3 8MSNShell0 12msnshell.exe1 00 26MSN Messenger enhancement. 01
117Windows Messenger0 11msnsmgs.exe1 00132Added by the W32/Rbot-AME worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotame.html0
110systemboot0 11msnsngr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114AdobeReaderPro0 12msnsrcdv.exe1 00 48Added by the W32/Inject-H worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32injecth.html0
124Sygate Personal Firewall0 12MSNSRV32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Configuration Loader0  9msnss.exe1 00 29Added by the GAOBOT.AUS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aus.html0
115Microsoft MsnST0 11msnst32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114Windows Update0 14msnsupdate.exe1 00132Added by the W32/Rbot-AXS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxs.html0
122Compaq Service Drivers0 10msnsvc.exe1 00 37Added by a variant of the SDBOT worm!43http://vil.nai.com/vil/content/v_100454.htm0
124compaq32 service drivers0 10msnt32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
117Layer taskers log0 12msntfile.exe1 00 31Added by the Troj/BCB-B Trojan.54http://www.sophos.com/virusinfo/analyses/trojbcbb.html0
114MSI Unistaller0 11msnunin.exe1 00 73Identified as a variant of Backdoor.Win32.Rbot.gen worm and IRC backdoor. 01
118Windows ms Drivers0 11msnup32.exe1 00151Added by the W32/Sdbot-AAL worm. When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.57http://www.sophos.com/virusinfo/analyses/w32sdbotaal.html0
110MSMessnger0 10msnupd.exe1 00133Added by the W32/Rbot-ADY worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotady.html0
114MS Unix Binary0 13msnupdate.exe1 00 12Added by the38W32/Rbot-AAM WORM/IRC backdoor trojan!0
120Msn Messenger Update0 13msnupdate.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116Firewall Updater0 15msnupdateit.exe1 00 12Added by the38W32/Rbot-AAQ WORM/IRC backdoor trojan!0
125Microsoft Windows Updater0 15msnupdateit.exe1 00 12Added by the39W32/Agobot-RL WORM/IRC backdoor trojan!0
114Windows Update0 14msnupdates.exe1 00133Added by the  W32/Rbot-ALK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalk.html0
132Microsoft Netview Component v5.10 10msnv32.exe1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
138(44AA3114-D221-43EC-1C32-1EAC52A2014D)0  9msnvl.exe1 00 98Added by the Troj/DownLdr-FI Trojan.br /br /Uses CLSID: b(44AA3114-D221-43EC-1C32-1EAC52A2014D)/b.59http://www.sophos.com/virusinfo/analyses/trojdownldrfi.html0
119Microsoft Update 320 14msnwindows.exe1 00133Added by the W32/Rbot-AQF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaqf.html0
114System Service0 14msnwindows.exe1 00135Added by the W32.Spybot.YCL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.75http://www.sarc.com/avcenter/venc/data/w32.spybot.ycl.html#technicaldetails0
114Windows Update0 12msnwinsb.exe1 00 12Added by the38W32/Rbot-AAH WORM/IRC backdoor trojan!0
124Microsoft Windows Update0 10msnwun.exe1 00 27Added by the SDBOT-RM WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotrm.html0
114System Service0 12msnxpexe.exe1 00132Added by the W32/Rbot-AUA worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaua.html0
114AdobeReaderPro0 11msnxpsp.exe1 00145Added by the W32/Rbot-ASK worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotask.html0
122media-xp-service-pack30  9msnzx.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110MSObject320 13MSObject32.js1 00 24Added by the PUN TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/js.pun.trojan.html0
1 5QTSvc0 10msocfg.exe1 00 34Premium rate adult content dialler 01
113SystemService0 10msocfg.exe1 00  0 01
1 7OSdebug0 10msoevc.exe1 00 50Added by the W32/Tilebot-CV worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcv.html0
116Microsoft Office0  9msoff.exe1 00144Added by the Troj/Raker-C Trojan backdoor.  This infection will also attempt to steal your online banking information from certain online banks.56http://www.sophos.com/virusinfo/analyses/trojrakerc.html0
216Microsoft Office0 12Msoffice.exe1 00221Alternative shortcuts to the Start -&gt; Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly 01
229Microsoft Office Shortcut Bar0 12Msoffice.exe1 00  0 01
216Microsoft Office0 12MSOFFICE.EXE125StartUp menu\Current user0 61Microsoft Office 4.3, Microsoft Corporation. Microsoft Office39http://www.absolutestartup.com/startup/1
1 3run0 12msoffice.exe1 00188Added by the  ADWARELOADER TROJAN! - NOTE: Do NOT confuse with the (legitimate) Microsoft Office file, which would typically be located in the Program Files\Microsoft Office\Office folder!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.adwareloader.html0
1 8Msoffice0 12msoffice.hta1 00 39Hijacker - redirecting to Searchdot.net 01
124Microsoft Windows Update0 13msoffice2.exe1 00 26Added by the RBOT-GB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgb.html0
116microsoft office0 14msoffice32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7msoffwz0 11msoffwz.EXE1 00 45Added by the Troj/Bancban-HQ backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanhq.html0
113M-soft Office0 17M-soft Office.hta2 00121HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site! 01
116Microsoft Office0 12msoicons.exe1 00 39Added by the W32/Rbot-ZI WORM/backdoor!55http://www.sophos.com/virusinfo/analyses/w32rbotzi.html0
112winlogon.exe0 11msole32.exe1 00145Added by the  Troj/Fakespy-B, which offers to fix a non-existant computer problem detected by displaying a website designed to sell the software.58http://www.sophos.com/virusinfo/analyses/trojfakespyb.html0
1 4msmc0 10msongn.exe1 00 26ClientMan parasite variant42http://doxdesk.com/parasite/ClientMan.html0
1 6MSOOBD0 10MSOOBD.EXE1 00 29Added by the MAGISTR.A VIRUS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A0
112officedeamon0 13msorunner.exe1 00 49Added by a variant of the  WIN32.TACTSLAY TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
111syncmanager0 13msorunner.exe1 00 49Added by a variant of the  WIN32.TACTSLAY TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
112visualstudio0 13msorunner.exe1 00 49Added by a variant of the  WIN32.TACTSLAY TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
1 6mmxrun0  9msosa.exe1 00183Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and RegCompres (REGCPM32.EXE), otherwise they return69http://www.spywareinfo.com/forums/index.php?act=ST&f=11&t=7756&hl=&s=0
112winlogin.exe0 11mspaint.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
110[not used]0 10mspalu.com1 00138Added by the Backdoor.Beasty.H backdoor.  This backdoor listens on port 666.br /br /Uses CLSID: b{44CC0112-AB51-22EF-BA32-20AA12E6115C}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.beasty.h.html0
113system server0 10MSpass.exe1 00145Added by the Troj/Lineage-BG password-stealing Trojan for the online game Lineage. This infection also creates the file c:\windows\help\mssj.chi.59http://www.sophos.com/virusinfo/analyses/trojlineagebg.html0
1 8MS-patch0 13mspatch32.exe1 00132Added by the W32/Rbot-AWF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawf.html0
129Microsoft Path Finder Service0 10mspath.exe1 00133Added by the W32/Sdbot-AEO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaeo.html0
129Microsoft Path Finder Service0 12mspathfinder1 00 50Added by the W32/Tilebot-AH worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotah.html0
110mspc32.dll0 10mspc32.dll1 00 92Added by the W32/Feebs-J worm.br /br /Uses CLSID: b{8EBB4EC4-DD60-E1B1-E00E-DA54CCE9218D}/b.55http://www.sophos.com/virusinfo/analyses/w32feebsj.html0
124Microsoft Procedure Call0 11MSPCALL.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Microsoft PCI Manager0  9mspci.exe1 00 14SDbot variant. 01
115MSWindows Syspg0 10mspg32.exe1 00 50Added by the W32/Rbot-TB WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbottb.html0
1 6msping0 10msping.exe1 00137Added by the Troj/Flood-EN trojan. This infection is used to be part of a Distributed Denial of service attack against a remote computer.57http://www.sophos.com/virusinfo/analyses/trojflooden.html0
1 6F8adsl0 10MSplg7.dll1 00147Added by the Troj/Goldun-R password stealing trojan.  If you are infected with this you should immediately change all your passwords and bank pins.57http://www.sophos.com/virusinfo/analyses/trojgoldunr.html0
1 6MSPLUS0 12msplus32.exe1 00 57Added by the W32/Mytob-AM mass-mailing worm and backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobam.html0
125registry value name start0 12MsPMSPSa.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
117cscrs value check0 12MsPMSPSd.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
111Doggy Style0 12MsPMSPSd.exe1 00134Added by the W32/Sdbot-AAP worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaap.html0
113NVIDIA Driver0 12MSPMSPSU.EXE1 00 28Added by the WOOTBOT.Y WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y0
119Win32 NVIDIA Driver0 12MSPMSPSU.EXE1 00 41Added by a variant of the WOOTBOT.Y WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.Y0
117microsoft checker0 12MsPMSPTv.exe1 00127Added by a variant of the  W32/SDBOT WORM! - do not confuse with the Microsoft's Digital Rights Management file described  here43http://vil.nai.com/vil/content/v_100454.htm0
124Windows Processe Manager0 10mspn32.exe1 00 34Added by a Rbot variant infection.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
123Microsoft Proc Driver320  9msprc.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
124MS Windows Process Class0 13MSPRCSS32.exe1 00 55A Rbot WORM/IRC backdoor Trojan variant adds this file.55http://www.sophos.com/virusinfo/analyses/w32rbotyq.html0
125Windows Management System0 11msprexe.exe1 00 48Added by the W32/Rbot-CBQ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcbq.html0
115printing driver0 11msprint.exe1 00 27Added by the  RBOT.JH WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JH0
119ms processe manager0 10msproc.exe1 00 28Added by the  RBOT.ATO WORM!98http://be.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.ATO&VSect=T0
121MS Windows procces 320 13msprocces.exe1 00133Added by the W32/Rbot-AEZ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaez.html0
113MSprotect.exe0 13MSprotect.exe1 00 29Added by the DABYREV.A VIRUS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_DABYREV.A0
113System-Config0 12msptmf32.com1 00 28Added by the LIOTEN.FA WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394290
125Microsoft Startup Manager0  9msput.exe1 00 49Added by the W32/Sdbot-BAY worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotbay.html0
122Internet Mail and News0 11msqdevl.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
1 5msqdk0  9msqdk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110msqn32.dll0 10msqn32.dll1 00 96Added by the W32/Feebs-P P2P worm.br /br /Uses CLSID: b(361495F2-1D75-80CC-AA2D-8C0479EF7FC0)/b.55http://www.sophos.com/virusinfo/analyses/w32feebsp.html0
1 8msqsearc0 12msqsearc.exe1 00 26Identified as Win32.Dluca. 01
1 3MSR0  7msr.exe1 00 28Added by the AGOBOT.RT WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.RT0
1 4Msrc0  8Msrc.exe1 00 36Added by the KRYPTONIC GHOST TROJAN! 01
121IP correction service0 10msrdr2.sys1 00 45Added by the Troj/Haxdoor-AJ backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdooraj.html0
1 6apimon0  9msreg.exe1 00 36Added by the  TROJ_DROPPER.Z TROJAN!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.Z&VSect=P0
114msReg32 Loader0 11msreg32.exe1 00 28Added by the AGOBOT.IU WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.IU&VSect=T0
110RecycleSTR0 11msreg32.exe1 00 26Added by the RBOT-TC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbottc.html0
1 8winlogon0 11msreg32.exe1 00 27Added by the SDBOT.EO WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_SDBOT.EO0
1 9msreg.exe0 10msrege.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zinx.html0
110[not used]0 13msreged32.exe1 00 32Added by the W32/Rbot-BAA  worm.56http://www.sophos.com/virusinfo/analyses/w32rbotbaa.html0
1 8msrepair0 12msrepair.exe1 00 29Added by the  SDBOT.AFL WORM!91http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.AFL0
110msresearch0 14msresearch.exe1 00 44TROJAN! -  180SearchAssistant adware related62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530906770
114System Service0 10MSREXE.EXE1 00 24Added by the AML TROJAN!42http://vil.nai.com/vil/content/v_99793.htm0
130Windows32 Configuration Loader0 10msrf32.exe1 00133Added by the W32/Sdbot-ABX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotabx.html0
1 6msriv10 10msriv1.sys1 00195Added by the W32/Rbot-AGE worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.  This particular Rbot also uses rootkit technology to hide itself.56http://www.sophos.com/virusinfo/analyses/w32rbotage.html0
118Rll enhanced drive0  9msrll.exe1 00 42Added by the Troj/Jtram-E backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojjtrame.html0
119MS Registry Service0 11MSRMS32.exe1 00132Added by the W32/Rbot-AKP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakp.html0
111COM Service0 10msropf.com1 00 43Added by the Troj/BeastDo- backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojbeastdoz.html0
1 5modlb0  9msrpc.exe1 00134Added by the W32/Tilebot-BF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotbf.html0
120Windows Produre Call0  9msrpc.exe1 00133Added by the W32/Sdbot-AEI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaei.html0
124MS Remote Procedure Call0 11msrpc32.exe1 00 26Added by the RBOT-QL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotql.html0
123Network Host Controller0 12MSRSDN32.DLL1 00 32Added by the W32/Kassbot-B worm.57http://www.sophos.com/virusinfo/analyses/w32kassbotb.html0
131microsoft remote secure service0  9MSRSS.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8msrundll0 14msrund1l32.exe1 00123.html" target="_blank"BINGHE backdoor Trojan!  It has the ability to log your keystrokes, steal data, and execute commands. 01
140Microsoft Windows Kernel Functionalities0 12msrundll.exe1 00134Added by the W32/Randex-J worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexj.html0
113DllExecutable0 14MSRunDll32.exe1 00 28Added by the W32/VB-SP worm.53http://www.sophos.com/virusinfo/analyses/w32vbsp.html0
110msrunl.exe0 10msrunl.exe1 00 12Added by the23Troj/MultiDr-DJ TROJAN!0
110msrunocx320 14msrunocx32.exe1 00 23Added by the SKUS WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.skus.html0
1 6msrv320 10Msrv32.exe1 00 41Added as a result of the  AGOBOT-NB WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnb.html0
117MatrixScreenSaver0  7mss.exe1 00 18Malware, see  here65http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=72780
122Security Agent Manager0 10mssams.exe1 00 26Added by the RBOT-SV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsv.html0
3 6msscdl0 11MSSCDLL.exe1 00 89SpyCapture keystroke logger/monitoring program - remove unless you installed it yourself!66http://www.symantec.com/avcenter/venc/data/spyware.spycapture.html0
1 3RPC0 12MSschost.exe1 00 45Added by a variant of the GAOBOT/AGOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
121Mircosoft Sockets SP20  9mssck.exe1 00133Added by the W32/Mytob-DV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobdv.html0
126MS Microsoft Socket Deamon0 12MSSCKD32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
312_AntiSpyware0 10MssCli.exe1 00 18McAfee AntiSpyware47http://us.mcafee.com/root/package.asp?pkgid=1820
110[not used]0 12msscript.exe1 00 36Added by the Troj/StartPa-HC Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpahc.html0
2 7SysComp0 10mssdnl.com1 00 90Unknown but suspect as *.com are not usually run at start up and the name isn't recognized 01
112kernel32.dll0 12mssearch.exe1 00 67hp????.tmp (may be safely deleted) where ??? are random characters. 01
124Microsoft WIN32 Security0 11MSsec32.exe1 00 48Added by the W32/Rbot-DOQ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdoq.html0
1 9.mssecure0 12MSSECURE.EXE1 00168Troj/Borobot-E is an IRC backdoor Trojan. Copies itself to the Windows system directory or into the folder Application Data\Microsoft\Internet Explorer in your profile. 01
1 9secures230 12mssecure.exe1 00 50Added by the W32/Agobot-ABY worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32agobotaby.html0
131Microsoft Update Security Patch0 25mssecurityupdatepatch.exe1 00 29Added by the AGENT.EF TROJAN! 01
1 6msserv0 10msserv.exe1 00 46Added by the Troj/Blacklog-A keylogger trojan.59http://www.sophos.com/virusinfo/analyses/trojblackloga.html0
1 9msservice0 10msserv.exe1 00 22Added by the HYD WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.hyd@mm.html0
1 8msserv320 12msserv32.exe1 00127Added by the W32/Rbot-ACK worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotack.html0
110MS service0 13msservice.exe1 00 50Added by the W32/Rbot-ZG WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzg.html0
119microsoft update 320 13mssetup32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113System Update0 15mssetupconf.exe1 00 48Added by the W32/Rbot-BJA worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbja.html0
121MSN messenger service0  9mssgs.exe1 00 91Added by an unidentified TROJAN! Note - this is not the real MSN Messenger, see this thread63http://forums.techguy.org/showthread.php?s=&amp;threadid=1090540
1 9atiupdate0 12msshed32.exe1 00 39Added by the DELF.EP downloader TROJAN! 01
129&lt;randomly chosen CLSID&gt;0 11msshell.dll1 00 80Added by the Troj/Vipgsm-AB Trojan.br /br /Uses CLSID: brandomly chosen CLSID/b.58http://www.sophos.com/virusinfo/analyses/trojvipgsmab.html0
1 6MSShow0 10MSShow.exe1 00 33Added by the Troj/QQRob-M Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobm.html0
1 6MSSHVC0 10MSSHVC.exe1 00 26Added by the NUFFY.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.nuffy.a.html0
121mswindows ssl drivers0 10mssl32.exe1 00 24Added by the  SPYBOT.API87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.API&VSect=T0
1 9superslut0 12msslut32.exe1 00 27Added by the SLUTER-A WORM!56http://www.sophos.com/virusinfo/analyses/w32slutera.html0
1 7msmbios0 12mssmbios.exe1 00134Added by the W32/Tilebot-AI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotai.html0
116Microsoft Update0 11mssmgrd.exe1 00 27Added by the SDBOT.JT WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.JT0
114msn mmissenger0 13mssmmspgr.exe1 00 33Added by the  W32.KELVIR.AJ WORM!61http://www.symantec.com/avcenter/venc/data/w32.kelvir.aj.html0
123Microsoft Windows MSNNT0  9mssnt.exe1 00 49Added by the W32/Sdbot-AGJ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagj.html0
1 5mssp30 10mssp22.exe1 00102The Troj/IBank-D TROJAN adds this to steal data entered into a variety of web pages relating to money.56http://www.sophos.com/virusinfo/analyses/trojibankd.html0
1 5MSSQL0  9Mssql.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
126Microsoft Database Handler0 11mssql32.exe1 00 28Added by the RANDEX.AX WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ax.html0
113MSSQL Manager0 12mssqlmgr.exe1 00 48Added by the W32/Rbot-BWU worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbwu.html0
123Microsoft Update Server0  9mssrv.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
159Network Distributed Transaction Coordinator for Workstation0  9mssrv.exe1 00 35Added by the PWSteal.Drorar Trojan.75http://www.sarc.com/avcenter/venc/data/pwsteal.drorar.html#technicaldetails0
132Microsoft Video Capture Controls0 12MSsrvs32.exe1 00134Added by the W32/Sdbot-AAK worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaak.html0
112mssrvs32.exe0 12mssrvs32.exe1 00127Added by the W32/Sdbot-UB. When started this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotub.html0
2 7mssSort0 11msssort.exe111HKEY_LM\Run0 41Drag and Sort 1, 0, 0, 3, Maxtor. msssort39http://www.absolutestartup.com/startup/1
1 7Msstart0 11msstart.exe1 00 28Added by the LIVUP.C TROJAN!89http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_LIVUP.C0
1 7msstask0 11msstask.exe1 00 26Added by the MYPARTY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html0
320Memory Stick Monitor0 10MSstat.exe1 00112Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive 01
1 8Debugger0 12msstream.exe1 00 40Identified by Dr.Web as Trojan.PWS.Krot. 01
113Start Uppings0 13mssupdate.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115mssurfer lptt010 12mssurfer.exe1 00176Variant of the  RapidBlaster parasite (in a "surfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
115mssurfer ml097e0 12mssurfer.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
4 9MSSVC.EXE0  9MSSVC.EXE1 00 97Stealthdisk - hides folders, files and applications. Will also encrypt them for better protection27http://www.stealthdisk.com/0
4 7SysPool0  9Mssvc.exe1 00 97StealthDisk - hides folders, files and applications. Will also encrypt them for better protection34http://www.invisicom.com/index.asp0
110VirtualMGR0 12mssvc128.exe1 00 42Added by the Troj/Klutz-A backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojklutza.html0
117Microsoft Netview0 11mssvc32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7mssvc320 11mssvc32.exe1 00 28Added by the AGOBOT-ME WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotme.html0
1 7SysPool0 11MSSVC32.EXE1 00 34Added by the Troj/Bancban-IO worm.59http://www.sophos.com/virusinfo/analyses/trojbancbanio.html0
110msconfig380 10mssvcc.exe1 00 48Added by the W32/Rbot-BJV worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbjv.html0
110[not used]0 11mssvces.exe1 00133Added by the W32/Rbot-BSH worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbsh.html0
110[not used]0 12mssvcnes.exe1 00134Added by the  W32/Rbot-BSG worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbsg.html0
227Microsoft Sound Volume Tool0 10mssvol.exe1 00202This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start - Settings - Control Panel 01
1 7IECheck0  9mssvp.exe1 00 31Added by the W32/Tirbot-G worm.56http://www.sophos.com/virusinfo/analyses/w32tirbotg.html0
1142020Downloader0  9mssvr.exe1 00 572020Search Toolbar related. Reported to be auto-installed 01
130Microsoft Windows W32 Services0 10mssw32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 5mssys0  9mssys.exe1 00 27Added by the MYSS.B TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.myss.b.html0
1 8MsSystem0  9mssys.exe1 00 28Added by the VANTA.A TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VANTA.A0
116System Updates 40 12mssysfix.exe1 00121Added by the W32/Rbot-ADU worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotadu.html0
230photoshow deluxe media manager0 12mssysmgr.exe1 00193Simple Star  PhotoShow_Deluxe photo editing and organizing software; makes it easy to send and share digital photos..  Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others.45http://www.simplestar.com/site_html/index.php0
330PhotoShow Deluxe Media Manager0 12mssysmgr.exe111HKEY_CU\Run0 75PhotoShow Media Manager 3.0.0.0, Simple Star, Inc.. PhotoShow Media Manager39http://www.absolutestartup.com/startup/1
115msoft-updater230 14mssysstems.exe1 00132Added by the W32/Rbot-ATU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatu.html0
119Application Provier0  7MST.EXE1 00 33Added by the W32/Forbot-DX  worm.57http://www.sophos.com/virusinfo/analyses/w32forbotdx.html0
119&lt;Random GUID&gt;0 13mst32init.exe1 00179Added by the Troj/Hazif-A password-stealing Trojan. This infection will also create the files c:\windowsnetiu1.dll and c:\windows\system32\netiu1.dllbr /br /Uses CLSID: bRandom/b.56http://www.sophos.com/virusinfo/analyses/trojhazifa.html0
1 6Mstapi0 10Mstapi.exe1 00 16Keylogger trojan 01
1 7Classes0 10MSTAR2.EXE1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 7Classes0 10mstart.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
323planl&aelig;gningsagent0 10mstask.exe1 00229Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray - required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on. 01
315SchedulingAgent0 10mstask.exe1 00  0 01
315SchedulingAgent0 10mstask.exe1 00235MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans 01
1 6Mstask0 10mstask.exe1 00138Added by the OPASERV.N WORM! Note - this is not the legitimate mstask.exe system file and the executable resides in C:\Windows or C:\WINNT78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.N0
1 6mstask0 10mstask.exe1 00105Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate mstask.exe system file70http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/0
117Microsoft Windows0 11mstask0.exe1 00 27Added by the SDBOT.FQ WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FQ0
123MicrosoftServiceManager0 12mstask32.exe1 00 25Added by the YAHA.P WORM!50http://vil.mcafee.com/dispVirus.asp?virus_k=1000920
114Mstask32driver0 12mstask32.exe1 00153Added by the Troj/SdBot-CA backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotca.html0
1 8toplisty0 12mstask32.exe1 00 45Added by the Troj/Bifrose-FG backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifrosefg.html0
1 9SVC Socks0 11mstaskm.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
114MSTask Monitor0 13mstaskmon.exe1 00133Added by the W32/Sdbot-LU worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotlu.html0
120Configuration Loader0 11MSTasks.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
120Configuration Loader0 11MSTasks.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 7mstasks0 11mstasks.exe1 00 31Added by the MULTIDR-AY TROJAN!59http://www.sophos.com/virusinfo/analyses/trojmultidray.html0
220Memory Stick Monitor0  9MSTAT.exe1 00101Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer 01
1 9stxrmsgms0 10mstats.exe1 00 48Added by the Troj/IRCBot-AE IRC backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojircbotae.html0
127Microsoft Domain Controller0  8mstc.exe1 00 48Added by the W32/Rbot-DDI worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddi.html0
2 7Mstcgww0 11MSTCGWW.EXE1 00  0 01
115[various names]0 12MSTCPDLL.exe1 00 90TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see  here44http://www.doxdesk.com/parasite/WareOut.html0
114TCPIP Protocol0 11mstcpip.exe1 00133Added by the W32/Sdbot-LR worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotlr.html0
1 7DrCache0  9MSTDC.EXE1 00 34Added by the Troj/Bdoor-JM Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorjm.html0
1 8mstdel320 12mstdel32.exe1 00134Added by the W32/Tilebot-BE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotbe.html0
122Microsoft Windows MSST0  8mstf.exe1 00 49Added by the W32/Sdbot-AJV worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotajv.html0
110msth32.dll0 10msth32.dll1 00 96Added by the W32/Feebs-O P2P worm.br /br /Uses CLSID: b{F8D1AD57-5A37-8089-CFF6-DA2BBA460E16}/b.55http://www.sophos.com/virusinfo/analyses/w32feebso.html0
315SchedulingAgent0 11mstinit.exe1 00235MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans 01
2 8mstmon_n0 12MSTMON_N.EXE1 00 92Generates an error message on startup if a Konica Minolta printer is not turned on and ready 01
2 8MSTMON_Q0 12MSTMON_Q.exe1 00108Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready 01
1 7Mstng320 11MSTng32.exe1 00 23Added by the TANG WORM!64http://www.symantec.com/avcenter/venc/data/w32.hllw.tang@mm.html0
115Microsoft Tools0 10mstool.exe1 00 60Identified as Win32/TrojanProxy.Xorpix.B by Nod32 antivirus. 01
123Microsoft Service TOols0 12MStools1.exe1 00 48Added by the W32/Rbot-BHT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbht.html0
129Microsoft Windows Task Manger0 10Mstosk.exe1 00 27Added by the SDBOT-WW WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotww.html0
1 7RavTime0 10Mstray.exe1 00 27Added by the WUKILL.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WUKILL.A0
124microsoft services unitd0  9MSU32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7avsuite0 10msuite.exe1 00134Added by the W32/Sdbot-ABC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotabc.html0
124Windows Networking Agent0  9msuls.exe1 00 32Added by the Troj/Kwoo-A Trojan.55http://www.sophos.com/virusinfo/analyses/trojkwooa.html0
120microsoft uma update0 11MSuma32.exe1 00 27Added by the  RBOT.FS WORM!106http://es0
119windows workstation0 11msup32a.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
123MicrosoftServiceManager0 11msupdat.exe1 00 26Added by the YAHA.AA WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.aa@mm.html0
1 8WinTimer0 12msupdate.cmd1 00 70Hijacker, detected by Kaspersky antivirus as Trojan.Win32.StartPage.tj 01
119Microsoft IT Update0 12msupdate.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116Microsoft Update0 12msupdate.exe1 00 44Added by the Troj/Borobot-I backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojboroboti.html0
125Microsoft Windows Updater0 12msupdate.exe1 00 48Added by the W32/Rbot-BHS worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbhs.html0
116MSConfig Manager0 12msupdate.exe1 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8msupdate0 12msupdate.exe1 00 26Added by the RBOT-MZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmz.html0
1 7Updates0 12msupdate.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
112USB Drivers10 12msupdate.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft Update Service0 12msupdate.pif1 00133Added by the W32/Rbot-AQB worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaqb.html0
122Intec Services Drivers0 15msupdate22e.exe1 00 48Added by the W32/Rbot-CGC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcgc.html0
1 8MSUpdate0 14msupdate24.exe1 00133Added by the W32/Tilebot-H worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tileboth.html0
1 8msupdate0 14msupdate32.dll1 00 43Added by the Troj/Jupdrop-A dropper Trojan.58http://www.sophos.com/virusinfo/analyses/trojjupdropa.html0
119Microsoft Update 320 14MSupdate32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
116msconfig service0 14MSupdate32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
119MS Updating Utility0 13msupdater.exe1 00110The W32/Rbot-XR WORM adds the file, and it will open a backdoor allowing malicious attack over an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxr.html0
1 8MSUpdSrv0 12msupdsrv.exe1 00 44Browser hijacker, redirecting to a porn site 01
1 9msupdates0 10msupdt.exe1 00 26Added by the RBOT-JO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotjo.html0
122Windows Update Checker0 13msupdte32.exe1 00133Added by the W32/Sdbot-AEF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaef.html0
116Microsoft System0 11msupdtm.exe1 00135Added by the W32.Spybot.PKC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.75http://www.sarc.com/avcenter/venc/data/w32.spybot.pkc.html#technicaldetails0
1 5msurl0 11msurl32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
126ms usb 2.0 windows support0 11msusb32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112msuser32.exe0 12msuser32.exe1 00 27Added by the ANDROV TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.androv.html0
125Microsoft Winsock Service0 10msusvc.exe1 00132Added by the W32/Rbot-ANS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotans.html0
1 7MsVBdll0 11MsVBdll.pif1 00 72Added by the W32.Aimdes.A@mm infection!  Found in the Windows directory. 01
1 8msvbvm600 13MSVBVBM60.pif1 00 27Added by the  SCOLD.C WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SCOLD.C&VSect=P0
1 8MSVBVM600 12msvbvm60.pif1 00 12Added by the17W32/Scold-B WORM.0
1 5spool0  8msvc.exe1 00 29Added by the  RANKY.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html0
1 6msvc320 10msvc32.exe1 00 26ClientMan parasite variant42http://doxdesk.com/parasite/ClientMan.html0
1 8MySLScan0 10msvc32.exe1 00 77Added by the W32/Forbot-EH WORM!  File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32forboteh.html0
1 6msvcav0 10msvcav.exe1 00 35Added by the Troj/Agent-ACR Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentacr.html0
1 7msclean0 12msvchost.exe1 00 48Added by the W32/Opanki-T worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32opankit.html0
1 5msvcc0 12msvchost.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.xombe.html0
1 8msvchost0 12msvchost.exe1 00 49Added by the W32/IRCBot-AV worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32ircbotav.html0
210LoadMSvcmm0 12msvcmm32.exe1 00 68Auto-update for Movielink - internet movie rental System Tray access25http://www.movielink.com/0
227Movielink Manager Uninstall0 12msvcmm32.exe1 00  025http://www.movielink.com/0
210LoadMSvcmm0 12msvcmm32.exe111HKEY_LM\Run0118Movielink LLC. - Movielink Manager 3, 0, 0, 192, Movielink LLC. Movielink Manager uninstall and autoupdate application39http://www.absolutestartup.com/startup/1
116Microsoft Office0  9msvcp.exe1 00 54Identified by Kapersky as Trojan-Proxy.Win32.Xorpix.i. 01
1 9objupdate0 11msvcr32.exe1 00 44Added by the Troj/Daemoni-T backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojdaemonit.html0
1 5Iprip0 12msvcr70a.dll1 00 46Added by the Backdoor.Ripiner backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.ripiner.html#technicaldetails0
1 6Ampi320 10msvcrt.exe1 00 49Added by the W32/Tilebot-Q worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32tilebotq.html0
1 9(default)0 10msvcrt.ocx1 00 30Added by the W32/Kamu-A virus.54http://www.sophos.com/virusinfo/analyses/w32kamua.html0
111MsvcService0  9msvcs.exe1 00108Added by the W32/Rbot-RK worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrk.html0
120Registration Service0 10MSVDM6.EXE1 00143Added by the Troj/Sdbot-HE worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbothe.html0
120Microsoft Vertupdate0 12MSvert32.exe1 00133Added by the W32/Mytob-CY worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcy.html0
110.msfupdate0 10msveup.exe1 00 33Added by the  W32.ALLOCUP.A WORM!61http://www.symantec.com/avcenter/venc/data/w32.allocup.a.html0
1 8MsWinVgr0  9msvgr.exe1 00135Added by the W32.Mytob.LE@mm worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.le@mm.html#technicaldetails0
1 7WINTASK0 11msvhost.exe1 00132Added by the W32/Mytob-ARworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobar.html0
135Microsoft Viral Scanning Protection0 11msviral.exe1 00133Added by the W32/Sdbot-CLH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotclh.html0
1 9msvload320 13msvload32.exe1 00133Added by the W32/Rbot-ACI worm.  When started this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaci.html0
133Microsoft Virtual Private Network0 11MSVPN32.exe1 00133Added by the W32/Rbot-AIO worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaio.html0
1 5MSVXD0  9MSVXD.EXE1 00 26Added by the DATOM.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DATOM.A0
1 3msw0  7msw.exe1 00 39Abcsearch.com/DealHelper adware variant 01
112win security0  9msw32.pif1 00 32Added by the  W32/RBOT-AQT WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotaqt.html0
2 7MSLIB320 13mswatch32.exe1 00  0 01
1 6mswave0 10mswave.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 9Mswavedll0 13mswavedll.exe1 00  058http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
125Microsoft Windows Control0 12mswctl32.exe1 00 26Added by the RBOT.JP WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.JP0
3 7MSwheel0 11mswheel.exe1 00128Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features38http://www.microsoft.com/intellipoint/0
113Wind Security0 10mswi32.pif1 00133Added by the W32/Rbot-ARH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotarh.html0
118MS Network Control0  9mswin.exe1 00 26Added by the DUMBA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.dumba.html0
1 5MSWin0  9mswin.exe1 00 53Added by the Troj/Banker-CU password stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbankercu.html0
115ms sys security0  9mswin.pif1 00 26Added by the  W32/Rbot-APJ56http://www.sophos.com/virusinfo/analyses/w32rbotapj.html0
124Microsoft Update Service0 11mswin32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
124microsoft windows 64 bit0 11mswin32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118MS System Security0 11mswin32.pif1 00133Added by the W32/Rbot-AOX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaox.html0
116MS Config Loader0 14MSWin32bck.exe1 00 28Added by the GAOBOT.AA WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.aa.html0
122Remote Procedure Calls0 10mswinc.exe1 00 26Added by the RBOT-IT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotit.html0
1 8Mswincfg0 14Mswincfg32.exe1 00 30Added by the CYBRSPY.D TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBERSPY.D0
111OS Security0 12mswind32.pif1 00132Added by the W32/Rbot-ASU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasu.html0
111DLL Manager0 14mswindll32.exe1 00134Added by the W32/Tilebot-AQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotaq.html0
124Microsoft Driver Manager0 12mswindrv.exe1 00134Added by the W32/Forbot-EZ worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotez.html0
122microsoft host service0 14mswinexect.exe1 00 27Added by the  RBOT.ZU WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZU&VSect=T0
1 6mmxrun0 14mswinindex.exe1 00 27Added by  TwoSeven SPYWARE!77http://securityresponse.symantec.com/avcenter/venc/data/spyware.twoseven.html0
126MICROSOFT WINDOWS SYSTEM 20 11mswinme.exe1 00 49Added by the WORM_MYTOB.OV worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EOV&VSect=T0
123microsoft windows 16bit0 12mswinn16.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
123microsoft windows 32bit0 12mswinn32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110Mswinpid320 14mswinpid32.exe1 00198Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim! 01
122Remote Procedure Calls0 12mswinrpc.exe1 00 26Added by the RBOT.KJ WORM!87http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.KJ0
121Microsoft auto update0 13MSWINS0CK.EXE1 00 49Added by the Troj/SadHound-A IRC backdoor trojan.59http://www.sophos.com/virusinfo/analyses/trojsadhounda.html0
117Microsoft Winsock0 12mswinsck.exe1 00132Added by the W32/Rbot-ANK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotank.html0
117Microsoft Winsock0 13mswinscks.exe1 00132Added by the W32/Rbot-BAE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbae.html0
115Microsoft SDKP30 12mswinsdq.exe1 00145Added by the W32/Rbot-ARY worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotary.html0
1 8MSWinSrv0 12MSWinSrv.exe1 00 26Added by the MTRON TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mtron.html0
110MSWinSrv320 14MSWinSrv32.exe1 00 28Added by the MTRON-B TROJAN!56http://www.sophos.com/virusinfo/analyses/trojmtronb.html0
114Windows Bootup0 12ms-wks32.exe1 00133Added by the W32/Rbot-AFM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotafm.html0
116microsoft updat30 12mswkst32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
016Update for Works0 11MSWkstz.exe1 00 44Maybe related to later versions of MS Works? 01
1 7MSNavWH0 11MSWkwrH.exe1 00 29Added by the W32/Anav-A worm.54http://www.sophos.com/virusinfo/analyses/w32anava.html0
112Microsoft WM0 10mswm32.exe1 00 43Added by the Troj/Bckdr-AM backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbckdram.html0
3 6WmcCds0 12mswmccds.exe1 00203Windows Media Connect (WMC) allows Universal Plug and Play devices to be used by Windows Media Player.  As Universal Plug and Player is considered a security risk, disable this unless you need to use it. 01
1 6msword0 10msword.exe1 00 26Added by the  W32/Rbot-ADR56http://www.sophos.com/virusinfo/analyses/w32rbotadr.html0
119win32 word services0 12msword32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
122Configuration Services0 11mswords.exe1 00129Added by the W32/Sdbot-YM worm.  When started this infection will connect to a remote IRC server where it will wait for commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotym.html0
114mswork service0 10mswork.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
123MS Windows Process Init0 11MSWPI32.exe1 00132Added by the W32/Rbot-ASQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasq.html0
110MS Winsock0 12msws2_32.exe1 00 33Added by the Troj/Akbot-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojakbota.html0
123MS Windows System Alert0 11MSWSA32.exe1 00 48Added by the W32/Rbot-BFN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfn.html0
132microsoft winsocks 32 controller0 12MSWSCK32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8[Random]0 12mswshell.dll1 00 66Added by the W32/Monikey-A/a worm.br /br /Uses CLSID: b[Random]/b.57http://www.sophos.com/virusinfo/analyses/w32monikeya.html0
110[not used]0 12mswshell.exe1 00144Added by the W32.Monikey@mm mass-mailing worm.  This worm attempts to gather information found on your computer.br /br /Uses CLSID: b{Random}/b.75http://www.sarc.com/avcenter/venc/data/w32.monikey@mm.html#technicaldetails0
1 5msxct0  9msxct.exe1 00 71eXact_Advertising (NaviSearch, BargainBuddy, CashBack) adware component62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530725190
127M_S DVD DirectX Dll Drivers0  9msxdl.exe1 00198Added by the W32/Sdbot-BJN. When this infection starts it connects to a remote IRC server where it waits for commands to execute.  This infection also attempt to shut down security related programs.57http://www.sophos.com/virusinfo/analyses/w32sdbotbjn.html0
1 8xpsystem0 11MSXMIDI.EXE1 00 97CoolWebSearch parasite variant, identified by Kaspersky_antivirus as TrojanDropper.Win32.Small.cw53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111XML Service0  9msxml.exe1 00 26Added by the RBOT-HD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothd.html0
121Microsoft XML Service0 10msxmlx.exe1 00 26Added by the RBOT.KS WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KS0
1 6MsXP320 10MsXP32.exe1 00 49Added by the W32/Sdbot-AJU worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaju.html0
115SystrayServices0  9Msxpw.exe1 00 24Added by the CITOR WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.citor.html0
122Microsoft Core Support0 11MSxUP32.exe1 00132Added by the W32/Rbot-ANR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanr.html0
129i am not ranky. i am etunnel!0 13msyervice.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9[unknown]0 12MSYGSY32.EXE1 00 83Added by the W32/Sdbot-VC Backdoor Trojan/WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvc.html0
112Msy Startups0 10msyh32.exe1 00133Added by the W32/Agobot-QC worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotqc.html0
113Msy1 Startups0 10msyj32.exe1 00153Added by the W32/Agobot-QQ WORM, it allows remote control by way of an IRC channel, modification of the HOSTS file and termination of specific processes.57http://www.sophos.com/virusinfo/analyses/w32agobotqq.html0
110msyk32.dll0 10msyk32.dll1 00 96Added by the W32/Feebs-N P2P worm.br /br /Uses CLSID: b{8B69CCCB-C604-019B-649C-DDF64A7948A4}/b.55http://www.sophos.com/virusinfo/analyses/w32feebsn.html0
111COM Service0 10msynvr.com1 00 29Added by the BEASTY.G TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.g.html0
111msys lptt010  8msys.exe1 00179New variant of the  RapidBlaster parasite (in a "Msyss" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113System Backup0 11msystem.exe1 00 21Adult content dialler 01
1 7secboot0 10mszx23.exe1 00 44Added by a variant of the  HAXDOOR.D TROJAN!55http://www.bleepingcomputer.com/forums/topict10501.html0
1 6mT1e300 10mT1e30.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
128MICROSFT RAMA UPDATE SUPPORT0 13mtakthmyn.EXE1 00132Added by the W32/Rbot-AUJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotauj.html0
1 9winreg_320  9mtask.exe1 00 59Added by Troj/Banker-GQ and found the Windows system files.58http://www.sophos.com/virusinfo/analyses/trojbankergq.html0
1 7Default0  9mtask.vbe1 00138ml" target=_blankALLEM mass-mailing worm.  It finds addresses to send to in the Microsoft Outlook address book.  It also spreads via MIRC. 01
1 7MTASKED0 11MTASKED.EXE1 00 29Added by the W32/Shan-A worm.54http://www.sophos.com/virusinfo/analyses/w32shana.html0
2 6mtdacq0 10MtdAcq.exe1 00128Creative_MediaSource "Sound Sniffer",  monitors the drive for new media files then automatically adds them to the media library.40http://www.soundblaster.com/mediasource/0
2 6MtdAcq0 13MtdAcq.exe /s2 00 67Metadata monitor 1.0.0.0, Creative Technology Ltd. Metadata monitor 01
130Microsoft Transfer File Server0  8mtfs.exe1 00 27Added by the RBOT.AFE WORM!103http://ww0
122Microsoft System Init\0 10MTMNR0.EXE1 00153Added by the Troj/SdBot-BB backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotbb.html0
1 6mtoapi0 10mtoapi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Mtr20  8mtr2.exe1 00 36Added by the KRYPTONIC GHOST TROJAN! 01
114WINDOWS SYSTEM0 10mtrnqs.exe1 00136Added by the W32.Mytob.IG@mm worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ig@mm.html#technicaldetails0
126MyTotalSearch Email Plugin0 12mtsoemon.exe1 00 23MyTotalSearchBar adware66http://www.spynet.com/spyware/spyware-My-Total-Search-Toolbar.aspx0
211moodlogictv0  7mtv.exe1 00 35Related to  MoodLogic MP3 mix maker25http://www.moodlogic.com/0
118DDE Control Module0 12mtwirl32.dll1 00102Added by the Trojan.Bookmarker.C Trojan.br /br /Uses CLSID: b{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}/b.80http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.c.html0
112SystemBackup0  7mtx.exe1 00 28Added by the MTX VIRUS/WORM!55http://www.symantec.com/avcenter/venc/data/w95.mtx.html0
3 4MUAL0  8mual.exe1 00 40Millesky video mail updater and launcher 01
2 3MOD0 11muamger.exe1 00150MicroAngelo On Display from Impact Software lets you customize Windows icons. With a few exceptions, you can customize icons by right-clicking on them57http://www.impactsoft.com/muangelo/ondisplay/prodinfo.htm0
319Microangelo Desktop0 10Muamgr.exe1 00227Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start - Programs 01
3 6muamgr0 10muamgr.exe1 00227Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut's text to a color you want. Very useful, if you have a wallpaper. Available via Start - Programs 01
116Microsoft Update0 11muamgrd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
0 5Mufix0  9mufix.exe1 00363Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - what does it do and is it required 01
123Virus Definition Update0  8muie.exe1 00 48Added by the W32/Rbot-BHR worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbhr.html0
1 4mujn0  8mujn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312Multiplicity0 11multipl.exe111HKEY_LM\Run0 68Stardock Multiplicity 1.0a, Stardock.Net, Inc. Stardock Multiplicity39http://www.absolutestartup.com/startup/1
315MultiProg_By_TJ0 22MultiProg.exe minimize211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8multiran0 12multiran.exe1 00 49Added by the Troj/Cosiam-E proxy backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiame.html0
3 8MultiRes0 12MultiRes.exe1 00151MultiRes - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP28http://www.entechtaiwan.com/0
314internodeusage0  7mum.exe1 00 44Australian ISP's free monthly download meter 01
116Microsoft Update0 11Mupdate.exe1 00 26Added by the RBOT-AG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotag.html0
3 4MUPS0  8MUPS.exe1 00 99Lauches the Belkin Bulldog Plus Service - required if you want to access the UPS advanced functions22http://www.belkin.com/0
1 5museb0  9museb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214Music01 Server0 18Music01 Server.exe2 00 82J River a target="_blank" href="http://www.musicex.com/mediajukebox/"Media Jukebox 01
1 9[unknown]0 10musirc.exe1 00151Added by the W32/Sdbot-D backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32sdbotd.html0
1 6musirc0 14musirc4.71.exe1 00 28Added by the  RANDEX.Q WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q0
129MusIRC (irc.music.com) client0 14musirc4.71.exe1 00 27Added by the RANDEX.Q WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.Q0
1 5muuyp0  9muuyp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Rfr0  7Muv.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
120Microsoft Bool Value0  7MV2.exe1 00112Added by a new Rbot variant.  This worm connects to an IRC server on startup where it waits for remote commands. 01
116Microsoft Update0  8mvsc.exe1 00 29Added by the SPYBOT.DAZ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.daz.html0
116Win32 USB Driver0 10mvsecn.exe1 00 28Added by the FORBOT-BK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbk.html0
114WindowsSysBoot0  9mvsql.exe1 00 50Added by the W32/Tilebot-AN worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotan.html0
316mw1helperstartup0 25MW1HEL~1.EXE /partner MW12 00224MagicWaterfall  Screen_Saver The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...68http://www.screenscenes.com/product.html?screensaver=MagicWaterfall.0
316MW1HelperStartUp0 25MW1HEL1.EXE /partner MW12 00 76MW1Helper 1.0.0.8, GAIN Publishing, Inc.. Magic Waterfall Helper Application 01
316mw1helperstartup0 13Mw1helper.exe1 00240ScreenScenes  MagicWaterfall screen saver.  The freeware version comes with  GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...68http://www.screenscenes.com/product.html?screensaver=MagicWaterfall.0
3 8mwavscan0 12mwavscan.com1 00227MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive 01
2 9Copyright0 11mwcpyrt.exe1 00 47Displays copyright information on IBM ThinkPads 01
134Windows Management Instrumentation0  7mwd.exe1 00 24Added by the GRAPS WORM!51https://www.europe.f-secure.com/v-descs/graps.shtml0
118ms_anti_spywarebxp0 11mwfibpx.exe1 00 43Added by the Troj/Surila-J backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojsurilaj.html0
118ms_anti_spywarebxp0 13mwfirebpx.exe1 00 34Added by the Troj/Surila-D Trojan.57http://www.sophos.com/virusinfo/analyses/trojsurilad.html0
115ms_anti_spyware0 14mwfirewall.exe1 00 35Added by the Trojan.Gamqowi Trojan.75http://www.sarc.com/avcenter/venc/data/trojan.gamqowi.html#technicaldetails0
124Sygate Personal Firewall0  8mwin.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
135Config Loader for Microsoft Windows0 13mwincfg32.exe1 00 28Added by the AGOBOT.BD WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BD0
130Microsoft Windows DLL Services0 11mwindll.exe1 00 50The W32/Sdbot-VX WORM/IRC backdoor adds this file.56http://www.sophos.com/virusinfo/analyses/w32sdbotvx.html0
125Windows Update Controller0 12mwoffice.exe1 00131Added by the Troj/Battry-A trojan.  When started, this infection connects to a remote IRC server and waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/trojbattrya.html0
2 8MWProEng0 12MWProEng.exe1 00 76Logitech Mouseware Pro software - only required when using special functions 01
2 6MWSnap0 10MWSnap.exe1 00 61MWSnap - screen capture utility. Start manually when required45http://www.mirekw.com/winfreeware/mwsnap.html0
224MyWebSearch Email Plugin0 12MWSOEMON.EXE1 00  0 01
224MyWebSearch Email Plugin0 12mwsoemon.exe1 00131My Web Search Bar for Internet Explorer, email clients, and messenger clients 2,0,1,0, MyWebSearch.com. My Web Search Plugin Loader 01
224MyWebSearch Email Plugin0 12MWSOEMON.EXE122StartUp menu\All users0130My Web Search Bar for Internet Explorer, email clients, and messenger clients 2,0,1,0, MyWebSearch.com. My Web Search Email Plugin39http://www.absolutestartup.com/startup/1
1 8mwsoemon0 12mwsoemon.exe1 00 21My Web Search malware 01
1 4absr0  9mwsvm.exe1 00 48SeekSeek search hijacker related - as seen  here95http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry345430
1 5Mwsvm0  9mwsvm.exe1 00  0115http://www0
124microsft windows updates0 14mwupdate32.exe1 00 52Added by a variant of the  WIN32.TOXBOT/CODBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=419110
1 4mwuw0  8mwuw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7MxHLp320 11MxHLp32.exe1 00 44Added by a variant of the VAGRNOCKER TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_VAGRNOCK.120
315MXO Auto Loader0 11MXOaldr.exe1 00238Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions 01
3 5mxobg0 11MXOALDR.EXE1 00238Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions 01
315MXO Auto Loader0 11MXOALDR.EXE111HKEY_LM\Run0 91MXO Storage Adapter 6.00.1010.0 , Cypress Semiconductor. Maxtor MXO Auto Loader Application39http://www.absolutestartup.com/startup/1
3 5MXOBG0 11MXOALDR.EXE111HKEY_LM\Run0124Cypress USB Mass Storage Adapter 6.01.1000.0 , Cypress Semiconductor. Cypress USB Mass Storage Driver Background Application39http://www.absolutestartup.com/startup/1
1 8mxoeweug0 12mxoeweug.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118mediaxpservicepack0  9mxpsp.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 8MxRunner0 12MxRunner.exe1 00 56EasyUninstall from Aladdin Systems (formerly by Ontrack)40http://www.aladdinsys.com/easyuninstall/0
1 7DialNet0  9mxt32.exe1 00 21Adult content dialler 01
324SystemSuite Task Manager0 10MXTASK.EXE1 00183vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro40http://www.v-com.com/product/ss_ind.html0
4 6Fix-it0 10mxtask.exe1 00207Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required 01
1 6sdfwfq0 10mxxcva.exe1 00132Added by the W32/Sdbot-QNworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotqn.html0
311My Computer0 11My Computer225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
133Microsoft Synchronization Manager0 10My_Sql.exe1 00121Added by the W32/SdBot-JP worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotjp.html0
419MyCIO Agent Service0 12myagtsvc.exe1 00 35McAfee VirusScan ASaP Agent service60http://www.mcafeeasap.com/content/virusscan_asap/default.asp0
3 8MyAgtTry0 12MyAgtTry.exe1 00123System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications60http://www.mcafeeasap.com/content/virusscan_asap/default.asp0
314myCIO.com ASaP0 12MyAgtTry.exe1 00123System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications60http://www.mcafeeasap.com/content/virusscan_asap/default.asp0
113MyCometCursor0 12MYCOME~1.EXE1 00 19Comet Cursor adware48http://www.doxdesk.com/parasite/CometCursor.html0
116MyDailyHoroscope0 12MYDAIL~1.EXE1 00 26MyDailyHoroscope foistware64http://www.symantec.com/avcenter/venc/data/adware.horoscope.html0
116MyDailyHoroscope0 20MyDailyHoroscope.exe1 00 26MyDailyHoroscope foistware64http://www.symantec.com/avcenter/venc/data/adware.horoscope.html0
212MyFastAccess0 16myfastupdate.exe1 00 30My-Fast-Access toolbar updater 01
1 4load0 10MyGame.exe1 00 28Added by the  W32/LameYear-A58http://www.sophos.com/virusinfo/analyses/w32lameyeara.html0
113Host Services0 10myhost.exe1 00134Added by the W32/Tilebot-AT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotat.html0
3 8myie.exe0  8MyIE.exe1 00 29MyIE2/Maxthon browser related37http://www.myie2.com/html_en/home.htm0
3 8MyIMLite0 15MyIMLite.exe -h211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8my-disgo0 15MyKey disgo.exe2 00 21Related to  disgo_pro45http://www.mydisgo.com/shop/disgo_pro_1GB.php0
115Lucky charms CD0 11mylcuky.exe1 00130Added by the W32/Sdbot-SP worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotsp.html0
418myprivacyindexpath0 18MyPrivacyIndex.exe1 00 24Omniquad  Total_Security34http://www.omniquad.com/tshnew.htm0
1 9Dontworry0 10mysaym.exe1 00130Added by the W32/Sdbot-RC worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrc.html0
126&lt;special characters&gt;0 12myserver.exe1 00 36Added by the Troj/Dropper-BR Trojan.59http://www.sophos.com/virusinfo/analyses/trojdropperbr.html0
4 5MySql0 10mysqld.exe1 00300The open source MySQL database for Windows 95/98/ME.  This can be installed as a standalone product or bundled with other products such as EasyPHP.  May be installed in different directories than the one shown here in this information.  Typically, if this is installed, you should know its installed.20http://www.mysql.org0
4 5MySql0 13mysqld-nt.exe1 00307The open source MySQL database for Windows XP/NT/2000/2003.  This can be installed as a standalone product or bundled with other products such as EasyPHP.  May be installed in different directories than the one shown here in this information.  Typically, if this is installed, you should know its installed.20http://www.mysql.org0
4 5MySql0 14mysqld-opt.exe1 00432The open source MySQL database for Windows 95/98/ME.  Mysqld-opt.exe has been optimized run well on today's processors, but does not contain debugging code or advanced features.Br /Br / This can be installed as a standalone product or bundled with other products such as EasyPHP.  May be installed in different directories than the one shown here in this information.  Typically, if this is installed, you should know its installed.20http://www.mysql.org0
319MytekSystrayExePath0 16MyTekSystray.exe1 00 73MyTek system tray - web site providing computer tech support in Australia24http://www.mytek.com.au/0
110MyVirt.exe0 10MyVirt.exe1 00 29Added by the REMADM-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremadmc.html0
0 6DashIE0  3N/A1 00 57Could be related to "Dash Power Shopping" tool bar in IE? 01
011Datechecker0  3N/A1 00 25Could be related to this? 7#FF00000
012TDockNUndock0  3N/A1 00 59Found on a Toshiba laptop - for use with a docking station? 01
0 8TWarmBay0  3N/A1 00 61Found on a Toshiba laptop. Related to hotswap bay management? 01
0 6TWBbtn0  3N/A1 00 25Found on a Toshiba laptop 01
2 6/l:eng0  3N/A1 00517Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function 01
216ARCSolo Recovery0  3N/A1 00 60Backup software by Computer Associates - no longer supported 01
2 9Batchreg10  3N/A1 00256Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here103http://ww0
2 3DDT0  3N/A1 00  2?? 01
212hpoddt01.exe0  3N/A1 00124Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started 01
2 3IZE0  3N/A1 00  2?? 01
2 8NCClient0  3N/A1 00  2?? 01
2 7Recover0  3N/A1 00258Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete 01
2 7regtmlp0  3N/A1 00  2?? 01
211RTStartMute0  3N/A1 00  0 01
218WaveTop Receiver 10  3N/A1 00156WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win9855http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm0
218WaveTop Receiver 20  3N/A1 00156WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win9855http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm0
222WaveTop Upload Manager0  3N/A1 00156WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win9855http://www.zdnet.com/pcmag/firstlooks/9804/f980406a.htm0
2 6WMBoot0  3N/A1 00 85Associated with Logitech Wingman game controllers.  Not required but what does it do? 01
3 6DashIE0  3N/A1 00 57Could be related to "Dash Power Shopping" tool bar in IE? 01
311Datechecker0  3N/A1 00 25Could be related to this? 7#FF00000
312piiserviceOE0  3N/A1 00124Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE37http://www.giantcompany.com/piOe.aspx0
311RTStartMute0  3N/A1 00  0 01
312TDockNUndock0  3N/A1 00 59Found on a Toshiba laptop - for use with a docking station? 01
312TheMainStart0  3N/A1 00  2?? 01
3 8TWarmBay0  3N/A1 00 61Found on a Toshiba laptop. Related to hotswap bay management? 01
3 6TWBbtn0  3N/A1 00 25Found on a Toshiba laptop 01
11317779Proj20020  3N/A1 00  2?? 01
115DLHelperEXE.exe0  3N/A1 00 62Downloader for Microgaming/Casino software - stealth installed 01
1 4Host0  3N/A1 00 43Added by the POPDIS or STARTPAGE.F TROJANS!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.popdis.html0
112MSupdate.exe0  3N/A1 00 74CoolWebSearch parasite related - resets home page to an adult content site53http://www.spywareinfo.com/~merijn/cwschronicles.html0
113MSupdater.exe0  3N/A1 00 71CoolWebSearch parasite related. Installs the Winshow.dll browser plugin53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9nAv AGENT0  3N/A1 00174Added by the RIOSYS MACRO! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes72http://securityresponse.symantec.com/avcenter/venc/data/w97m.riosys.html0
1 4rvde0  3N/A1 00 23Related to li-speed**** 01
118Windows Update.exe0  3N/A1 00 27Homepage hijacker, see here104http://ww0
112Winlogon.exe0  3N/A1 00 75CoolWebSearch parasite related - resets home page to an adult material site53http://www.spywareinfo.com/~merijn/cwschronicles.html0
4 6HWinst0  3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
4 6IPinst0  3N/A1 00  0 01
4 8LASTinst0  3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
4 8SOFTinst0  3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
4 9UTILsInst0  3N/A1 00179For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out 01
113[random name]0 12n?lookup.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
121Nod3d2 Free antivirus0 12N0D32KRN.EXE1 00 31Added by the W32/Rbot-ABQ worm.56http://www.sophos.com/virusinfo/analyses/w32rbotabq.html0
1 6nsvcin0 13n20050308.exe1 00 37adware, probably  VX2/Look2Me related54http://sarc.com/avcenter/venc/data/adware.look2me.html0
1 7ntechin0 13n20050308.exe1 00 15Unknown adware. 01
1 6tsvcin0 13n20050308.EXE1 00 37adware, probably  VX2/Look2Me related54http://sarc.com/avcenter/venc/data/adware.look2me.html0
115MONPluginSrIvcs0 13n3monap23.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115MSNPluginSrIvcs0 13n3vasap23.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6anbv320 10nabv32.exe1 00 26Added by the TITOG.C WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.c.worm.html0
320Net Activity Diagram0  7nad.exe1 00112Net Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start - Programs58http://www.metaproducts.com/mp/mpProducts_Detail.asp?id=200
2 8NADaemon0 12NADAEMON.EXE1 00218Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required25http://www.netactive.com/0
2 3iCn0  7NAG.EXE1 00112iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist51http://www.rocketdownload.com/Details/Inte/4948.htm0
212Naggerrunkey0 10nagger.exe1 00 40Packard Bell Free Internet Signup screen 01
110[not used]0  8Nail.exe1 00350This infection is a Abetterinternet adware variant.  It is notoriously difficult to remove and is usually bundled with other malware that are hard to remove as well.  One method that we have found that is able to remove this infection and the other malware that are bundled with it is the ewido security suite which you can download and try for free.33http://www.ewido.net/en/download/0
412Naimagent_UI0 12naimag32.exe1 00400Workstation background program for Network Associates’ McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan 01
1 9GoOutside0 10nakedx.exe1 00 49Added by the W32/Sdbot-AGK worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagk.html0
320Application Explorer0 11Naldesk.exe1 00337Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components." 01
427Novell Application Launcher0 12nalntsrv.exe1 00 94Part of the Novell client for Windows.  Found in the C:\Program Files\Novell\ZENworks\ folder. 01
418Application Window0 12NALWIN32.EXE1 00 82Part of Novell's Zenworks.  Found in the C:\Program Files\Novell\ZENworks\ folder. 01
116NAMEDPIPE SYSTEM0 13namedpipe.exe1 00132Added by the W32/Mytob-FH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobfh.html0
1 7nanckwc0 11nanckwc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Ya Salam0 14NancyAjram.exe1 00 46Added by the W32.Jalabed@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.jalabed@mm.html#technicaldetails0
3 8rnaomflt0  9naomf.exe1 00 33Naomi internet filtering software27http://www.radiance.m6.net/0
1 5NAP320  9NAP32.exe1 00 33Premium rate adult content dialer 01
1 7nvpatch0 11napatch.exe1 00 31Added by the W32/Sasser-F worm.56http://www.sophos.com/virusinfo/analyses/w32sasserf.html0
1 4narx0  8narx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
122Network Administration0  7NAS.exe1 00 33Added by the ANTILAM.20.Q TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.antilam.20.q.html0
1 64wd!!!0 10Natal!.pif1 00 29Added by the OPASERV.AI WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AI0
1 5Natal0  9Natal.scr1 00 29Added by the OPASERV.AE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.ae.worm.html0
324Dragon NaturallySpeaking0 19natspeak.exe /Quick225StartUp menu\Current user0 85Dragon NaturallySpeaking 8.00.000.085, ScanSoft. Dragon NaturallySpeaking for Windows39http://www.absolutestartup.com/startup/1
116Microsoft Update0  7NAV.exe1 00 26Added by the RBOT-IV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotiv.html0
110NAV_Update0 14NAV_Update.exe1 00 28Unidentified WORM or TROJAN! 01
1 6System0  9nav32.exe1 00 48Added by the W32/Rbot-BHV worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbhv.html0
119Norton Auto Protect0  8nava.exe1 00 40Added by an unidentified WORM or TROJAN! 01
117Nortan Anti Virus0 10nava32.exe1 00154Added by A href="http://www.sarc.com/avcenter/venc/data/backdoor.ftp_ana.c.html" target="_new"Backdoor.FTP_Ana.C. This infections listens on TCP port 666. 01
121Windows Print Spooler0 14NavAgent32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 6navapp0 10navapp.exe1 00 23NavExcel adware variant45http://www.doxdesk.com/parasite/NavExcel.html0
112autoprotectu0 12navapq32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
122compaq service drivers0 12navapqwa.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
437Norton AntiVirus Auto Protect Service0 12navapsvc.exe1 00205This service is used by Norton Antivirus to run in the background and detect when any files that are infected with malware are stopped from running.  This is an essential service and should not be stopped. 01
122Norton Service Process0 11navapvc.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
4 9NAV Agent0 12navapw32.exe1 00 47Norton Anti-Virus's background scanning process 01
4 8navapw320 12navapw32.exe1 00  0 01
419Norton Auto-Protect0 12navapw32.exe1 00 47Norton Anti-Virus's background scanning process 01
115NAV Auto Update0 17Navautoupdate.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 8Explorer0 12navawp32.exe1 00 44Added by the Troj/Ronoper-B backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojronoperb.html0
214Corel Reminder0 14NAVBROWSER.EXE1 00 94If you don't want to register Corel products and be reminded about it every 2 weeks disable it 01
1 5QTSvc0 10navchk.exe1 00 34Premium rate adult content dialler 01
112schedulermgr0 10navchk.exe1 00 34Premium rate adult material dialer 01
113SystemService0 10navchk.exe1 00  0 01
126System Information Manager0 10Navcpe.exe1 00 27Added by the SDBOT-QB WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqb.html0
118microsoft updating0 12navguard.exe1 00 27Added by the  RBOT.HW WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HW&VSect=P0
3 9Naviscope0 13naviscope.exe1 00188Naviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more21http://naviscope.com/0
214navregreminder0 11NavLoad.ini1 00 59Corel,  HP or ScanSoft registration reminder;  not required 01
4 8NavLogon0 12NavLogon.dll1 00 37Part of the Norton Antivirus product. 01
116Microsoft Update0 11navmgrd.exe1 00 29Added by the SDBOT.DP TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.DP0
1 8navp.exe0  8navp.exe1 00 28Added by the AGOBOT-OE WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotoe.html0
1 7NavPass0 11NavPass.exe1 00 78Free system for gaining access to and downloading from adult content web-sites 01
1 7cpntmgc0 10navpmc.exe1 00 38MagicControl downloader trojan variant49http://www.doxdesk.com/parasite/MagicControl.html0
113nav auto prot0 12navprot1.exe1 00 28Added by the  RBOT.ZAC WORM!90http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.ZAC0
118Norton AutoProtect0 13navprot32.exe1 00135Added by the W32/Rbot-UX worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotux.html0
116NAV Auto Protect0 14navprotect.exe1 00 28437" target=_blankRBOT WORM! 01
1 6AVSTRT0 12navpsrvc.exe1 00233Added by the W32/Forbot-EF worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.  These infections also log keystrokes, so if you are infected you should change all your passwords.57http://www.sophos.com/virusinfo/analyses/w32forbotef.html0
153Symantec Security Routine Addon for Microsoft Windows0 13navpxaw32.exe1 00 30Added by the AGOBOT-GJ TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotqj.html0
116NAV Scan Service0 13NAVSCAN32.EXE1 00 27Added by the SDBOT.VG WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VG0
113NAVSCAN32.EXE0 13NAVSCAN32.exe1 00133Added by the W32/Sdbot-DO worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdo.html0
116NAVSCAN64.EXE /s0 13NAVSCAN64.EXE1 00107Added by the W32/Rbot-T worm.  This infection connects to an IRC server where it waits for remote commands.54http://www.sophos.com/virusinfo/analyses/w32rbott.html0
112NAVSCANNER320 16NAVSCANNER32.EXE1 00 26Added by the RBOT.QC WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.QC0
1 8NvCplDmn0 10NAVSVC.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
128Norton SpySweeper AutoUpdate0  9navsw.exe1 00 28Added by the FORBOT-AS WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotas.html0
120Norton AntiVirus Sys0 12NAVsys32.exe1 00 39Added by a variant of the WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 7NAVtask0 11NAVtask.exe1 00117Added by the W32/Rembot-A backdoor/worm.  This infection connects to an IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rembota.html0
1 7ms unix0 15navupdate64.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116NAV Auto Updates0 15navupdaters.exe1 00 31Added by the  W32/RBOT-UN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotun.html0
116NAV Auto Updates0 15navupdaterx.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114norton updater0 12navupdtr.exe1 00 29Added by the  SDBOT.AXV WORM!109http://de0
110[not used]0 10Navw32.exe1 00 36Added by the Troj/Agent-CG backdoor.57http://www.sophos.com/virusinfo/analyses/trojagentcg.html0
1 9nawadll320 13nawadll32.exe1 00130Added by the W32/Sdbot-ZI worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzi.html0
2 4Cles0  8nawc.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 8nawdll320 12nawdll32.exe1 00132Added by the W32/Sdbot-Z worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzm.html0
110helloworld0 12nb32ext3.exe1 00 28Added by the  MYTOB.JT WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.JT&VSect=P0
3 3NBJ0  7NBJ.exe1 00 85Ahead Nero  BackItUp backup program. Only required for if you have scheduled back-ups43http://www.nero.com/en/631898241464531.html0
3 3NBJ0  7NBJ.exe111HKEY_CU\Run0 91Nero BackItUp Scheduler 1, 2, 0, 27, Ahead Software AG. Nero BackItUp Scheduler Application39http://www.absolutestartup.com/startup/1
3 3NBJ0  7nbj.exe111HKEY_CU\Run0 91Nero BackItUp Scheduler 1, 2, 0, 50, Ahead Software AG. Nero BackItUp Scheduler Application39http://www.absolutestartup.com/startup/1
3 7NbkCtrl0 11NbkCtrl.exe1 00108Scheduling engine of  NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see  here44http://www.no-panic.com/backup/n_backup.html0
325NovaBackup * Tray Control0 11NbkCtrl.exe1 00139Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version number44http://www.no-panic.com/backup/n_backup.html0
015NotebookManager0  7nbm.exe1 00 34Associated with Acer notebook PCs. 01
1 4Ehch0  8nbme.exe1 00 52PurityScan delivers advertisements to your computer.63http://www.sarc.com/avcenter/venc/data/adware.purityscan.b.html0
1 7nbnwapo0 11nbnwapo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9nbsession0 12nbsystem.exe1 00 85Added by Backdoor.DTR. This infection listens on port 10001 awaiting remote commands.56http://www.sarc.com/avcenter/venc/data/backdoor.dtr.html0
114Netbios Helper0 11nbthelp.exe1 00158Added by the W32/Codbot-D WORM!  This infection is installed as a service which is started even in safe mode.  The file is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32codbotd.html0
114netbios helper0 10nbthlp.exe1 00 52Added by the  PWS-BANKER.Y password stealing TROJAN!43http://vil.nai.com/vil/content/v_134470.htm0
117windows update 640 11nbupd64.exe1 00 43Added by a variant of the  W32/FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
010nbustrce1d0 14nbustrce1D.exe1 00 98Device driver, possibly CD-ROM/DVD-ROM related - what exactly is it and is it required in startup? 01
1 7nbvvddh0 11nbvvddh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8ncci.exe0  8ncci.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
2 3NCD0  7ncd.exe1 00136Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path 01
317NetCruiser Dialer0 12NCDialer.exe1 00238NetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"48http://www.netcruiser-software.com/products.html0
3 8NCLaunch0 12NCLAUNCH.EXe1 00 56Northcode NCLaunch 2, 2, 0, 86, Northcode Inc.. NCLaunch 01
3 8NCLAUNCH0 12NCLAUNCH.Exe1 00130Part of SWF Studio from Northcode Inc - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP.54http://www.northcode.com/products/swfstudio/index.html0
224Nokia Connection Monitor0 11NclConf.exe1 00423Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start - Programs - not required 01
224Nokia Connection Monitor0 11NCLConf.exe1 00 85Nokia Connectivity Library 4.0, Nokia Mobile Phones Ltd.. NclConf taskbar application 01
110Srv RPCrom0 15NClienti386.exe1 00 30Added by the WATSOON.A TROJAN!61http://www.symantec.com/avcenter/venc/data/w32.watsoon.a.html0
322Nokia Tray Application0 11NclTray.exe1 00229Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on 01
322Nokia Tray Application0 11NclTray.exe111HKEY_LM\Run0 61Nokia Status Monitor 5, 0, 0, 28, Nokia. Nokia Status Monitor39http://www.absolutestartup.com/startup/1
416NuTCSetupEnviron0 11ncoeenv.exe1 00298Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone52http://www.mkssoftware.com/products/tk/ds_tkedev.asp0
1 7ncppyax0 11ncppyax.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ncquhpn0 11ncquhpn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
438Compuware Distributed Analyzer Service0  7NCS.exe1 00 49Added as part of the Compuware DevPartner Studio.55http://www.compuware.com/products/devpartner/studio.htm0
120Nvidia Control Panel0 11ncsvc32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 6securw0 10Nctrup.exe1 00 12Added by the222W32/Nopir-B WORM, whi0
218Norton Disk Doctor0  9Ndd32.exe1 00251Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -&gt; Programs. Delete the shortcut in the Start -&gt; Programs -&gt; Startup folder as well 01
218Norton Disk Doctor0 12NDD32.EXE /Q2 00 86Norton Utilities for Windows 16.00.0.22, Symantec Corporation. Norton Shared Component 01
3 8NDDEAGNT0 12NDDEAGNT.EXE1 00107WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services 01
120Microsoft PCHealth320 10NDDENB.exe1 00 86Added by the Troj/PWSYahoo-A password-stealing Trojan for the Yahoo Messaging Service.59http://www.sophos.com/virusinfo/analyses/trojpwsyahooa.html0
213Mirabilis ICQ0 11NDetect.exe1 00129If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start - Programs 01
112NDIS Adapter0  8ndis.exe1 00 27Added by the SDBOT.VF WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VF&VSect=T0
123Video Multimedia Driver0 13ndrives32.exe1 00 26Added by the RBOT-DK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdk.html0
1 4NDrv0  8NDrv.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
3 7NDSTray0 11NDSTray.exe1 00354ConfigFreeT Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have 01
311NDSTray.exe0 11NDSTray.exe111HKEY_LM\Run0 72ConfigFree(TM) Tray 1, 1, 4, 0, TOSHIBA CORPORATION. ConfigFree(TM) Tray39http://www.absolutestartup.com/startup/1
123compaq services drivers0  9ndt32.exe1 00 22Added by the  RBOT.CQZ85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CQZ&VSect=T0
114windows system0  7nec.exe1 00 25Added by the  W32/Mytob-L55http://www.sophos.com/virusinfo/analyses/w32mytobl.html0
2 6Necbar0 10Necbar.exe1 00 71Nec Assistant; Ark's Navigator, a graphical interface for NEC computers 01
4 6NECMFK0 10necmfk.exe1 00 28NEC wireless keyboard driver 01
3 8Necutray0 12Necutray.exe1 00 70Driver for external USB storage devices (hard drives, flsh disks, etc) 01
212Price Patrol0  7neo.exe1 00 90Price Patrol by Half.com - internet shopping companion for finding the best on-line prices39http://corp.half.ebay.com/20010612.html0
116mojnpluginsrivcs0 14neomonap23.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
012neqprvfy.exe0 12neqprvfy.exe1 00 90Appears to be related to the downloading of some application - possibly verifying updates? 01
110Ner0 Check0 13ner0check.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119NeroAutoStartClient0 11NeroASM.exe1 00 28Added by the AGOBOT.VG WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VG&VSect=T0
3 9NeroCheck0 13nerocheck.exe1 00 80Associated with "Nero Burning Rom" CD writing software. Checks for driver issues 01
315NeroFilterCheck0 13NeroCheck.exe1 00  0 01
315NeroFilterCheck0 13NeroCheck.exe111HKEY_LM\Run0 72Ahead Software Gmbh NeroCheck 1, 0, 0, 2, Ahead Software Gmbh. NeroCheck39http://www.absolutestartup.com/startup/1
112Nero Checker0 13nerocheck.exe1 00 33Added by the Troj/Proxy-X Trojan.56http://www.sophos.com/virusinfo/analyses/trojproxyx.html0
1 8sheduler0 13nerocheck.exe1 00 38Added by the  WIN32.TACTSLAY.B TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
1 8stubpath0 11nerodll.exe1 00 36Added by the Troj/Bifrose-HY Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifrosehy.html0
110NeroLoader0 14NeroLoader.exe1 00 74Added by the Troj/Bancban-EJ password-stealing Trojan of banking websites.59http://www.sophos.com/virusinfo/analyses/trojbancbanej.html0
110SERV PacK20  8nerx.exe1 00 49Added by the W32/Sdbot-ACP backdoor and IRC worm.57http://www.sophos.com/virusinfo/analyses/w32sdbotacp.html0
126Microsoft Neser Experience0  8nese.exe1 00 30Added by an Rbot WORM variant!55http://www.sophos.com/virusinfo/analyses/w32rbotyh.html0
1 4msdn0  8nese.exe1 00 28Added by the SDBOT.AHY WORM! 01
3 7N2PTray0 12Net2fone.exe1 00 87An Internet telephony application. Needed only if you have an account at Net2Phone, Inc25http://web.net2phone.com/0
229Net4India Broadband Connector0 15Net4Connect.exe122StartUp menu\All users0119Net4India Broadband Connector Application 1, 0, 0, 6, Net4India Limited.. Net4India Broadband Connector MFC Application39http://www.absolutestartup.com/startup/1
118Microsft Update 320  8neta.exe1 00132Added by the W32/Rbot-AMI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotami.html0
314NetAccelerator0 12NetAccel.exe1 00254NetAccelerator is a &quot;software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance30http://www.netaccelerator.net/0
315Net Accelerator0 18NetAccelerator.exe1 00215Rizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance29http://www.rizalsoftware.com/0
1 7NetAdm70 11NETADM7.EXE1 00 29Added by the BANCOS.F TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.f.html0
1 7Inetapi0 10Netapi.exe1 00 32Added by the NETDEVIL.14 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.140
1 6Netapi0 10Netapi.exe1 00 32Added by the NETDEVIL.14 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.140
124microsoft system checkup0 12netapi32.exe1 00 30Added by the  W32/DONK-E WORM!54http://www.sophos.com/virusinfo/analyses/w32donke.html0
1 8netapi320 12netapi32.exe1 00 32Added by an unidentified TROJAN! 01
1 8system320 11NeT-BoT.exe1 00 28Added by the AGOBOT-LJ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotlj.html0
113NetBTD(ntbtd)0 10netbtd.exe1 00 49Added by the W32/Sdbot-BLW worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotblw.html0
1 9Intelli2k0 10netbug.vbs1 00 39Added by the VBS/VBuggy-A networm worm.56http://www.sophos.com/virusinfo/analyses/vbsvbuggya.html0
212Netline User0 10netchk.exe1 00169Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example 01
114Network Client0 11netclnt.exe1 00 35Added by the Trojan.Boxed.A Trojan.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.a.html#technicaldetails0
116Windows Networks0 10netcog.exe1 00137Added by the W32.Mytob.IA@mm  worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ia@mm.html#technicaldetails0
1 9netconf320 13netconf32.exe1 00 50Added by the W32/Tilebot-BN worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotbn.html0
1 9netconfig0 13netconfig.exe1 00 28Added by the NETCONF TROJAN!60http://www.pestpatrol.com/PestInfo/n/netware_trojan_v1_0.asp0
121Networks Configurator0 12NetConfs.exe1 00 26Added by the RBOT-OX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotox.html0
134Microsoft Network Daemon for Win320 10Netd32.exe1 00 28Added by the SDBOT.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.r.html0
133MicrosoftNetwork Daemon for Win320 10NETD32.EXE1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
113MS_NETD_WIN320 10netd32.EXE1 00  073http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
1 6load320  9netda.exe1 00 27Added by the NIBU.E TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.e.html0
1 9netdaemon0 12netdaemon /v2 00141Malware designed to "kill" a number of antispyware applications (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more) 01
1 7xload320  9netdd.exe1 00 27Added by the NETSPY TROJAN!54http://www.pestpatrol.com/pestinfo/n/netspy__dk32_.asp0
118Network DDE Client0 14netddeclnt.exe1 00 55Added by the W32/Codbot-M worm and IRC backdoor trojan.56http://www.sophos.com/virusinfo/analyses/w32codbotm.html0
113NetDDE Server0 13netddesrv.exe1 00142Added by the W32/Codbot-Y worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32codboty.html0
2 6Iusage0 10netdet.exe1 00 91Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up48http://members.tripod.com/gauravdhup0/iumos.html0
321NetWork Device Switch0 12NetDevSW.exe1 00280Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary 01
321Network Device Switch0 12netdevsw.exe122StartUp menu\All users0 54toshiba DME netdevsw 2, 0, 0, 3, toshiba DME. netdevsw39http://www.absolutestartup.com/startup/1
1 8netdll320 12netdll32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 8netdllex0 12netdllex.Exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
111Network DRV0 11netdrvr.exe1 00 50Added by the W32/Tilebot-CO worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotco.html0
111NETFP32.EXE0 11NETFP32.EXE1 00 29Added by the AGENT.CD TROJAN! 01
011netfxupdate0 15netfxupdate.exe1 00 92Would appear to be a valid Microsoft .NET file (see here) but  this suggest's it's a trojan? 7#FF00000
021NetFxUpdate_v1.0.37050 15netfxupdate.exe1 00  0 7#FF00000
021NetFxUpdate_v1.1.43220 15netfxupdate.exe1 00 69Part of the Microsoft .Net Framework.  Unsure if its required to run. 01
311netfxupdate0 15netfxupdate.exe1 00 92Would appear to be a valid Microsoft .NET file (see here) but  this suggest's it's a trojan? 7#FF00000
312AS01_Netgear0 19NetgearAG.exe -hide211HKEY_LM\Run0 66NetgearRev Application 2, 12, 17, 3,  . NetgearRev MFC Application39http://www.absolutestartup.com/startup/1
3 8NetGuard0 12NetGuard.exe1 00 78FBM Software ZeroSpyware 2004 spyware detector and remover - real time monitor 01
128Windows System Configuration0 10nether.exe1 00134Added by the W32/Opanki-AB worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32opankiab.html0
1 9ASDPLUGIN0 15Netherlands.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 7NETINFO0 11netinfo.exe1 00 32Added by the W32/Tilebot-J worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotj.html0
111SystemMap320 12Netisp32.vbs1 00 27Added by the REDIST.C WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html0
110NetworkKey0 10netkey.exe1 00134Added by the Troj/IRCBot-AJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/trojircbotaj.html0
121Net Functions Library0 10netlib.exe1 00 43Added by the Troj/Crater-A backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojcratera.html0
310Netlimiter0 14Netlimiter.exe1 00344Netlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."26http://www.netlimiter.com/0
210NetLimiter0 17NetLimiter.exe /s211HKEY_LM\Run0 46LockTime NetLimiter 1.29, LockTime. NetLimiter39http://www.absolutestartup.com/startup/1
310NetLimiter0 17NetLimiter.exe /s2 00 46LockTime NetLimiter 1.29, LockTime. NetLimiter 01
1 7NetLink0 13netlink32.exe1 00 28Added by the GAOBOT.WO WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wo.html0
1 8NetLogon0 12netlogin.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
124Microsoft System Checkup0 14netlogin32.exe1 00142Added by the W32/SdBot-GN worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgn.html0
1 7WinIgon0 12netlogon.exe1 00 42Added by the Backdoor.Armageddon backdoor.63http://www.sarc.com/avcenter/venc/data/backdoor.armageddon.html0
2 71CmailS0 11NETMAIL.EXE1 00  2?? 01
3 9Net.Medic0 12netMedic.exe122StartUp menu\All users0 66VitalSigns Net.Medic 1.2.2.1, VitalSigns Software, Inc.. Net.Medic39http://www.absolutestartup.com/startup/1
137Microsoft NetMeeting Associates, Inc.0 14NetMeeting.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 8NetMeter0 12NetMeter.exe1 00409NetRatings software by Opistat . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
124Net Functions Monitoring0 10Netmon.exe1 00 48Added by the W32/Codbot-R worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotr.html0
1 6NetMon0 10netmon.exe1 00 27Added by the MIMAIL.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.m@mm.html0
126Network Monitoring Service0 10NETMON.EXE1 00 35Added by the W32/Codbot-A backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbota.html0
1 7NETMONW0 11NETMONW.EXE1 00143The Troj/Bdoor-FX TROJAN adds this, then automatically contacts a particular URL in order to download an additional file with further commands.57http://www.sophos.com/virusinfo/analyses/trojbdoorfx.html0
3 6netmsg0 10netmsg.exe1 00207Net_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well33http://users.pandora.be/Grrrippp/0
111netpc32.exe0 11netpc32.exe1 00 48Malware, probably CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
2 9NetPerSec0 13NetPerSec.exe1 00 68NetPerSec - measures the real-time speed of your Internet connection48http://www.pcmag.com/article2/0,4149,1735,00.asp0
118NetBIOS Protection0  9netpt.sys1 00 61Identified as not-a-virus:Monitor.Win32.NetMon.a by Kapersky. 01
2 9NetPumper0 20NetPumperIEProxy.exe1 00 72NetPumper download manager - bundles Cydoor and SaveNow adware, see here25http://www.netpumper.com/0
115Help Temp Files0 10netreg.exe1 00151Added by a network worm with backdoor functionality, W32/Forbot-EJ  copies itself to the Windows system folder as netreg.exe and sets registry entries.57http://www.sophos.com/virusinfo/analyses/w32forbotej.html0
125Netropa Internet Receiver0 11Netropa.exe1 00105Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware 01
3 6NetRun0 10NetRun.exe1 00144NetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost33http://www.czarsoft.shorturl.com/0
1 5arsch0  8nets.exe1 00 12Added by the55W32/Forbot-EL, it's displayname is "Indexing Provider".0
218Netscape Messenger0 12NETSCAPE.EXE1 00456In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed 01
133Microsoft Synchronization Manager0 12netscape.exe1 00 28Added by the RANDEX.AE WORM!97http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RANDEX.AE0
320Mozilla Quick Launch0 17Netscp.exe -turbo211HKEY_CU\Run0 40Mozilla 7.1, Mozilla, Netscape. Netscape39http://www.absolutestartup.com/startup/1
220Mozilla Quick Launch0 11Netscp6.exe1 00 31Netscape 6 and Mozilla browsers 01
2 7Netscp60 11Netscp6.exe1 00 10Netscape 6 01
113NetSendServer0 11NetSend.exe1 00 45Added by the Troj/Hupigon-DQ backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigondq.html0
118Messenger Protocol0 13netsender.exe1 00133Added by the W32/Sdbot-ACC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacc.html0
113SystemNetwork0 11NETSERV.EXE1 00 30Added by the NETCONTROL VIRUS! 01
118Networks Controler0 10Netsis.exe1 00 26Added by the RBOT-NG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotng.html0
110[not used]0 12netsrv16.dll1 00 42Added by the Troj/Riler-O backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojrilero.html0
114SynUSB Manager0 12netsrv16.dll1 00  056http://www.sophos.com/virusinfo/analyses/trojrilero.html0
1 5nstat0 11netstat.exe1 00 21Adult content dialler 01
117IPv6 STUN Service0 11netstun.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
214Optimum Online0 11Netsurf.exe1 00 90Optimum Online ISP software. Not required, just window dressing & advertising from Optimum98http://www.optimumonline.com/index.jhtml;jsessionid=5LMI3XSXKRAYYCQLARQCF3QKBMCGCI5G?pageType=what0
1 7netsv320 11netsv32.exe1 00 27Added by the SDBOT-PX WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpx.html0
117Internet Services0 10Netsvc.exe1 00133Added by the WORM_MYTOB.NH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ENH&VSect=T0
123Network Service Manager0 10netsvc.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
120Windows .Net Manager0 10netsvc.exe1 00 36Added by the Troj/Dloader-NY trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderny.html0
113Video Process0 11netsvcs.exe1 00 28Added by the AGOBOT.LH WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LH0
1 9NetSTrSvc0 11netsvcs.sys1 00 36Added by the Troj/HacDef-AM rootkit.58http://www.sophos.com/virusinfo/analyses/trojhacdefam.html0
1 8winsock20 10netsvr.exe1 00 28Added by the AGOBOT.LY WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.LY&VSect=T0
1 5rsync0 11netsync.exe1 00 66Pops-stop.com parasite,  a IEPageHelper/SafeSurfing adware variant 01
421NettGain2000 Verifier0 25NettGain2000 Verifier.exe2 00108Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed. 01
3 7NetTime0 11NETTIME.EXE1 00276From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP." 01
3 8NetTurbo0 12netturbo.exe1 00154NetTurbo from SharewareOnline.com. &quot;Accelerate Your Internet Connections by up to 600%&quot;. If you find it helps your connectivity leave it enabled24http://www.netturbo.com/0
110NetWatch320 12netwatch.exe1 00 27Added by the MIMAIL.C WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html0
314AirCardEnabler0 27Network Adapter Manager.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119Microsoft Update 320 11network.exe1 00133Added by the W32/Rbot-AQE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaqe.html0
112Drivers 20050 13Network32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113NetworkClient0 17NetworkClient.exe1 00 24Added by the LEMUR WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lemur.html0
116windows services0 19NetworkDriver32.exe1 00 30Added by an unidentified WORM! 01
116Windows Services0 18NetworkDrivers.exe1 00132Added by the W32/Sdbot-YO worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotyo.html0
117microsoft network0 17Networksystem.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
115microsoft xpsp20 17Networksystem.exe1 00  043http://vil.nai.com/vil/content/v_100454.htm0
138{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}0 11netwrap.dll1 00227Added by a rogue antispyware program who's affiliates install files that replaces the Windows wallpaper with a fake virus alert message and issues fake virus alerts.br /br /Uses CLSID: b{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}/b. 01
1 6WinSig0  9NetXP.exe1 00 30Added by the BANKER-FN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerfn.html0
121NeuroMedia(IESpeaker)0 14NeuroMedia.exe1 00201Part of an older freeware version of  IESpeaker - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available24http://www.iespeaker.com0
116Nevwoek conectin0 11Nevwoek.exe1 00 35Added by the Troj/GrayBrd-V Trojan.58http://www.sophos.com/virusinfo/analyses/trojgraybrdv.html0
224New Wordpad Document.doc0 24New Wordpad Document.doc225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
318VersionTracker Pro0 61New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe /hide2 00 73InstallShield Developer 10.0, InstallShield Software Corp.. InstallShield 01
318VersionTracker Pro0 61New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe /hide222StartUp menu\All users0 73InstallShield Developer 10.0, InstallShield Software Corp.. InstallShield39http://www.absolutestartup.com/startup/1
115[Various Names]0  9new32.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 800saskda0 19newadmin.exe saskda211HKEY_LM\Run0 14Security agent55www.windowsbbs.com/showthread. php?t=31626&page=5&pp=150
115[Various Names]0 12newbreed.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
144Microsoft Windows DLL Services Configuration0 10newdll.exe1 00128Added by the W32/Sdbot-ZR worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzr.html0
144Microsoft Windows DLL Services Configuration0 11newdll2.exe1 00134Added by the W32/Sdbot-ABD worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotabd.html0
215New.net Startup0 29NEWDOT~1.DLL,NewDotNetStartup111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215New.net Startup0 37newdotnet6_38.dll,NewDotNetStartup -s211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7newname0 12newname2.exe1 00 36Added by the Troj/Drsmartl-V Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartlv.html0
1 7newname0 12newname4.exe1 00 36Added by the Troj/Drsmartl-V Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartlv.html0
1 9popuppers0 12newpop63.exe1 00 24Popuppers adware variant77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
2 8Newsalrt0 12NEWSALRT.EXE1 00 55MSNBC News system tray utility to alert you to new news 01
111supernews120 11newsd32.exe1 00 42A TROJAN/downloader variant adds the file.59http://www.sophos.com/virusinfo/analyses/trojdloaderjn.html0
220MySoftware NewsFlash0 12Newsflsh.exe1 00104A program that runs in your task bar and receives alerts and release information on MySoftware products. 01
320MySoftware NewsFlash0 12Newsflsh.exe122StartUp menu\All users0 60MySoftware Newsflash 1, 0, 0, 6, MySoftware, Inc.. Newsflash39http://www.absolutestartup.com/startup/1
116Newsgroup lptt010 13newsgroup.exe1 00188Variant of the  RapidBlaster parasite (in a &quot;newsgroup&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
116Newsgroup ml097e0 13newsgroup.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
326cloudmark safetybar for oe0 49NewShortcut1_CBD0163A316348DD96BF172708A867DA.exe122StartUp menu\All users0 73InstallShield Developer 8.01, InstallShield Software Corp.. InstallShield39http://www.absolutestartup.com/startup/1
2 7NewsUpd0 11newsupd.exe1 00149For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start - Programs. Also spyware - see here.27http://cexx.org/newsupd.htm0
114NewtonKnowsUpd0 36NewtKnow.exe ...NewtnUpd.dll, runkey2 00 19NewtonKnow hijacker48http://www.doxdesk.com/parasite/NewtonKnows.html0
1 7nfctayr0 11nfctayr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Nfpt Microsoft Config0 12nfdtrknm.exe1 00124Added by Rbot variant. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. 01
1 5ngbyh0  9ngbyh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8NGClient0 11ngctw32.exe1 00130Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually 01
113Postfix patch0 10ngfqes.exe1 00153Added by the Troj/Sdbot-BX backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotbx.html0
1 4ngkk0  8ngkk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ngpw360 10ngpw36.exe1 00 24AdBlaster adware variant 01
2 8NGServer0 12ngserver.exe1 00 37Symantec/Norton Ghost Console service 01
1 7ngtwiaf0 11ngtwiaf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ngyinvr0 11ngyinvr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8nheefabi0 12nheefabi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
218Netropa NHK Server0 10Nhksrv.exe1 00143This program is installed by certain Dell and Compaq computers.  It is used to disable any configured hotkeys while the screensaver is running. 01
114Windows System0  9nibie.exe1 00137Added by the W32.Mytob.FO@mm worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.fo@mm.html#technicaldetails0
1 8netmeter0 17NielsenOnline.exe1 00 76Appears to have possible Malware functions, for more information  Click_Here50http://www.file.net/process/nielsenonline.exe.html0
3 9CostAware0 12niIPCApp.exe1 00 54NetInternals CostAware - download quota measuring tool48http://www.netinternals.com/default.htm?products0
1 7nikLaus0 11nikLaus.exe1 00 25Added by the NIKLAS WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.niklas.html0
215Net-It Launcher0 12NILaunch.exe1 00 32Net-It - web publishing software22http://www.net-it.com/0
114WINDOWS SYSTEM0 11ninfoie.exe1 00150Added by the W32.Mytob.EE@mm mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ee@mm.html#technicaldetails0
2 5NInit0  9NInit.exe1 00157Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start - Programs for manual logging - not required 01
4 7nisserv0 11NISSERV.EXE1 00 24Norton Personal Firewall 01
4 5Nisum0  9NISUM.EXE1 00 24Norton Personal Firewall 01
3 8nisvcloc0 12niSvcLoc.exe1 00 46Related to National Instruments Corp.  LabView26http://www.ni.com/labview/0
1 4irfk0 11NITEAIM.EXE1 00 49Added by the W32/Sdbot-AEJ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaej.html0
1 4NITE0 11niteaim.exe1 00 54Added by the W32.Opanki.C AIM worm and IRC downloader.73http://www.sarc.com/avcenter/venc/data/w32.opanki.c.html#technicaldetails0
1 7WinNite0 11niteaim.exe1 00 40Added by the W32.Opanki.B backdoor/worm.73http://www.sarc.com/avcenter/venc/data/w32.opanki.b.html#technicaldetails0
1 3NIW0  7NIW.exe1 00 33Added by the Troj/Lewor-U Trojan.56http://www.sophos.com/virusinfo/analyses/trojleworu.html0
115Access Protocol0 11nixfver.exe1 00 37Added by the BKDR_PPDOOR.AS backdoor.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FPPDOOR%2EAS&VSect=T0
1 5NJG400  9NJG40.EXE1 00 29Added by the BANCOS.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.d.html0
112Boot Manager0  9Njgal.exe1 00 25Added by the KILO TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.kilo.html0
1 7njhhvbb0 11njhhvbb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121MSN Service Utilities0  7nkn.exe1 00 46Added by the W32/Kelvir-BC MSN Messenger worm.57http://www.sophos.com/virusinfo/analyses/w32kelvirbc.html0
3 7version0  9nkpje.exe111HKEY_LM\Run0 57version Application 1, 0, 0, 1, . version MFC Application39http://www.absolutestartup.com/startup/1
121nvidia control daemon0 11nksvc32.exe1 00 33Added by the  W32/AGOBOT-OV WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotov.html0
210NkvMon.exe0 10NkvMon.exe1 00 67Nikon View 5 - for transferring pictures from Nikon digital cameras 01
210NkvMon.exe0 10NkvMon.exe122StartUp menu\All users0 52Nikon Monitor 6, 0, Nikon Corporation. Nikon Monitor39http://www.absolutestartup.com/startup/1
211NkVwMon.exe0 11NkVwMon.exe1 00 65Nikon View - for transferring pictures from Nikon digital cameras 01
1 7wFsR35U0 10nlhoin.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5nljim0  9nljim.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5nlrin0  9nlrin.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110NaviSearch0  7nls.exe1 00 37NaviSearch, eXact Advertising variant84http://www.giantcompany.com/antispyware/research/spyware/spyware-NaviSearch-404.aspx0
110NaviSearch0  7nls.exe111HKEY_LM\Run0 59NAVISearch Module 1, 0, 0, 5, eXact Advertising. NLS Module39http://www.absolutestartup.com/startup/1
111NLS Monitor0 10nlsmon.exe1 00132Added by the W32/Rbot-AXJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxj.html0
1 3ujm0  8nm32.exe1 00194Added by the Troj/Iyus-K password stealing trojan.  This infection steals usernames and passwords and sends them to the creator.  If you have this infection you should change all your passwords.55http://www.sophos.com/virusinfo/analyses/trojiyusk.html0
114microsof value0  9nmatt.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
348bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}0 15NMBgMonitor.exe1 00 21Related to  Nero_Home34http://ww2.nero.com/enu/index.html0
315netmanageimport0 12nmcpdata.exe1 00 35NetManage business software related37http://www.ftp.com/products/index.asp0
115[Various Names]0 10nmdllw.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5_Cat10  9nmmst.exe1 00 34Added by the TROJ_SMALL.SD trojan!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.SD&VSect=Sn0
125Network Trafic Monitoring0 11nmntrng.exe1 00 30Added by the W32/Nanpy-O worm.55http://www.sophos.com/virusinfo/analyses/w32nanpyo.html0
127System Document Application0  8nmod.exe1 00 28Added by the SDBOT-ABB WORM!57http://www.sophos.com/virusinfo/analyses/w32sdbotabb.html0
125Microsoft Software Update0  8nmon.exe1 00 26Added by the RBOT.HZ WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.HZ0
1 5nmpvr0  9nmpvr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Windows driver update0 12nmsmtp32.exe1 00121Added by the W32/Sdbot-JT worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotjt.html0
0 6NMSSvc0 10NMSSVC.EXE1 00 79NIC Management Service - diagnostics program for Intel Pro family network cards 01
1 5_cat20  9nmstt.exe1 00 46Added by the  TROJ/SMALL-DT downloader TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmalldt.html0
4 5NMSVC0  9nmSvc.exe1 00251Covenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it37http://www.covenanteyes.com/about.php0
016nMTaskBarService0  9nMtsk.exe1 00137Taskbar control for ISDN NetMod modem. Sorry, I dont know whether or not it is required.  Unknown if this is a required item for startup. 01
1 9Remove me0 15nmzbxdnzjsa.exe1 00 99Added by the Troj/Sdbot-SZ TROJAN/IRC backdoor to allow malicious access & control of the computer.57http://www.sophos.com/virusinfo/analyses/trojsdbotsz.html0
223Norton Navigator Loader0 12nnloader.exe1 00 83An older Norton utility for file management under Windows 95. More information here58http://www.mg.co.za/mg/pc/history/dec10-nortnavigator.html0
1 5nnmgr0  9nnmgr.exe1 00 45Added by the Adware.FFToolBar adware toolbar.60http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html0
1 4nnod0  8nnod.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7nnqcouu0 11nnqcouu.exe1 00 22The Abi Network adware58http://www.geekstogo.com/forum/The_ABI_Network-t42642.html0
215NeroNETTrayIcon0 17NNServiceCtrl.exe1 00161System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network43http://www.nero.com/us/631898255953125.html0
3 5NNSvc0  9nnsvc.exe1 00 24NetNanny internet filter53http://www.netnanny.com/products/netnanny5/index.html0
3 5NoAds0  9NoAds.exe1 00 49Blocks advertisement banners in Internet Explorer 01
3 8noadware0  8NoAdware1 00158NoAdware Adware/Spyware remover - initially considerered a "rogue"  program - see  here .  The latest version has since apparently mended its ways:  see  note 5rogue0
2 8NoAdware0 12NoAdware.exe1 00 63Adware/spyware remover - not particularly recommended, see here51http://www.adwarereport.com/mt/archives/000023.html0
3 9noadware30  9NoAdware31 00139NoAdware Adware/Spyware remover - initially considerered a "rogue"  program - see  here .  Has since apparently mended its ways:  see  note 5rogue0
3 9noadware30 13NoAdware3.exe1 00133NoAdware Adware/Spyware remover - initially considerered a "rogue" program - see here. Has since apparently mended its ways: see note 5rogue0
3 9noadware40 13NoAdware4.exe1 00136NoAdware Adware/Spyware remover - initially considerered a "rogue" program - see  here . Has since apparently mended its ways: see  note 5rogue0
3 7Nod32CC0 11nod32cc.exe1 00139Control Center part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button34http://www.nod32.com/home/home.htm0
120Nod32 Free antivirus0 12nod32krn.exe1 00 12Added by the38W32/Rbot-AAO WORM/IRC backdoor trogan!0
411NOD32kernel0 12Nod32krn.exe1 00 25Nod32 Antivirus Version 234http://www.nod32.com/home/home.htm0
4 8nod32kui0 12nod32kui.exe1 00 25Nod32 Antivirus Version 234http://www.nod32.com/home/home.htm0
4 8nod32kui0 25nod32kui.exe /WAITSERVICE2 00 66NOD32 Antivirus System 2, 50, 41 , Eset . NOD32 Control Center GUI 01
3 9NodeMnger0 12Nodemngr.exe1 00 96Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon? 01
1 8NTsocket0 12NoeWinnt.exe1 00 28Added by the ATAKA-E TROJAN!56http://www.sophos.com/virusinfo/analyses/trojatakae.html0
2 9NomdCheck0 12nomdchek.exe1 00 28Part of Intel's Native Audio 01
3 7nomtray0 11nomtray.exe1 00 91System Tray access to NetMotion Wireless options - including connectivity status (see here)59http://www.netmotionwireless.com/support/technotes/2140.asp0
1 6nldr320 10NonYou.exe1 00 34Added by the W32/Saros-A P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sarosa.html0
115[Various Names]0  9NopeZ.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114Bron-Spizaetus0 11norBtok.exe1 00 50Added by the W32.Rontokbro.B@mm mass-mailing worm.79http://www.sarc.com/avcenter/venc/data/w32.rontokbro.b@mm.html#technicaldetails0
115NortE Antivirus0  9norte.exe1 00133Added by the W32/Rbot-AFE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotafe.html0
115NortE Antivirus0 10norten.exe1 00132Added by the W32/Rbot-AFFworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaff.html0
124norten Software Intrenet0 10norten.pif1 00132Added by the W32/Rbot-AWA worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawa.html0
110protection0 28Norton Internet Security.exe2 00 33Added by the  W32.ELITPER.E WORM!64http://www.symantec.com/avcenter/venc/data/w32.elitper.e@mm.html0
1 4Wxp40 17Norton Update.exe2 00 26Added by the ERKEZ.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.d@mm.html0
1 6norton0 10norton.exe1 00 43Added by the W32/Ahker-D mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32ahkerd.html0
1 8NortonAV0 20norton_antivirus.exe1 00 81Added by the NETJOE TROJAN! Note - this is not the legitimate Symantec AV program76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netjoe.html0
114ms unix binary0 20Norton2005Update.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8norton320 12norton32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
116Norton Antivirus0 12nortonav.exe1 00132Added by the W32/Rbot-AYE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaye.html0
110Windows Xp0 15nortonguard.exe1 00132Added by the W32/Mytob-DZ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobdz.html0
116Mcafee Anti Scan0 13NortonScn.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119Norton Swap Cleaner0 14nortonswap.exe1 00143Added by the W32/Rbot-MH trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotmh.html0
114Norton Updater0 16NortonUpdate.exe1 00 40Added by an unidentified WORM or TROJAN! 01
112IE Processes0 10nosc32.exe1 00152Added by the W32/SdBot-CN backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotcn.html0
315Loadout Manager0 11nost_LM.exe1 00 72Manager for the Belkin Nostromo n50 SpeedPad game controller - see  here82http://catalog.belkin.com/IWCatProductPage.process?Merchant_Id=1&Product_Id=1077270
2 5notes0 12notepaad.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
1 5notes0 12notepaad.exe1 00 28Added by the  RBOT.BME WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BME&VSect=P0
1 9(Default)0 11NOTEPAD.exe1 00 95Added by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor72http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html0
117microsoft notepad0 11notepad.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114Notepad lptt010 11notepad.exe1 00256Variant of the  RapidBlaster parasite (in a &quot;nvd32&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not Windows Notepad which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Notepad ml097e0 11notepad.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
124windows autostart loader0 13notepad32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Configuration Loader0 12NOTEPADE.EXE1 00142Added by the W32/SdBot-GD worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgd.html0
1 5notes0  9notes.exe1 00165Added by a variant of the Rbot worm.  This worm, when started, connects to IRC servers where it sits in a desginated channel waiting for commands from a remote user. 01
215Lotus Notes 6.50 12notes.exe ""225StartUp menu\Current user0 68IBM Lotus Notes/Domino 6.0.40.4139, IBM Corp. IBM Lotus Notes/Domino39http://www.absolutestartup.com/startup/1
110[not used]0 10Notify.exe1 00 30Added by Backdoor.Armageddon.B65http://www.sarc.com/avcenter/venc/data/backdoor.armageddon.b.html0
120Notification Utility0 10notify.exe1 00 35Added by the Trojan.Muvipaz Trojan.75http://www.sarc.com/avcenter/venc/data/trojan.muvipaz.html#technicaldetails0
314Notmad Manager0 10notmgr.exe1 00117Notmad Manager is used to integrate your Creative Labs Nomad MP3 player into Windows Explorer and other applications.39http://www.redchairsoftware.com/notmad/0
1 8system230 10notPad.exe1 00 31Added by the  ESTEEMS.D TROJAN!64http://www.symantec.com/avcenter/venc/data/trojan.esteems.d.html0
212Disable EHCI0 11nousb20.exe1 00  0 01
238operations typhoon rising registration0  8NOVG.EXE1 00 38Joint_Operations registration reminder50http://www.gamespot.com/pc/action/jointoperations/0
3 3Hti0  9npdor.exe1 00156Appears in startup if you have chosen to participate in on survey by  NPD Online Research. Required for the survey to work correctly. Otherwise not required21http://www.npdor.com/0
311NFM Service0 11NPDOR9x.exe1 00156Appears in startup if you have chosen to participate in on survey by  NPD Online Research. Required for the survey to work correctly. Otherwise not required21http://www.npdor.com/0
310NPFMonitor0 12NPFMntor.exe1 00 42Norton AntiVirus Firewall Install Monitor. 01
123GLF Network Lan Monitor0 12NPFMNTOR.exe1 00133Added by the W32/Rbot-AGY worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagy.html0
1 9npf value0 12NPFMONTR.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9NPF Value0 14NPFMONTR32.exe1 00 48Added by the W32/Rbot-BBC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbc.html0
124Norton Personal Firewall0  8npfw.exe1 00136Added by the W32/Rbot-UI worm.  This infection also has backdoor capabilities via IRC servers, keystroke logging, and cd key harvesting.55http://www.sophos.com/virusinfo/analyses/w32rbotui.html0
124Norton Personal Firewall0 10npfw32.exe1 00 31Added by the  W32/RBOT-UQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotuq.html0
1 8npkkfktq0 12npkkfktq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
124Norton Personal Firewall0 10npmsys.exe1 00237Added by the W32/Rbot-ALO trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection also attempts to terminate known AV software so that it remains undetected.56http://www.sophos.com/virusinfo/analyses/w32rbotalo.html0
124Norton Personal Firewall0 12npmsysnt.exe1 00 75Added by the W32/Rbot-TY WORM!  File is found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotty.html0
123Netzip Smart Downloader0 11npnzdad.exe1 00 19Advertising spyware 01
120RealDownload Express0 11npnzdad.exe1 00  0 01
114Norton Protect0 13npprotect.exe1 00 73The WORM/backdoor W32/Rbot-WW will add this to the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotww.html0
3 8NPROTECT0 12nprotect.exe1 00183Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid - see  here139http://servi0
017NPS Event Checker0 12npscheck.exe1 00167Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event Checker 01
338Norton Program Scheduler Event Checker0 12npscheck.exe1 00146Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker 01
324Norton Program Scheduler0 10NPSsvc.exe1 00179Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans 01
330NovaPortal Single User Service0  8NPSU.exe1 00  2?? 01
1 8npuokcyt0 12npuokcyt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8NetReach0 11nrcheck.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 4nero0  9nrchk.exe1 00 33Premium rate adult content dialer 01
1 5qtime0  9nrchk.exe1 00 33Premium rate adult content dialer 01
1 8scheduie0  9nrchk.exe1 00  0 01
310Norman ACP0 12nrmenctb.exe111HKEY_LM\Run0130Privacy Taskbar Application Version 3.0,Build 180,Service pack #0   , Norman Data Defense Systems. Privacy Taskbar MFC Application39http://www.absolutestartup.com/startup/1
1 8Premeter0  8nrpr.exe1 00409NetRatings software by Opistat . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
1 2NS0  6ns.exe1 00 28Added by the AGOBOT-HS WORM!57http://www.sophos.com/virusinfo/analyses/w32agoboths.html0
2 6secure0 10Nsavmt.exe111HKEY_LM\Run0 59Redirect Application 1, 0, 0, 1, . Redirect MFC Application39http://www.absolutestartup.com/startup/1
1 7NSCheck0 11NSCHECK.EXE1 00 31NetSetter/Marketscore foistware48http://www.doxdesk.com/parasite/MarketScore.html0
324Norton Program Scheduler0 12nsched32.exe1 00179Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans 01
1 7nscntrl0 11nscntrl.exe1 00 21Adult content dialler 01
115[Various Names]0 13NsCplTray.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
115nsdcmd services0 12nsdcmdav.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
118nsdcmd vid process0 13nsdcmdwin.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 6nsdlua0 10nsdlua.exe1 00 41All-In-One Telcom - adult content dialler 01
1 3nse0  7nse.exe1 00 28Added by the AGOBOT-ML WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotml.html0
3 8Nsengine0 12Nsengine.exe1 00108Scheduling engine of  NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see  here44http://www.no-panic.com/backup/n_backup.html0
212NetStat Live0  7Nsl.exe1 00128AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data56http://www.analogx.com/contents/download/network/nsl.htm0
123Microsoft CSRSS Service0 11nsmscrs.exe1 00 48Added by the W32/Rbot-BPT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbpt.html0
231Windows Media Powerpoint Helper0 12NSPPTHLP.EXE1 00151German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start - Programs 01
325NetShow Powerpoint Helper0 12NSPPTHLP.EXE1 00 71If disabled, user created fonts can no longer be seen by other programs 01
112ScanRegistry0 10nsrvnt.exe1 00169Added by the NERTE TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nerte.html0
313systemservice0 12nsserver.exe1 00 86NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!63http://www.symantec.com/avcenter/venc/data/spyware.nicespy.html0
2 9TSService0 13NSSERVICE.EXE1 00  0 01
1 7nsshamw0 11nsshamw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Microsoft Name Server0  9nssrv.exe1 00 96Added by the W32/Tilebot-EK worm and IRC backdoor. This infection utilizes the rootkit rofl.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotek.html0
1 8nsdriver0 11nssys32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
110NDplDeamon0 12nstask32.exe1 00 27Added by the RANDEX.E WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html0
1 7Pofatch0 10nstrue.exe1 00 27Added by the RANDEX.Z WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.randexz.html0
1 8NSupdate0 12NSupdate.exe1 00 20Adult content dialer 01
1 5Nsvdr0  9nsvdr.exe1 00 21Adult content dialler 01
1 6nsvgay0 10nsvgay.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Nsv0 10nsvsvc.exe1 00 19Unidentified adware 01
3 4nsys0  8nsys.exe1 00 85NetSpy keystroke logger/monitoring program - remove unless you installed it yourself!62http://www.symantec.com/avcenter/venc/data/spyware.netspy.html0
1 6nsys320 10nsys32.exe1 00122Added by the W32/Agobot-SU worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32agobotsu.html0
115[Various Names]0 14NSYSCPLSTR.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114NT Video API320 11NTAPI32.exe1 00224Added by the W32/Rbot-FW trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection also attempts to find cd keys for popular games and applications.55http://www.sophos.com/virusinfo/analyses/w32rbotfw.html0
114NET Bios Stats0 12ntbstats.exe1 00132Added by the W32/Sdbot-ZX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzx.html0
215Windows Configs0  7NTC.EXE111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
124Microsoft Update Machine0  8ntce.exe1 00143Added by the W32/Rbot-FA trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotfa.html0
1 7directx0  9NTCmd.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
110ntcommlib30 14NTCommLib3.exe1 00 21Admess adware variant74http://securityresponse.symantec.com/avcenter/venc/data/adware.admess.html0
1 6NvCplD0  9ntcpl.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
134Microsoft Network Daemon for Win320  9ntd32.exe1 00134Added by the W32/Randex-G worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexg.html0
122Compaq Service Drivers0 11ntdat32.exe1 00132Added by the W32/Sdbot-CNW worm. When started, this infection connects to a remote IRC server where it waits for commands to execute57http://www.sophos.com/virusinfo/analyses/w32sdbotcnw.html0
1 9ntddetect0 13ntddetect.exe1 00 12Added by the30Troj/Agent-CU TROJAN/backdoor!0
1 6NTdhcp0 10NTdhcp.exe1 00 12Added by the58Troj/QQRob-A. It will kill processes and disable services.0
1 5ntdll0  9ntdll.exe1 00 31Added by the BIONET.404 TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bionet.404.html0
123Windows Internet Server0  9ntdlr.exe1 00126Added by the Troj/Feutel-CH Trojan.  This infection also creates the files C:\Windows\ntdlr.dll and C:\Windows\ntdlr_Hook.DLL.58http://www.sophos.com/virusinfo/analyses/trojfeutelch.html0
1 6NTFS160 10ntfs16.exe1 00 26Added by the RBOT-LY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotly.html0
114ntfsmonitorpro0 10ntfs64.exe1 00108W32/Forbot-EB is a network worm with backdoor Trojan functionality. Located in the Windows system directory.57http://www.sophos.com/virusinfo/analyses/w32forboteb.html0
4 8NTFSCLUP0 12NTFSCLUP.EXE1 00208Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99+% of the time it will only execute about a dozen instructions before exiting" 01
1 7GinaDll0 10ntgina.dll1 00 25Added by the ANIG.A WORM!88http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_ANIG.A0
115Norton Guard 320 13ntguard32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 6nth2030 10nth203.exe111HKEY_CU\Run0 19  1.00.0288, PTech.39http://www.absolutestartup.com/startup/1
118WinSocketComponent0 10nthost.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
114AdobeReaderPro0 15ntkernell32.exe1 00132Added by the W32/Rbot-ATY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaty.html0
119microsoft update 230 18NtKernelSystem.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113Kernel Loader0 10ntkrnl.exe1 00 29Added by the CERVIVEC.A WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.cervivec.a@mm.html0
215NT Kernel Patch0 12ntkrnlpt.exe1 00 29FaxServe network fax software54http://www.accpac.com/products/communication/faxserve/0
1 5ntldr0  9ntldr.exe1 00263Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: C:\WINDOWS\SYSTEM\ntldr.exe, C:\m.exe, C:\WINDOWS\Search-For-You.url, C:\n.bat, C:\q.exe, C:\r.bat 01
1 9Win Patch0  9ntldr.exe1 00 27Added by the SDBOT-GS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotgs.html0
1 7shell320 10ntldrt.exe1 00 54Added by the W32/Jlok-A Microsoft Word document virus.54http://www.sophos.com/virusinfo/analyses/w32jloka.html0
1 6sysclx0 10ntldrt.exe1 00 24Added by the  W32/Jlok-A54http://www.sophos.com/virusinfo/analyses/w32jloka.html0
1 9ho35RRY8e0 10ntllt1.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113Windows NT 320 13ntlogin32.exe1 00 29Added by the RANDEX.BRD WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.brd.html0
116Windows NT Login0 13ntlogin32.exe1 00 27Added by the SDBOT.WG WORM!90http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.WG0
1 7ntmssvc0  8ntms.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
1 7ntmsevt0 11ntmsevt.exe1 00 46Added by the Troj/Stoped-B downloading Trojan.57http://www.sophos.com/virusinfo/analyses/trojstopedb.html0
120COM Message Transfer0 12Ntmssvcs.dll1 00 32Added by the Troj/Dbit-A trojan.55http://www.sophos.com/virusinfo/analyses/trojdbita.html0
110[not used]0 10ntndis.exe1 00 48Added by the W32/Rbot-DPG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdpg.html0
1 9FastStart0 11ntnut32.exe1 00 33Added by the  StartPage.L TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.l.html0
110NT Service0 12NTOKSRNL.EXE1 00 12Added by the38W32/Rbot-AAG WORM/IRC backdoor Trojan.0
1 5Osa320 11NTOSA32.exe1 00 23Added by the ANIG WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anig.html0
118kernal fault check0 11ntosrkl.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
3 7nTrayFw0 11nTrayFw.exe1 00 79System tray icon for the Nvidia Firewall.  Is this necessary to run at startup?42http://www.nvidia.com/object/security.html0
2 5NTrtc0  9ntrtc.exe1 00129Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support - see here68http://www.euro.dell.com/countries/ae/enu/bsd/topics/y2k_rtctest.htm0
426OfficeScanNT RealTime Scan0 12ntrtscan.exe1 00 69Part of the Trend Micro OfficeScan  product.  Should not be disabled.72http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm0
110MS taskbar0  7nts.exe1 00128Added by the W32/Rbot-AGB worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagb.html0
323XTNDConnect PC - LtNts40 11NtsAgnt.exe1 00 25Component of EasySync Pro15#EasySync%20Pro0
116Microsoft Update0  8ntsf.exe1 00 48Added by the W32/Rbot-BBP worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbp.html0
121NTSF MICROSOFT SYSTEM0  8ntsf.exe1 00148An Rbot A href="http://www.malwareblog.com/?p=100"variant. This infection connects to an IRC server where it will await commands from a remote user. 01
121NTSF MICROSOFT SYSTEM0  9ntsfd.exe1 00 48Added by the W32/Rbot-BAP worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbap.html0
1 6ntsmod0 10ntsmod.exe1 00 15Unknown Adware! 01
139Generic Host Process for Win32 Services0 10ntspcv.exe1 00 28Added by the SDBOT.S TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.s.html0
1 9NTsrv.exe0  9NTsrv.exe1 00 41Added by a variant of the SERVU-O TROJAN!56http://www.sophos.com/virusinfo/analyses/trojservuo.html0
121System Server Manager0 10Ntsrvc.exe1 00 94Added by Backdoor.DarkSky.B.  This infection listens on ports 5418 and 5419 awaiting commands.62http://www.sarc.com/avcenter/venc/data/backdoor.darksky.b.html0
1 9[unknown]0 11NTSRVCS.EXE1 00142Added by the W32/SdBot-GJ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgj.html0
117NetManagerService0  8ntss.exe1 00 31Added by the BESTPICS.A TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BESTPICS.A0
121ntsf microsoft system0  9ntssf.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9Messenger0 12ntsubsys.exe1 00 35Added by the WORM_SDBOT.BGE trojan.109http://md0
110NetService0  9ntsvc.exe1 00 53Added by the Troj/QQPass-DU password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassdu.html0
111NT Services0  9ntsvc.exe1 00 28Added by the AGOBOT.VJ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.VJ0
1 6NTAuth0  9ntsvc.ocx1 00 44Added by the Troj/Taladra-F backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtaladraf.html0
125VxD Driver Initialization0 10ntsvxd.exe1 00133Added by the W32/Sdbot-LW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotlw.html0
113Configuration0 11ntsys32.exe1 00133Added by the W32/Sdbot-LH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotln.html0
1 8Threaded0 11ntsys32.exe1 00133Added by the W32/Sdbot-MR worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmr.html0
124Microsoft System Checkup0 12ntsysman.exe1 00 27Added by the SDBOT-QW WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqw.html0
124Microsoft System Checkup0 12ntsysmgr.exe1 00 25Added by the DONK.S WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.donk.s.html0
124Microsoft System Checkup0 12NTSYSMGR.EXE1 00134Added by the W32/Sdbot-OC worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoc.html0
113Configuration0 12ntsyst32.exe1 00133Added by the W32/Sdbot-LT worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotlt.html0
1 6Ntsysv0 10ntsysv.exe1 00 34Added by the Troj/Mifeng-E Trojan.57http://www.sophos.com/virusinfo/analyses/trojmifenge.html0
1 7ntuhnhb0 11ntuhnhb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 5nTune0  9nTune.exe1 00 89herboard monitoring and overclocking utility for nVidia nForce chipset based motherboards 01
312nvidia ntune0  9nTune.exe1 00108nVidia  nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards47http://www.nvidia.com/object/ntune_2.00.23.html0
312NVIDIA nTune0 15nTune.exe clear2 00 47nTune 2.05.09, NVIDIA. NVIDIA nTune application 01
1 7ntupd320 11ntupd32.exe1 00  8See_Here68http://www.spywarewarrior.com/viewtopic.php?t=9379&highlight=ntupd320
110Fast start0  8Ntut.exe1 00 89Added by unidentified adware - recognized by Kaspersky antivirus as Trojan.Win32.Favadd.i36http://www.kaspersky.com/personalpro0
118Kernel Fault Check0  9ntvbm.exe1 00 48Added by the W32/Rbot-CKP worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotckp.html0
3 5NTVDM0  9NTVDM.EXE1 00224Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a machine with these OS's needs 16-bit DOS drivers. You can find a bit more about NTVDM here63http://support.microsoft.com/default.aspx?scid=kb;en-us;Q2643200
114graphic loader0 11ntvdm32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6ntvdmd0 10ntvdmd.exe1 00 65Adware downloader - also detected as the  TROJ/DLOADER-YP TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderyp.html0
125NT-Virtual Device Manager0 10ntvdmn.exe1 00134Added by the W32/Sdbot-AAA worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaaa.html0
1 7ntvdscm0 11ntvdscm.exe1 00 31Added by the SCKEYLOG.O TROJAN!109http://uk0
117nt microsoft svcd0 11ntvsvcd.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7dxdll320 10ntxdll.exe1 00 85l" target=_blankGAOBOT.CPX worm which has keylogging, DOS, and backdoor capabilities. 01
1 5XPnet0  8NTXp.exe1 00 36Added by the  Troj/Banker-AS TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeras.html0
1 5ntxp20  9ntxp2.exe1 00 32Added by the Troj/VB-API Trojan.55http://www.sophos.com/virusinfo/analyses/trojvbapi.html0
1 9nuclabdll0 13nuclabdll.dll1 00 31Identified as Trojan.PWS.Egold. 01
115[Various Names]0 12NukeSpan.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6NvagNT0 10nvagNT.exe1 00 12Added by the222W32/Agobot-RV trojan.0
027nvidia remote control panel0 10Nvarem.exe1 00 28NVIDIA graphics card related 01
228NVIDIA nForce APU1 Utilities0 11NVATray.exe1 00167nVidia's nForce Audio Processing Unit (APU)- "provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time"37http://www.nvidia.com/object/apu.html0
1 5NVCOM0  9NVCOM.exe1 00 32Added by the W32/Agobot-SB worm.57http://www.sophos.com/virusinfo/analyses/w32agobotsb.html0
211NvCplDaemon0 19NvCpl.dll,NvStartup111HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
311NvCplDaemon0 19NvCpl.dll,NvStartup1 00 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App 01
1 5NvCpl0  9NvCpl.EXE1 00 25Added by the YANZ.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.yanz.b@mm.html0
117firewire services0 11nvcsv32.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
110nvctrl.exe0 10nvctrl.exe1 00 67hp????.tmp (may be safely deleted) where ??? are random characters. 01
1 9Win32 nvc0  9nvcva.exe1 00234Added by the W32/Rbot-ABF.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.56http://www.sophos.com/virusinfo/analyses/w32rbotabf.html0
1 9nvc Win320  9nvcvc.exe1 00132Added by the W32/Rbot-ADD worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotadd.html0
112nvd32 lptt010  9nvd32.exe1 00184Variant of the  RapidBlaster parasite (in a &quot;nvd32&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112nvd32 ml097e0  9nvd32.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
111NvCplDeamon0 10nvdisp.exe1 00 35Added by the Troj/PeepVie-I trojan.58http://www.sophos.com/virusinfo/analyses/trojpeepviei.html0
1 5fwqf60 12nvdpwhfe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5nvhkq0  9nvhkq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117Messenger Service0 10nvhost.exe1 00136Added by the W32.Mytob.HM@mm worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.hm@mm.html#technicaldetails0
1 6Nvid320 10Nvid32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
111PixelModule0 12nvidcgui.exe1 00108Added by the W32/Tilebot-GS worm and IRC backdoor.  This infection also installs the rootkit file remon.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotgs.html0
127Nvidia Graphic Displacement0 13nvideogui.exe1 00164Added by the W32/Sdbot.worm.gen.w!64512 worm and IRC backdoor. This infection will also create a new service in order to load the rootkit file c:\windows\REMON.SYS.43http://vil.nai.com/vil/content/v_136981.htm0
1 8Nvidex320 12Nvidex32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9nvidGUIv20 12nvidGUIv.exe1 00152Added by the W32/Tilebot-DK worm and IRC backdoor. This infection will also create a new service in order to load the rootkit file c:\windows\REMON.SYS.58http://www.sophos.com/virusinfo/analyses/w32tilebotdk.html0
1 8Nvidia320 12nvidia32.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
114nVidia Drivers0 16nVidiaDrvers.exe1 00133Added by the W32/Sdbot-AFX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafx.html0
1 8nvidll320 12nvidll32.exe1 00138W32/Rbot-XK uses this file to run automatically at logon, providing a backdoor for exploitation by a remote attacker using an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxk.html0
1 9nviload320 13nviload32.exe1 00 95Added by W32/Sdbot-VT, a WORM/backdoor. The IRC network is used for unauthorized remote access.56http://www.sophos.com/virusinfo/analyses/w32sdbotvt.html0
1 9nvirundll0 13nvirundll.exe1 00 34Added by the  W32.SPYBOT.NPS WORM!62http://www.symantec.com/avcenter/venc/data/w32.spybot.nps.html0
1 6nvjxue0 10nvjxue.exe1 00 31Added by the W32/Eyeveg-J worm.56http://www.sophos.com/virusinfo/analyses/w32eyevegj.html0
4 5NVmax0  9NVmax.exe1 00122NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card 01
313NvMediaCenter0 26NvMcTray.dll,NvTaskbarInit111HKEY_LM\Run0 71Intializes the clock and memory settings on nVidia based graphics cards39http://www.absolutestartup.com/startup/1
211NVMixerTray0 15NVMixerTray.exe1 00 81System Tray access to audio controls from nVidia's motherboard ForceWare software 01
211NvMixerTray0 15NvMixerTray.exe111HKEY_LM\Run0 81NVIDIA® NVMixer 1.0.431, NVIDIA Corporation. NVIDIA nForce Mixer Tray Application39http://www.absolutestartup.com/startup/1
1 8nvmsgdwn0 12NVMSGDWN.EXE1 00 45Added by the Troj/Graber-D downloader Trojan.57http://www.sophos.com/virusinfo/analyses/trojgraberd.html0
023pcmcia resource monitor0 12nvp2pmon.exe1 00 24NVIDIA nForce P2P Driver 01
413NVRaidService0 17nvraidservice.exe1 00128Vidia NVRaid - hard disk striping/mirroring utility for increased performance and reliability. Required if you have a RAID setup46http://www.nvidia.com/object/feature_raid.html0
113XmLdrLocation0 11nvrcr32.dll1 00152Added by the Spyware.Eblaster spyware.  It also installs a file into %System%rmashlex.dll.br /br /Uses CLSID: b{0C887F38-5178-43DA-B9F0-B856141FCDA4}/b.77http://securityresponse.symantec.com/avcenter/venc/data/spyware.eblaster.html0
2 4NVRT0  8nvrt.exe1 00128NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports 01
3 7NVRTClk0 11NVRTClk.exe1 00 33Related to a Gigabyte video card. 01
3 7NVRTCLK0 11NVRTClk.exe111HKEY_LM\Run0 53rtclk Application 1, 0, 0, 1, . rtclk MFC Application39http://www.absolutestartup.com/startup/1
1 9NvCplScan0 10nvsc32.exe1 00 41Added by a variant of the IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
1 6win-xp0 10nvsc32.exe1 00 32Added by the  W32.Bropia.N WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.n.html0
116FireWire Service0 11nvscv32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
110NVSystem320 11nvscv32.exe1 00 28Added by the AGOBOT-NO WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotno.html0
3 3bpk0 10nvsr32.exe1 00189Blazing Tools  Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove36http://www.blazingtools.com/bpk.html0
311nvcpldaemon0  9NvStartup1 00106Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card 01
1 9MsCplScan0 10nvsv32.exe1 00100A new service added by the W32/Forbot-DI WORM/IRC backdoor Trojan, with a displayname of nvsv32.exe.57http://www.sophos.com/virusinfo/analyses/w32forbotdi.html0
110nvsv32.exe0 10nvsv32.exe1 00 28Added by the FORBOT-DI WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdi.html0
110nvsv32.exe0 10nvsv33.exe1 00150Added by the W32/Forbot-DS network worm.  When this infection starts it connects to a remote IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotds.html0
2 5NvSvc0  9nvsvc.exe1 00346NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that 01
1 5nvsvc0  9nvsvc.exe1 00 35Added by the Troj/Banker-HQ Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerhq.html0
123Symantec Security Addon0  9nvsvc.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
428NVIDIA driver Helper Service0 11nvsvc32.exe1 00 44Part of the display driver for Nvidia cards. 01
1 8nvsvca320 12nvsvca32.exe1 00 79Adware - recognized by  Kaspersky antivirus as Trojan-Downloader.Win32.Agent.is36http://www.kaspersky.com/personalpro0
111Windows Log0 10nvsvcd.exe1 00 43Added by the Troj/Polbot-D backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojpolbotd.html0
321nvidia system utility0 19NVSystemUtility.exe1 00315The  NVidia_System_Utility lets you adjust bus speeds, hardware voltages, memory controller timings, and fan speed as well as additional settings to increase performance aggressiveness and hardware voltages. Will also display a dynamic graph of CPU and system temperatures, hardware voltages, and memory bus speeds.48http://www.nvidia.com/object/sysutility_1.0.html0
119System File Drivers0 13nvsysvc32.exe1 00 28Added by the AGOBOT.WJ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WJ0
213Netword Agent0 11nwant33.exe1 00339An interesting browser utility that allows you to navigate by typing a single word or phrase (a &quot;NetWord&quot;) related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start - Programs 01
313myNetWatchman0 12nwclient.exe1 00203Sends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running29http://www.mynetwatchman.com/0
1 6nwdyst0 10nwdyst.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6nwisse0 10nwisse.exe1 00 54Added by the Troj/Fusion-B keylogging backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfusionb.html0
2 4nwiz0  8nwiz.exe1 00233Associated with the newer versions of nVidia graphics cards drivers.&nbsp; Allows you to immensely improve desktop layouts by setting preferences and optimizations.&nbsp; However, this isn't necessary for the operation of your system 01
114Norton Wizzard0  8nwiz.exe1 00117Added by the GAOBOT.ZX or GAOBOT.ADV WORMS! Note - this is not the valid nVidia application that shares the same name74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zx.html0
2 4nwiz0 17nwiz.exe /install211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 4nwiz0 17nwiz.exe /install211HKEY_LM\Run0107NVIDIA nView Wizard, Version 100.40  6.14.10.10040, NVIDIA Corporation. NVIDIA nView Wizard, Version 100.4039http://www.absolutestartup.com/startup/1
2 4nwiz0 22nwiz.exe /installquiet2 00104NVIDIA nView Wizard, Version 45.62  6.14.10.4562, NVIDIA Corporation. NVIDIA nView Wizard, Version 45.62 01
2 4nwiz0 44nwiz.exe /installquiet /keeploaded /nodetect2 00104NVIDIA nView Wizard, Version 45.28  6.14.10.4528, NVIDIA Corporation. NVIDIA nView Wizard, Version 45.28 01
2 4nwiz0 32nwiz.exe /installquiet /nodetect2 00107NVIDIA nView Wizard, Version 100.29  6.14.10.10029, NVIDIA Corporation. NVIDIA nView Wizard, Version 100.29 01
1 9nvupdater0 10nwiz32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6nwiz320 10nwiz32.exe1 00 34Added by the Troj/Sinbank-A Troja.58http://www.sophos.com/virusinfo/analyses/trojsinbanka.html0
4 7Nwpopup0 11Nwpopup.exe1 00 97Broadcast message handler part of Novell Netware that displays server, printer and other messages39http://www.novell.com/products/netware/0
4 8nwprovau0 12nwprovau.dll1 00 26Client Service for NetWare 01
3 8nwrecmsg0 12nwrecmsg.exe1 00117Broadcast message handler part of Novell Netware that displays server, printer and other messages - can cause crashes39http://www.novell.com/products/netware/0
4 6NWTRAY0 10NWTRAY.EXE1 00 70Novell Client for Windows v4.90, Novell, Inc.. Novell System Tray Icon 01
4 6NWTRAY0 10nwtray.exe1 00140Novell Netware. Displays the red &quot;N&quot; tray icon which can be disabled (by right-click on the icon) but is also needed by the client39http://www.novell.com/products/netware/0
1 4nwvg0  8nwvg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116Microsoft Office0  9Nxcao.exe1 00 50Added by the W32/Rbot-ZE WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotze.html0
113Dll Injection0  8NXCM.EXE1 00121Added by the W32/Sdbot-IT worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotit.html0
116Microsoft Office0 11Nxcxtpr.exe1 00392This is a SDBot variant infection.  When run this infection connects to an IRC server, hoeee.routing.vu, and join channel #kloni with password 1q2wxc where it waits for commands from a remote user allowing this remote user to access your computer.  It will also remove the administrative shares from your computer so that another infection will not be able to take over your computer as well. 01
1 7nxnxwit0 11nxnxwit.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4nxrj0  8nxrj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5nygxp0  9nygxp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4nyja0  8nyja.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213NetZIPFolders0 11nzfprop.exe1 00 31Netzip Classic zip file manager78http://www.netzip.com/products/info_netzip_win.html?src=site,netzip,plugin,nzc0
2 5spc_w0  9nzspc.exe1 00 34NetZero Search Enhancement related55http://www.netzero.net/support/info/search-enhance.html0
418qh office 2k check0 12O2KCHECK.EXE1 00 55Quick_Heal Anti-Virus MS Office documents virus checker55http://www.quickheal.co.in/public/products/homeuser.asp0
2 7version0 10Oaabur.exe111HKEY_LM\Run0 57version Application 1, 0, 0, 1, . version MFC Application39http://www.absolutestartup.com/startup/1
3 8oadaemon0 12oadaemon.exe1 00168Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually? 01
4 8oahstifr0 12oahstifr.exe1 00305Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."30http://www.hypertextstudio.com0
3 8OAKSTART0 12OAKSTART.EXE1 00 94Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW. 01
2 7OAKTASK0 11OAKTASK.EXE1 00 49Taskbar utility for a "control panel" for a CD-RW 01
1 8oaojyham0 12oaojyham.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 7oasclnt0 11oasclnt.exe1 00 46McAfee VirusScan On-Access Scan Client service 01
1 6obhhts0 10obhhts.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
319Stardock ObjectDock0 14ObjectDock.exe125StartUp menu\Current user0 52Stardock ObjectDock v1.11.518u, Stardock. ObjectDock39http://www.absolutestartup.com/startup/1
2 8objtjprx0 12objtjprx.exe1 00  0 01
1 4obnm0  8obnm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6obsver0 10obsver.exe1 00 38Part of LingoWare translating software33http://www.lingoware.com/english/0
1 4obvf0  8obvf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210OCAudioIni0 14OCAudioIni.exe1 00109One-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer43http://www.streamware-dev.com/products.html0
314OWCCardbusTray0 11ocbtray.exe1 00142Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface 01
1 3Tpc0  7Ocl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8OCRAWARE0 12OCRAWARE.EXE1 00 61OmniPage Limited Edition 5.1, Caere Corporation. OCRAWARE.EXE 01
2 8ocraware0 12ocraware.exe1 00230uO/uptical uC/uharacter uR/uecognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start - Programs 01
3 8$sys$oct0  7oct.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
210Oil Change0 12OCTray32.exe1 00119From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start - Programs 01
1 5ocx320  9ocx32.exe1 00 35Added by the ASTEF or RESPAN WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
1 8Run32dll0 10ocxdll.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 9ocxupdt320 13ocxupdt32.exe1 00 33Added by the  W32/AGOBOT-IF WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotif.html0
121Public Microsoft ODBC0 11ODBC32*.exe1 00 31Added by the W32/Maslan-D worm.56http://www.sophos.com/virusinfo/analyses/w32masland.html0
114Win32 Services0 10odbc32.exe1 00133Added by the W32/Spybot-EK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotek.html0
2 9H0vsRgi3S0 10odbnfo.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113oddworldz.exe0 13oddworldz.exe1 00 19%Temp%oddworldz.exe 01
116Microsoft Sinsup0 11ODJIWJF.EXE1 00144Added by the W32/Rbot-DN trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotdn.html0
1 6odkxat0 10odkxat.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9od-matrxx0 13od-matrxx.exe1 00 36Adult dialler - xx can be any number 01
2 8Odometer0 12Odometer.EXE1 00 97Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available 01
310ODSPConfig0 14ODSPConfig.exe1 00 85DsktopSurveil surveillance software - get rid of it unless you installed it yourself!82http://securityresponse.symantec.com/avcenter/venc/data/spyware.dsktopsurveil.html0
1 9od-stndxx0 13od-stndxx.exe1 00 36Adult dialler - xx can be any number 01
1 9od-teenxx0 13od-teenxx.exe1 00 36Adult dialler - xx can be any number 01
1 7niptofh0 10oefwal.exe111HKEY_LM\Run0 79TODO: <Product name? 0, 0, 7, 0, TODO: <Company name?. TODO: <File description>39http://www.absolutestartup.com/startup/1
1 8Oeloader0 12Oeloader.exe1 00 57Xupiter OrbitExplorer toolbar related, drive-by foistware44http://www.doxdesk.com/parasite/Xupiter.html0
221NeuroSpeech OESpeaker0 13OEMonitor.exe1 00163Part of  OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not24http://www.iespeaker.com0
210OEMCLEANUP0 12oemreset.exe1 00 82Resets OEM installation settings at bootup. Not required unless you're new to PC's 01
3 8OEMRESET0 12oemreset.exe1 00  0 01
310OEMRUNONCE0 10oemrun.exe1 00140Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished. 01
3 6oepsrv0 10oepsrv.exe1 00 25Outlook_Express_Protector35http://www.softheap.com/oeprot.html0
1 7oeqphcw0 11oeqphcw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 4kasp0 14OESpamTest.exe1 00 19Kaspersky_Anti-Spam43http://www.kaspersky.com/antispamenterprise0
310oespamtest0 14OESpamTest.ExE1 00  043http://www.kaspersky.com/antispamenterprise0
4 4KASP0 14OESpamTest.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
410OESpamTest0 14OESpamTest.ExE111HKEY_LM\Run0 94Kaspersky Anti-Spam Personal for Outlook 1.0.0.24, Ashmanov & Partners. OE SpamTest DLL loader39http://www.absolutestartup.com/startup/1
112oe_drop_spam0  9oesrv.exe1 00 71Added by  DropSpam ADAWARE! Note: located in C:\Program Files\DropSpam\62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530974370
1 5oeukd0  9oeukd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Offer Companion0 10offers.exe1 00  6Adware 01
1 6Offers0 10offers.exe1 00  6Adware 01
121Installed shell32.dll0 10Office.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
121Installed shell32.dll0 13Office.exe...1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
121MS Office32cb Startup0 17OfficeGUI32cb.exe1 00 12Added by the38W32/Rbot-ABW WORM/IRC backdoor trojan!0
117OfficeQuickAccess0 14OfficeHost.vbs1 00 45Added by the W32.Pexmor@mm mass-mailing worm.74http://www.sarc.com/avcenter/venc/data/w32.pexmor@mm.html#technicaldetails0
118microsoft officexp0 12officeXP.exe1 00 29Added by the  KILLAV.MA WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KILLAV.MA&VSect=P0
1 8officexp0 12OFFICEXP.exe1 00 30Added by the  WOOTBOT.HE WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HE&VSect=P0
322OfotoNow USB Detection0  8OfotoNow111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
110˘‰¸ď04Ă60  9ogpxw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ogqvwequ0 12ogqvwequ.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
422OfficeGuard RegChecker0  8ogrc.exe1 00 25Kaspersky Labs anti-virus25http://www.kaspersky.com/0
4 4ogrc0  8ogrc.exe1 00 25Kaspersky Labs anti-virus25http://www.kaspersky.com/0
1 4ogyj0  8ogyj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4ogyr0  8ogyr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
138(78E611A2-E484-4A0D-811E-C40100A3F452)0 11ohgljrh.dll1 00 96Added by the Troj/Fasong-D Trojan.br /br /Uses CLSID: b(78E611A2-E484-4A0D-811E-C40100A3F452)/b.57http://www.sophos.com/virusinfo/analyses/trojfasongd.html0
1 8ohnlxigy0 12ohnlxigy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ohsvof0 10ohsvof.exe1 00 16Unknown Malware! 01
3 9OmniHTTPd0 10ohttpd.exe1 00 34OmniHTTPd web server from Omnicron29http://www.omnicron.ca/httpd/0
1 5oiana0  9oiana.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 3OIM0  7oim.exe1 00 53Related to the O2 (was "genie") mobile phone service. 7#FF00000
1 6ojaixn0 10ojaixn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
315oki lpr utility0 10okilpr.exe1 00 19OKI printer utility 01
2 4okkz0  9okkzm.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 9oleloader0  9ole32.exe1 00 43Added by the BACKDOOR.WIN32.DELF.BR TROJAN! 01
121OLE Automation Server0 12ole32aut.vbe1 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
129Windows OLE Automation Server0 12ole32aut.vbe1 00 47CoolWebSearch parasite related browser hijacker53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8oleaccrc0 12oleaccrc.exe1 00 89Adware downloader - recognized by  Kaspersky antivirus as TrojanDownloader.Win32.Agent.am36http://www.kaspersky.com/personalpro0
116Windows Explorer0 12olecom32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7olehelp0 11olehelp.exe1 00 50Added by the BOOKMARKER.D or BOOKMARKER.G TROJANS!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.d.html0
1 7Olehelp0 11Olehelp.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7svchost0 11olehelp.exe1 00118Added by the Olehelp adware.  This program delivers advertisements to your computer and hijacks your browser settings.58http://www.sarc.com/avcenter/venc/data/adware.olehelp.html0
3 7Devices0 10olesvr.exe1 00 54Salfeld Child Control 2003 - parental control software52http://www.salfeld.com/parental_control_overwiew.htm0
3 6olesvr0 10olesvr.exe1 00 37trol 2003 - parental control software 01
110Win Update0 13oleupdate.exe1 00 43Added by the Troj/Agent-UY backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentuy.html0
233Symantec Fax Starter Edition Port0 12OLFSNT40.EXE1 00 76Offers a virtual printer as a fax machine. Can be run via a desktop shortcut 01
1 6olpvqi0 10olpvqi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7olsqjwg0 11olsqjwg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5oltiy0  9oltiy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4olyt0  8olyt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119Microsoft Update 320  8om4r.exe1 00133Added by the W32/Rbot-AQP worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaqp.html0
1 5ombbx0  9ombbx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Omf40  8OMF4.EXE1 00 29Added by the FREEMEGA TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.freemega.html0
210OmgStartup0 14omgstartup.exe1 00 63Sony program called OpenMG Jukebox - player and music organizer 01
110Windows SA0 14omniscient.exe1 00 16BLAZEFIND adware75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ADW_BLAZE.A0
1 4Omni0  8omns.exe1 00 48Added by the W32/Rbot-CMS worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcms.html0
1 6oncohk0 10oncohk.exe111HKEY_LM\Run0 79TODO: <Product name> 0, 0, 7, 0, TODO: <Company name>. TODO: <File description>39http://www.absolutestartup.com/startup/1
217Eye Tide Launcher0 17oneeyetideone.exe1 00 16Nascar wallpaper 01
342Microsoft Office OneNote 2003 Quick Launch0 12ONENOTEM.EXE1 00136ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work 01
342Microsoft Office OneNote 2003 Quick Launch0 17ONENOTEM.EXE /tsr2 00 98Microsoft Office OneNote 11.0.6550, Microsoft Corporation. Microsoft Office OneNote Quick Launcher 01
342Microsoft Office OneNote 2003 Quick Launch0 17ONENOTEM.EXE /tsr225StartUp menu\Current user0 98Microsoft Office OneNote 11.0.6360, Microsoft Corporation. Microsoft Office OneNote Quick Launcher39http://www.absolutestartup.com/startup/1
217One Touch Monitor0 12ONETOU~2.EXE1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~20 12ONETOU~2.EXE1 00  0 01
215OneTouchMonitor0 12ONETOU~2.EXE1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
3 7CP4HPOT0 12OneTouch.EXE1 00 66One Touch keyboard driver. Required if you use the additional keys 01
3 7QT4HPOT0 12OneTouch.EXE1 00 86Dritek System Inc. OneTouch 10.05.2002 ( VC60 ) 1.6.3.0, Dritek System Inc.. One-Touch 01
3 7QT4HPOT0 12OneTouch.exe1 00 82Hewlett Packard One Touch keyboard driver. Required if you use the additional keys 01
314MaxtorOneTouch0 12OneTouch.exe111HKEY_LM\Run0 61Maxtor OneTouch 2, 0, 0, 0, Maxtor. Maxtor OneTouch Detection39http://www.absolutestartup.com/startup/1
216OneTouch Monitor0 15OneTouchMon.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
217One Touch Monitor0 19OneTouchMonitor.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~20 19OneTouchMonitor.exe1 00  0 01
215OneTouchMonitor0 19OneTouchMonitor.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
1 6Onflow0 10onflow.exe1 00 96Onflow is a internet company that offers an online advertising program. Not required - uninstall 01
314OnfolioStorage0 20onfserv.exe nosignal211HKEY_LM\Run0 49Onfolio 1.0.0.4920, Onfolio, Inc.. Onfolio Server39http://www.absolutestartup.com/startup/1
2 7Cleanup0 12ONICTASK.EXE1 00110Internet Cleanup from Aladdin Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet42http://www.aladdinsys.com/internetcleanup/0
2 7Cleanup0 15onictask.exe /s225StartUp menu\Current user0 81Internet Cleanup™ 2,0,0,42, ONTRACK Data International, Inc.. Fix-It Task Manager39http://www.absolutestartup.com/startup/1
1 5onler0  9onler.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112online_party0 16online_party.exe1 00 21Adult content dialler 01
210OnlineTime0 14onlinetime.exe1 00232a target="_blank" href="http://www.freedownloadscenter.com/Network_and_Internet/Online_Timers/OnlineTimer_Pro.html"OnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs 01
1 6onnjyo0 10onnjyo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6OnSrvr0 10OnSrvr.exe1 00 17OnWebMedia adware 01
1 4Uate0  8oocs.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
2 8DriveLED0 10OODLed.exe1 00 68O&O DriveLED - displays your HDD LED on your monitor. Start manually43http://www.oosoft.de/english/products/oodl/0
2 8DriveLED0 10oodled.exe1 00 57O&O DriveLED 2.0.383, O&O Software GmbH. O&O DriveLED GUI 01
2 8OOLHELPT0 12OOLHELPT.exe1 00  2?? 01
1 6open320 10Open32.exe1 00 32Horseserver.net browser hijacker 01
1 5Shell0 10open32.exe1 00152Added by the Troj/Small-DL TROJAN which displays a HTML page to lure a user to links. Another file, "open32.conf", may also be found in %System% folder.57http://www.sophos.com/virusinfo/analyses/trojsmalldl.html0
118local area network0 10OpenGL.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8openglss0 12openglss.dll1 00 36Added by the Troj/Haxdoor-BE Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbe.html0
1 8openglwx0 12openglwx.dll1 00 80Added by the TSPY_GOLDUN.EI information-stealing Trojan for the web site E-gold.97http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FGOLDUN%2EEI&VSect=Td0
124OPENGL technology access0 13openglwxd.sys1 00 36Added by the TSPY_GOLDUN.EI rootkit.97http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FGOLDUN%2EEI&VSect=Td0
1 6ccwPin0  9openS.exe1 00 34Added by the Troj/Delf-AJE Trojan.57http://www.sophos.com/virusinfo/analyses/trojdelfaje.html0
1 9open site0 12opensite.exe1 00 15OpenSite adware76http://securityresponse.symantec.com/avcenter/venc/data/adware.opensite.html0
115[Various Names]0 12openstre.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
120open service drivers0 11opiater.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 7OpiStat0 11OPISTAT.EXE1 00103OpiStat is a European Research Institute whose goal is to understand consumer needs and opinions better36http://www.opistat.com/mp/index.html0
1 4opjr0  8opjr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
315languagemonitor0 12Oplmsb01.exe1 00 36OKI Printer language support monitor 01
1 9Open Site0 10opnste.exe1 00 17Adware - see here76http://securityresponse.symantec.com/avcenter/venc/data/adware.opensite.html0
1 8opqpbdai0 12opqpbdai.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3opr0  7opr.exe1 00 37MediaMotor/Popuppers adware component77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
311OpScheduler0 15OpScheduler.exe111HKEY_LM\Run0 57OmniPage Pro 14.0, ScanSoft, Inc.. OmniPage Pro Scheduler39http://www.absolutestartup.com/startup/1
118opsql update check0  9opsql.exe1 00132Added by the W32/Rbot-ACJ worm. When started this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotacj.html0
318Internet Optimizer0 12optimize.exe1 00  0 01
318Internet Optimizer0 12optimize.exe1 00 89Internet connection optimizer. Leave this enabled if you find it improves your connection 01
1 6DyFuCA0 12optimize.exe1 00 32Adult content dialler - see here57http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html0
314OptimizeMemory0 18OptimizeMemory.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
313optmousemouse0 12optmouse.exe1 00116Related to  Samsung Optical Mouse. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)23http://www.samsung.com/0
313OptusNetUsage0 24OptusNet Usage Meter.exe2 00222Designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be 01
2 8Opware120 12Opware12.exe1 00 29OmniPage Pro 12 from ScanSoft33http://www.scansoft.com/omnipage/0
1 8Opware140 12Opware14.exe1 00285ScanSoft's OmniPage Pro 14 - If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is available via Start - Programs33http://www.scansoft.com/omnipage/0
2 8Omnipage0 12opware32.exe1 00 51OmniPage SE 11.0, ScanSoft, Inc. OCR Aware (32-bit) 01
2 8OmniPage0 12Opware32.exe1 00458Part of OmniPage Pro from Scansoft (was Caere) - &quot;the fastest, easiest way to turn paper documents into digital files you can edit.&quot; Opware32.exe links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via &quot;File, Acquire Page.&quot; Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start - Programs33http://www.scansoft.com/omnipage/0
2 9OpwareSE20 13OpwareSE2.exe1 00 51OmniPage SE 2.0, ScanSoft, Inc.. OCR Aware (32-bit) 01
2 9opwarese20 13OpwareSE2.exe1 00286ScanSoft's  OmniPage_Pro_14 - If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start - Programs33http://www.scansoft.com/omnipage/0
1 4RDCq0 11oqfvguk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
138{5bc82bdb-bc03-4671-9a78-3ef2b68449de}0  9oqipt.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{5bc82bdb-bc03-4671-9a78-3ef2b68449de}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
1 4oqqi0  8oqqi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4oqzw0  9oqzwm.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5orafh0  9orafh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5ORANS0  9orans.sys1 00 32Added by the W32/Tilebot-J worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotj.html0
1 6OFFICE0  9order.exe1 00 30Added by the W32/Hilin-A worm.61http://www.bleepingcomputer.com/startups/rpcmon.exe-5419.html0
111order_Shell0 14order_glsw.exe1 00 35Added by the Troj/Dloadr-KO Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrko.html0
111order_Shell0 14order_mala.exe1 00 74Added by the Troj/BankSnif-F information stealing Trojan for online banks.59http://www.sophos.com/virusinfo/analyses/trojbanksniff.html0
111order_Shell0 14order_pgum.exe1 00 35Added by the Troj/Agent-BSQ Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentbsq.html0
111order_Shell0 14order_smey.exe1 00 36Added by the Troj/BankSnif-H Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanksnifh.html0
213orderreminder0 17OrderReminder.exe1 00310The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice. 01
213OrderReminder0 17OrderReminder.exe111HKEY_LM\Run0 85HP Cartridge Order Reminder 1, 0, 0, 24, Hewlett-Packard. HP Cartridge Order Reminder39http://www.absolutestartup.com/startup/1
1 7orfttiq0 11orfttiq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8org5.exe0  8org5.exe1 00 61Lotus Organizer 5 application file, Lotus Organizer software. 01
1 7OrgyCam0 11OrgyCam.exe1 00 21Adult content dialler 01
420proxim_orinoco_11abg0 11orinoco.exe1 00 52Part of the driver for the ORiNOCO 11a/b/g PCI Card.62http://www.proxim.com/products/wifi/client/11abgpci/index.html0
216Microsoft Office0 15OSA.EXE   -b -l2 00 83Microsoft Office XP 10.0.2609, Microsoft Corporation. Microsoft Office XP component 01
216Microsoft Office0  7Osa.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
224Microsoft Office Startup0  7Osa.exe1 00  0 01
214Office Startup0  7Osa.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
214Office Startup0 10OSA.EXE -b2 00 69Microsoft Office 8.0, Microsoft Corporation. Microsoft Office Wrapper 01
314Office Startup0 10OSA.EXE -b225StartUp menu\Current user0 69Microsoft Office 8.0, Microsoft Corporation. Microsoft Office Wrapper39http://www.absolutestartup.com/startup/1
216Microsoft Office0 13OSA.EXE -b -l222StartUp menu\All users0 83Microsoft Office XP 10.0.2609, Microsoft Corporation. Microsoft Office XP component39http://www.absolutestartup.com/startup/1
216Microsoft Office0  8Osa9.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
216Microsoft Office0  8OSA9.EXE1 00 86Microsoft Office 2000 9.0.2617, Microsoft Corporation. Microsoft Office 2000 component 01
224Microsoft Office Startup0  8Osa9.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
225Microsoft Utility Startup0  8OSA9.exe1 00  0 01
214Office Startup0  8Osa9.exe1 00370Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show 01
216Microsoft Office0 14OSA9.EXE -b -l222StartUp menu\All users0 86Microsoft Office 2000 9.0.2617, Microsoft Corporation. Microsoft Office 2000 component39http://www.absolutestartup.com/startup/1
1 8Osalogbe0 12osalogbe.exe1 00 65Added by the W32.Mydoom.FS@mm mass-mailing worm and IRC backdoor.77http://www.sarc.com/avcenter/venc/data/w32.mydoom.fs@mm.html#technicaldetails0
317On Screen Display0  7OSD.EXE1 00259By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze 01
3 3OSD0  7OSD.exe1 00259By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don't adjust things regularly - can also freeze 01
3 7lmgrosd0 11OSDCtrl.exe1 00249OSD (on-screen-display) utility -  Part of Acer Launch Manager.  Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language - User's choice! 01
3 7LMgrOSD0 11OSDCtrl.exe1 00 49OSD Application 1, 0, 1, 2, . OSD MFC Application 01
220Dialog Box Assistant0  9OSDEx.exe1 00140Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders33http://www.dualitysoft.com/osdex/0
1 8OSLoader0 12OSLoader.exe1 00102Added by Backdoor.CamKing.  If you have a web cam on your computer, it will activate it to spy on you.60http://www.sarc.com/avcenter/venc/data/backdoor.camking.html0
1 4ncao0  8osoa.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
1 4Ncao0  8osoa.exe111HKEY_CU\Run0 29PurityScan/Clickspring adware60http://www.bleepingcomputer.com/startups/osoa.exe-10432.html0
110ctfnom.exe0  9OSRSS.exe1 00 36Added by the Troj/Dloader-UQ Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderuq.html0
112windhost.exe0 12osrwin32.exe1 00 35Added by the Troj/Banker-CB TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankercb.html0
419Object Store Server0 12osserver.exe1 00305Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."30http://www.hypertextstudio.com0
1 3OSS0 12ossproxy.exe1 00 31NetSetter/Marketscore foistware48http://www.doxdesk.com/parasite/MarketScore.html0
1 8OSSProxy0 12OSSPROXY.EXE1 00  048http://www.doxdesk.com/parasite/MarketScore.html0
314OStivityInvAgt0 12ostivity.exe1 00364OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"42http://www.somix.com/products/ostivity.php0
1 8ostwpoxh0 12ostwpoxh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112windhost.exe0 11oswin32.exe1 00 59Added by an unidentified password-stealing "Banker" TROJAN! 01
1 4osxw0  8osxw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4otcx0 10otcxxh.exe1 00 27Added by the CAROOL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.carool.html0
1 7otjqmhh0 11otjqmhh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4otqi0  8otqi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7otsbnot0 11otsbnot.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8oujxqgum0 12oujxqgum.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
222Microsoft Outlook 20030 11OUTLOOK.EXE111HKEY_LM\Run0 83Microsoft Office Outlook 11.0.6353, Microsoft Corporation. Microsoft Office Outlook39http://www.absolutestartup.com/startup/1
1 7outlook0 11outlook.exe1 00 27Added by the SDBOT-RU WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotru.html0
1 7OUTLOOK0 11OUTLOOK.EXE1 00 83Microsoft Office Outlook 11.0.6565, Microsoft Corporation. Microsoft Office Outlook 01
121Outlook Mail Services0 11outlook.exe1 00 48Added by the W32/Rbot-BKA worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbka.html0
1 6system0 11outlook.exe1 00150Added by the MIMAIL.Q WORM! Note that Microsoft's outlook.exe resides in the Program Files sub-directory wheras this resides in C:\Windows or C:\Winnt76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.q@mm.html0
114MS Unix Binary0 24outlookexpressupdate.exe1 00 43Added by the W32/Rbot-YU WORM/IRC backdoor!55http://www.sophos.com/virusinfo/analyses/w32rbotyu.html0
1 6memory0 14outlookrem.exe1 00 31Added by the W32/Nopi P2P worm.55http://www.sophos.com/virusinfo/analyses/w32nopirc.html0
1 6sysmem0 14outlookrem.exe1 00 31Added by the W32/Nopi P2P worm.55http://www.sophos.com/virusinfo/analyses/w32nopirc.html0
416Outpost Firewall0 11outpost.exe1 00 25Outpost personal firewall40http://www.agnitum.com/products/outpost/0
416Outpost Firewall0 24outpost.exe /waitservice2 00 73Outpost Firewall 3.5.462.6330, Agnitum Ltd.. Outpost Firewall main module 01
113outpostupdate0 17outpostupdate.exe1 00 40Added by the Troj/Cosiam-C proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamc.html0
123Microsoft Outrunner H200 13OUTRUNNER.exe1 00 93Unknown adware that seems to retrieve its ads and instructions from hxxp:://unot1.unofeb.net. 01
124Outrunner Network Module0 13OUTRUNNER.exe1 00 93Unknown adware that seems to retrieve its ads and instructions from hxxp:://unot1.unofeb.net. 01
119MICROSFT NT SUPPORT0 14ouvselglip.EXE1 00 48Added by the W32/Rbot-CJY worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcjy.html0
1 4OVCJ0  8ovcj.exe1 00  2?? 01
317Launch Ai Booster0 11OverClk.exe1 00149ASUS Ai Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup64http://www.asuscom.de/pub/ASUS/mb/sock478/p4p800/AIBooster_u.pdf0
317Launch Ai Booster0 13OverClk.exe 12 00  0 01
2 7Overnet0 11Overnet.exe1 00 47Overnet peer-to-peer (P2P) file sharing program23http://www.overnet.com/0
1 4vD3t0 12ovsnpdwl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6OWMngr0 10OWMngr.exe1 00 73OnWebMedia advertising foistware - see  here for exactly what to look for45http://www.f-secure.com/v-descs/checkin.shtml0
1 6owpsqe0 10owpsqe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6oxgono0 10oxgono.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
317oxigenclientadmin0 10Oxigen.exe1 00126Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver. 01
1 5spinx0 11OXNEY.B.VBS1 00 30Added by the  VBS.YENO.C WORM!61http://www.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html0
1 5oxtnx0  9oxtnx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112Serverckyysh0 12oyhskycn.scr1 00 45Added by the Troj/Graybrd-AU backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdau.html0
116www.symantec.com0 11oz11111.exe1 00 26Added by the MYDOOM.W WORM76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
1 3oz20  7oz2.exe1 00 27Added by the MYDOOM.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
216DXM6Patch_9811160 12p_981116.exe1 00 44Win32 cabinet self extractor. More info here149http://groups0
2 8p_9811160 12p_981116.exe1 00 44Win32 cabinet self extractor. More info here149http://groups0
112Installs SP40  8p0rd.exe1 00140Added by the  W32/Randon-AK worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.57http://www.sophos.com/virusinfo/analyses/w32randonak.html0
214p2p networking0  3P2P1 00 51Peer to Peer (P2P) sharing of files on the internet 01
214P2P NETWORKING0 18P2P Networking.exe2 00 51Peer to Peer (P2P) sharing of files on the internet 01
115p2p networking20 19P2P Networking2.exe2 00283P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately. 01
215P2P Networking30 19P2P Networking3.exe2 00137P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required - see here70http://www.kephyr.com/spywarescanner/library/p2pnetworking/index.phtml0
110p2pnetwork0 14p2pnetwork.exe1 00129Added by the W32/Rbot-ACZ worm.  When started this infection will connect to a remote IRC server where it will wait for commands.56http://www.sophos.com/virusinfo/analyses/w32rbotacz.html0
113p2pnetworking0 17p2pnetworking.exe1 00133Added by the W32/Rbot-AFL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotafl.html0
1 6MStask0  9p2sys.dll1 00 98Added by the Troj/LdPinch-UE Trojan.br /br /Uses CLSID: b{FBC15B7F-60C7-4112-A3ED-53D17CF06B96}/b.59http://www.sophos.com/virusinfo/analyses/trojldpinchue.html0
112MSPluginSrvc0  6p3.exe1 00 29Added by W32/Rbot-WV, a WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwv.html0
1 7P3p4chk0 11P3p4chk.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 5p4mx40  9p4mx4.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
114MSNPluginSrvcs0  6p6.exe1 00 69.html" target=_blankRBOT-VJ worm with backdoor functionality via IRC. 01
115Winsock2 driver0  7PAC.EXE1 00 49Added by the W32/Spybot-ET worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32spybotet.html0
1 8PaciSoft0  9pacis.exe1 00 54Added by a variant of the SMALL.ABD downloader TROJAN! 01
127Windows Media Player Update0 11PACKARD.EXE1 00279Added by the W32/Rbot-ET trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection also creates a hosts file to block your accessing of security websites as well as the termination of antivirus programs.55http://www.sophos.com/virusinfo/analyses/w32rbotet.html0
110winbar.pif0  9packe.pif1 00132Added by the W32/Rbot-AVI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavi.html0
121Windows Packet Driver0 10packet.exe1 00 33Added by the Troj/Hwbot-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojhwbotc.html0
1 9Packet0010 13packet001.exe1 00 27Added by Backdoor.Asniffer.61http://www.sarc.com/avcenter/venc/data/backdoor.asniffer.html0
019Virtual NIC Service0 14PackethSvc.exe1 00 31Related to America Online, Inc. 01
010PACSPTISVR0 14Pacsptisvr.exe1 00 55Legitimate Sony service.  Unknown what it's purpose is. 01
2 8PadTouch0 10PadExe.exe1 00 96Toshiba Touch and Launch - offers easy movement and freedom of programs navigation with TouchPad 01
2 8PadTouch0 10PadExe.exe111HKEY_LM\Run0 43PadTouch 1, 2, 4, 0, TOSHIBA. PadTouch Main39http://www.absolutestartup.com/startup/1
1 6PAgent0 10PAgent.exe1 00298Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found. See here for more info49http://and.doxdesk.com/parasite/DownloadWare.html0
2 5Pagoo0  9PAGOO.EXE1 00179Pagoo - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem27http://www.pagoo.com/cc.asp0
111taskmgr.exe0  9paint.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
129paintingroom evidence monitor0 16paintingroom.exe1 00 95Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you... 01
126paintingroom smile monitor0 16paintingroom.exe1 00 95Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you... 01
111taskmgr.exe0 11paintms.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
2 8Palm.exe0  8Palm.exe1 00 88Palm Desktop Software for use with Palm handheld devices. Available via Start - Programs54http://www.palm.com/support/downloads/win_desktop.html0
219PaltalkNetaware.exe0 14PALNETAW~1.EXE1 00343Voice chat program. This program stores all buddy list info&nbsp;apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start - Programs. Delete the shortcut in Start -&gt; Programs -&gt; StartUp as well otherwise it will be reinstated 01
212palstart.exe0 12palstart.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
310pamela.exe0 10pamela.exe1 00  6Pamela30http://www.pamela-systems.com/0
1 4pams0  8pams.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123Panda Software Intrenet0  9panda.pif1 00132Added by the W32/Rbot-ATZ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatz.html0
113PandaAVEngine0 17PandaAVEngine.exe1 00 27Added by the NETSKY.R WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.r@mm.html0
115[Various Names]0 13panel_its.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 7pantera0 11pantera.exe1 00 29Added by the  SDBOT.AYN WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYN&VSect=P0
316PowerDOCSAPIHost0 12papihost.exe1 00147Hummingbird PowerDOCS - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"53http://www.imageware.ch/tr/products/dms/powerdocs.jsp0
127Interlinking Memory Support0 11param32.dll1 00207Added by the Troj/Warspy-D Trojan.  This will hijack Internet Explorer to the following domains: hotoffers.info and newgenlook.info among others.br /br /Uses CLSID: b{D56A1203-1452-EBA1-7294-EE3377770000}/b.57http://www.sophos.com/virusinfo/analyses/trojwarspyd.html0
115[Various Names]0 10ParisM.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
4 6VS.VSN0 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added2 00 44http://www.esafe.com/esafe/default.asp?cf=tl 01
3 7part5590 17part559.exe ltrun211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8PartSeal0 12PartSeal.exe1 00284System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere 01
313VAIO Recovery0 12PartSeal.exe1 00284System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere 01
313VAIO Recovery0 12PartSeal.exe111HKEY_LM\Run0 58PartSeal Application 1.0.2, Sony Electronics Inc. PartSeal39http://www.absolutestartup.com/startup/1
128Windows System Configuration0 13Passcfg16.exe1 00 30Added by the  DOMWIS-E TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdomwise.html0
122NETVISIONPasse-partout0 17Passe-partout.exe1 00 49Added by the Dial/DialCar-M premium rate dialler.58http://www.sophos.com/virusinfo/analyses/dialdialcarm.html0
329Panda Antispam Server Service0 10PasSrv.exe1 00 59AntiSpam software, part of Panda Platinum Internet Security62http://enterprises.pandasoftware.com/products/platinum_is2005/0
329PANDA ANTISPAM SERVER SERVICE0 10passrv.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
117[different names]0 13PasswdMon.exe1 00 89TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here47http://www.easydesksoftware.com/news/news29.htm0
314Telechips,Mass0  9patch.exe1 00 45Removable disk driver for the Muro MP3 player30http://www.muro.co.kr/english/0
1 5Patch0  9patch.exe1 00 26Added by the  NETBUS WORM!60http://www.dark-e.com/archive/trojans/netbusworm/index.shtml0
1 9Win Patch0  9patch.exe1 00142Added by the W32/SdBot-GL worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotgl.html0
1 9AV Client0 14patch31345.exe1 00 28Added by the MYDOOM.AD WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ad@mm.html0
111AV Industry0 14patch31345.exe1 00 28Added by the MYDOOM.AD WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ad@mm.html0
112NortorUpdate0 12patch802.exe1 00 31Added by the W32/Patco-A  worm.55http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
1 6Update0 12patch802.exe1 00 31Added by the W32/Patco-A  worm.55http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
012pathnvidiatv0 20patchnvidiaTVout.exe1 00 52Appears to be related to Nvidia Gigabyte Video card. 01
1 7[blank]0 10pathex.exe1 00 35Added by the Troj/Mkmoose-A trojan.58http://www.sophos.com/virusinfo/analyses/trojmkmoosea.html0
1 8pathname0 12pathname.exe1 00 41Added by the  BACKDOOR.IRCCONTACT TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irccontact.html0
4 7PAV.EXE0  7PAV.EXE1 00 13PER Antivirus39http://www.perantivirus.com/antivir.htm0
413panda cleaner0  9pavdr.exe1 00 52Panda Antivirus related - possibly Panda  ActiveScan77http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm0
4 8PAVFIRES0 12PavFires.exe1 00 15Panda Antivirus29http://www.pandasoftware.com/0
4 8PAVFNSVR0 12PavFnSvr.exe1 00 24Panda Titanium Antivirus51http://www.pandasoftware.com/products/titanium2004/0
4 8pavkre9x0 12pavkre9x.exe1 00 24Panda_Titanium Antivirus59http://www.pandasoftware.com/products/titanium2006_part.htm0
420PER Email Protection0 11pavmail.exe1 00 13PER Antivirus39http://www.perantivirus.com/antivir.htm0
4 7PavProt0 11PavProt.exe1 00 24Panda Titanium Antivirus51http://www.pandasoftware.com/products/titanium2004/0
4 8pavprot90 12Pavprot9.exe1 00 24Panda_Titanium Antivirus59http://www.pandasoftware.com/products/titanium2006_part.htm0
4 7PavProc0 12PavPrS9x.exe1 00 24Panda Titanium Antivirus51http://www.pandasoftware.com/products/titanium2004/0
315Panda Scheduler0 12pavsched.exe1 00225Panda Antivirus scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it29http://www.pandasoftware.com/0
410[not used]0 11PAVWAIT.DLL1 00 24Part of Panda Antivirus.29http://www.pandasoftware.com/0
121System Initialization0 11payload.dat1 00 54Added by the  RANDEX.D WORM or ROXY or ROXY.B TROJANS!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.d.html0
1 7PayTime0 11paytime.exe1 00120Paytime is a Internet Explorer hijacker that changes your home page and search page to use hxxp://http://81.222.131.49/. 01
3 7pbagent0 11pbagent.exe1 00 85Probot keystroke logger/monitoring program - remove unless you installed it yourself!62http://www.symantec.com/avcenter/venc/data/spyware.probot.html0
3361290a33c-85f5-4164-a1be-7dd299d4986a0 16PBKScheduler.exe1 00 64Scheduler for CyberLink  PowerBackup  - archiving/backup utility56http://www.cyberlink.com/multi/products/main_29_ENU.html0
312pbkscheduler0 16PBKScheduler.exe1 00 63Scheduler for CyberLink  PowerBackup - archiving/backup utility56http://www.cyberlink.com/multi/products/main_29_ENU.html0
3 9Bookmarks0 14pbmarks.exe /S211HKEY_CU\Run0 50Trial Version, Webroot Software. Private Bookmarks39http://www.absolutestartup.com/startup/1
410run_pbnext0 10PBNext.exe1 00 92PBNext is virtual phone system which offers the same functionality as expensive PBX hardware22http://www.pbnext.com/0
1 7pbpatce0 11pbpatce.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Service Drivers0  6PC.EXE1 00 40Added by the W32/Sdbot-WK worm/backdoor!56http://www.sophos.com/virusinfo/analyses/w32sdbotwk.html0
113MSNSysRestore0  8pc32.exe1 00 39Added by a variant of the MASTAK VIRUS! 01
3 9Smartalec0 11pcaccel.exe1 00128a target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml"Smartalec PC Accelerator - system optimization utility 01
3 9SmartPCXL0 11pcaccel.exe1 00144a  rel="nofollow" target="_blank" href="http://www.smartalec2000.com/pcxl4000deluxe.shtml"Smartalec PC Accelerator - system optimization utility 01
311PcAdmin20050 17pcadminserver.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310PC Alert 40 12PCAlert4.exe122StartUp menu\All users0 59PCAlert4 Application 4, 0, 7, 2, . PCAlert4 MFC Application39http://www.absolutestartup.com/startup/1
316pcanywhere agent0 10pcamgt.exe1 00140Part of   pcAnywhere 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host.54http://www.symantec.com/pcanywhere/Consumer/index.html0
4 4PCBG0 15PCBODYGUARD.EXE1 00 96PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc34http://www.calluna.com/pcbody.html0
411PCBODYGUARD0 15PCBODYGUARD.EXE1 00 96PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc34http://www.calluna.com/pcbody.html0
4 4PCBG0 22pcbodyguard.exe /start2 00 42PC BodyGuard 1.02.0028, Intrigue Learning. 01
3 7pcboost0 11PcBoost.exe1 00132PCBoost from PGWARE, LLC increases computer performance by allocating higher portions of CPU power to active applications and games.22http://www.pgware.com/0
310PC Booster0 13pcbooster.exe1 00207PC Booster from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"52http://www.inklineglobal.net/products/pcb/index.html0
310PC Booster0 13pcbooster.exe111HKEY_LM\Run0 66PCBooster Application 4, 0, 0, 1, inKline Software Labs. PCBooster39http://www.absolutestartup.com/startup/1
413PCCClient.exe0 13PCCClient.exe1 00 33PC-Cillin 2002 antivirus software 01
412pccguide.exe0 12pccguide.exe1 00 33PC-Cillin 2002 antivirus software 01
412PCCIOMON.EXE0 12PCCIOMON.EXE1 00 67PC-Cillin 2000 antivirus software. This is the actual virus-scanner 01
412PCClient.exe0 12PCClient.exe1 00 39Trend Micro PC-Cillin Internet Security77http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm0
420OfficeScanNT Monitor0 12pccntmon.exe1 00 55Trend Micro OfficeScan Antivirus real-time scan monitor72http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm0
420OfficeScanNT Monitor0 24pccntmon.exe -HideWindow211HKEY_LM\Run0 57Trend Micro OfficeScan 6.0, Trend Micro Inc.. I/O Monitor39http://www.absolutestartup.com/startup/1
426PC-cillin PersonalFirewall0 10PCCPFW.exe1 00 43Trend Micro's PC-Cilling Personal Firewall. 01
4 6PccPfw0 10PccPfw.exe1 00 32PC Cillin 2003 personal firewall 01
4 8PcCtlCom0 12Pcctlcom.exe1 00 39Trend Micro PC-cillin Internet Security77http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm0
412OfficeScan950 12pccwin97.exe1 00 32Trend Micro antivirus OfficeScan72http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm0
2 4run=0 11pcfix2k.exe1 00 21pcfix2k splash screen 01
310PowerPanel0 18PcfMgr.exe /launch222StartUp menu\All users0 78PowerPanel 3.0 5.2.0-S001, Phoenix Technologies Ltd.. PCF Manager Local Server39http://www.absolutestartup.com/startup/1
214Acme.PCHButton0 13PCHButton.exe1 00 75Motive System 4.12.0.pchealthclient.pchclient, Motive Communications, Inc.. 01
214Acme.PCHButton0 13pchbutton.exe1 00 26Used by HP Instant Support 01
2 9PCHbutton0 13PCHbutton.exe1 00 26Used by HP Instant Support 01
2 8PCHealth0 11pchschd.exe1 00 86This is a "scheduler" and does not turn off PC Health. For more information refer here 9scheduler0
1 6pcibye0 10pcibye.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 8PCIMODEM0 12pcimodem.exe1 00 57Associated with Lucent based Aztech MDP7800-U PCI modems. 01
0 9USB2Check0 14PCLECoInst.dll1 00 59Pinnacle Systems CoInstaller.  Unsure as to what it is for. 01
3 9USB2Check0 33PCLECoInst.dll,CheckUSBController111HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
211InstantTray0 12PCLETray.exe1 00171Pinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually72http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=1431&Langue_ID=70
1 4PClK0  8PClK.exe1 00 53Added by the Troj/LegMir-BL password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirbl.html0
2 7PCStart0  9Pcm25.exe1 00198Runs as part of PCMonitor which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big21http://pcmonitor.com/0
312pcmmrealtime0  8pcmm.exe1 00207PC MightyMax - diagnostic program that identifies and fixes problems. However, some users report it does the opposite and messes up their systems (see here) and they also have problems removing it (see here)55http://www.pcmightymax.net/cgi-bin/view.cgi//index.html0
312PCMMRealtime0 11pcmm.exe /R211HKEY_LM\Run0145PC MightyMax v9.1.2 9.01.0002, PC MightyMax. PC MightyMax will Scan, Diagnose, and Repair Windows and other Software problems with your computer.39http://www.absolutestartup.com/startup/1
010PCMService0 14PCMService.exe1 00 39In a DellMedia Experience sub-directory 01
310PCMService0 14PCMService.exe111HKEY_LM\Run0 92Cyberlink PowerCinema 3.0 3.0.2027 , CyberLink Corp.. CyberLink PowerCinema Resident Program39http://www.absolutestartup.com/startup/1
011pcqmqgn.exe0 11pcqmqgn.exe1 00  2?? 01
3 7PCRecSA0 11PCRecSA.exe1 00303Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to 01
3 7PCRecSA0 19PCRECSA.EXE -noshow2 00  0 01
1 8pcryptv30 12pcryptv3.exe1 00134Added by the W32/Tilebot-AS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotas.html0
2 4Pcsv0  9pcsvc.exe1 00 42Delfin Media Viewer or "Promulgate" adware51http://www.spywareguide.com/product_show.php?id=7270
2 6PcSync0 10PcSync.exe1 00251If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start - Programs 01
1 6PcSync0 10PCsync.exe1 00176Added by the W32/Rbot-XJ WORM/IRC backdoor, the file will be hidden with system attributes. Unauthorised remote access is enabled by contact with an pre-determined IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxj.html0
3 6PcSync0 21PcSync2.exe /NoDialog211HKEY_CU\Run0 53PC Sync 2.00, Time Information Services Ltd.. PC Sync39http://www.absolutestartup.com/startup/1
4 8pctavapp0  9PCTAV.exe1 00 40Related to  PC_TOOLS Antivirus software.34http://www.pctools.com/anti-virus/0
312PictureTaker0 11PCTKRNT.SYS1 00125Part of LANovation's PictureTaker Enterprise Edition. This lets administrators deploy software update package to network PCs. 01
214Country Select0 10pctptt.exe1 00235Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required 01
216CountrySelection0 10pctptt.exe1 00235Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required 01
2 8PCTVOICE0 10pctspk.exe111HKEY_LM\Run0 59pctvoice Application 1, 0, 0, 1, . pctvoice MFC Application39http://www.absolutestartup.com/startup/1
3 6pctspk0 10pctspk.exe1 00210Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions 01
3 8PCTVOICE0 12pctvoice.exe1 00193The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It’s better to leave it 01
1 4pcvp0  8pcvp.exe1 00 40Added by the Troj/Ranck-DT proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdt.html0
3 7PCWatch0 11pcwatch.exe1 00112Added by the Spyware.PCWatch surveillance software.  Uninstall this software if you did not install it yourself.59http://www.sarc.com/avcenter/venc/data/spyware.pcwatch.html0
322Xtrem parental control0  7pcx.exe1 00126Added by the Spyware.ParentXtreme surveillance software.  If you did not install this software, then uninstall it immediately.64http://www.sarc.com/avcenter/venc/data/spyware.parentxtreme.html0
210PC·Ŕ¸Äż«Áé0 18PCÍňÄÜ·Ŕ¸Äľ«Áé.exe111HKEY_LM\Run0 55IEÍňÄÜ·Ŕ¸Äż«Áé 8.10, Ë®ľ§ÇéÔµą¤×÷ĘŇÖĆ×÷. IEÍňÄÜ·Ŕ¸Äľ«Áé39http://www.absolutestartup.com/startup/1
314Popup Defender0  6PD.exe1 00111a target="_blank" href="http://download.com.com/3000-2366-10161253.html?tag=list"Popup Defender - pop-up killer 01
115windows service0  8pd14.exe1 00 63Adware,  detected by  TDS-3 as "TrojanDownloader.Win32.Delf.dg"28http://tds.diamondcs.com.au/0
115Windows Service0  7pd7.exe1 00 35Added by the  TROJ_SMALL.VZ TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.VZ0
1 7PDASCAN0 11pdascan.exe1 00164Added by the W32/Agobot-QY WORM/IRC backdoor, it will modify the HOSTS file, terminate processes, and allow an attacker to enact numerous other destructive actions.57http://www.sophos.com/virusinfo/analyses/w32agobotqy.html0
213Dialog Helper0 12PDDLGHLP.EXE1 00173Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start - Programs33http://www.ontrack.com/powerdesk/0
213Dialog Helper0 12pddlghlp.exe1 00 66PowerDesk 5.0.0.0, V Communications, Inc.. PowerDesk Dialog Helper 01
213Dialog Helper0 15pddlghlp.exe /s225StartUp menu\Current user0 66PowerDesk 6.0.1.8, V Communications, Inc.. PowerDesk Dialog Helper39http://www.absolutestartup.com/startup/1
3 8PDEngine0 12PDEngine.exe1 00103PerfectDisk from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot44http://www.raxco.com/products/perfectdisk2k/0
216Matrox Powerdesk0  9PDesk.exe1 00 70For Matrox video cards. Quick access to tweak your card to your liking 01
216Matrox Powerdesk0 21PDesk.exe /Autolaunch2 00 50Matrox PDesk 6.93.009, Matrox Graphics Inc.. PDesk 01
2 7pdexplo0 11PDEXPLO.EXE1 00 91PowerDesk Pro by Ontrack. Enhanced desktop and file manager. Available via Start - Programs33http://www.ontrack.com/powerdesk/0
212My Documents0 24PDExplo.exe My Documents225StartUp menu\Current user0 56PowerDesk 6.0.3.4, V Communications, Inc.. PowerDesk Pro39http://www.absolutestartup.com/startup/1
212Pdfquickview0 16pdfquickview.exe111HKEY_LM\Run0 67PDF Thumbnail View 1, 0, 13, 2, . PDF Thumbnail View - pdfquickview39http://www.absolutestartup.com/startup/1
211PDF-Capture0 12PDFSaver.exe122StartUp menu\All users0 80PDF-XChange pdfSaver 2.50, Tracker Software Products. PDF-XChange Drivers Helper39http://www.absolutestartup.com/startup/1
2 9pdfSaver30 13pdfSaver3.exe1 00133PDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc56http://www.docu-track.com/home/prod_user/pdfxchange_pro/0
1 9a0rERVMsj0 10pdhtpp.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 7PDirect0 11PDirect.exe1 00 34IBM Presentation Director software 01
320Password Door Loader0 13PDMonitor.exe1 00 44Password Door - password protection software39http://www.toplang.com/passworddoor.htm0
3 9Intel PDS0  7pds.exe1 00228Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled 01
117Microsoft DirectX0 11PDSched.exe1 00 27Added by the SDBOT.CN WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T0
313pdservice.exe0 13pdservice.exe1 00 89Related to  Utimaco Safeware Easy. Your electronic safe for protecting confidential data.23http://www.utimaco.com/0
313PDService.exe0 13pdservice.exe111HKEY_LM\Run0 62PrivateDisk 1.00.6.7, Utimaco Safeware AG. PrivateDisk Service39http://www.absolutestartup.com/startup/1
313pduip6000dmon0 17PDUiP6000DMon.exe1 00 32Related to Canon iP6000D printer 01
315pduip6000dtskbr0 19PDUiP6000DTskbr.exe1 00 32Related to Canon iP6000D printer 01
3 8PDVDServ0 12PDVDServ.exe1 00242Remote Control background application for CyberLink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
313RemoteControl0 12PDVDServ.exe1 00242Remote Control background application for CyberLink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
313RemoteControl0 12PDVDServ.exe111HKEY_LM\Run0 56PowerDVD 6.00.1027, Cyberlink Corp.. PowerDVD RC Service39http://www.absolutestartup.com/startup/1
1 4peek0  8peek.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112Peer Manager0 11peere32.exe1 00121Added by the W32/Sdbot-JX worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotjx.html0
212PeerGuardian0 27PeerGuardian_1.99b_pr14.exe1 00299PeerGuardian "is a tiny firewall program especially designed for P2P software users, but also for anyone who is concerned about the investigations that corporations and authorities perform on the internet. PeerGurdian blocks connections for the configured IP ranges and logs the blocked connections"73http://www.afterdawn.com/software/p2p_software/p2p_tools/peerguardian.cfm0
312Peer Monitor0 15PeerMonitor.exe125StartUp menu\Current user0 95Peer Monitor 1.6 1.06.0069, danielclarke.com. Peer Monitor - ping based network monitoring tool39http://www.absolutestartup.com/startup/1
221Mouse Suite 98 Daemon0 12pelmiced.exe1 00121Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games 01
221Mouse Suite 98 Daemon0 12PELMICED.EXE1 00 69MouseSuite 98 1.0.0.0, Primax Electronics Ltd.. Mouse Suite 98 Daemon 01
321Mouse Suite 98 Daemon0 12PELMICED.EXE111HKEY_LM\Run0 69MouseSuite 98 1.0.0.0, Primax Electronics Ltd.. Mouse Suite 98 Daemon39http://www.absolutestartup.com/startup/1
322Pro PCL Status Monitor0 10PENGSS.EXE1 00 72Xerox printer/fax/copier status monitor (PCL = printer control language) 01
110[not used]0  9penis.exe1 00153Added by the W32/Cissi-F WORM, the system .ini field {boot} will be modiified and remote access made available to an attacker(s) using an IRC channel(s).55http://www.sophos.com/virusinfo/analyses/w32cissif.html0
1 9penis.exe0  9penis.exe1 00121Added by the W32.Cissi.W  backdoor! Found in the Windows system directory and adds a copy to the All Users startup group.72http://www.sarc.com/avcenter/venc/data/w32.cissi.w.html#technicaldetails0
119windows auto update0 11penis32.exe1 00 41Added by the BLASTER (or MSBLAST.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html0
314Pent@VALUE 3.20 14Pent@VALUE.exe1 00 49Pent@VALUE Digital Satellite Internet PC Receiver 01
1 8PeqBL1000 12PEQBL100.exe1 00 26Added by the ENVID.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.d@mm.html0
114WINDOWS SYSTEM0  7per.exe1 00 30Added by the W32/Zotob-C worm.55http://www.sophos.com/virusinfo/analyses/w32zotobc.html0
1 7msgmsgs0 14peremption.exe1 00121Added by the W32/Sdbot-KU worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotku.html0
1 9PerformCl0 10perfcl.exe1 00 55Downloads and installs other adware onto your computer. 01
1 8Perfhmon0 12Perfhmon.exe1 00 35Added by the Troj/Banklis-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojbanklisa.html0
116Performance Logs0 12Perfhmon.exe1 00 31Added by the W32/Codbot-W worm.56http://www.sophos.com/virusinfo/analyses/w32codbotw.html0
112explorer.exe0 11perfmnt.exe1 00 34Added by the Troj/Agent-FJ Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfj.html0
3 7perfmon0 11perfmon.vbs1 00186Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices.23http://www.securesa.com0
127Performance True Type Fonts0 11perfont.exe1 00 34Identified as a Trojan.downloader. 01
121[2 words from a list]0 12perfrptb.exe1 00 49Added by the Troj/PPdoor-I backdoor/proxy trojan.57http://www.sophos.com/virusinfo/analyses/trojppdoori.html0
325Run POPFile in background0  8perl.exe1 00 29POPFile - E-mail spam blocker31http://popfile.sourceforge.net/0
4 6PersFw0 10PersFw.exe1 00 31Kerio or Tiny Personal Firewall37http://www.kerio.com/us/kpf_home.html0
422Tiny Personal Firewall0 10persfw.exe1 00 22Tiny Personal Firewall44http://www.tinysoftware.com/home/tiny2?la=EN0
3 8Personal0 12Personal.exe122StartUp menu\All users0 60Nexus Personal 4,0,1,43, Technology Nexus AB. Nexus Personal39http://www.absolutestartup.com/startup/1
2 3PMT0 21personalmoneytree.exe1 00105According to the web site Personal_Money_Tree is an automatic cash rebate program. Note: Not recommended. 01
312PestPatrolCL0 16PestPatrolCL.exe1 00 62required in cases where schedules for regular scanning are set 01
220Kodak Batch Transfer0 11pezdow1.exe1 00144Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC 01
237kodak picture easy *.* batch transfer0 15PezDownload.exe1 00172Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. *.* represents the version 01
1 5pfamn0  9pfamn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
326Guardian PC Security Tools0  8Pfft.exe111HKEY_LM\Run0 82Guardian PC Security Tools 1, 5, 0, 0, Boomerang Software. Guardian Security Tools39http://www.absolutestartup.com/startup/1
1 6pfkaxn0 10pfkaxn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212PerfectPrint0 12pfppop70.exe1 00 60Print engine used by Corel WordPerfect 7 and Presentations 7 01
316ScanSnap Manager0 12PfuSsMon.exe122StartUp menu\All users0 48ScanSnap Manager V3.1 L12, PFU LIMITED. PFUSSMON39http://www.absolutestartup.com/startup/1
212PfuSsSct.exe0 21PfuSsSct.exe /Station211HKEY_LM\Run0 51PfuSSSct.exe 3, 0, 10, 1, PFU LIMITED. PfuSSSct.exe39http://www.absolutestartup.com/startup/1
417Personal Firewall0 10PFWall.exe1 00 26Hotbrick Personal Firewall51http://www.hotbrick.com/produto.asp?tipo=2&codPro=20
313PFW_CfgEngine0 12PFWCFG~1.EXE1 00 26Personal Firewall related? 01
1 7pfwevre0 11pfwevre.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212PeerGuardian0  7pg2.exe1 00263PeerGuardian 2 is an IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc).16www.Methlabs.org0
312PeerGuardian0  7pg2.exe111HKEY_CU\Run0 52PeerGuardian 2 2, 0, 0, 20, Methlabs. PeerGuardian 239http://www.absolutestartup.com/startup/1
412!1_pgaccount0 13pgaccount.exe1 00292DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly41http://www.diamondcs.com.au/processguard/0
1 8statload0 12pgjd83sa.exe1 00 41Added by the Backdoor.Sdbot.AO Infection!78http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.ao.html#technicaldetails0
1 8PgMonitr0 12PgMonitr.exe1 00 32Delfin Promulgate adware variant55http://sarc.com/avcenter/venc/data/adware.delfin.b.html0
110PromulGate0 12PgMonitr.exe1 00 32Delfin Promulgate adware variant55http://sarc.com/avcenter/venc/data/adware.delfin.b.html0
4 9PGPSDKSVC0 14pgpsdkserv.exe1 00382PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality 01
310PGPSERVICE0 14pgpservice.exe1 00538PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference 01
2 7PGPtray0 11pgptray.exe1 00109PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start - Programs 01
1 6pgtaff0 10pgtaff.exe1 00 24AdRotator adware variant79http://www.giantcompany.com/antispyware/research/spyware/spyware-AdRotator.aspx0
2 7dregfix0 13ph_finder.exe1 00  2?? 01
120Winux Piriax Service0  8PH32.EXE1 00 27Added by the RANDEX.G WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.g.html0
110[not used]0 11Phantom.exe1 00 61Added by the W32/Mytob-FT mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobft.html0
313PhilipsRemote0 17PhilipsRemote.exe111HKEY_LM\Run0 65MUSICMATCH JUKEBOX 8.10.0000, MUSICMATCH, Inc.. PhilipsRemote exe39http://www.absolutestartup.com/startup/1
310PhishGuard0 14PhishGuard.exe122StartUp menu\All users0 56PhishGuard 1.02.0186, PhishGuard Corporation. PhishGuard39http://www.absolutestartup.com/startup/1
310Dialgo SDK0 15PhoneAnswer.exe1 00271Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis" 01
321PhoneFree version 6.20 12PHONEF??.EXE1 00110An Internet telephony application. Complicated registration and ad banners tailored to your profile - see here25http://www.phonefree.com/0
112Client Agent0 10photes.exe1 00 34Added by the Troj/PPdoor-P Trojan.57http://www.sophos.com/virusinfo/analyses/trojppdoorp.html0
113vcxd settings0  8phqg.EXE1 00 28Added by the  RBOT.BRF WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRF&VSect=P0
121web drivers for win320  9phqgh.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
128view point drivers for win320 10phqghu.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120kym control settings0 11phqghum.exe1 00 28Added by the  RBOT.BQD WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQD&VSect=P0
124microsoft update service0 11phqghum.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118view point drivers0 11phqghum.exe1 00 28Added by the  RBOT.BRX WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRX&VSect=T0
136local internet web drivers for win320 12phqghume.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
130optional web drivers for win320 12phqghume.exe1 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5phuea0  9phuea.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113MSN Messenger0 11PIC1324.exe1 00 50Added by the W32.Annoying.Worm msn messenger Worm.95http://securityresponse.symantec.com/avcenter/venc/data/w32.annoying.worm.html#technicaldetails0
224LifeScape Media Detector0 23PicasaMediaDetector.exe1 00  0 01
224LifeScape Media Detector0 23PicasaMediaDetector.exe1 00 53Media detector for Picasa's automatic photo organizer22http://www.picasa.net/0
221Picasa Media Detector0 23PicasaMediaDetector.exe1 00 53Media detector for Picasa's automatic photo organizer22http://www.picasa.net/0
2 8Pickatag0 12pickatag.exe1 00232Pick-a-tag - &quot;Freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages&quot;43http://home.wanadoo.nl/jeroen/software.html0
120Configuration L0ader0 13picorulez.exe1 00121Added by the W32/SdBot-IN worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotin.html0
3 7PicoZip0 15PicoZipTray.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 7PICPRTR0 11PICPRTR.EXE1 00 66Program for viewing and measuring a variety of 3D CAD data formats 01
1 6picsvr0 10picsvr.exe1 00 19Unidentified adware 01
214Picture Framer0 17PictureFramer.exe125StartUp menu\Current user0 45DesktopX Widget 1, 0, 0, 1, . DesktopX Widget39http://www.absolutestartup.com/startup/1
113PictureViewer0 17PictureViewer.exe1 00 48Added by the PWSteal.Marlap.C password-stealer..77http://www.sarc.com/avcenter/venc/data/pwsteal.marlap.c.html#technicaldetails0
110PIC SYSTEM0  8picx.exe1 00145Added by the W32/Mytob-EX worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32mytobex.html0
115winnt DNS ident0 12pidchk32.exe1 00132Added by the W32/Rbot-ACY worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotacy.html0
123Microsoft&copy; PID Lex0 10PIDLex.exe1 00 30Added by the NIOVADOOR TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.niovadoor.html0
118Microsoft© PID Lex0 10PIDLex.exe1 00 30Added by the NIOVADOOR TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.niovadoor.html0
123PROCESS SESSION MANAGER0 11PIDSERV.EXE1 00144Added by the W32/Rbot-AV trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotav.html0
3 7PiDunHK0 11PIDUNHK.EXE1 00218Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens 01
1 5pilif0  9pilif.exe1 00 23Added by the FILI WORM!59http://www.symantec.com/avcenter/venc/data/w32.fili@mm.html0
123PingTimeout Institution0 12pingchek.exe1 00123A variant of the Sbot WORM/IRC backdoor adds this file to run continuously and provide unauthorised access to the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotvy.html0
2 6Pinger0 10pinger.exe1 00197Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification 01
213ToshibaPinger0 10pinger.exe1 00227Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Disabling instructions here81http://www.spywareinfo.com/yabbse/index.php?board=18;action=display;threadid=26730
2 6PINGER0 15pinger.exe /run2 00 62Software Upgrades 3.7.0.0, TOSHIBA Corporation. TOSHIBA Pinger 01
1 6PPPOEO0 12pingppac.exe1 00 32l" target=_blankSPYBOT.KHC WORM! 01
1 7martini0 11pinmart.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 3pst0  9pio12.dll1 00 46Added by the Troj/Dloadr-UZ Trojan downloader.58http://www.sophos.com/virusinfo/analyses/trojdloadruz.html0
2 6Piolet0 10piolet.exe1 00 41Piolet - peer-to-peer file sharing client22http://www.piolet.com/0
111PIPE SYSTEM0  8pipe.exe1 00132Added by the W32/Mytob-FF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobff.html0
1 7directx0 11PipeCmd.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
1 7pirhvib0 11pirhvib.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
120Winux Piriax Service0 12PIRIAX32.EXE1 00134Added by the W32/Randex-X worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexx.html0
3 100  7pit.exe1 00124Added by the Spyware.PrivateEye surveillance software.  If you did not install this software, then uninstall it immediately.62http://www.sarc.com/avcenter/venc/data/spyware.privateeye.html0
1 7Pixel320 11Pixel32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
110Pixelpwr320 14Pixelpwr32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Pixelsvr0 12Pixelsvr.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 4piyt0  8piyt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0  9pizda.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 8pjWebCam0 12pjWebCam.exe1 00 96Webcam automation software that saves regular photos from webcam and can also act as HTTP server 01
138(8E3526E3-F160-437B-9095-46A011877CBE)0 12pKerme12.dll1 00 96Added by the Troj/Ermeto-A Trojan.br /br /Uses CLSID: b(8E3526E3-F160-437B-9095-46A011877CBE)/b.57http://www.sophos.com/virusinfo/analyses/trojermetoa.html0
1 8PK Guard0 13pkguard32.exe1 00 47Added by the W32.Guapim instant messenger worm.71http://www.sarc.com/avcenter/venc/data/w32.guapim.html#technicaldetails0
315Pagekeeper Jobs0 10pkjobs.exe1 00237PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc 01
315Pagekeeper Lite0 10pkjobs.exe1 00237PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc 01
1 4pkpy0  8pkpy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111PK Services0  9pksvc.exe1 00 28Added by the FORBOT-BW WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbw.html0
0 9ToPassSrv0 12Pktopass.exe1 00112Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems 01
331HI-SPEED USB DEVICE Coinstaller0 12PL15Co2K.exe111HKEY_LM\Run0 88Hi-Speed USB Flash Disk 1, 0, 0, 1, Prolific Technology Inc.. USB Flash Disk Application39http://www.absolutestartup.com/startup/1
224Photo Loader supervisory0 10Plauto.exe1 00129Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures 01
1 6Newman0 11playavi.exe1 00 82Added by the Troj/Lineage-AT password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageat.html0
1 7Playboy0 11playavi.exe1 00 56Added by the PWSteal.Gamanlock password-stealing Trojan.78http://www.sarc.com/avcenter/venc/data/pwsteal.gamanlock.html#technicaldetails0
110PnP Driver0 11playboy.exe1 00143Added by the W32/Forbot-FR worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfr.html0
128Sy21dsgate Personal Firewall0 12playboy1.exe1 00 48Added by the W32/Rbot-BMO worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbmo.html0
310tse_plutil0 11PLBkMon.exe1 00 42Prolific USB Flash Disk Log On Application42http://www.prolific.com.tw/eng/company.asp0
311PLEAPCPUCPL0 10pleapu.exe1 00 47CPU Control Panel for the Powerleap CPU upgrade41http://www.powerleap.com/Products/ccp.htm0
2 8Imonitor0 10Plguni.exe1 00 70McAfee QuickClean 3.0 - removes internet clutter and unwanted programs44http://www.mcafee.com/myapps/qc3/default.asp0
226McAfee QuickClean Imonitor0 10Plguni.exe1 00  044http://www.mcafee.com/myapps/qc3/default.asp0
2 6Plguni0 10Plguni.exe1 00 70McAfee QuickClean 3.0 - removes internet clutter and unwanted programs44http://www.mcafee.com/myapps/qc3/default.asp0
226McAfee QuickClean Imonitor0 17PlgUni.exe /START211HKEY_CU\Run0 70QuickClean 5.00.1.0, McAfee, Inc.. QuickClean Plug-In For McAfee Agent39http://www.absolutestartup.com/startup/1
1 8plgwiz320 12plgwiz32.dll1 00 33Added by the Troj/Opnis-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojopnisd.html0
1 8StartKey0 10pligde.exe1 00 48Added by the Backdoor.Bifrose.E Trojan backdoor.79http://www.sarc.com/avcenter/venc/data/backdoor.bifrose.e.html#technicaldetails0
211PasteLister0 11plister.exe1 00 62PasteLister - clipboard extender. Start manually when required40http://www.progency.com/pastelister.html0
1 5plkvx0  9plkvx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8plmg.exe0  8plmg.exe1 00 55Paragon Last Minute Bidder - auction assistant software 01
223Event Planner Reminders0 12PLNRnote.exe1 00 30Sierra Event Planner tray icon 01
323Event Planner Reminders0 12PLNRnote.exe122StartUp menu\All users0 75Hallmark Card Studio 3.0, Sierra Online. Event Planner Reminder Application39http://www.absolutestartup.com/startup/1
1 5plook0  9plook.exe1 00 26Affiliatetarget.com adware 01
121Windows Virus Control0  8plou.exe1 00133Added by the W32/Sdbot-ACZ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacz.html0
114DRam prosessor0 10plsccd.exe1 00 73Identified as a variant of Backdoor.Win32.Rbot.gen worm and IRC backdoor. 01
123Microsoft Visual Studio0 13plscdksxg.exe1 00133Added by the  W32/Rbot-AWV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawv.html0
115icrosoft Visual0  9plscx.exe1 00132Added by the W32/Rbot-AYO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotayo.html0
310Pluck Tray0 13PluckTray.exe1 00 29RSS (XML TAGS) reader program 01
2 8plucksvr0 16PluckUpdater.exe1 00 21Pluck Toolbar updater21http://www.pluck.com/0
1 4plug0  8plug.exe1 00 47Added by the Troj/Dloadr-ACX Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloadracx.html0
110PLUGED.EXE0 10PLUGED.EXE1 00120Added by the  W32/Randon-AC worm.  This infection, when started, connects to an IRC server using a provided MIRC client.57http://www.sophos.com/virusinfo/analyses/w32randonac.html0
1 5CLSID0 10plugin.exe1 00 21Adult content dialler 01
114No Credit Card0 19plugin-[random].exe1 00 28Adult content pop-up dialler 01
1 5WinXP0 11plugin1.exe1 00 34Added by the Downloader-JW TROJAN! 01
1 9winxphome0 11plugin2.exe1 00 42Added by the malicious  VBS_INOR.T script!82http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INOR.T&VSect=P0
1 7pluginX0 11pluginX.exe1 00 35Added by the Troj/Dloadr-KN Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrkn.html0
123Microsoft Plug and Play0 15plugnplay32.exe1 00 61Added by the W32/Mytob-HF mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobhf.html0
3 8PLXSTART0 12PLXSTART.EXE1 00127Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW. 01
2 7PLXTASK0 11PLXTASK.EXE1 00203Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files) 01
310Powermarks0  6pm.exe125StartUp menu\Current user0 88Powermarks 3, 5, 0, 352, Kaylon Technologies Inc.. Powermarks(tm) Personal Search Engine39http://www.absolutestartup.com/startup/1
1 8pm32info0 12pm32info.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 6pmavuc0 10pmavuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5pmcqt0  9pmcqt.exe1 00 33Added by the Troj/Dluca-V Trojan.56http://www.sophos.com/virusinfo/analyses/trojdlucav.html0
0 7PmProxy0 11PmProxy.exe1 00 89Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. 01
3 7PmProxy0 11PmProxy.exe111HKEY_LM\Run0 37adi PmProxy 1, 0, 0, 18, adi. PmProxy39http://www.absolutestartup.com/startup/1
1 3pmr0  7pmr.exe1 00 28Powerstrip foistware variant47http://www.doxdesk.com/parasite/PowerStrip.html0
214Event Reminder0 12pmremind.exe1 00 66A calendar/alarm program that installs with Brřderbund Printmaster 01
227Print Master Event Reminder0 12PMremind.exe1 00 78Print Master Gold - calander feature that pops up reminders, such as birthdays 01
2 7r38O39g0 11pmslbva.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6pmsucd0 10pmsucd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8PMTSHOOT0 12pmtshoot.exe1 00 53MS tool for troubleshooting power management problems 01
013Scan Detector0 13Pmxdetect.exe1 00 35Associated with PrimaScan scanners.25http://www.primascan.com/0
3 7PMXInit0 11pmxinit.exe1 00130Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma  01
3 7PMXInit0 11pmxinit.exe111HKEY_LM\Run0 81PowerVR KYRO 1.05.15.0084, Imagination Technologies Ltd.. Card enumeration module39http://www.absolutestartup.com/startup/1
1 6pmxndy0 10pmxndy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7PNAgent0 11PNAgent.exe1 00 64PhatNoise Music Manager - manages WMA, MP3, WAV, etc music files60http://www.phatnoise.com/products/software/music_manager.php0
326Program Neighborhood Agent0 11pnagent.exe1 00 80Citrix ICA Client 9.100, Citrix Systems, Inc.. Citrix ICA Client PNAgent (Win32) 01
326Program Neighborhood Agent0 11pnagent.exe1 00 33Citrix Program Neighborhood Agent85http://www.citrix.com/site/SS/downloads/details.asp?dID=2755&downloadID=13025&pID=1860
1 8pndokfwn0 12pndokfwn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5pndvi0  9pndvi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6pndxlq0 10pndxlq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111PalNetaware0 13pnetaware.exe1 00 81PalTalk adware - as included in Morpheus, see here towards the bottom of the page49http://www.pestpatrol.com/pestinfo/m/morpheus.asp0
1 8pnezhftx0 12pnezhftx.sys1 00 98Added by the Troj/PcClien-AH Trojan. This infection also creates the file C:\Windows\pnezhftx.dll.59http://www.sophos.com/virusinfo/analyses/trojpcclienah.html0
1 4pnfn0  8pnfn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Vekio Startups0 12Pnksvc32.exe1 00 84Added by the W32/Agobot-PZ Backdoor Trojan/Worm! Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotpz.html0
3 6Pnpchk0 10Pnpchk.exe1 00 86a target="_blank" href="http://www.aztech.com/index.htm"Aztech Labs Sound 3 PnP driver 01
118Windows PNP Server0 10pnpsrv.exe1 00133Added by the  W32/Rbot-AKM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakm.html0
3 7PNSetup0 11PNSetup.exe1 00 22PopNot - pop-up killer26http://www.hdsoft.com/?0.10
115PNtask Services0 10pntask.exe1 00 27Added by the LALA.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.c.html0
1 6pobres0 11pob2res.exe1 00 36Added by the Troj/DwnLdr-AYA Trojan.59http://www.sophos.com/virusinfo/analyses/trojdwnldraya.html0
1 5pocbg0  9pocbg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311PktAnything0 19PocketCompanion.exe1 00 85PocketAnything lets you save anything on your computer to your mobile, with one click42http://www.o2pocket.com/pocketanythinginfo0
1 4Poet0  8Poet.exe1 00 25Added by the DOEP.A WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.doep.a.html0
3 7point320 11point32.exe1 00128Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features38http://www.microsoft.com/intellipoint/0
3 7POINTER0 11point32.exe1 00  038http://www.microsoft.com/intellipoint/0
312IntelliPoint0 11point32.exe111HKEY_LM\Run0 62Microsoft IntelliPoint 5.2, Microsoft Corporation. Point32.exe39http://www.absolutestartup.com/startup/1
412IntelliPoint0 11point32.exe1 00129Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features.38http://www.microsoft.com/intellipoint/0
130Microsoft Mouse Driver Ver 3.00 13pointer32.exe1 00135Added by the W32/Randex-AA worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32randexaa.html0
2 6Altnet0 18points manager.exe2 00223Altnet Points Manager - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required26http://www.altnet.com/faq/0
221altnet points manager0 18points manager.exe2 00 24Altnet  TopSearch adware77http://securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html0
219AltnetPointsManager0 18points manager.exe2 00  026http://www.altnet.com/faq/0
214Points Manager0 18points manager.exe2 00223Altnet Points Manager - manages the new Kazaa Plus scheme for awarding you points if you share music files on your machine with others rather than simply getting files and not sharing their own. Start manually when required26http://www.altnet.com/faq/0
116system service610 14pokapoka61.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service620 14pokapoka62.exe1 00196Adware.  EliteBarToolBar Program. For more information  Click_Here.  This file will not be visible in normal mode as it uses rootkit technology to hide itself.  Reboot into safe mode to delete it.52http://www.spywareguide.com/product_show.php?id=11240
113systemservice0 14pokapoka62.exe1 00  052http://www.spywareguide.com/product_show.php?id=11240
116System Service620 14pokapoka63.exe1 00  076http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service630 14pokapoka63.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service650 14pokapoka65.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116System service660 14pokapoka66.exe1 00  076http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service670 14pokapoka67.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service680 14pokapoka68.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service690 14pokapoka69.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service700 14pokapoka70.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service710 14pokapoka71.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service720 14pokapoka72.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service730 14pokapoka73.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service740 14pokapoka74.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service750 14pokapoka75.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service760 14pokapoka76.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service770 14pokapoka77.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service780 14pokapoka78.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
116system service790 14pokapoka79.exe1 00 25EliteBar adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
144Microsoft Windows DLL Services Configuration0  9poker.exe1 00133Added by the W32/Sdbot-ZY worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzy.html0
144Microsoft Windows DLL Services Configuration0 10poker3.exe1 00134Added by the W32/Sdbot-AAH worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaah.html0
1 6Pollon0 11pollone.exe1 00 29Added by the  SPYBOT.FW WORM!84http://se.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.FW0
1 8polo.exe0  8polo.exe1 00 34Added by the Troj/Agent-PE Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentpe.html0
112polymorphreg0 13polymorph.dll1 00 44Added by the Troj/Small-BNO backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojsmallbno.html0
1 7Spool320 10pool32.exe1 00139Added by the  Troj/Assasin-F to terminate security related processes and log keystrokes.  It also enables backdoor access to a remote user.58http://www.sophos.com/virusinfo/analyses/trojassasinf.html0
4 9NOD32POP30 12Pop3scan.exe1 00 46POP3 E-mail part of Eset's NOD32 virus-scanner34http://www.nod32.com/home/home.htm0
412pop3trap.exe0 12pop3trap.exe1 00 50PC-Cillin 2000 antivirus software - E-mail scanner 01
1 9PopAdStop0 13popadstop.exe1 00131PopAdStop claims to be an ad blocker, but instead sends advertisements to other computers on your network via the Net Send command.60http://www.sarc.com/avcenter/venc/data/adware.popadstop.html0
112ControlPanel0 11popcorn.exe1 00 45Added by the Troj/Bizves-B downloader trojan.57http://www.sophos.com/virusinfo/analyses/trojbizvesb.html0
112ControlPanel0 41popcorn64.exe rundll.dll,LoadMouseProfile2 00126Added by the Troj/Dloader-OI downloader trojan.  When removing this infection, you only want to remove the popcorn64.exe file.59http://www.sophos.com/virusinfo/analyses/trojdloaderoi.html0
112ControlPanel0 13popcorn72.exe1 00 36Added by the Troj/Dloader-RA Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderra.html0
1 7PopeSvr0 11PopeSvr.exe1 00 46Added by the Troj/LegMir-AJ keylogging trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmiraj.html0
317Run POPFile diane0 11popfile.exe125StartUp menu\Current user0 46POPFile 0.20.0.0, The POPFile Project. POPFile39http://www.absolutestartup.com/startup/1
315Popup Ad Filter0 13PopFilter.exe1 00 31Popup Ad Filter - pop-up killer21http://www.meaya.com/0
319Super Popup Blocker0 11popkill.exe1 00 41Saga Super Popup Blocker - pop-up stopper22http://www.zg2008.com/0
311PopMenu exe0 11popmenu.exe122StartUp menu\All users0 69WinBatch PopMenu 2004A, Wilson WindowWare, Inc.. WinBatch PopMenu EXE39http://www.absolutestartup.com/startup/1
3 6PopNot0 10PopNot.exe1 00 22PopNot - pop-up killer26http://www.hdsoft.com/?0.10
3 7PopOops0 11PopOops.exe1 00 23PopOops - pop-up killer34http://www.gasanov.net/PopOops.htm0
3 7Popopen0 11popopen.exe1 00 61PopOpen makes your windows spring open with animation effects49http://www.jsmadeeasy.com/archive/shellutilities/0
420Norton eMail Protect0 11POPROXY.EXE1 00300Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it 01
4 7Poproxy0 11POPROXY.EXE1 00300Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it 01
1 3POP0 13PopSrv***.exe1 00 73PeopleonPage foistware, bundled with Grokster where *** are random digits48http://www.pchell.com/support/peopleonpage.shtml0
1 9popsrv1460 13popsrv146.exe1 00125PeopleOnPage online dating browser enhancement - also adware and privacy issues, see here. For removal instructions see  here49http://www.doxdesk.com/parasite/AproposMedia.html0
1 3POP0 13PopSrv225.exe1 00 37Added by the Spyware.Apropos spyware.59http://www.sarc.com/avcenter/venc/data/spyware.apropos.html0
311PopSubtract0 10PopSub.exe1 00 27PopSubtract - pop-up killer40http://www.popsubtract.com/features.html0
3 7PopTray0 11PopTray.exe125StartUp menu\Current user0 433.1, Renier Crause. PopTray E-Mail Notifier39http://www.absolutestartup.com/startup/1
315PopupEliminator0 20Popup Eliminator.exe2 00 32Popup Eliminator - pop-up killer32http://www.popupeliminator.info/0
314Pop-Up_Blocker0  9Popup.exe1 00134A Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP - Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
120Popup Blocker System0 16PopUpBlocker.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
128blocker system611 monitoring0 19PopUpBlocker611.exe1 00 28Added by the  RBOT.BLJ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLJ&VSect=P0
135popup blocker system326a monitoring0 18PopUpBlocker6a.exe1 00 28Added by the  RBOT.AUH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AUH&VSect=P0
132popup blocker system8 monitoring0 17PopUpBlocker8.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
213popup buster+0 15popupbuster.exe1 00 13PopUp  Buster23http://popupbuster.net/0
112notepad2.exe0 11popuper.exe1 00 56Added by the  Troj/AdClick-AO or  Troj/Puper-E  trojans!59http://www.sophos.com/virusinfo/analyses/trojadclickao.html0
321Ashampoo PopUpBlocker0 15PopUpKiller.exe1 00 66Ashampoo popup blocker, part of Privacy Protector Plus -  see here97http://www.ashampoo.com/frontend/products/php/product.php?idstring=0204&session_langid=2¤cy_id=-10
311PopUpKiller0 15PopUpKiller.exe1 00 27PopUpKiller - pop-up killer55http://software.xfx.net/utilities/popupkiller/index.php0
323asmw soft popups burner0 17popups burner.exe2 00 47Popup blocker,  part of Asmw Soft  PC_Optimizer40http://www.asmwsoft.com/products/002.htm0
314Pop-Up_Scanner0 12Popupscn.exe1 00 23Panicware popup blocker25http://www.panicware.com/0
314Pop-Up Smasher0 16PopupSmasher.exe1 00 30Pop-Up Smasher - pop-up killer28http://www.popupsmasher.com/0
329System Mechanic Popup Stopper0 16Popupstopper.exe1 00 36Iolo "System Mechanic" popup stopper34http://www.iolo.com/sm/4/index.cfm0
329System Mechanic Popup Stopper0 16PopupStopper.exe1 00 51System Mechanic ® 4.0.10.0, iolo technologies, LLC. 01
324PopUpStopperProfessional0 28PopUpStopperProfessional.exe1 00 45Panicware's Pop-Up Stopper - paid for version42http://www.panicware.com/popupstopper.html0
311PopupVanish0 15PopupVanish.exe1 00 14Pop-up blocker 01
311PopUpWasher0 15PopUpWasher.exe1 00 25PopUpWasher pop-up killer44http://www.webroot.com/products/popupwasher/0
310PopUpWatch0 14PopUpWatch.exe1 00206Part of BPS Trace Remover - made by the folks who &quot;developed&quot; BPS Spyware Remover which reportedly uses an old, &quot;borrowed&quot; SpyBot database. Read this and this. Do not support these guys!104http://ww0
1 3IE60  8porn.pif1 00132Added by the W32/Rbot-ATF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatf.html0
322trojanshield protector0  8Port.exe1 00 45TrojanShield anti-hacker/anti-trojan software37http://www.trojanshield.com/index.htm0
224Pure Networks Port Magic0 11PortAOL.exe1 00288Pure Networks Port Magic, as available in the latest version of the AOL® 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See here37http://www.purenetworks.com/products/0
224Pure Networks Port Magic0 16PortAOL.exe -Run2 00 66Port Magic 1.2.1393.0, Pure Networks, Inc.. Port Magic Application 01
324Pure Networks Port Magic0 16PortAOL.exe -Run211HKEY_LM\Run0 66Port Magic 1.2.1393.0, Pure Networks, Inc.. Port Magic Application39http://www.absolutestartup.com/startup/1
418gw port controller0 12PORTCT95.EXE1 00255From a visitor - &quot;I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work&quot;. From the file properties, the file is known as &quot;Smart Thru Fax Drive Spy&quot; and is supplied by Samsung 01
117PO system service0 10poserv.exe1 00 36Added by the W32/Porex-C .exe virus.55http://www.sophos.com/virusinfo/analyses/w32porexc.html0
323M Player Post Installer0 16postinstallm.exe1 00  2?? 01
2 3pot0  7pot.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 4POW!0  7pow.exe1 00 13Pop-up killer 01
2 8PowerBar0 12Powerbar.exe1 00 97Part of CyberLink's PowerDVD software. Not sure what exactly it does, but not required in startup 01
2 8PowerBar0 24PowerBar.exe /AtBootTime2 00 70PowerBar Application 1.01.0421, Cyberlink, Corp.. PowerBar Application 01
115[Various Names]0 12powerdll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 8PowerDVD0 12PowerDVD.exe1 00161Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually 01
2 8PowerDVD0 23PowerDVD.exe /autostart2 00 45PowerDVD 4.00.2417, CyberLink Corp.. PowerDVD 01
312AcerPowerkey0 12Powerkey.exe1 00134PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3 01
3 8PowerKey0 12PowerKey.exe1 00 221, 4, 4, 0, . Powerkey 01
3 8PowerKey0 12PowerKey.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
3 8PowerPro0 12powerpro.exe1 00158Part of the power professional program that loads the floating menu bar. Can be accessed from Start - Programs, but I'd leave it alone if you use this program 01
1 9PowerProf0 13PowerProf.exe1 00 28Added by the LOREX.B TROJAN! 01
2 8POWERR~10 12POWERR~1.exe1 00 17Power monitoring? 01
218PowerReg Scheduler0 22PowerReg Scheduler.exe2 00112PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro &amp; Microprose - amongst others38http://www.leadertech.com/register.htm0
220PowerReg SchedulerV20 24PowerReg SchedulerV2.exe2 00108PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others38http://www.leadertech.com/register.htm0
220PowerReg SchedulerV30 24PowerReg SchedulerV3.exe2 00108PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others 01
2 6PowerS0 10PowerS.exe1 00 69ProlinkTest for either their AGP graphics card or TV/FM capture card.27http://www.prolink-usa.com/0
110Power Scan0 13powerscan.exe1 00 84Foistware by Integrated Search Technologies - the people behind the  ISTbar parasite42http://217.115.153.73/parasite/ISTbar.html0
210PowerStrip0 14powerstrip.exe1 00 95PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings34http://www.entechtaiwan.com/ps.htm0
410PowerPanel0 12POWPANEL.EXE1 00100Power management utility on notebooks/laptops - automatically switches modes when running on battery 01
1 4poxl0  8poxl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
335eTrust PestPatrol Active Protection0 21PPActiveDetection.exe1 00 86PestPatrol real-time protection feature. "Stops spyware before it infects your system"26http://www.pestpatrol.com/0
212Bart Station0 17PPCOLink -STATION211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
325PestPatrol Control Center0 13PPControl.exe1 00 94PestPatrol Control Terminal - launches PestPatrol features such as PPMemCheck and CookiePatrol36http://www.pestpatrol.com/PPControl/0
3 9PPControl0 13PPControl.exe1 00 78PestPatrol 4.4, Computer Associates International. PestPatrol tray application36http://www.pestpatrol.com/PPControl/0
010ppcrunonce0 14PPCRunOnce.exe1 00 32Related to PeoplePC ISP software 01
3 7PCLEPCI0  7ppe.exe1 00130Pinnacle Systems PCI Performance Enhancer. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."129http://www.0
3 8pphidpad0 12pphidpad.exe1 00 49PenPower Chinese handwriting recognition software62http://www.penpowerusa.com/ProductInfo.asp?Product_ID=PPEJWCRC0
318PP2000 Instaupdate0 12PPInupdt.exe1 00140Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually 01
310PPMemCheck0 14ppmemcheck.exe1 00168PPMemCheck - "extends PestPatrol's power so that the most dangerous Pests -- those that are about to execute -- are found, terminated, and cleaned from a user's system"37http://www.pestpatrol.com/PPMemCheck/0
310PPMemCheck0 14PPMemCheck.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310softickppp0 11PPPGate.exe1 00147Softick_PPP is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer.27http://www.softick.com/ppp/0
2 8PProTray0 12pprotray.exe1 00 69Part of the power professional program. Loads the System Tray control 01
315System_Messages0 10pprsen.exe1 00169TerminatorX - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"27http://www.plevna.f9.co.uk/0
211PPScheduler0 15PPScheduler.exe111HKEY_CU\Run0 46PaperPort 10.1, ScanSoft, Inc.. PPSchedulerEng39http://www.absolutestartup.com/startup/1
1 8bin32hpu0 10ppstub.exe1 00 19PrecisionPop adware24http://precisionpop.com/0
422PP2000 Taskbar Control0  9PPTbc.exe1 00 55Protector Plus anti-virus software - system tray access 01
213PaperPort PTD0 12pptd40nt.exe1 00 43PaperPort software associated with scanners 01
2 8pptd40nt0 12pptd40nt.exe1 00  0 01
213PaperPort PTD0 12pptd40nt.exe111HKEY_LM\Run0 64PaperPort 9.0, ScanSoft, Inc.. PaperPort Print to Desktop for NT39http://www.absolutestartup.com/startup/1
1 6pptp320 10pptp32.dll1 00162Added by the Troj/Haxdoor-BK backdoor Trojan.  This infection is hidden using the rootkit files c:\windows\system32\pptp64.sys and c:\windows\system32\pptp32.sys.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbk.html0
1 6pptp320 10pptp64.sys1 00 37Added by the Troj/Haxdor-Fam rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdorfam.html0
1 6pptp640 10pptp64.sys1 00  059http://www.sophos.com/virusinfo/analyses/trojhaxdorfam.html0
3 8PPUpdate0 13ppupdater.exe1 00253PPUpdater - "is the update program that ships with PestPatrol. It is able to update licensed and evaluation versions, and presents a visual display of what it is doing". Run manually unless you think you'll forget to check for updates on a regular basis36http://www.pestpatrol.com/PPUpdater/0
421PP2000 Real Time Scan0 11PPVstop.exe1 00 54Protector Plus anti-virus software - real time scanner 01
2 9PPWWebCap0 12PPWebCap.exe1 00 43PaperPort software associated with scanners 01
1 5ppyuc0  9ppyuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5pqdgt0  9pqdgt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8pqhelper0 12pqhelper.exe1 00 22Searchcentrix hijacker54http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp0
226PowerQuest Startup Utility0 10PQINIT.EXE1 00302From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems" 01
227PaperQuote System Tray Icon0 10PQTRAY.EXE1 00 99PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation 01
2 9practical0 13PractiCal.exe122StartUp menu\All users0 53PractiCal 1.2 1.02, Sadata Corporation. PractiCal 1.239http://www.absolutestartup.com/startup/1
115[Various Names]0 11PrcIdle.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
115[Various Names]0 10prcmon.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
112Task Manager0 11prcview.exe1 00 12Added by the273W32/Agobot-RT.  When start0
1 7prdtect0 11prdtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
3 8ReproPRD0 10PrdUsb.exe1 00123Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work 01
011PreAnnotate0 12PreAnntt.exe1 00 40Genius Wizard Pen Tablet driver related. 01
228Precision Time Clock Checker0 17PrecisionTime.exe1 00126Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time55http://www.ubr.com/clocks/timesw/prectime/prectime.html0
113precisiontime0 17PrecisionTime.exe1 00 76PrecisionTime - clock synchronizing software containg spyware by Claria/GAIN95http://research.sunbelt-software.com/threat_display.cfm?name=Claria.PrecisionTime&threatid=99620
120&lt;random CLSID&gt;0  9PREFX.DLL1 00 80Added by the TROJ_DROPPER.EI Trojan dropper.br /br /Uses CLSID: brandom CLSID/b.91http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDROPPER%2EEI&VSect=T0
115[Various Names]0 15Preliminary.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
422Keyboard Preload Check0 11Preload.exe1 00 40Millenium Multi-Function Keyboard driver 01
4 7Preload0 11Preload.exe1 00 40Millenium Multi-Function Keyboard driver 01
017Norton AV Preload0 11Premend.exe1 00 61Norton Antivirus related.  What does it do and is it required 01
313magickeyboard0 11PreMKBD.exe1 00 92Related to  Samsung laptops. Provides ability to program keys to perform specific functions.23http://www.samsung.com/0
313MagicKeyboard0 11PreMKBD.exe111HKEY_LM\Run0 59PreMKBD 1, 0, 0, 0, . PreMKBD before Magic Keyboard Program39http://www.absolutestartup.com/startup/1
221HP Presentation Ready0 11PresRdy.exe1 00191HP Omnibook related:  "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device" 01
111uninstallhl0 18PreUninstallHL.exe1 00 37LinkReplacer/FFinder adware component54http://vil.mcafeesecurity.com/vil/content/v_134892.htm0
111uninstallql0 18PreUninstallQL.exe1 00 37LinkReplacer/FFinder adware component54http://vil.mcafeesecurity.com/vil/content/v_134892.htm0
117Preview AdService0 14PrevAdServ.exe1 00 62Ad delivery programs Found C:\Program Files\Preview AdService\ 01
425panda preventium+ service0 11PREVSRV.EXE1 00 24Panda_Titanium Antivirus59http://www.pandasoftware.com/products/titanium2006_part.htm0
1 7prfcqcu0 11prfcqcu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 14prgsys0984.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 7prgtect0 11prgtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
110\Pribi.exe0  9Pribi.exe1 00 25FastFind parasite variant 01
1 7prifvqw0 11prifvqw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 11primary.exe1 00 42Added by the Troj/Sharp-G backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojsharpg.html0
0 7Primsta0 11Primsta.exe1 00 50Linksys Wireless CompactFlash Card driver related. 01
212Printkey20000 16Printkey2000.exe1 00 28PrintKey 5, Fred's Software. 01
212Printkey20000 16printkey2000.exe1 00108Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required 01
2 8printnow0 12printnow.exe1 00124PrintNow - a utility that primarily allows "Print Srceen" or "Alt+Print Screen" screenshots to be sent directly to a printer48http://www.pcmag.com/article2/0,4149,8418,00.asp0
1 8printpn20 12printpn2.dll1 00 41Identified as Trojan-Spy.Win32.Goldun.gs. 01
1 8printpnp0 12PRINTPNP.DLL1 00 71Added by the Trojan.Goldun.I password-stealing Trojan for online banks.76http://www.sarc.com/avcenter/venc/data/trojan.goldun.i.html#technicaldetails0
214CompaqPrinTray0 12printray.exe1 00168Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop 01
215LexmarkPrinTray0 12printray.exe1 00159Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray 01
2 8PrinTray0 12Printray.exe1 00179Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray 01
218Gadwin PrintScreen0 15PrintScreen.exe1 00 73Gadwin PrintScreen - utility to capture, print or save the current window34http://www.gadwin.com/printscreen/0
312PRISMSTA.EXE0 12PRISMSTA.EXE1 00151Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example 01
312PRISMSTA.EXE0 18PRISMSTA.EXE START2 00 81PRISM Wireless LAN 1.00.20.0083, Intersil Americas Inc.. PRISM Status Tray Applet 01
012prismsvr.exe0 12PRISMSVR.EXE1 00 45Siemens Gigaset USB Adapter software related. 01
341PrismXL - New Boundary Technologies, Inc.0 11PRISMXL.SYS1 00115The PrismXL service lets the Client deploy Tasks on a target computer regardless of the current user.s permissions. 01
112ControlPanel0  9priva.exe1 00 36Added by the Troj/Clicker-AZ Trojan.59http://www.sophos.com/virusinfo/analyses/trojclickeraz.html0
218Privacy Eraser Pro0 17PrivacyEraser.exe1 00123Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities29http://www.privacyeraser.com/0
315privacykeyboard0 19PrivacyKeyboard.exe1 00241PrivacyKeyboard  is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide."52http://www.privacykeyboard.com/privacy-keyboard.html0
112controlpanel0 11private.exe1 00 51Reported by Norman Virus Control as W32/Downloader. 01
3 7Privoxy0 11privoxy.exe1 00215Privoxy - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk23http://www.privoxy.org/0
111PrizeSurfer0 15prizesurfer.exe1 00157PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online! Stealth installed malware 01
1 7prjtect0 11prjtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
218Ray Process Killer0 10Prkill.exe1 00186Ray Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click &quot;Ok&quot; to terminate it. Use CTRL+ALT+DEL instead33http://www.delphi32.com/vcl/4248/0
1 7prktect0 11prktect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prltect0 11prltect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 8Premeter0  8prmt.exe1 00409NetRatings software by Opistat . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
1 4prmt0  8prmt.exe1 00408NetRatings software by Opistat. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!36http://www.opistat.com/mp/index.html0
1 7prmtect0 11prmtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
110YahooStock0  9Prmvr.exe1 00 13Adtomi adware53http://sarc.com/avcenter/venc/data/adware.adtomi.html0
317PrnSys Executable0 10PrnSys.exe1 00115Print screen utility bundled with some HP printer software - not required, but your choice if you like that feature 01
3 6ProArt0 10ProArt.exe1 00  2?? 01
1 8Sysctrls0 11procdll.exe1 00 32Added by the WEEDBOTZ.14 TROJAN!92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WEEDBOTZ.14&amp;VSect=T0
0 9SystemReg0 10PROCES.EXE1 00  2?? 01
111process.exe0 11process.exe1 00 59Added by Troj/Banker-JJ  Found in the %WINDOWS%\  directory 01
315ProcessGovernor0 19processgovernor.exe1 00255Process Supervisor "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"43http://www.collakesoftware.com/prosuper.htm0
320ProcessSupervisorGUI0 21ProcessSupervisor.exe1 00255Process Supervisor "is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions"43http://www.collakesoftware.com/prosuper.htm0
227001-HA-Procexp860fix-Snoopy0 11procexp.exe111HKEY_LM\Run0 66Process Explorer 8.60, Sysinternals. Sysinternals Process Explorer39http://www.absolutestartup.com/startup/1
423!1_ProcessGuard_Startup0 13procguard.exe1 00162DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks41http://www.diamondcs.com.au/processguard/0
423!1_ProcessGuard_Startup0 23procguard.exe -minimize2 00 58ProcessGuard v3.150, DiamondCS. GUI Aspect of ProcessGuard 01
1 7procmon0 11procmon.exe1 00 31Added by the BIONET.40A TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bionet.40a.html0
120windows generic proc0 11procmsg.exe1 00 31Added by the  W32.ALLIM.B WORM!59http://www.symantec.com/avcenter/venc/data/w32.allim.b.html0
2 8mmusrstp0 11procrun.exe1 00  2?? 01
216ProdikeysAutorun0 12Prodload.exe1 00437Creative Prodikeys software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic “QWERTY” keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop"44http://www.prodikeys.com/products/prodikeys/0
2 6ProDsl0 10ProDsl.exe1 00 75Intel Pro/DSL 2100 modem connection manager. Available via Start - Programs 01
121intellectual_property0 11PRODUCT.exe1 00 34Added by the Troj/Feutel-R Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelr.html0
1 8profiler0  8prof.exe1 00113Added by the Troj/Zapchas-G TROJAN, one of two files run by a registry key it creates.  The other is liteout.exe.58http://www.sophos.com/virusinfo/analyses/trojzapchasg.html0
1 7Profile0 11Profile.vbs1 00 42Added by the WHITEHO VIRUS or TRAPPY WORM!42http://vil.nai.com/vil/content/v_99145.htm0
310profileamp0  8Profile81 00229WinAmp media player add-on; "will replace %s with the current Winamp song and %m with current memory stats every song change. Change the color of your links, have a count down to a certain date. Works for all versions of Winamp." 01
2 8Profiler0 12Profiler.exe1 00123Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start - Programs 8Profiler0
315ProfileReminder0 19ProfileReminder.exe122StartUp menu\All users0116ProfileReminder 1.0 1, 0, 0, 1, LOGO Kommunikations- und Drucktechnik GmbH & Co. KG. ProfileReminder 1.0 Application39http://www.absolutestartup.com/startup/1
115[Various Names]0 11progmen.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
112Program File0 11Progmon.exe1 00 27Added by the PEEPER TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html0
227Evidence-Blaster 2005 - 2.10  8Progra m211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7Weather0  9PROGRA~ 1211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
216ActiveLaunchLite0  7Program111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
214QuickTime Task0 19Program -atboottime211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9programtv0 14Program TV.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 8ProjectX0 12ProjectX.exe1 00 31Added by the W32/Cisum-A  worm.55http://www.sophos.com/virusinfo/analyses/w32cisuma.html0
212projselector0 16projselector.exe1 00 48Roxio Project Selector - can be started manually 01
222Intel PROSet Tray Icon0 10promon.exe1 00 96System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features 01
210Promon.exe0 10promon.exe1 00 96System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features 01
210Promon.exe0 10Promon.exe111HKEY_LM\Run0 74Intel(R) PROMonitor 5.0.14.0, Intel Corporation. Intel(R) PROSet Tray Icon39http://www.absolutestartup.com/startup/1
310promptcast0 14PromptCast.exe1 00165Auto-download for viewing short films and movie trailers for  Surveys - Membership to site is required and it 'background'-downloads the needed clips for the survey.23http://www.surveys.com/0
212PRONoMgr.exe0 12PRONoMgr.exe1 00 96System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features 01
212PRONoMgr.exe0 12PRONoMgr.exe111HKEY_LM\Run0 92Intel(R) Network Configuration Services 6.1.304.0, Intel(R) Corporation. PRONotifyMgr Module39http://www.absolutestartup.com/startup/1
313PRONoMgrWired0 12PRONoMgr.exe1 00 37Intel’s Pro 100 Ethernet card manager 01
318Propel Accelerator0 12PropelAC.exe1 00 27Propel Internet Accelerator22http://www.propel.com/0
321BellSouth Accelerator0 12propelac.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
315ProPort Startup0 11ProPort.exe1 00164Proport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving31http://www.tdupage.com/main.htm0
113prositefinder0 17prositefinder.exe1 00 23Adware by  180Solutions65http://seattlepi.nwsource.com/business/230328_180solutions28.html0
1 7protect0 11protect.scr1 00 29Added by the  Troj/Dloader-TQ59http://www.sophos.com/virusinfo/analyses/trojdloadertq.html0
110Protection0 14Protection.exe1 00 30Added by the FEBELNECK-A WORM!59http://www.sophos.com/virusinfo/analyses/w32febelnecka.html0
3 9AtomClock0 13ProtoTime.exe111HKEY_LM\Run0 46Atomclock Applicaction 1, 0, 0, 1, . Atomclock39http://www.absolutestartup.com/startup/1
116ProtectedStorage0 12protstrg.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
2 3HPU0 17ProvenTactics.exe1 00 34Proven Internet Marketing software29http://www.proventactics.com/0
116Microsoft Update0 13prowind32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
211PROXOMITRON0 12PROXOM~1.EXE1 00  0 01
211PROXOMITRON0 15PROXOMITRON.EXE1 00 10HTML proxy 01
315GhostSurf proxy0  9Proxy.exe1 00  0 01
315GhostSurf proxy0  9Proxy.exe122StartUp menu\All users0 54GhostSurf 3.00, Tenebril Incorporated. GhostSurf proxy39http://www.absolutestartup.com/startup/1
144Microsoft Windows DLL Services Configuration0  9proxy.exe1 00127Added by the W32/Sdbot-ZL worm. When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzl.html0
112msconfig.exe0  9proxy.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
3 7pumcfgp0 12proxycfg.exe1 00109GuardWare  iShield blocks pornographic images when you surf the Internet on your computer using a web browser50http://www.guardwareinc.com/ishield/isaboutus.html0
3 8ProxyWay0 12proxyway.exe1 00  0 01
3 8proxyway0 12proxyway.exe1 00 41ProxyWay anonymous proxy surfing software38http://www.proxyway.com/www/downloads/0
110DevicePath0 13Proyecto1.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
1 9MediaPath0 13Proyecto1.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
112Rundll32.exe0 13Proyecto1.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
311PRPCMonitor0 10PRPCUI.exe1 00226Intel® SpeedStep™ interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40% 01
120data restore service0  8prq8.exe1 00 33Added by the  W32.Kelvir.AI WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ai.html0
1 7prqtect0 11prqtect.exe1 00212Prutect malware from  e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!22malware from  <a href=0
1 7prrtect0 11prrtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prstect0 11prstect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
214Printscreen 950 12PRT95MIN.EXE1 00 69Printscreen 95 - utility to capture, print or save the current window29http://www.printscreen95.com/0
1 6prtcct0 10prtcct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
338PRTG - Paessler Router Traffic Grapher0  9prtg3.exe125StartUp menu\Current user0 54PRTG 3, Paessler GmbH. Paessler Router Traffic Grapher39http://www.absolutestartup.com/startup/1
013Clotusorgreg00 23prtStart.exe Orgprt.exe2 00 82Lotus  SmartSuite related. In a LotusOrgReg folder.  Unclear what exactly it does?74http://www.lotus.com/products/smrtsuite.nsf/wPages/smartsuite?OpenDocument0
1 7prttect0 11prttect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutcct0 11prutcct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutdct0 11prutdct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutgct0 11prutgct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7pruthct0 11pruthct.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutict0 11prutict.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prttect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prutlct0 11prutlct.exe1 00212Prutect malware from  e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!22malware from  <a href=0
1 7prutpct0 11prutpct.exe1 00212Prutect malware from  e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!22malware from  <a href=0
1 7prutqct0 11prutqct.exe1 00212Prutect malware from  e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!22malware from  <a href=0
1 7prutsct0 11prutsct.exe1 00212Prutect malware from  e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!22malware from  <a href=0
1 7pruttct0 11pruttct.exe1 00212Prutect malware from  e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!22malware from  <a href=0
3 9PrvDef3.00 13PrvDef3.0.exe111HKEY_LM\Run0 60Privacy Defender 3.00.0001, http://www.pcsecurityshield.com.39http://www.absolutestartup.com/startup/1
115Windows Service0  9prvdi.exe1 00 76Malware, recognized by Kaspersky antivirus as Trojan-Dropper.Win32.Small.rd.36http://www.kaspersky.com/personalpro0
1 7prvtect0 11prvtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
1 7prvxjbw0 11prvxjbw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7prxtect0 11prxtect.exe1 00229Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. Note - has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.e2give.html0
314PhonostarAgent0 12ps_agent.exe111HKEY_CU\Run0 35phonostar-Player 1.50.9, phonostar.39http://www.absolutestartup.com/startup/1
1 3ps10  7ps1.exe1 00 43PacerD_Media/Pacimedia.com adware component55http://www.benedelman.org/spyware/installations/pacerd/0
3 3PS20  7ps2.exe1 00129Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost. 01
1 9psaload320 13psaload32.exe1 00 26Added by the  W32/Rbot-ADL56http://www.sophos.com/virusinfo/analyses/w32rbotadl.html0
114PrivacyScanner0  9pscan.exe1 00200Privacy Champion, a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to porn websites, and then offers to "clean" them. Produces loads of False Positives as goad to purchase 01
321PopUpStopperCompanion0 10PSComp.exe1 00 36PopupStopper Companion popup blocker47http://www.panicware.com/product_companion.html0
227PSIWin2.3 Connection Server0 11Psconsv.exe1 00114Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -&gt; Programs 01
219Print Screen Deluxe0 12psdeluxe.exe1 00114Utility allows &quot;Print Scrn&quot; or &quot;Print Screen&quot; key to capture, print or save the current window 01
419PinnacleDriverCheck0 14PSDrvCheck.exe1 00 101.0.0.0, . 01
419PinnacleDriverCheck0 14PSDrvCheck.exe1 00177Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled27http://www.pinnaclesys.com/0
410PSDrvCheck0 14PSDrvCheck.exe1 00177Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled27http://www.pinnaclesys.com/0
419PinnacleDriverCheck0 24PSDrvCheck.exe -CheckReg2 00  0 01
312PractiSearch0 11PSearch.exe1 00 32PractiSearch web search software28http://www.practisearch.com/0
115provan security0 11psecure.exe1 00 28Added by the  RBOT.BRV WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRV&VSect=P0
0 8Peeramid0 12PService.exe1 00 42In a "Koptimizer" folder in Program Files. 01
111Xecuter.bat0 10psexec.bat1 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
323PopUpStopperFreeEdition0 10PSFREE.EXE1 00 59Panicware's  Pop-Up Stopper - free limited features version42http://www.panicware.com/popupstopper.html0
323PopUpStopperFreeEdition0 10PSFree.exe1 00 84Pop-Up Stopper Free Edition 1, 0, 0, 1, Panicware, Inc.. Pop-Up Stopper Free Edition 01
3 6PSFree0 10PSFree.exe1 00315Pop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group44http://www.panicware.com/product_psfree.html0
1 9P.S.Guard0 11PSGuard.exe1 00 18Smitfraud variant. 01
1 7psguard0 11PSGuard.exe1 00 26Another smitfraud variant. 01
123psguard spyware remover0 11PSGuard.exe1 00 76Bogus spyware remover - also known as the SmitFraud alias  FAKEALE-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakealec.html0
1 7pshower0  9pshwr.exe1 00 26SafeSurfing adware variant80http://securityresponse.symantec.com/avcenter/venc/data/spyware.safesurfing.html0
4 7PSIMSVC0 11PSIMSVC.exe1 00 24Panda Titanium Antivirus51http://www.pandasoftware.com/products/titanium2004/0
3 8PsMFCard0 12PsMFCard.exe1 00359Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use 01
323Post-it® Software Notes0 16psn.exe  -RegRun222StartUp menu\All users0 78Post-it(R) Software Notes 3, 0, 2, 2069, 3M. Post-it(R) Software Notes: System39http://www.absolutestartup.com/startup/1
3 7PsnLite0 11PsnLite.exe1 00234Post-it® Software Notes - Lite. "You can use this digital version of the famous canary yellow® note to remind you to do something, to capture an idea or to organize all those important phone numbers -- all from your computer desktop."56http://www.3m.com/market/office/postit/com_prod/psnotes/0
219Post-It(r) Software0 11Psnotes.exe1 00 63Pop-up "yellow" notes on screen. Available via Start - Programs 01
4 8PSNotify0 12psnotify.exe1 00161Pharos SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"41http://www.pharos.com/Products/SignUp.asp0
1 5psof10  9PSof1.exe1 00 43PacerD_Media/Pacimedia.com adware installer55http://www.benedelman.org/spyware/installations/pacerd/0
1 6PSoft10 10psoft1.exe1 00 43PacerD_Media/Pacimedia.com adware installer55http://www.benedelman.org/spyware/installations/pacerd/0
4 8PsPCCard0 12PsPCCard.EXE1 00242Background Power Saving task found on Toshiba laptops and which handles turning Power Saving ON and OFF on any inserted PC Card (PCMCIA card). Only ever disable if you do not use any power saving or hibernation settings (ie: they are all OFF) 01
3 8PspContr0 12pspcontr.exe1 00201Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver 01
3 7PsSound0 11PsSound.exe1 00118On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay 01
012AutoShutdown0  9pssvc.exe1 00 81Utility to fix vCard Export in MS Outlook 2000 - although why are these together? 01
122Microsoft PSTCP32 Data0 11pstcp32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
0 7PSTORES0 11PSTORES.EXE1 00 43Part of Windows Services Protected Storage? 01
411TrayFactory0 24PSTrayFactory.exe /start215HKEY_LM\RunOnce0 33PS Tray Factory 2.0, PS Soft Lab.39http://www.absolutestartup.com/startup/1
210PowerStrip0 10pstrip.exe1 00 39, EnTech Taiwan. PowerStrip for Windows 01
210PowerStrip0 10PSTRIP.EXE1 00 95PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings34http://www.entechtaiwan.com/ps.htm0
317Pocket Sheet Sync0 12PSXLTRAY.EXE1 00 44Casio  Pocket Sheet synchronization software47http://www.pcsync.de/download/e_pocketsheet.asp0
310Powertweak0  7PT2.EXE1 00318Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured. This item is added to startup if 'Use predefined settings' is enabled in the programs options26http://www.powertweak.com/0
116Parallel Tasking0  9ptask.exe1 00101Added by unidentified adware - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Small.adg36http://www.kaspersky.com/personalpro0
310Powertweak0 10PTCTRL.EXE1 00320Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured. This item is added to startup if 'Configure system at logon' is enabled in the programs options26http://www.powertweak.com/0
1 5ptech0  9ptech.exe1 00 42Related to  "Prutect" malware from  e2Give 7Prutect0
2 4ptfb0  8ptfb.exe1 00164Push the Freakin' Button - &quot;When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future&quot;41http://www.bobos.demon.co.uk/par/PTFB.htm0
229Push The Freakin&#039; Button0  8ptfb.exe1 00154Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"41http://www.bobos.demon.co.uk/par/PTFB.htm0
0 8ptiupbmd0 10ptipbm.dll1 00111Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. 01
1 4run=0 10ptlseq.cpl1 00 32PhoenixNet BIOS adware. See here31http://www.cexx.org/phoenix.htm0
116Personal Firwall0 12ptmedsrv.exe1 00 27Added by the SDBOT.XY WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XY0
431karen\&#039;s once-a-day ii.lnk0  9PTOAD.exe1 00 21Karen's_Once_a_Day_II25http://www.karenware.com/0
426karen\'s once-a-day ii.lnk0  9PTOAD.exe1 00 21Karen's_Once_a_Day_II25http://www.karenware.com/0
116KernelFaultCheck0 11ptool32.exe1 00 35Added by the Troj/LegMir-BN Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirbn.html0
1 8PornoTop0  8PTOP.EXE1 00 42Added by the Troj/Delf-RX backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfrx.html0
3 7PTRUN320 10ptr32w.exe1 00117Added by the Spyware.ParentTools surveillance software.  Uninstall this software if it was not installed by yourself.63http://www.sarc.com/avcenter/venc/data/spyware.parenttools.html0
3 7ptrun320 11ptrun32.exe1 00 20Parent Tools for AIM28http://www.parent-tools.com/0
231Kodak Picture Transfer Software0  7pts.exe1 00 89Looks for Kodak camera connection and media insertion. Available via Start -&gt; Programs 01
231KODAK Picture Transfer Software0  7pts.exe1 00 95Picture Transfer Software 2.1.0007, Eastman Kodak Company. Picture Transfer Software Executable 01
2 7Ptsnoop0 11Ptsnoop.exe1 00983These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info(3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'PTSNOOP and the System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's  Snooper - "logs the start and stop time of all programs run under Windows"45http://www.f-secure.com/v-descs/ptsnoop.shtml0
4 6ptssvc0 10PTSsvc.exe1 00129Kodak's picture transfer service is involved in the task of the transferring pictures from camera when it is connected to the PC. 01
320PowerTools Tray Icon0 10pttray.exe1 00 27PowerTools - add-on for AOL43http://www.bpssoft.com/PowerTools/index.htm0
3 6pttrun0 10pttrun.exe1 00109Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive" 01
2 8PtUDFApp0 12PtUDFApp.exe1 00240Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start - Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar 01
3 6Prayer0  7PTW.EXE1 00 46Islamic Adhan program (call fpr daily prayers)25http://www.muhaddith.org/0
311puac v2.0.70  8Puac.exe1 00 28Peter's_Ultimate_Alarm_Clock30http://www.puac.net/index.html0
011PFW_PullSrv0  8PULL.EXE1 00 26Personal Firewall related? 01
211Push Client0  8pull.exe1 00 61Client software from Interwise that MS use for their webcasts43http://www.interwise.com/products/iCast.asp0
311PFW_PullSrv0  8PULL.EXE1 00 26Personal Firewall related? 01
210Pwruplogin0 11pulogin.exe1 00  2?? 01
115microoft timing0 11pupdate.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 4tmax0 11pupdate.exe1 00 23Adware pop-up generator 01
3 5mspwr0 12pupstman.exe1 00105Transparent icon background feature of Ashampoo's PowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me) 30feature of Ashampoo's <a href=0
3 5mspwr0 12pupxpman.exe1 00 33Related to Ashampoo's  PowerUp_XP71http://www.ashampoo.com/frontend/products/php/product.php?idstring=01050
3 5mspwr0 12pupxpman.exe111HKEY_LM\Run0 67PwrUpManager 1.04.0347, ashampoo GmbH & Co. KG. Ashampoo PowerUp XP39http://www.absolutestartup.com/startup/1
312PwrupTweakMe0 12PUPXPTWK.EXE1 00328Ashampoo PowerUp XP is a convenient tool for fine-tuning your Windows® NT4, 2000 and XP configuration to suit your precise needs and wishes. It gives you direct access to many frequently-required settings and parameters, enabling you to make your operating system behave the way you want. Boot-up options won't work if disabled 71http://www.ashampoo.com/frontend/products/php/product.php?idstring=01050
312PwrUpTweakMe0 19PUPXPTWK.EXE /TWEAK2 00 63Projekt1 1.40.0084, ashampoo GmbH & Co. KG. Ashampoo PowerUp XP 01
1 9Purgatory0  9Purga.exe1 00 80Added by the W32/Purgory-B worm that spreads via the Kazaa file sharing network.57http://www.sophos.com/virusinfo/analyses/w32purgoryb.html0
3 9Purgative0 16PURGATIVE100.EXE1 00 89AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack 01
319sureshotpopupkiller0  9pusak.exe1 00 29Stop-the-Pop-Up popup blocker41http://www.bysoft.se/sureshot/stopthepop/0
2 8PUSH65990 12PUSH6599.EXE1 00119Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software 01
1 6PutAS!0 10PutA!!.com1 00 28Added by the OPASERV.Z WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Z0
1 6PutA!!0 10PutA!!.exe1 00 28Added by the OPASERV.L WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.L0
3 5mspwr0 11PuXpMan.exe111HKEY_LM\Run0 67PwrUpManager 1.04.0394, ashampoo GmbH & Co. KG. Ashampoo PowerUp XP39http://www.absolutestartup.com/startup/1
3 5mspwr0 12PuXpMan2.exe1 00 41Related to Ashampoo Magic Defrag Utility.24http://www.ashampoo.com/0
2 8PV92TRAY0 12PV92Tray.exe111HKEY_LM\Run0 67PTV92Tray Application 1, 0, 0, 1, PCtel Inc.. PTV92Tray Application39http://www.absolutestartup.com/startup/1
3 8pv92tray0 12PV92Tray.exe1 00 42PCtel HSP V.92 modem Configuration Utility38http://www.modemsite.com/56k/pctel.asp0
2 3PVR0  7PVR.exe1 00132Pocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound card26http://www.xemico.com/pvr/0
3 9pvuninst10 13PVUnInst1.exe1 00147Privacy_View is privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyes.27http://www.privacyview.com/0
214DocuMagix Init0 10PWATCH.EXE1 00166PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed25http://www.documagix.com/0
211pwindicator0  8pwic.exe1 00 68ParaWin  XP - International Language Software for Windows XP/NT/200038http://www.datacal.com/s-parawinxp.htm0
1 5pwned0  9pwned.exe1 00133Added by the W32/Randex-Z worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexz.html0
1 8pm32ctrl0 13pwr32crtl.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 8Pwr32ctr0 12Pwr32ctr.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Pwr32ctrl0 13Pwr32ctrl.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Pwr32mgt0 12Pwr32mgt.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
110PowerChute0 12Pwrchute.exe1 00 42Added by the Troj/Lazar-A backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojlazara.html0
3 6BMMGAG0 28pwrmonit.dll,StartPwrMonitor111HKEY_LM\Run0 20IBM Thinkpad related39http://www.absolutestartup.com/startup/1
1 6Pwroff0 10Pwroff.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
3 7Pwrsave0 11Pwrsave.exe1 00102Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power 01
3 9lidpolicy0 12pwrschem.exe1 00127A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery. 01
3 5mspwr0 11pwrupst.exe1 00105Ashampoo  PowerUp_XP is a tool for fine-tuning your Windows® NT4, 2000, 2003 Server and XP configuration.89http://www.ashampoo.com/frontend/products/php/product.php?session_langid=20&idstring=02050
3 8PWS Tray0 11PwsTray.exe1 00219Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start - Programs 01
115win server updt0 11pxckdla.exe1 00 25IEPlugin adware component76http://securityresponse.symantec.com/avcenter/venc/data/adware.ieplugin.html0
115Win Server Updt0 11pxckdla.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 8prevxone0 13PXConsole.exe1 00 35Prevx intrusion prevention software21http://www.prevx.com/0
1 6pxcyul0 10pxcyul.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
317Windows Compliant0 10pxkngb.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
1 7pyaefoo0 11pyaefoo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Anskya0 13PYSKY.NET.exe1 00 12Added by the146Troj/Dloader-0
1 6System0  9q_sys.dll1 00119Added by the Troj/LdPinch-DY information stealing Trojan.br /br /Uses CLSID: b(E0903405-B354-4E62-8DB8-75584BF1FEA2)/b.59http://www.sophos.com/virusinfo/analyses/trojldpinchdy.html0
1 5\vwin0 12Q4Keygen.exe1 00111Added by the W32/Mircnuf-A IRC worm.  W32/Mircnuf-A pretends to be a serial key generator for the game Quake 4.57http://www.sophos.com/virusinfo/analyses/w32mircnufa.html0
2 6QAGENT0 10qagent.exe1 00320Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet 01
2 6QAGENT0 10QAGENT.EXE111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5qaicu0  9qaicu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114qappsrvc32.exe0 14qappsrvc32.exe1 00 98Added by a Proxy Trojan variant - identified by Kaspersky antivirus as Trojan-Proxy.Win32.Webber.m46http://www.f-secure.com/v-descs/trojprox.shtml0
1 7Porcnsm0 10qavbap.exe1 00 36Added by the Troj/Ranck-CB hijacker.57http://www.sophos.com/virusinfo/analyses/trojranckcb.html0
225QuickBooks Delivery Agent0 12QBDAGENT.EXE1 00 78As far QAGENT but for QuickBooks. Can also have the version number in the name 01
330QuickBooks 2002 Delivery Agent0 16qbdagent2002.exe122StartUp menu\All users0 41QuickBooks 10, 1, 0, 0, . QBDAgent Module39http://www.absolutestartup.com/startup/1
1 6qbkslq0 10qbkslq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8qbpcccdf0 12qbpcccdf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7qBrowse0 11qbrowse.exe1 00  2?? 01
223Quickbooks Update Agent0 12qbupdate.exe1 00189Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not 01
223QuickBooks Update Agent0 12qbupdate.exe1 00 61QuickBooks 15.0 R7, Intuit, Inc.. QuickBooks Automatic Update 01
1 5Cache0 10qcache.exe1 00 52Added by the Ssearch.biz and a-search.biz hijackers. 01
1 3Guv0  7Qcd.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
315qchex tray icon0  9Qchex.exe1 00 35Related to  G7_Productivity_Systems20http://www.g7ps.com/0
1 5qcidi0  9qcidi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7qcilgus0 11qcilgus.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5qclvd0  9qclvd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6QCTRAY0 10Qctray.exe1 00213System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN 01
3 6QCTRAY0 10QCTRAY.EXE111HKEY_LM\Run0 89IBM ThinkPad Utility 3, 3, 0, 0, IBM Corp.. IBM Access Connections - Taskbar Application.39http://www.absolutestartup.com/startup/1
3 8QCWLICON0 12Qcwlicon.exe1 00173Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off 01
3 8QCWLIcon0 12QCWLIcon.exe111HKEY_LM\Run0 90IBM ThinkPad Utility 3, 0, 0, 0, IBM Corp.. IBM Access Connections - Wireless Status Icon.39http://www.absolutestartup.com/startup/1
1 8qdcbbmap0 12qdcbbmap.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214QD FastAndSafe0 10QDCSFS.exe1 00182Automatically runs Fast &amp; Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually 01
214QD FastAndSafe0 30QDCSFS.exe /startup /scheduler2 00103Norton CleanSweep Fast & Safe Cleanup 5.00, Symantec Corporation. Norton CleanSweep Fast & Safe Cleanup 01
1 7qdfxibd0 11qdfxibd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311QDictionary0 15QDictionary.exe125StartUp menu\Current user0 62QDictionary 1.1, Anplex Software. Quick Dictionary for Windows39http://www.absolutestartup.com/startup/1
1 8qdmgtogf0 12qdmgtogf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 3QDM0 12QdmStart.exe1 00227QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc 01
3 8QDMStart0 12QdmStart.exe1 00227QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc 01
1 5qesss0  9qesss.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6Qexplo0 10Qexplo.exe1 00  2?? 01
1 5qfatv0  9qfatv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221QuickFinder Scheduler0 13QFSCHD100.exe1 00152Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) 01
221QuickFinder Scheduler0 13QFSCHD100.EXE111HKEY_LM\Run0109QuickFinder Component 10 10.0.0.663, Novell, Inc., c/o Corel Corporation Limited. QuickFinder Index Scheduler39http://www.absolutestartup.com/startup/1
221QuickFinder Scheduler0 11QFSched.exe1 00156Used in Corel 2002 &amp; Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products) 01
1 6qgaamb0 10qgaamb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 2Qh0  6Qh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Jge0  7Qhj.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
320quick heal messenger0  9QHM32.EXE1 00 90Quick_Heal Anti-Virus Messenger - Keeps you informed about the latest threats, hoaxes etc.55http://www.quickheal.co.in/public/products/homeuser.asp0
423Quick Heal Startup Scan0 12QHSTRT32.EXE1 00 26Quick Heal - virus scanner33http://www.quickheal.com/qh95.htm0
223Quick Heal Startup Scan0 21QHSTRT32.exe /loadrun211HKEY_LM\Run0 81Quick Heal  1, 0, 0, 0, Cat Computer Services Pvt Ltd. Quick Heal Startup Scanner39http://www.absolutestartup.com/startup/1
1 5bbbbb0 11qI00tbz.exe1 00106Added by the Backdoor.AIMVision backdoor. This backdoor listens on port 1111 awaiting a remote connection.62http://www.sarc.com/avcenter/venc/data/backdoor.aimvision.html0
1 8upfnrkub0 12qiodiurb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8qjitksqv0 12qjitksqv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6secure0 10Qjqfnp.exe111HKEY_LM\Run0 59Redirect Application 1, 0, 0, 1, . Redirect MFC Application39http://www.absolutestartup.com/startup/1
1 8qkcnjgtn0 12qkcnjgtn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8qkdofghu0 12qkdofghu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5qkrgi0  9qkrgi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210QuikShield0 12qkshield.exe1 00 65QuikShield popup blocker - reportedly stealth installed, see here79http://groups.google.com/groups?num=50&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=quikshield0
213Quicklink III0  6QL.EXE1 00219HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start - Programs 01
1 7qlafoaa0 11qlafoaa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Ccv0  7Qlc.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 4qlgl0  8qlgl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7qlvvkxw0 11qlvvkxw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6QMusic0 11QMAgent.exe1 00207Resident process that launches the program BenQ Qmusic when a BenQ mobile phone, or a Joybee MP3 Player, is plugged in the computer. The program is installed by default in BenQ Joybook computers and laptops. 01
1 5qmjnn0  9qmjnn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313disc detector0 20qnetquestnotifty.exe1 00  2?? 01
1 7qniuvtb0 11qniuvtb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6qnkvdr0 10qnkvdr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8qnnuuflp0 12qnnuuflp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6QNPlus0 10QNPlus.exe1 00 52Quick Notes Plus by Conceptworld - sticky notes tool35http://www.conceptworld.com/qnp.asp0
3 9QOELOADER0 13QOELoader.exe1 00 66QOELoader Application 3.0.311.7, Qurb, Inc.. QOELoader Application 01
3 9Qoeloader0 13Qoeloader.exe1 00141Qurb 2.0 anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start - Programs20http://www.qurb.com/0
1 7qolywgq0 11qolywgq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7qpjimsq0 11qpjimsq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7qpyjsym0 11qpyjsym.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6ĚÚѶQQ0  6QQ.exe125StartUp menu\Current user0 34TENCENT QQ 1, 0, 0, 1, TENCENT. QQ39http://www.absolutestartup.com/startup/1
135Black Hole2005 Professional Version0  6QQ.exe1 00 38Added by the Troj/BlackHol-C backdoor.59http://www.sophos.com/virusinfo/analyses/trojblackholc.html0
1 2qq0  6qq.exe1 00 36Added by the Troj/Hupigon-CI Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigonci.html0
1 8QQServer0  6QQ.exe1 00 36Added by the Troj/DownLdr-AN trojan.59http://www.sophos.com/virusinfo/analyses/trojdownldran.html0
110SysDesktop0  9QQDAO.exe1 00 35Added by the Troj/QQPass-AN Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassan.html0
111SysDeskqqfx0  8qqfx.exe1 00 58Added by the Trojan.PWS.QQPass.H password-stealing Trojan.80http://www.sarc.com/avcenter/venc/data/trojan.pws.qqpass.h.html#technicaldetails0
1 8system320 10QQGame.exe1 00 35Added by the Troj/QQPass-AC Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassac.html0
1 6qqmall0 10qqmall.exe1 00 47Added by the Troj/DownLdr-QR Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdownldrqr.html0
1 5QQSBT0  9QQSBE.exe1 00 36Added by the  Troj/LegMir-AB TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlegmirab.html0
1 4qrrn0  8qrrn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4qrwh0  8qrwh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
014Smarthruengine0  6QS.exe1 00 37Unknown but disabled without problems 01
114Micosoft Logon0 10QSCSDQ.EXE1 00121Added by the W32/Sdbot-IC worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotic.html0
119Quantifier Security0 10qsecue.exe1 00132Added by the W32/Rbot-ALG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalg.html0
216QuickenSEMessage0 10Qsemsg.exe1 00 14Quicken option 01
1 9qservices0 12qservice.exe1 00 35Added by the Troj/Progent-A trojan.58http://www.sophos.com/virusinfo/analyses/trojprogenta.html0
113SystemService0 12qservice.exe1 00 34Premium rate adult content dialler 01
215QuickShelf 20000 12qshelf2k.exe122StartUp menu\All users0 83QuickShelf Application 2000, 0, 0, 0, Microsoft Corporation. QSHELF MFC Application39http://www.absolutestartup.com/startup/1
229Encarta Dictionary Quickshelf0 11QSHLFED.EXE1 00 55Provides quick access to Encarta's Dictionary features? 01
2 9QSort20000  9QSORT.EXE1 00172Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose &quot;Sort by Name&quot; 01
1 6zcproo0 12qssstiej.exe1 00103Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise. see this thread93http://www.lavasoft.nu/cgi-bin/forums/ikonboard.cgi?s=3d69d34f399dffff;act=ST;f=14;t=304;st=00
138{0C445B80-F780-11D7-88D5-0050BA40F862}0 10QTAPPS.DLL1 00 97Added by the  TROJ_QQTAIL.A Trojan.br /br /Uses CLSID: b{0C445B80-F780-11D7-88D5-0050BA40F862}/b.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FQQTAIL%2EA&VSect=T0
312QTaskStartup0  9qtask.exe1 00194Feature of Quicken.com Brokerage to customize and display Desktop Alerts and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature75http://www.quicken.com/support/investments/email/help/?desktop.q.howdoi&pop0
114Windows Update0  9qtask.exe1 00132Added by the W32/Rbot-AKU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaku.html0
117quicktime runtime0 10Qtimer.exe1 00 23W32.SpyBot worm variant76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
310qtopiatray0 14qtopiatray.exe1 00 66Used for upload/download/syncing programs to the Sharp Zaurus PDA. 01
3 7QUBCity0  7qtp.exe1 00  2?? 01
119[various filenames]0  9qtsks.exe1 00 28Added by the WEBDOR.Y TROJAN 01
210QTSTUB.EXE0 10Qtstub.exe1 00119Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders 01
2 6qttask0 10Qttask.exe1 00 72System Tray access to Apple's "Quick Time" viewer from version 5 onwards 01
214QuickTime Task0 10Qttask.exe1 00 72System Tray access to Apple's "Quick Time" viewer from version 5 onwards 01
214QuickTime Task0 10qttask.exe111HKEY_LM\Run0 48QuickTime QuickTime 6.5.1, Apple Computer, Inc..39http://www.absolutestartup.com/startup/1
214QuickTime Task0 22qttask.exe -atboottime211HKEY_LM\Run0 48QuickTime QuickTime 6.5.1, Apple Computer, Inc..39http://www.absolutestartup.com/startup/1
114QuickTime Task0 11qttasks.exe1 00 31CoolWebSearch parasite variant.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7qturowk0 11qturowk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8LManager0 12QtZgAcer.EXE1 00165Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio 01
3 8LManager0 12QtZgAcer.EXE111HKEY_LM\Run0104Dritek System Inc. Launch Manager 01.10.2002 ( VC60 ) 1, 10, 0, 2002, Dritek System Inc.. Launch Manager39http://www.absolutestartup.com/startup/1
1 4quaj0  8quaj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118auto repair system0 12qualityx.exe1 00 67Added by an unidentified WORM or TROJAN - probably a SPYBOT variant76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114service updaer0 12qualityz.exe1 00 75Added by an unidentified VIRUS, WORM or TROJAN! - probably a SPYBOT variant76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
2 8Queensla0 12Queensla.exe1 00  2?? 01
4 5Start0 11Quick95.exe1 00 91For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone31http://www.nisis.com/index.html0
1 5QBRSR0 16QuickBrowser.exe1 00 22top-banners.com adware 01
311QuickCamPro0 15QuickCamPro.exe1 00124System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc 01
313Exif Launcher0 12QuickDCF.exe1 00116USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly 01
313Exif Launcher0 12QuickDCF.exe122StartUp menu\All users0 66FinePixViewer 3, 0, 0, 0, FUJI PHOTO FILM CO., LTD.. Exif Launcher39http://www.absolutestartup.com/startup/1
1 7quicken0 11quicken.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
413QuickLaunchEr0 17QuickLaunchEr.Exe1 00 85QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray42http://www.rikster.co.uk/QuickLauncher.htm0
219PhotoWise QuickLink0 12quicklnk.exe1 00267Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more." 01
2 9Quicknote0 13quicknote.exe1 00 33JC&MB Quicknote Virtual Scrapbook51http://www.metz-furniere.de/jens/jcmb/quicknen.html0
2 8QuickRes0 12QUICKRES.EXE1 00210Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel - Display. Not required unless you have to change resolutions on a regular basis 01
216OpenOffice.org x0 12QUICKS~1.EXE1 00368Displays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -&gt; Programs. Will automatically be started when any OpenOffice component is started from Start -&gt; Programs. A resource hog (takes &gt; 16 MB of memory). &quot;x&quot; represents the version number26http://www.openoffice.org/0
213Dell QuickSet0 12quickset.exe1 00  0 01
2 8quickset0 12quickset.exe1 00 57Dell taskbar icon allowing you to quickly change settings 01
313Dell QuickSet0 12quickset.exe111HKEY_LM\Run0 59QuickSet Application 1, 0, 0, 1, . QuickSet MFC Application39http://www.absolutestartup.com/startup/1
320OpenOffice.org *.*.*0 14quickstart.exe1 00 78OpenOffice.org office suite quick start  (where "*.*.*" is the version number)26http://www.openoffice.org/0
316Iomega QuickSync0 13Quicksync.exe1 00  2?? 01
113QuicktimeMngr0 17QUICKTIMEMNGR.EXE1 00 29Added by the WOOTBOT.AW WORM!92http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.AW0
123quick time file manager0 17quicktimeprom.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
229QuickTime Update Completion x0 25quicktimeupdatehelper.exe1 00111Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory) 01
321LoadFujitsuQuickTouch0 14QuickTouch.exe1 00 81Maps the keys on the Fujitsu application panel to various programs and functions. 01
3 7QuickTV0 11QuickTV.exe1 00141Infra-red remote control driver for the  AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote control56http://www.aver.com/products/tvtuner_AVerTV_studio.shtml0
115QuickTimeUpdate0 15QuickUpdate.exe1 00 45Added by the Troj/Bifrose-CW backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifrosecw.html0
2 8QuikSync0 12QUIKSYNC.EXE1 00 53Used by Iomega drives. Available via Start - Programs 01
120SysTempRegKey Update0 12Quinst32.exe1 00143Added by the W32/Rbot-JD trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotjd.html0
211QuitCounter0 15QuitCounter.exe1 00226QuitCounter  is program to help you stop smoking.  It is not necessary to run and you can start it when you like to see information about your progess.  It is typically located in C:\Program Files\Quit Counter\QuitCounter.exe.30http://www.xarka.com/freeware/0
319AntiVirusProtection0  8qumk.exe1 00  2?? 01
214Quick Shelf xx0 13qushelfxx.exe1 00139Places an icon in the system tray for launching MS Bookshelf. Available via Start - Programs"xx" represents the version number - ie, 98, 99 01
1 8quwuxygf0 12quwuxygf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4NiCQ0 11qvdsafs.exe1 00135Added by the Troj/Ranck-AA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaa.html0
1 3Ttt0  7Qvm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215Quick View Plus0  9qvp32.exe1 00128Quick View Plus for Windows 2000, Windows 98, Windows 95, and Windows NT 4.0 6.0.1, Inso Corporation. Quick View Plus Executable 01
215Quick View Plus0  9QVP32.EXE1 00 96Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start - Programs 01
1 8qvsncqty0 12qvsncqty.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215Quicken Startup0 10QWDLLS.EXE1 00 38Quicken option to load DLLs at startup 01
115[Various Names]0  7qwe.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 3qwe0  7qwe.exe1 00 36Added by the  Troj/Lineage-F TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlineagef.html0
0 6QWERTY0 10qwerty.exe1 00 37Possibly adult content related adware 01
118browserupdatesched0 12qwinnsap.exe1 00 49Added by a variant of  Adware.ZenoSearch ADAWARE!57http://sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 8qwsyjneg0 12qwsyjneg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7qwwxbrq0 11qwwxbrq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Micosoft Loggen0  8QXAW.EXE1 00121Added by the W32/Sdbot-ID worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotid.html0
1 5super0  7QXW.exe1 00 35Added by the Troj/Lineage-G TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlineageg.html0
1 6qylpcm0 10qylpcm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5qysed0  9qysed.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112AutoInsQyule0 16QyuleInstall.exe1 00 36Added by the Troj/Dloader-ZM Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderzm.html0
1 8qYZa.exe0  8qYZa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115windows service0  5r.exe1 00 47Added by a variant of the  TROJ_SMALL.VZ TROJAN77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.VZ0
113[random name]0 11r?gedit.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12r?gsvr32.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 10r?ndll.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12r?ndll32.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
4 8r_server0 12r_server.exe1 00 34Radmin - remote admistrator server44http://www.antivirus.com.au/radmin/info.html0
1 6update0  8r00t.exe1 00127Added by the W32/Rbot-ACO worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaco.html0
120msftp service config0 10r3grun.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
314Fellowes Proxy0 11R3proxy.exe1 00173Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice 01
1 3f~a0  8ra32.exe1 00 23Password stealer trojan 01
115RabbitWannaHome0 10rabbit.exe1 00 27Added by the MIMAIL.S WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.s@mm.html0
420Rabo Session Monitor0 18RaboSessionMon.exe1 00 47Related to RaboBank electronic banking software24http://www.rabobank.com/0
1 8Rapdatae0 13rabseuser.exe1 00 36Added by the Troj/QQPass-S/a Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqpasss.html0
2 9RadarSync0 13RadarSync.exe1 00139Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically 01
3 7RadBoot0 11RadBoot.exe1 00110RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings 01
4 8RadClock0 12RadClock.exe1 00 81Manages Radeon clock rate at system boot. Found in %windir%\system32\RadClock.exe 01
118Windows DLL Loader0 12radeonfx.exe1 00134Added by the W32/Poebot-E trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32poebote.html0
313Radio365Agent0 21Radio365TrayAgent.exe111HKEY_CU\Run0 76TODO: <Product name> 1.0.0.1, TODO: <Company name>. TODO: <File description>39http://www.absolutestartup.com/startup/1
3 8RadioSvr0 12RadioSvr.EXE1 00118Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network 01
318OrigRage128Tweaker0 16RAGE128TWEAK.EXE1 00 84Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com30http://www.rageunderground.com0
220RemotelyAnywhere GUI0  9RAGui.exe111HKEY_LM\Run0 79RemotelyAnywhere 6.20.467, 3am Labs, Inc.. RemotelyAnywhere Desktop Application39http://www.absolutestartup.com/startup/1
311logmein gui0  9ragui.exe1 00277RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone.32http://www.remotelyanywhere.com/0
312RAID Manager0 11RaidMgr.exe122StartUp menu\All users0 92RaidMgr Application 1, 7, 1, 9, Integrated Technology Express, Inc.. RaidMgr MFC Application39http://www.absolutestartup.com/startup/1
310Rainlendar0 14Rainlendar.exe1 00 41Rainlendar 0, 21, 1, 0, Rainy. Rainlendar 01
310rainlendar0 14Rainlendar.exe1 00 70Rainlendar is a customizable calendar that displays the current month.65http://www.ipi.fi/~rainy/index.php?pn=projects&project=rainlendar0
1 8rajhhiwr0 12rajhhiwr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Bron-Spizaetus0 19RakyatKelaparan.exe1 00 32Added by the W32/Brontok-I worm.57http://www.sophos.com/virusinfo/analyses/w32brontoki.html0
111Msn Service0 11raloded.exe1 00132Added by the W32/Mytob-DY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobdy.html0
321ram idle professional0 10RAM_XP.exe1 00170RAM_Idle - a memory management program which manages the free RAM that is available to Windows, thus preventing your computer from running progressively slower over time.38http://www.tweaknow.com/ramidleLE.html0
321RAM Idle Professional0 10RAM_XP.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7RAMASST0 11RAMASST.exe1 00290Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs 01
3 6RAMDef0 10ramdef.exe1 00195Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://vstef.softnews.ro/ramdef.php0
3 7RamIdle0 11ramidle.exe1 00426RAM Idle - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by  freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://www.tweaknow.com/ramidl.html0
3 9RAM Medic0 12RAMMedic.exe111HKEY_CU\Run0 39RAM Medic 1.0.0.124, Iomatic. RAM Medic39http://www.absolutestartup.com/startup/1
3 7RAMpage0 11RAMpage.exe1 00317Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source 01
3 4run=0 10ramsys.exe1 00 38Advanced Startup Manager from Rays Lab59http://www.rayslab.com/startup_manager/startup_manager.html0
111RandomWin320 10rand32.exe1 00135Added by the Troj/SdBot-HG worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbothg.html0
1 5Ohipa0 16Random file name2 00 38Troj/Ranck-CL is an HTTP proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckcl.html0
122windows update checker0 17random file names2 00 24adware downloader trojan 01
1 7JVM0.120 15Random Filename2 00129http://www.sophos.com/virusinfo/analyses/trojteadoora.html"Troj/Teadoor-A trojan.  File is found in the Windows system directory. 01
112NavProtect320 15Random Filename2 00 75Troj/Bancos-BA is a password-stealing Trojan that targets banking websites.58http://www.sophos.com/virusinfo/analyses/trojbancosba.html0
111popuppers640 11random name2 00 23Added by Troj/LowZone-P 01
1 6random0 10random.exe1 00  8Added by16Troj/Dloader-KL.0
310RandomBoot0 32RandomScreens.exe /RandomizeBoot211HKEY_LM\Run0 29RandomScreens 3.09.0055, UoM.39http://www.absolutestartup.com/startup/1
1 4rant0  8rant.exe1 00 50Added by the W32/Rbot-ZB WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzb.html0
4 6RapApp0 10RAPAPP.EXE1 00196Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch49http://blackice.iss.net/product_pc_protection.php0
3 9NWEReboot0  7RarSFX4111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
127macromedia critical updater0  9rarww.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7rasctrs0 11rasctrs.exe1 00 49Hijacker,  also detected as the  ADWAHECK TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.adwaheck.html0
1 9rasdfgl320 13rasdfgl32.exe1 00 50Added by the W32/Tilebot-CH worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotch.html0
110RasMan.exe0 10RasMan.exe1 00 54Added by the Troj/Feutel-H keylogging backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelh.html0
117Microsoft DirectX0 11rasmngr.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
136RasCon Remote Access Service Manager0 11rasmngr.exe1 00 28Added by the SPYBOT.EM WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EM&VSect=T0
411RemoteAgent0 12RAUAgent.exe1 00226Trend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"42http://www.trendmicro-europe.com/relax/uk/0
1 6UpDate0  9RAuth.exe1 00 47Added by the Troj/Dloader-UL Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloaderul.html0
212rav_temp.exe0 12rav_temp.exe1 00  2?? 01
114RAVEN_VLZS.EXE0 14RAVEN_VLZS.EXE1 00 74Another eAcceleration program - spyware. Read their privacy statement here37http://www.eacceleration.com/privacy/0
4 6RavMon0 10RavMon.exe1 00 13RAV AntiVirus28http://www.ravantivirus.com/0
4 6RavMon0 18RAVMON.EXE -SYSTEM211HKEY_LM\Run0 97RavMon Ó¦ÓĂłĚĐň 17, 0, 1, 34, Beijing Rising Technology Co., Ltd.. RavMon Rising realtime monitor39http://www.absolutestartup.com/startup/1
1 4run=0 11RAVMOND.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
320MS-4011 Memory Patch0 20RavSasser.exe -Patch211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7Rapdata0 11ravsecs.exe1 00 34Added by the Troj/QQPass-V Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqpassv.html0
1 8RavUptpe0 12ravsesur.exe1 00 34Added by the Troj/QQPass-T Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqpasst.html0
1 8Rapdatei0 13ravseteyi.exe1 00 35Added by the Troj/QQPass-AO Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassao.html0
110Update.exe0 13ravseuper.exe1 00152Added by the Troj/QQPass-P password-stealing Trojan.  This also installs a file named winpose.dll in the Windows %System% directory that can be deleted.57http://www.sophos.com/virusinfo/analyses/trojqqpassp.html0
1 9Raptelnet0 13ravspeger.exe1 00 35Added by the Troj/QQPass-AA Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassaa.html0
1 7Raptelt0 13ravspegtl.exe1 00 35Added by the Troj/QQPass-AB Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassab.html0
1 8Rapdeyer0 13ravspepts.exe1 00 90Added by the Troj/LegMir-DZ information stealing Trojan for the online game Legend of Mir.58http://www.sophos.com/virusinfo/analyses/trojlegmirdz.html0
1 8RavTimer0 12RavTimer.exe1 00 13RAV AntiVirus28http://www.ravantivirus.com/0
4 8RAV8Tray0 12ravtray8.exe1 00 22RAV anti-virus related37http://www.ravantivirus.com/index.php0
1 5Shell0  7ray.exe1 00 65Homepage hijacker re-directing browsers to adult content websites 01
1 6rayply0 10rayply.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112CaptionMgr320  9raz32.exe1 00 12Added by the17W32/VBSun-A WORM!0
4 8razertra0 12razertra.exe1 00 30razer diamondback mouse driver25http://www.razerzone.com/0
111RamBooster20  6rb.exe1 00 25Added by the AKAK TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.akak.html0
112RapidBlaster0  8rb32.exe1 00 61Homepage hijacker (adult content) - see this newsgroup thread122http://grou0
111rb32 lptt010  8rb32.exe1 00192Variant of the  RapidBlaster parasite (in a &quot;RapidBlaster&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
111rb32 ml097e0  8rb32.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
321CheckRegDefragService0 17rbcs.exe -autorun211HKEY_LM\Run0 63Registry Compressor 2.0.0.52, Systweak Inc. Registry Compressor39http://www.absolutestartup.com/startup/1
112rbenh ml***e0  9rbenh.exe1 00224Variant of the  RapidBlaster parasite (in a &quot;RBEnhance&quot; folder in Program Files) where *** represents random digits. It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
1 6rblwlq0 10rblwlq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9sl4 rules0 10rbot32.exe1 00 32Added by the  W32/SDBOT-QC WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqc.html0
1 9WinUpdate0 12RBSKQQBO.EXE1 00 28Added by the VBSWG2B.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.vbswg2b.a@mm.html0
214Remote Control0  6Rc.exe1 00 26Hinet Hi-Five ISP software 01
411ElsaCapiCtl0  9Rcapi.exe1 00231Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem 01
2 4Soot0  8rcea.exe1 00  2?? 01
316Ring Central Fax0 14rcenterrll.exe1 00 58Only needed if you want a PC to answer faxes automatically 01
2 4Cawt0  8rcer.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
110Rcf Driver0  7rcf.exe1 00 29Added by the RANDEX.BLD WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bld.html0
1 7.norton0 10rchost.exe1 00 41Added by a variant of the BOXED-A TROJAN!56http://www.sophos.com/virusinfo/analyses/trojboxeda.html0
1 3Hdh0  7Rcj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
127Inters Configuration Loader0 13RCL0ADERS.exe1 00121Added by the W32/Sdbot-KX worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkx.html0
312RemoteCenter0  9RcMan.exe1 00110Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats40http://www.soundblaster.com/mediasource/0
3 8RControl0 12RControl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
216Registry Crawler0 22RCrawler.exe -TRAYONLY211HKEY_LM\Run0 62Registry Crawler 4, 0, 0, 3, 4Developers LLC. Registry Crawler39http://www.absolutestartup.com/startup/1
1 5rCron0  9rcron.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
315RCScheduleCheck0 11RCSCHED.EXE1 00168Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"57http://www.v-com.com/product/Recovery_Commander_Home.html0
315RCScheduleCheck0 18RCSCHED.EXE -CHECK2 00 48, imagine LAN, Inc.. Checkpoint Scheduler Wizard 01
326Registry Cleaner Scheduler0 24RCScheduler.exe /startup211HKEY_CU\Run0 78CleanMyPC Registry Cleaner 2, 1, 5, 0, CleanMyPC Software. CleanMyPC Scheduler39http://www.absolutestartup.com/startup/1
1 6RCSync0 10RCSync.exe1 00180PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware 01
1 4rcth0  8rcth.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 5buzme0  8RCUI.exe1 00 60Display Client for the  BuzMe Internet Call Waiting Service.21http://www.buzme.com/0
327RingCentral Call Controller0  8RCUI.exe122StartUp menu\All users0 48RingCentral 3.00, RingCentral, Inc.. RingCentral39http://www.absolutestartup.com/startup/1
1 4rcwr0  8rcwr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8RDClient0 12RDCLIENT.EXE1 00166Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection31http://www.twiga.ltd.uk/rdu.asp0
1 6rdfkjl0 10rdfkjl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5rdriv0  9rdriv.sys1 00 81Added by the W32.Spybot.NLX worm.  This is the rootkit element of this infection.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
1 6rdrVR20 10rdrVR2.dll1 00 45Added by the Troj/Haxdoor-AJ backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdooraj.html0
3 8RAMDrive0 10RDTask.exe1 00152Virtual Hard Drive (Ram Drive) takes a portion of your system memory (RAM) and uses it to simulate a hard disk drive. For more information see FarStone.53http://www.farstone.com/home/ensite/products/vhd.shtm0
1 5RealP0 14Rea1P1ayer.exe1 00  056http://www.sophos.com/virusinfo/analyses/trojrplaya.html0
110RealP1ayer0 14rea1p1ayer.exe1 00113Added by the Trojan.Rplay.A Trojan!  Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
123Microsoftz turn Control0  8read.pif1 00134Added by the W32/Rbot-AFS worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafs.html0
1 6User320 11Read101.exe1 00 96Added by Backdoor.Cyn. This infection listens on ports 15432 and 51234 awaiting remote commands. 7target=0
325Adobe Reader Speed Launch0 13reader_sl.exe1 00133Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly53http://www.adobe.com/products/acrobat/readermain.html0
224adobe reader speed lauch0 12READER~1.EXE1 00 47Speeds up the lauch of Adobe (Acrobat) Reader 7 01
110gouday.exe0 10readme.exe1 00 27Added by the BEAGLE.C WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.c@mm.html0
315DevconDefaultDB0 30READREG /PSCONV={NO} /NO_DEFPS211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7reahzle0 11reahzle.exe111HKEY_LM\Run0 79TODO: <Product name? 0, 0, 7, 0, TODO: <Company name?. TODO: <File description>39http://www.absolutestartup.com/startup/1
120Real Internet Player0 12Reaiplay.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9atidriver0 14reaIplayer.exe1 00133Added by the W32/WarPigs-E worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32warpigse.html0
114real scheduler0 18real scheduler.hta2 00 28Added by the  CEEGAR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.ceegar.html0
1 4run=0  8real.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 7Service0  8real.exe1 00 48Added by the W32/Rbot-CUG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcug.html0
118real scheduler.hta0 13RealAudio.exe1 00 27Added by the CEEGAR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.ceegar.html0
1 9RealAudio0 13RealAudio.exe1 00 98Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player74http://securityresponse.symantec.com/avcenter/venc/data/trojan.ceegar.html0
416Realtime Monitor0 11realmon.exe1 00103Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates96http://www1.my-etrust.com/?CFID=6909348&amp;CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
416Realtime Monitor0 14realmon.exe -s2 00 68eTrust Antivirus 7.0.139.0, Computer Associates International, Inc.. 01
110[not used]0 11realone.exe1 00 35Added by the Troj/LegMir-AU Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirau.html0
212msgcenterexe0 24RealOneMessageCenter.exe1 00101RealNetworks  RealPlayer related - disabling this application will not affect Real Player in any way.20http://www.real.com/0
312MsgCenterExe0 32RealOneMessageCenter.exe -osboot211HKEY_LM\Run0 80RealPlayer (32-bit)  0.1.0.3208, RealNetworks, Inc.. RealNetworks Event Launcher39http://www.absolutestartup.com/startup/1
110RealP1ayer0 14realp1ayer.exe1 00113Added by the Trojan.Rplay.A Trojan!  Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
212RealDownload0 12RealPlay.exe1 00 52Download manager. Available via Start -&gt; Programs 01
2 8realplay0 12realplay.exe1 00230System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences 01
2 8RealTray0 12RealPlay.exe1 00230System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences 01
115realplay lptt010 12realplay.exe1 00249Variant of the  RapidBlaster parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not RealPlayer which can have the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
115realplay ml097e0 12realplay.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
114Realplayer One0 12realplay.exe1 00 26Added by the RBOT-NK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnk.html0
2 8RealTray0 33RealPlay.exe SYSTEMBOOTHIDEPLAYER2 00 62RealPlayer (32-bit)  6.0.9.584, RealNetworks, Inc.. RealPlayer 01
3 8RealTray0 33RealPlay.exe SYSTEMBOOTHIDEPLAYER211HKEY_LM\Run0 62RealPlayer (32-bit)  6.0.9.584, RealNetworks, Inc.. RealPlayer39http://www.absolutestartup.com/startup/1
111wintask dll0 20RealPlayer Ath Check2 00 32Added by the  W32.MYTOB.AG WORM!63http://www.symantec.com/avcenter/venc/data/w32.mytob.ag@mm.html0
114ms real player0 12RealPlyr.exe1 00 27Added by the  RBOT.MR WORM!105http://de0
2 9Realpopup0 13Realpopup.exe1 00121RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"24http://www.realpopup.it/0
110tkbellexee0 12realschd.exe1 00 43Added by an unidentified downloader TROJAN! 01
2 9Realsched0 13realsched.exe1 00292Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry20http://www.real.com/0
210TkBell.Exe0 13realsched.exe1 00189Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it20http://www.real.com/0
2 9TkBellExe0 13realsched.exe1 00  020http://www.real.com/0
124Realplayer Codec Support0 13realsched.exe1 00129Added by the W32/Agobot-AAD worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.58http://www.sophos.com/virusinfo/analyses/w32agobotaad.html0
1 7WinHelp0 13realsched.exe1 00133Added by a variant of the LOVGATE WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
2 9TkBellExe0 21realsched.exe -osboot211HKEY_LM\Run0 75RealPlayer (32-bit)  0.1.0.3034, RealNetworks, Inc.. RealNetworks Scheduler39http://www.absolutestartup.com/startup/1
1 9Real-Tens0 13Real-Tens.exe1 00 37DownloadWare based advetising spyware49http://www.doxdesk.com/parasite/DownloadWare.html0
211PCDRealtime0 12realtime.exe1 00224Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site 01
211PCDRealtime0 12realtime.exe111HKEY_LM\Run0 20realtime 1.00, Dell.39http://www.absolutestartup.com/startup/1
014RealTimeUpdate0 18RealTimeUpdate.exe1 00 82Product description in properties is "InternetExplorerCommunicationAgent Module" ? 01
119Real player updater0 11realupd.exe1 00 27Added by the PARLAY TROJAN!43http://vil.nai.com/vil/content/v_100830.htm0
111RealUpdater0 11realupd.exe1 00 44Added by the PARLAY or MITGLIEDER.I TROJANS!43http://vil.nai.com/vil/content/v_100830.htm0
110[not used]0 13realupd32.exe1 00 44Added by the Troj/Mitglie-B backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojmitglieb.html0
117RealPlayerUpdater0 13realupd32.exe1 00 42Added by the Troj/Lohav-T backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojlohavt.html0
113rebatenation00 17RebateNation0.exe1 00 25WebRebates adware variant78http://securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html0
2 6Reboot0 10Reboot.exe1 00118MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards 01
113System Reboot0 13rebootsys.exe1 00 74Added by W32/Rbot-WU, a WORM/backdoor, found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwu.html0
1 6Diesel0 15Recalculate.exe1 00 37Added by the LAZAR trojan downloader.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html0
1 6Diesel0 32Recalculate.exe /reloadenterpice2 00 37Added by the LAZAR trojan downloader.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html0
111netservices0 10recall.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
3 8Recguard0 12RECGUARD.EXE111HKEY_LM\Run0 59Recguard Application 1, 0, 0, 1, . Recguard MFC Application39http://www.absolutestartup.com/startup/1
4 8Recguard0 12recguard.exe1 00258On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense 01
1 6winldr0 16Rechnung.pdf.exe1 00 36Added by the  DOWNLOADER-ACS TROJAN!43http://vil.nai.com/vil/content/v_134667.htm0
2 6Reclip0 10reclip.exe1 00 30Reclip Popup Clipboard manager36http://lockettefamily.com/reclip.htm0
217RecoverFromReboot0 12RECOVE~1.EXE1 00  0 01
2 5mmsys0 11recover.exe1 00  2?? 01
217RecoverFromReboot0 21RecoverFromReboot.exe1 00  0 01
1 8Internet0 11recruit.exe1 00133Added by the W32/Rbot-AJG worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajg.html0
2 6RecShe0 11RecSche.exe1 00 60Recording scheduler for WatchTV Capture Card (TV Tuner card) 01
2 7RecSche0 11RecSche.exe111HKEY_LM\Run0 51RecSche Application 3.02, . RecSche MFC Application39http://www.absolutestartup.com/startup/1
122Recycler DO NOT MODIFY0 13recyclecl.exe1 00 48Added by the W32/Rbot-BCD worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcd.html0
110[not used]0 12RECYCLER.exe1 00 53Added by the Troj/Agent-AET password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentaet.html0
119Recycle Bin Handler0 12recycler.exe1 00 12Added by the36Troj/Shuckbot-A Trojan/IRC backdoor!0
113[random name]0 12REDAEMON.EXE1 00 33Added by the W32/RpcSdbot-B worm.58http://www.sophos.com/virusinfo/analyses/w32rpcsdbotb.html0
2 8Red Flag0 11redflag.exe1 00 74PMS prediction program with modes for guys and girls - no longer available 01
1 8redirect0 13redirect*.exe1 00 72Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit 01
1 6logons0 10redist.dll1 00 46Added by the Troj/Dloadr-UY downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadruy.html0
114reek 32 server0 10reek32.exe1 00 29Added by the  RANDEX.AL WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDEX.AL&VSect=P0
2 4Rtus0  8reem.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 7Referee0 11referee.exe1 00141MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run23http://www.mc1soft.com/0
2 7Refresh0 11Refresh.exe1 00 60(Iomega) Refresh - loads the Iomega desktop icons at startup 01
411Refreshlock0 15Refreshlock.exe1 00 65Tool used to lock the refresh rate of your monitor in Windows XP. 01
1 5vuaaa0  7reg.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3Reg0  7Reg.hta1 00 45Homepage hi-jacker. Removal instructions here43http://wizardscc.com/passthison_warning.asp0
2 4EReg0  9reg32.exe1 00186EReg is a software registration tool incorporated on products such as those by Brřderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it 01
1 5reg320  9reg32.exe1 00 31Added by the NOUPDATE.B TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/trojan.noupdate.b.html0
1 5Reg320  9Reg32.exe1 00 42Hijacker - redirecting to only-virgins.com 01
1 5Reg320  9reg33.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9Regcaioft0 13REGCAIOFT.EXE1 00 36added by  the Troj/Bancos-BV TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosbv.html0
216Registry Cleaner0 12regclean.exe111HKEY_CU\Run0 96Registry Cleaner 1.0.2.384, RegistryOptimizer.com. Registry Cleaner by www.registryoptimizer.com39http://www.absolutestartup.com/startup/1
116Registry Cleaner0 12Regclean.exe1 00 58Supposed registry cleaner installed via misleading popups. 01
212Card Monitor0 12REGCNT09.exe1 00 96For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start - Programs 01
2 8SAClient0 10RegCon.exe1 00269AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging 01
110RegCompres0 12Regcpm32.exe1 00 28Added by the POLDO.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.poldo.b.html0
110Regcxdinaf0 14REGCXDINAF.EXE1 00 46A variant of the Bancos TROJAN adds this file.58http://www.sophos.com/virusinfo/analyses/trojbancosbw.html0
1 6Regcxn0 10Regcxn.exe1 00 29Added by the COIBOA-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojcoiboad.html0
111Regcxsjaftp0 15REGCXSJAFTP.EXE1 00103Added by the Troj/Bancos-AE password-stealing trojan.  This infection targets users of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbancosae.html0
3 9regdefend0 13regdefend.exe1 00244RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur,  thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage.53http://www.ghostsecurity.com/index.php?page=regdefend0
2 4tour0 18regedit ..tour.reg2 00 62Edits registry values to keep the WinMe tour in Task Scheduler 01
2 8tourpath0 26regedit /s [path] tour.reg2 00 67Edits registry values to keep the Win 2000 "tour" in Task Scheduler 01
2 8DJREGFIX0 28regedit /s c:\hpdjregfix.reg2 00285DJRegFix showed up first in WinME as a &quot;clever&quot; way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This &quot;utility&quot; adds the functionality and compatibility HP forgot to add in its WinME drivers 01
1 3sys0 18regedit /s sys.reg2 00  8Hijacker 01
1 1@0 20regedit -s ..win.dll2 00 29Added by the SEEKER.K TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.k.html0
1 3win0 20regedit -s ..win.dll2 00  072http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.k.html0
1 3spp0 18regedit -s spp.reg2 00 82IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/ 01
1 6system0 21regedit -s system.dll2 00 17Homepage hijacker 01
1 9NeroCheck0 11regedit.exe1 00300Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD burning program. Also it is not the valid Windows registry editor which resides in C:\Windows or C:\Winnt wheras this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.b.html0
1 7regedit0 11regedit.exe1 00218Added by the BRID.A WORM! Note - resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). The valid "regedit.exe" resides in C:\Windows (Win9x/Me/XP) or C:\Winnt (WinNT/2K)74http://securityresponse.symantec.com/avcenter/venc/data/w32.brid.a@mm.html0
115Registry Editor0 11regedit.exe1 00 42Added by the W32/Codbot-U backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/w32codbotu.html0
124System Registry Settings0 11regedit.exe1 00126Added by the W32/Rbot-WL WORM/backdoor Trojan and allows unauthorised remote access to infected computers via the IRC network.55http://www.sophos.com/virusinfo/analyses/w32rbotwl.html0
1 7Data7890 27Regedit.exe ....data789.tmp2 00 17Homepage hijacker 01
1 8Internal0 40regedit.exe /s %windir%c:\[month number]2 00 32Added by the FORTNIGHT.D TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.d.html0
2 8PowerSet0 38Regedit.exe /s ...PowerSet_8100_CU.REG2 00 46Appears to be Toshiba power management related 01
1 7OPQFile0 30regedit.exe /s ...rad03FA6.tmp2 00122Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit 01
1 9SysSearch0 34Regedit.exe -s [path] pcsearch.reg2 00 42Added by the StartPage-FN browser hijacker43http://vil.nai.com/vil/content/v_130084.htm0
1 9SysSearch0 32REGEDIT.EXE -s [path] sysreg.reg2 00 31Added by the STARTPA-ME TROJAN!59http://www.sophos.com/virusinfo/analyses/trojstartpame.html0
1 9setupuser0 25regedit.exe setupuser.log2 00 60Regfile in disguise - another CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9RegEdit320 13RegEdit32.exe1 00 35Added by the W32/Voumit-A P2P worm.56http://www.sophos.com/virusinfo/analyses/w32voumita.html0
124Service Registry NT Save0 13regeditnt.exe1 00 83Added by Troj/Bancos-BM  TROJAN to steal passwords and download code from websites.58http://www.sophos.com/virusinfo/analyses/trojbancosbm.html0
1 2sp0 21regedit-s .... sp.dll2 00143Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix11topsearcher0
1 6regrun0 12regeditt.exe1 00 43Added by the WIN32.AGENT.MM Trojan dropper! 01
1 3tsx0 11regedlt.exe1 00121Added by the W32/Sdbot-KA worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotka.html0
131Windows Registry Express Loader0 14regexpress.exe1 00 28Added by the FORBOT-CJ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcj.html0
3 9RegFreeze0 13regfreeze.exe1 00 31RegFreeze anti-spyware software47http://www.actualresearch.com/rf_overview.shtml0
2 9reginfo320 13reginfo32.exe1 00  2?? 01
126registry integrity checker0 13regintmon.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
319RegisterDropHandler0 12REGIST~1.EXE1 00639Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation  7Send To0
319RegisterDropHandler0 12REGIST1.EXE1 00  0 01
223Register MediaRing Talk0 12register.exe1 00 88If you don't want to register MediaRing and be reminded about it every bootup disable it 01
222PestPatrolRegistration0 12Register.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121windows register edit0 13registr32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
220Registration Lock On0 20Registration Lock On225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
228CorelDRAW Graphics Suite 11b0101Registration.exe /title="CorelDRAW Graphics Suite 12" /date=070105 serial=DR12WEG-7719974-KLS lang=CS211HKEY_LM\Run0 70Corel Corporation Registration 10.599, Corel Corporation. Registration39http://www.absolutestartup.com/startup/1
117Registry Services0 12Registry.exe1 00 36Added by the DOWNLOADER.CILE TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/trojan.downloader.cile.html0
115RegistryMonitor0 12registry.pif1 00 15Affilred adware58http://sarc.com/avcenter/venc/data/pf/adware.affilred.html0
1 5Reg320 14Registry32.exe1 00 27Added by Backdoor.Crazynet.61http://www.sarc.com/avcenter/venc/data/backdoor.crazynet.html0
033PDF Converter Registry Controller0 22RegistryController.exe1 00 30ScanSoft PDF_Converter related37http://www.scansoft.com/pdfconverter/0
333PDF Converter Registry Controller0 22RegistryController.exe111HKEY_LM\Run0 77ScanSoft PDF Converter 1.0, ScanSoft, Inc.. PDF Converter Registry Controller39http://www.absolutestartup.com/startup/1
315RegistryFix.exe0 15registryfix.exe111HKEY_CU\Run0 73RegistryCleaner Application 1, 0, 0, 1, . RegistryCleaner MFC Application39http://www.absolutestartup.com/startup/1
116register manager0 18RegistryManage.exe1 00 29Added by the  SDBOT.AYH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AYH&VSect=P0
1 4run=0 20RegistryReminder.exe1 00 33Added by the APSTROJAN.OB TROJAN!42http://vil.nai.com/vil/content/v_10232.htm0
327Windows Registry Repair Pro0 23RegistryRepairPro.exe 4211HKEY_CU\Run0 81Windows Registry Repair Pro 2.0.0, 3B Software, Inc.. Windows Registry Repair Pro39http://www.absolutestartup.com/startup/1
111checkscan320 13regload16.exe1 00 27Added by the  AEBOT.K WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AEBOT.K&VSect=P0
115Registry Loader0 12regloadr.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
138{35a88e51-b53d-43e9-b8a7-75d4c31b4676}0 11reglogs.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{35a88e51-b53d-43e9-b8a7-75d4c31b4676}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
110Regmonitor0 13regmaping.exe1 00 31Added by the W32/Bagle-CJ worm.56http://www.sophos.com/virusinfo/analyses/w32baglecj.html0
316RegistryMechanic0 11RegMech.exe1 00215Registry Mechanic for Windows - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"33http://www.winguides.com/regmech/0
316RegistryMechanic0 15regmech.exe /QS211HKEY_LM\Run0 59Registry Mechanic 4.00.0101, PCTools. Registry Mechanic 4.039http://www.absolutestartup.com/startup/1
1 8RegMon320 12regmon32.exe1 00 49Added by the W32/Sdbot-ALK worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotalk.html0
218CheckRegDefragOnce0 23regopt.exe -checkdefrag211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111wininet.dll0 11regperf.exe1 00 33Added by the Troj/Zlob-IJ Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobij.html0
2 8AUTOPROP0 24REGPROP.EXE WMPADDIN.DLL2 00112Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension 01
4 7RegProt0 11Regprot.exe1 00 89RegistryProt from Diamond Computer Systems - protects the system registry against changes47http://www.diamondcs.com.au/web/htm/regprot.htm0
1 9Regptmens0 13REGPTMENS.EXE1 00 52Added by the Troj/Bancos-ED Internet Banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosed.html0
116registry checker0 10Regrun.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
123Window Registry Config10 13regrun32a.exe1 00135Added by the W32/Rbot-VB worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotvb.html0
121Windows Registry Scan0 11regscan.exe1 00143Added by the W32/Rbot-HA trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotha.html0
121windows registry scan0 13regscan23.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Windows Registry Scan0 13regscan32.exe1 00 26Added by the RBOT.KE WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KE&Vsect=T0
116Registry Scanner0 12regscanr.exe1 00 39Added by a variant of the OPTIX TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=161060
1 7Regscan0 12regscanr.exe1 00  8Added by155Troj/Optix-SE.0
116Microsoft Update0 12regscr32.exe1 00258Added by the W32/Rbot-GT trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection also attempt to send back cd keys of applications and games that may be installed on your computer.55http://www.sophos.com/virusinfo/analyses/w32rbotgt.html0
144microsoft windows dll services configuration0 10regscv.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
122windows update service0 10regscv.exe1 00 33Added by the  W32/AGOBOT-AM WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotam.html0
0 9regserver0 12regserve.exe1 00 50Related to XGI Technology's  Volari graphics cards100http://ww0
115regservices.exe0 15regservices.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
2 8RegShave0 12regshave.exe1 00236Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly 01
2 8REGSHAVE0 21REGSHAVE.EXE /AUTORUN2 00 68Registry Shaver 3.0.0.4, FUJI PHOTO FILM CO., LTD.. Shaving Registry 01
3 8REGSHAVE0 21REGSHAVE.EXE /AUTORUN211HKEY_LM\Run0 68Registry Shaver 3.0.0.4, FUJI PHOTO FILM CO., LTD.. Shaving Registry39http://www.absolutestartup.com/startup/1
1 6regsrv0 10regsrv.exe1 00 32Added by the OPTIXPRO.11 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.110
114System Profile0 10Regsrv.exe1 00 39Added by a variant of the OPTIX TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=161060
120[executed file name]0 12Regsrv32.com1 00  080http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.southghost.html0
1 7REGEDIT0 12Regsrv32.com1 00 29Added by the SOUTHGHOST WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.southghost.html0
115Registry Server0 12regsrv32.exe1 00 26Added by the RBOT-GM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgm.html0
116registry service0 12REGSRV32.EXE1 00 40Added by an unidentified WORM or TROJAN! 01
1 7regsrvc0 11regsrvc.exe1 00 12Added by the111Troj/Stope0
1 5Regsv0  9regsv.exe1 00 42Search hijacker - redirecting to scheo.com 01
123Generic Service Process0 12regsvc32.exe1 00 36Added by the GAOBOT.UJ, GAOBOT.UL or20W32/Agobot-FM WORMS!0
124Generic Services Process0 12regsvc32.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
1 8MSRegSvc0 12regsvc32.exe1 00 69Homepage hijacker that changes your homepage to an adult content site 01
1 8regsvc320 12regsvc32.exe1 00  0 01
114Task Commander0 12regsvc32.exe1 00 12Added by the39W32/Agobot-RX worm/IRC backdoor Trojan.0
120InternetHostSecurity0 14regsvchost.exe1 00 54Added by the Troj/Spyal-A information stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojspyala.html0
111DHCP Server0 10regsvr.exe1 00 26Added by the RBOT-PR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpr.html0
1 6regsvr0 10regsvr.exe1 00 31Added by the WEBMONEY-G TROJAN!59http://www.sophos.com/virusinfo/analyses/trojwebmoneyg.html0
132popup defence updater (required)0 54regsvr32 /s [path] pdf****.dll (* = random char/digit)2 00 31SafeguardProtect/Veevo hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
121Popup Defence Updater0 54regsvr32 /s [path] pdf****.dll [* = random char/digit]2 00 31SafeguardProtect/Veevo hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
1 8PCShield0 49regsvr32 /s [path] sfg_****.dll [* = random char]2 00 30SafeguardProtect/Veevo malware57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
211MsmqIntCert0 20regsvr32 /s mqrt.dll2 00112Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem.30http://www.microsoft.com/msmq/0
211MsPMSPSvReg0 24regsvr32 /s MsPMSPSv.dll215HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
1 8uninstal0 24regsvr32 /u /s image.dll2 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
145Kazaa Download Accelerator Updater (required)0 45regsvr32 [path] kdp****.dll [* = random char]2 00 31SafeguardProtect/Veevo hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
134SafeGuard Popup Updater (required)0 51regsvr32 [path] PDF****.dll [* = random char/digit]2 00 31SafeguardProtect/Veevo hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
142SafeGuard Popup Blocker Updater (required)0 51regsvr32 [path] sfg****.dll [* = ramdom char/digit]2 00 34SafeGuard Protect/Veevo - hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
134SafeGuard Popup Updater (required)0 51regsvr32 [path] sfg****.dll [* = ramdom char/digit]2 00 31SafeguardProtect/Veevo hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
131SafeGuard Popup Blocker Updater0 26regsvr32 [path] sfgupd.dll2 00 31SafeguardProtect/Veevo hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
121Popup Blocker Updater0 42regsvr32 veev****.dll [**** = random char]2 00 31SafeguardProtect/Veevo hijacker57http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp0
210WUx_RegSvr0 12RegSvr32.exe1 00 17x is any number?? 01
3 8HREF.OCX0 25regsvr32.exe ....HREF.OCX2 00150HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller55http://software.xfx.net/utilities/popupkiller/index.php0
215Register SeqChk0 27regsvr32.exe ..csseqchk.dll2 00  2?? 01
3 7AsioReg0 26REGSVR32.EXE /S CTASIO.DLL211HKEY_LM\Run0103Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
311MsmqIntCert0 24regsvr32.exe /s mqrt.dll225StartUp menu\Current user0103Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
111kvern16.dll0 31regsvr32.exe [path] kvern16.dll2 00 18DailyWinner adware48http://www.doxdesk.com/parasite/DailyWinner.html0
110vern16.dll0 31regsvr32.exe [path] vernn16.dll2 00 18DailyWinner adware48http://www.doxdesk.com/parasite/DailyWinner.html0
111vernn16.dll0 31regsvr32.exe [path] vernn16.dll2 00 18DailyWinner adware48http://www.doxdesk.com/parasite/DailyWinner.html0
3 7AsioReg0 23regsvr32.exe ctasio.dll2 00163ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality69http://www.soundblaster.com/resources/read.asp?articleid=60&amp;cat=20
3 8REGSVR320 23regsvr32.exe ctasio.dll2 00  065http://www.soundblaster.com/resources/read.asp?articleid=60&cat=20
129Compatibility Service Process0 10regsvs.exe1 00 28Added by the GAOBOT.YN WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yn.html0
1 7regsync0 11regsync.exe1 00 18SafeSurfing adware80http://securityresponse.symantec.com/avcenter/venc/data/spyware.safesurfing.html0
1 7Reg_WFT0 11Regsysw.com1 00 26Added by the WILSEF VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.wilsef.html0
221Registration-Studio 80 11RegTool.exe1 00 85Registration for  Pinnacle Studio Version 8 home video software from Pinnacle Systems71http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=577&Langue_ID=20
3 8RegTweak0 10RegTwk.exe1 00170Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface31http://www.rage3d.com/r3dtweak/0
1 6RegVer0 10REGVER.EXE1 00 31Added by the LATINUS.16 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.160
123Windows [non-printable]0 10regver.exe1 00 45Added by the Troj/Graybird-T backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdt.html0
1 8RegVfy320 14Regverif32.exe1 00 46Added by the W32.Sygyp.A@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.sygyp.a@mm.html#technicaldetails0
110[not used]0 11rejoice.exe1 00 34Added by the Troj/Prosti-Q Trojan.57http://www.sophos.com/virusinfo/analyses/trojprostiq.html0
2 8Launcher0 12relaunch.exe1 00185Audio Applications Launcher for the Philips Rythmiic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start - Programs182http://www.consum0
1 6Reload0 10reload.exe1 00 37Added by the LAZAR trojan downloader.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html0
1 6Reload0 27reload.exe /reloadenterpice2 00 43ml" target="_blank"LAZAR trojan downloader. 01
1 6reload0 10reload.vbs1 00 33Added by the LOVELETTER.AS VIRUS!42http://vil.nai.com/vil/content/v_98684.htm0
110Regmonitor0 12remaping.exe1 00 48Added by the W32.Beagle.DO@mm mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.beagle.do@mm.html#technicaldetails0
2 7RemHelp0 11Remhelp.exe1 00 34BT Voyager ADSL Modem Help related 01
2 8B.Reader0  9remin.exe1 00 43Birthday Reminder 5.0 - as the name implies25http://www.harshal.da.ru/0
2 9Remind_XP0 13Remind_XP.exe1 00231HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start - PC Help & Tools - Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list 01
2 8Reminder0 13Remind_XP.exe1 00 67Application Remind_XP 1, 0, 2, 1, SoftThinks. Application Remind_XP 01
2 8Reminder0 13Remind_XP.exe1 00231HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start - PC Help & Tools - Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list 01
3 8Reminder0 13Remind_XP.exe111HKEY_LM\Run0 67Application Remind_XP 1, 0, 2, 1, SoftThinks. Application Remind_XP39http://www.absolutestartup.com/startup/1
218Corel Registration0 12Remind32.exe1 00 94If you don't want to register Corel products and be reminded about it every 2 weeks disable it 01
227Corel Registration Reminder0 12Remind32.exe1 00 94If you don't want to register Corel products and be reminded about it every 2 weeks disable it 01
224Hewlett Packard Recorder0 12Remind32.exe1 00 29HP multifunction registration 01
213HP-Aio Flight0 12Remind32.exe1 00  0 01
217Reminder-cpqXXXXX0 12remind32.exe1 00 27Compaq printer Registration 01
217Reminder-hpcXXXXX0 12remind32.exe1 00 25HP CD-Writer Registration 01
217Reminder-ranXXXXX0 12remind32.exe1 00 50Registration reminder widget for Rand Mcnally maps 01
238reminder-ScanSoft Product Registration0 12remind32.exe1 00 61Registration reminder for ScanSoft products such as PaperPort 01
2 5@loha0 12reminder.exe1 00 51Registration reminder for @loha@home E-mail utility67http://www.pcworld.com/downloads/file_description/0,fid,6581,00.asp0
221Instant Update Center0 12reminder.exe1 00293From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG.  PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner 01
213Kana Reminder0 12Reminder.exe1 00 98Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time40http://www.istop.com/~phartana/reminder/0
2 8Reminder0 12reminder.exe1 00 40From MS Money. Reminds you of your bills 01
2 8Reminder0 12reminder.exe111HKEY_CU\Run0 85Microsoft Money 7.00.0913, Microsoft Corporation. Microsoft Bill Reminder Application39http://www.absolutestartup.com/startup/1
317CreateCD_Reminder0 12reminder.exe111HKEY_LM\Run0 92Reminder Application 1.6.0, Sony Electronics, Inc. VAIO Recovery Media Kit Creation Reminder39http://www.absolutestartup.com/startup/1
3 8RemindMe0 12RemindMe.exe1 00 29Remind-Me - calendar software32http://www.beiley.com/remind-me/0
412Remocon_Path0 11remocon.exe1 00 46Remote control software for the Sigma TV Card. 01
1 5remon0  9REMON.SYS1 00 82Rootkit used by some infections to hide other files and configuration information. 01
313remote master0 17remote master.exe2 00 92Required if you want your ASUS Remote control to work at all. Available via Start - Programs 01
134Remote Procedure Call (RPC) Remote0 10remote.exe1 00133Added by the W32/Mytob-EW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobew.html0
212Remote_Agent0 15RemoteAgent.exe1 00173Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings, you will need this, otherwise can be disabled. Available via Start - Programs24http://www.cyberlink.com0
335MpegTV Station PCITV Remote Control0 13RemoteCtl.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 9Sistray320 14remotehost.pif1 00 31ml" target=_blankHOLCAS.A WORM! 01
115Spyware remover0 18Remove_spyware.exe1 00112Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related! 01
2 9RemoveCpl0 13RemoveCpl.exe1 00  0 01
2 9Removecpl0 13Removecpl.exe1 00 64Related to a Belkin 54Mbps Wireless Utility Control Panel applet 01
111Removed.exe0 11Removed.exe1 00 30GatorCheat - adware downloader 01
1 6remove0 12removeJK.exe1 00 35Added by the Trojan.Remojin Trojan.75http://www.sarc.com/avcenter/venc/data/trojan.remojin.html#technicaldetails0
1 9Zonealarm0 12Removeme.exe1 00 28Added by the FORBOT-BG WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbg.html0
117Windows Update 320 10rempss.exe1 00134Added by the W32/Forbot-FW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32forbotfw.html0
0 8RemStart0 12remstart.exe1 00 53Part of McAfee's Remote Desktop 32 Agent application. 01
0 6Agente0 10Remupd.exe1 00144Part of Panda Antivirus Titanium. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?47http://www.pandasoftware.com/products/titanium/0
113MSN Messenger0 13Reosmsngr.exe1 00 42pybot.worm.html" target=_blankSPYBOT WORM! 01
219Repair Registry Pro0 24RepairRegistryPro.exe -s211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 11repairs.dll1 00183Added by a new version of the Adware.SurfSideKick adware.  This file protects the Surf Sidekick 3 from being removed and must be killed before you can remove the rest of the software.63http://www.sarc.com/avcenter/venc/data/adware.surfsidekick.html0
1 8LAsIAf320 12RePEAtLD.exe1 00 27Added by the REPEATLD WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.repeatld.html0
312Replay Radio0 22ReplayRadio.exe -quiet211HKEY_CU\Run0 67ReplayRadio 5, 2, 1, 0, Applian Technologies Inc.. ReplayRadio 5.2139http://www.absolutestartup.com/startup/1
317RepliGo Assistant0 14RepliGoMon.exe1 00104Cerience  RepliGo software - "any document you have on your PC can be transferred to your mobile device"47http://www.cerience.com/docs/ppc/docs/index.htm0
1 3req0  7req.dat1 00 46Added by the Trojan.Vundo.B adware/redirector. 01
1 3req0  7req.dll1 00128Added by the Troj/ConHook-B trojan downloader.  There will usually be other malware on your system if this infection is present.58http://www.sophos.com/virusinfo/analyses/trojconhookb.html0
1 9Requester0 16requester.11.exe1 00 41Added by the Trojan.Muquest proxy Trojan.75http://www.sarc.com/avcenter/venc/data/trojan.muquest.html#technicaldetails0
1 9requester0 15requester.5.exe1 00 57Adware downloader, identified as TrojanProxy.Win32.Delf.h 01
1 9requester0 15requester.6.exe1 00 44Added by a variant of  the MUQUEST.A TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=410000
1 9requester0 15requester.8.exe1 00 44Added by a variant of  the MUQUEST.A TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=410000
254[System Mechanic Professional Update [Incinerator.dll]0 29REREG: [path] Incinerator.dll2 00124System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again41http://www.iolo.com/sm/4pro/tutorials.cfm0
3 9ResModify0  7Res.EXE111HKEY_LM\Run0 30ali usb1 1, 0, 0, 1, ali. usb139http://www.absolutestartup.com/startup/1
210zzzHPSETUP0  5RESET111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
325Picture Package VCD Maker0 16Residence.exe -h222StartUp menu\All users0 60Residence ????????? 1, 0, 0, 1, Sony Corporation.. Residence39http://www.absolutestartup.com/startup/1
111loadservice0 13Rest In Peace2 00 34Added by the  W32/KANGAROO-A WORM!58http://www.sophos.com/virusinfo/analyses/w32kangarooa.html0
214RestoreDesktop0 18RestoreDesktop.exe111HKEY_CU\Run0 77Kanex RestoreDesktop 2, 0, 0, 1, Kanex Group, Inc.. RestoreDesktop Executable39http://www.absolutestartup.com/startup/1
1 7restory0 11restory.exe1 00 27Added by the RETSAM TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.retsam.html0
1 7resagnt0 10restun.exe1 00 70Adware downloader - detected by  Panda antivirus as Trj/Downloader.ALQ51http://www.pandasoftware.com/products/titanium2005/0
315ResumeFixClocks0 13resumefix.exe1 00 76Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards37http://radeontweaker.sourceforge.net/0
217Mania Win Restore0 10RESWIN.EXE1 00142Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start - Programs 01
1 6retime0 10retime.exe1 00 26Added by the GIPMA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gipma.html0
318RetrieverScheduler0 22retrieverscheduler.exe1 0028380-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available54http://www.80-20.com/products/one-search/retriever.asp0
212RetroExpress0 19RetroExpress.exe /h211HKEY_LM\Run0 63Retrospect Express HD 1.0.196.0, Dantz Development Corporation.39http://www.absolutestartup.com/startup/1
314RevoTaskbarApp0 12RevoTask.exe1 00192Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available 01
2 8RexSyMon0 12rexsymon.exe1 00115Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC52http://support.intel.com/support/peripherals/xc/pda/0
3 7rfagent0 11rfagent.exe1 00259Registry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders40http://www.rosecitysoftware.com/reg1aid/0
3 7rfagent0 11rfagent.exe111HKEY_CU\Run0106Registry First Aid 4.0.0.659, KsL Software. Registry First Aid, the easy powerful registry cleanup program39http://www.absolutestartup.com/startup/1
114Windows-TCP-IP0 12rfkampig.exe1 00 26Added by the GIPMA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gipma.html0
225Reality Fusion GameCam SE0 10RFTray.exe1 00 78Reality Fusion Tray  Application 1, 0, 0, 1, . Reality Fusion Tray Application 01
225Reality Fusion GameCam SE0 10RFTRay.exe1 00115System Tray access for Logitech's Reality Fusion GameCam. For more details see here. Available via Start - Programs49http://www.realityfusion.com/gamecam/bethere.html0
1 6RFTray0 10RFTRay.exe1 00220Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start - Programs 01
1 5rfvjo0  9rfvjo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 3rfw0  7Rfw.exe1 00 13RAV AntiVirus28http://www.ravantivirus.com/0
1 6rfwydg0 10rfwydg.exe1 00  2?? 01
119windows asn service0  7rge.exe1 00 26Added by the  W32/Rbot-AOK56http://www.sophos.com/virusinfo/analyses/w32rbotaok.html0
1 7rgglksr0 11rgglksr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8RGZCDHTN0 21RGZCDHTN.exe /install2 00 32Added by the  adware/redirector.63http://www.sarc.com/avcenter/venc/data/adware.safesearch.c.html0
1 8RGZCDHTN0 25RGZCDHTN.exe /install</a>2 00 32Added by the  adware/redirector.63http://www.sarc.com/avcenter/venc/data/adware.safesearch.c.html0
159Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}0  6RH.DLL1 00 16SmartPops adware54http://www.doxdesk.com/parasite/NetworkEssentials.html0
3 2RH0  8rh32.exe1 00 51EuroFonts - adds Euro symbols to pre-Euro computers 01
1 9aizifmoki0 12rhdqlnbh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5rhemm0  9rhemm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312RhinoBlocker0 16RhinoBlocker.exe1 00 29RhinoBlocker - pop-up stopper28http://www.rhinoblocker.com/0
1 3Nja0  7Rhj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4rhpa0  8rhpa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Comcast Network0 10ribiva.exe1 00 32Added by an  IRC_TROJAN variant!71http://securityresponse.symantec.com/avcenter/venc/data/irc.trojan.html0
1 6richup0 10richup.exe1 00 28SafeSurfing parasite variant48http://pestpatrol.com/pestinfo/s/safesurfing.asp0
1 6richup0 10richup.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
315Rio MSC Manager0 10RioMSC.exe1 00 73Used by the RIO MP3 player to organize and copy music to your MP3 player. 01
1 9rIOphosIs0 13rIOPHosIs.vBS1 00 26Added by the RIOSYS MACRO!72http://securityresponse.symantec.com/avcenter/venc/data/w97m.riosys.html0
3 9RIPPopUps0 13RIPPopUps.exe111HKEY_LM\Run0 191.32.1500.39066,  .39http://www.absolutestartup.com/startup/1
3 9RivaTuner0 13RivaTuner.exe1 00 78RivaTuner for tweaking nVidia graphics cards. Required if you make any changes28http://guru3d.com/rivatuner/0
322RivaTunerStartupDaemon0 13RivaTuner.exe1 00  028http://guru3d.com/rivatuner/0
3 9RivaTuner0 16RivaTuner.exe /T211HKEY_LM\Run0 72RivaTuner Application 2, 0, 0, 0, . RivaTuner 2.0 Release Candidate 15.439http://www.absolutestartup.com/startup/1
1 8rjwgwegv0 12rjwgwegv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3OSS0  6rk.exe1 00 58RelevantKnowledge, NetSetter/Marketscore foistware variant48http://www.doxdesk.com/parasite/MarketScore.html0
3 3OSS0 12rk.exe -boot211HKEY_LM\Run0 98RelevantKnowledge 1.3.4.300 (Build 300), RelevantKnowledge. RelevantKnowledge Internet Accelerator39http://www.absolutestartup.com/startup/1
1 4rkbg0  8rkbg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
120WindowsRegKey update0 14rkbuouoxfl.exe1 00248Added by the W32/Rbot-OO trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotoo.html0
1 8rkjrfjti0 12rkjrfjti.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5rkpif0  9rkpif.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Tcg0  7Rks.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Key10  8Rlid.exe1 00 25Added by the LIXY TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lixy.html0
1 4rliu0  8rliu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7rlmcxjk0 11rlmcxjk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3oss0 11rlvknlg.exe1 00 31NetSetter/Marketscore foistware48http://www.doxdesk.com/parasite/MarketScore.html0
3 3OSS0 17rlvknlg.exe -boot211HKEY_LM\Run0 83RelevantKnowledge 1.3.302.312 (Build 302.312), RelevantKnowledge. RelevantKnowledge39http://www.absolutestartup.com/startup/1
1 4rlwj0  8rlwj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8rlwxwzka0 12rlwxwzka.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313RemoteControl0 10rmctrl.exe1 00  0 01
313RemoteControl0 10rmctrl.exe1 00242Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
3 6rmctrl0 10rmctrl.exe1 00242Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one 01
1 6rmocvh0 10rmocvh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 8RMremote0 12RmRemote.exe1 00 42Remote control driver for REALmagic Xcard.46http://www.sigmadesigns.com/products/xcard.htm0
126DialUp Network Application0  9Rnaap.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
313Remote Access0 10rnaapp.exe1 00200Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed 01
120RealPlayer Ath Check0 12rnathchk.exe1 00136Added by the W32.Mytob.AG@mm worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ag@mm.html#technicaldetails0
1 4Usrr0  8rncr.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
1 7rncvxkf0 11rncvxkf.exe111HKEY_LM\Run0 79TODO: <Product name> 0, 0, 7, 0, TODO: <Company name>. TODO: <File description>39http://www.absolutestartup.com/startup/1
125file laoder configuration0  9rnd32.exe1 00 28Added by the  RBOT.BQJ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQJ&VSect=T0
1 6rndll20 10rndll2.exe1 00117May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within? 01
1 9setupdata0 10rnll32.exe1 00143Added by the Troj/QQPass-AG keylogger Trojan.  It also creates the following files:  %System%rull32.dll, %System%rnull32.dll, %System%temp1.jpg58http://www.sophos.com/virusinfo/analyses/trojqqpassag.html0
323option store inter ante0 12Roam drv.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215RoboFormWatcher0 19RoboFormWatcher.exe1 00 97AI Roboform from Siber Systems. Automatically completes web forms. Available via Start - Programs30http://www.siber.com/roboform/0
2 8RoboForm0 19RoboTaskBarIcon.exe1 00162Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin 01
2 8RoboForm0 19RoboTaskBarIcon.exe111HKEY_CU\Run0 53RoboForm 6-3-96, Siber Systems. RoboForm TaskBar Icon39http://www.absolutestartup.com/startup/1
1 4rock0  8rock.exe1 00 87Added by the Troj/LowZone-CR Trojan that lowers the security settings on your computer.59http://www.sophos.com/virusinfo/analyses/trojlowzonecr.html0
311Rocket.Time0 14RocketTime.exe1 00 50Time synchronization software from Rocket Software51http://www.rocketsoftware.com/products/download.htm0
1 6rodwbh0 10rodwbh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4rofl0  8rofl.sys1 00 38Added by the Hacktool.Rootkit rootkit.82http://securityresponse.symantec.com/avcenter/venc/data/hacktool.rootkit.html?Open0
1 7rokgwtl0 11rokgwtl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 2Sb0  9Rolin.bat1 00 43Added by the WM97/Lahey-A Word macro virus.56http://www.sophos.com/virusinfo/analyses/wm97laheya.html0
1 4roll0  8roll.exe1 00173Added by the Troj/LowZone-CP Trojan.  This Trojan will lower the security on your computer so other malware can bypass any security restrictions that may have been in place.59http://www.sophos.com/virusinfo/analyses/trojlowzonecp.html0
110DevicePath0  8Root.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
1 9MediaPath0  8Root.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
112Rundll32.exe0  8Root.exe1 00 24Added by the GRUEL WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html0
119Registry Value Name0  9roses.exe1 00134Added by the W32/Rbot-AFT worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaft.html0
2 5ROUTD0  9ROUTD.exe1 00  2?? 01
2 9RoxAssist0 13RoxAssist.exe1 00584Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually 01
3 4RP320  8rp32.exe1 00114ControlIT (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems. 7http://0
139Remote Procedure Call For Windows 32bit0  7rpc.exe1 00 26Added by the RBOT-MD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmd.html0
449Remote Packet Capture Protocol v.0 (experimental)0 10rpcapd.exe1 00 65File is found at this location: %ProgramFiles%\WinPcap\rpcapd.exe 01
1 4rpcc0  8rpcc.exe1 00 47Added by the Troj/Dloadr-AEL downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloadrael.html0
134Remote Procedure Call (RPC) Center0 13RpcCenter.exe1 00 49Added by the W32/Sdbot-AQH worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaqh.html0
134Remote Procedure Call (RPC) Client0 13rpcclient.exe1 00 48Added by the W32/Codbot-L worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotl.html0
111rpcda Win320  9rpcda.exe1 00133Added by the W32/Rbot-AEE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaee.html0
1 9roketpipe0 12rpclient.exe1 00  2?? 01
135Remote Procedure Call (RPC) Locator0 14rpclocator.exe1 00 48Added by the W32/Codbot-Q worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotq.html0
138Remote Procedure Call (RPC) Monitoring0 10Rpcmon.exe1 00 48Added by the W32/Codbot-T worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbott.html0
1 6Sysmon0 10rpcmon.exe1 00 29Added by the RANDEX.ATX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.atx.html0
135Remote Procedure Call (RPC) Service0  9RpcSs.exe1 00 48Added by the W32/Cuebot-J worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32cuebotj.html0
4 9RPCSS.exe0  9rpcss.exe1 00463Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here27http://www.cexx.org/rpc.htm0
121RPC+ Service Provider0 12rpcss_pl.exe1 00 83br /br /HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\\DependOnService 01
148Windows Remote Procedure Call Monitoring Service0 10rpcsvc.exe1 00 48Added by the W32/Cuebot-I worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32cueboti.html0
113windowsupdate0 14RPCX1SQ234.exe1 00129Added by the Troj/IRCBot-U worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/trojircbotu.html0
113windowsupdate0 12RPCX1sQ3.exe1 00 29Added by the IRCBOT.B TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.b.html0
112System Setup0 12rpcxcmod.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6MSVsmt0 11rpcxctx.exe1 00 40Added by an unidentified WORM or TROJAN! 01
116WSAConfiguration0 12rpcxmn32.exe1 00 29Added by the AGOBOT.ABG WORM!102http://uk0
122social security agency0 13rpcxsocsa.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116userinit startup0 12rpcxuisu.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
131Microsoft Windows Secure Server0 15rpcxWindows.exe1 00 26Added by the RBOT-LL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotll.html0
122RpcxWindows Extensions0 13rpcxwinex.exe1 00 28Added by the  RBOT.ACP WORM!90http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_RBOT.ACP0
131microsoft windows secure update0 15rpcxwinupdt.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 4usrr0  8rpen.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
1 6RplSvr0 10rplsvr.exe1 00112The WORM variant W32/MyDoom-J uses email & P2P to add a TROJAN, copies itself as this file to run at each logon.56http://www.sophos.com/virusinfo/analyses/w32mydoomj.html0
310ReleaseRAM0  8RRAM.exe1 00209&quot;Release RAM allows your computer to run faster and uses your computer's RAM more efficiently&quot;. Some users swear by programs such as this but I suggest you read this article and make up your own mind26http://www.releaseram.com/0
1 9bluestart0  9rraut.exe1 00 39Added by the VB.GY.2 downloader TROJAN! 01
1 4rreg0  8rreg.exe1 00 19Unidentified adware 01
1 8rrm6015i0 12rrm6015i.exe111HKEY_LM\Run0 134, 0, 2, 3, .39http://www.absolutestartup.com/startup/1
1 7RRMedic0 11rrmedic.exe1 00225Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection24http://www.rr.com/rdrun/0
313Rapid Restore0 10rrpcsb.exe1 00195XPoint "Rapid Restore PC" - a "Managed Recovery™ solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"53http://www.xpointdirect.com/jp/IBMRRPC/XPRRPC_why.asp0
1 4rrsh0  8rrsh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Osus0  8rrup.exe1 00 31PurityScan/Clickspring -Adware.47http://www.doxdesk.com/parasite/PurityScan.html0
3 6rscmpt0 10rscmpt.exe1 00195Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status56http://www.guru3d.com/comments.php?category=1&amp;id=6730
321Red Swoosh EDN Client0 15RSEDNClient.exe1 00116If you disable this software, you will not be able to use the video features of the sites that use this technoglogy. 01
122synchronization manage0 12rservers.exe1 00 27Added by the  W32/Forbot-FM57http://www.sophos.com/virusinfo/analyses/w32forbotfm.html0
123Synchronization Manager0 12rservers.exe1 00133Added by the W32/Forbot-FM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfm.html0
3 6rsMenu0 10rsMenu.exe1 00 40Synchronizes a Casio PDA with MS Outlook 01
115Window Firewall0  8rsms.exe1 00129Added by a new Rbot variant.  This infection when started connects to a remote IRC server where it waits for commands to execute. 01
110[not used]0  9rsmss.exe1 00115Added by the Troj/Prosti-BL backdoor Trojan.  Explorer.exe is not part of this infection and should not be removed.58http://www.sophos.com/virusinfo/analyses/trojprostibl.html0
123Remote Services Manager0  9rsmss.exe1 00 44Added by the Troj/Bckdr-BBK backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojbckdrbbk.html0
121Extra Logs and Alerts0  7rsn.exe1 00215Added by the Troj/Keylog-AU keylogging Trojan.  This infection also installs the files c:\windows\system32\fixapi.exe, c:\windows\system32\hotkey.exe, c:\windows\system32\rcxx.tmp, and c:\windows\system32\kbdmy.dll.58http://www.sophos.com/virusinfo/analyses/trojkeylogau.html0
214Resource Meter0 11rsrcmtr.exe1 00152Windows Resource Meter. Available via Start - Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes 01
1 7RSRCMTZ0 11RSRCMTZ.exe1 00  2?? 01
1 9VgaDriver0 12RsrVga32.exe1 00124Added by the Troj/Keylog-AH keylogger trojan.  This infection logs your keystrokes to a file named C:\WINDOWS\INF\RCMTRX.DL.58http://www.sophos.com/virusinfo/analyses/trojkeylogah.html0
3 9rssreader0 13RssReader.exe1 00 78RssReader - a free RSS reader able to display any RSS and Atom news feed (XML)25http://www.rssreader.com/0
111MSN UPDATER0 10RSVC32.EXE1 00224Added by the W32/Rbot-HW trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection will also attempt to log user's keystrokes to the file keys.txt.55http://www.sophos.com/virusinfo/analyses/w32rbothw.html0
130Network Administration Service0 10rsvc32.exe1 00 27Added by the RBOT.ABH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABH0
1 8rtbrohhk0 12rtbrohhk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6rtcdll0 10rtcdll.exe1 00 19Unidentified adware 01
2 8SoundMan0 11RTHDCPL.exe111HKEY_LM\Run0106Realtek HD Audio Sound Effect Manager 1.1.0.0, Realtek Semiconductor Corp.. Realtek HD Audio Control Panel39http://www.absolutestartup.com/startup/1
4 7rthdcpl0 11RTHDCPL.EXE1 00 37Realtek HD Audio Sound Effect Manager 01
1 5msMGR0 10rtkmsg.exe1 00132Added by the W32/Sdbot-BPY worm. This infection when started connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotbpy.html0
115[Various Names]0 14RtlFindVal.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
210RtlMon.exe0 10RtlMon.exe1 00 32Monitor for RealTek network card 01
4 9RTMonitor0 13RTMonitor.exe1 00 31Cheyenne (now eTrust) antivirus14http://ca.com/0
1 4rtos0  8rtos.exe1 00 10IRC trojan 01
425Symantec AntiVirus Client0 11rtvscan.exe1 00168This is the real-time component of the Symantec antivirus proection program.  This program should not be disabled as you will no longer have real-time virus protection. 01
4 8rtvscn950 12RTVSCN95.EXE1 00 72Real-time virus scanner component of Norton Anti-Virus Corporate Edition 01
1 9Quicktlme0  6ru.exe1 00 21Adult content dialler 01
2 3LIU0 11Rubicon.exe1 00189Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway 01
1 6Ruby130 10Ruby13.exe1 00 26Added by the MEXER.E WORM!67http://securityresponse.symantec.com/avcenter/venc/data/w32.mexer.e0
1 6Ruby140 10Ruby14.exe1 00 29Added by the FIGHTRUB-A WORM!58http://www.sophos.com/virusinfo/analyses/w32fightruba.html0
1 6Showme0  9Ruden.vbs1 00 33Added by the WM97/Handle-A virus.57http://www.sophos.com/virusinfo/analyses/wm97handlea.html0
1 5rudll0  9rudll.exe1 00 35Added by the Troj/Vanti-K/a Trojan.56http://www.sophos.com/virusinfo/analyses/trojvantik.html0
328McAfee.InstantUpdate.Monitor0 12RuLaunch.exe1 00194Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis 01
3 8RuLaunch0 12RuLaunch.exe1 00194Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis 01
328McAfee.InstantUpdate.Monitor0 26RuLaunch.exe /startmonitor211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
112Secure Patch0  7run.dll1 00 98Added by the Troj/Dloader-ZS Trojan.br /br /Uses CLSID: b(2F232C2B-1238-3CBC-04A8-7AC23B61E33F)/b.59http://www.sophos.com/virusinfo/analyses/trojdloaderzs.html0
111SecurePatch0  7run.dll1 00 98Added by the Troj/Dloader-XF Trojan.br /br /Uses CLSID: b{2F212B1B-1313-1BBC-02A8-7CA23A23E13F}/b.59http://www.sophos.com/virusinfo/analyses/trojdloaderxf.html0
2 3SPP0  7run.exe1 00  2?? 01
3 2sc0  7run.exe1 00351All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file27http://www.allinonespy.com/0
1 4runs0  7run.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7Windows0  7run.exe1 00128Added by the W32/Sdbot-XW. When this infection starts it connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotxw.html0
1 7Classes0 10run_21.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 6Run_cd0 10Run_cd.exe1 00 29Added by the GHOST.23 TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GHOST.230
1 6MSTask0 11run_dll.exe1 00 39Added by the Adware.Yuupsearch toolbar.61http://www.sarc.com/avcenter/venc/data/adware.yuupsearch.html0
1 6System0 10run322.exe1 00 28Added by the LANFILT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lanfilt.html0
3 3klp0 12run32dll.exe1 00126PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online40http://www.newfreeware.com/internet/480/0
1 7winstro0 12RUN32DLL.exe1 00 28Added by the FTP_ANA TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_ana.html0
2 5runAP0  9runAP.exe1 00 28Not required but what is it? 01
1 8Runapp320 12Runapp32.exe1 00 28Added by the NEODURK TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.neodurk.html0
1 6micore0  8runc.exe1 00125a href ="http://www.sarc.com/avcenter/venc/data/adware.mediainject.html"Mediainject displays advertisements on your computer. 01
111Rund013.exe0 11Rund013.exe1 00 95Added by the Troj/StartPa-HX Trojan.  This infection will change Internet Explorer's home page.59http://www.sophos.com/virusinfo/analyses/trojstartpahx.html0
112Taskbell.exe0  9Rund1.exe1 00 26Added by the YIPID TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/TROJAN!.yipid.html0
1 6Rund110 10Rund11.EXE1 00 30Added by the W32/Mario-C worm.55http://www.sophos.com/virusinfo/analyses/w32marioc.html0
1 8rund11320 12rund1132.exe1 00 31Added by the W32/Dopbot-A worm.56http://www.sophos.com/virusinfo/analyses/w32dopbota.html0
112Rund1132.exe0 12Rund1132.exe1 00 36Added by the Troj/StartPa-HS Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpahs.html0
110Tencent QQ0 29Rund1132.exe qq.dll, Rundll322 00 29Added by the QQPASS.F TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.f.html0
111SysDeskqqfx0 13Runddll32.exe1 00 89Added by the PWSteal.Changgame password-stealing Trojan for a chinese online gaming site.78http://www.sarc.com/avcenter/venc/data/pwsteal.changgame.html#technicaldetails0
124windows automaticupdater0 11runddls.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6ctfnom0 12rundIl32.exe1 00 30Added by the LEGMIR-AW TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlegmiraw.html0
116LoadPowerProfile0  9rundl.exe1 00133Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll73http://securityresponse.symantec.com/avcenter/venc/data/w32.tofazzol.html0
112PowerPrifile0 38rundl132 kenel.dll, PowerProfileEnable2 00 25Added by the INMOTA WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.inmota.worm.html0
1 5NvCpl0 11rundl32.exe1 00134Added by the W32/Agobot-TO worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32agobotto.html0
1 8RUNDLL320 11rundl32.exe1 00 32Added by the W32/Demotry-A worm.57http://www.sophos.com/virusinfo/analyses/w32demotrya.html0
111Windows DNS0 11rundl32.exe1 00 45Added by the Troj/GrayBrd-AG backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdag.html0
119startwindowskeyuser0 11rundle2.exe1 00 31Added by the JAVAKILLER TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/w32.javakiller.trojan.html0
1 8rundli320 12rundli32.exe1 00 23Added by the LADE WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.lade.html0
110Windows TM0 12rundlI32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
224Taskbar Display Controls0 41RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY2 00299Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -&gt; Display -&gt; Settings -&gt; Advanced -&gt; General. Also appears if you have Win95 with the QuickRes &quot;Powertoy&quot; installed 01
420DNE Binding Watchdog0 35rundll dnes.dll, DnDneCheckBindings2 00409Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work 01
416DNE DUN Watchdog0 32rundll dnes.dll, DnDneCheckDUN132 00409Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work 01
1 1@0 10RUNDLL.EXE1 00 12Added by the19W32/Spybot-DN WORM!0
116Autostart Helper0 10rundll.exe1 00 49Added by the W32/Sdbot-BBG worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotbbg.html0
121Microsoft run manager0 10rundll.exe1 00 48Added by the W32/Rbot-BFP worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfp.html0
117Microsoft Service0 10rundll.exe1 00 29Added by the W32/Popo-A worm.54http://www.sophos.com/virusinfo/analyses/w32popoa.html0
1 6RunDll0 10RunDll.exe1 00 53Added by the Troj/QQPass-AH password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassah.html0
1 9RundllSvr0 10Rundll.exe1 00 24Added by the HUAYU WORM!57http://www.symantec.com/avcenter/venc/data/w32.huayu.html0
114Windows Config0 10RUNDLL.EXE1 00134Added by the W32/Spybot-DX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32spybotdx.html0
116Windows RunDLL320 10rundll.exe1 00145Added by the W32/Mytob-HS worm and IRC backdoor. This infection should not be confused with the legitimate c:\windows\system32\rundll32.exe file.56http://www.sophos.com/virusinfo/analyses/w32mytobhs.html0
113Windows Upate0 10rundll.exe1 00103Added by the HAKO TROJAN! Note - this is NOT the Windows system file of the same name as described here59http://www.symantec.com/avcenter/venc/data/trojan.hako.html0
1 9Windows320 10rundll.exe1 00 42Added by the AGOBOT-LK or AGOBOT-ND WORMS!57http://www.sophos.com/virusinfo/analyses/w32agobotlk.html0
116LoadPowerProfile0 24Rundll.exe powerprof.dll2 00192Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html0
1 7clnwall0 55rundll.exe setupx.dll, InstallHinfSection ..delwall.inf2 00  2?? 01
1 8LLMODCL20 56rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF2 00  2?? 01
1 7ZIBMACC0 22rundll.exe ZIBMACC.INF2 00240ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435) 01
1 5Run050 13rundll_32.exe1 00 53Added by the Troj/Bancos-DT password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosdt.html0
1 6Rundll0 11Rundll~.exe1 00 45Added by the W32/Delf-KT trojan and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32delfkt.html0
1 5Regro0 13rundll132.exe1 00 84Added by the PWSteal.Ragnarok password-stealing Trojan for the online game Ragnarok.77http://www.sarc.com/avcenter/venc/data/pwsteal.ragnarok.html#technicaldetails0
1 3Rro0 13rundll132.exe1 00156Added by the Troj/LegMir-DX password-stealing Trojan for the online game Legend of Mir.  This infection also creates the file C:\Windows\System32\rodll.dll.58http://www.sophos.com/virusinfo/analyses/trojlegmirdx.html0
138(109DFD46-20F3-0D29-0600-010804010205)0 12rundll16.exe1 00 95Added by the Troj/Delf-LV Trojan.br /br /Uses CLSID: b(109DFD46-20F3-0D29-0600-010804010205)/b.56http://www.sophos.com/virusinfo/analyses/trojdelflv.html0
1 4RDLL0 12RunDll16.exe1 00 28Added by the SDBOT.F TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.f.html0
1 8Rundll160 12Rundll16.exe1 00 48Added by a number of VIRUSES, WORMS and TROJANS! 01
1 7svchost0 12Rundll16.exe1 00190Added by the Troj/StartPa-PB  TROJAN! Redirecting of browser start & search pages will result. DBG.EXE and RUNDLL.EXE are copied to the Windows folder to initiate the actions of this trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpapb.html0
119Win32 USB2.0 Driver0 12rundll16.exe1 00 28Added by the WOOTBOT.H WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_WOOTBOT.H&VSect=T0
118Windows DLL Loader0 12RUNDLL16.EXE1 00 27Added by the DOMWIS TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.domwis.html0
123Microsoft Update Module0 12rundll24.exe1 00 26Added by the RBOT-PS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotps.html0
1 8MMSystem0  8RunDll321 00 27Added by the FUNNER-A WORM! 01
1 7gvagfxj0 23rundll32 ...gvagfxj.dll2 00 37Unidentified adware, spyware or virus 01
1 6drvupd0 21rundll32 ..drvupd.inf2 00 62Hijacker - drvupd.inf file installs a "searchforge.com" hijack 01
2 8LXBTCATS0 44rundll32 [path] LXBTtime.dll,_RunDLLEntry@162 00 23Lexmark printer related 01
2 9Tesco.net0 38rundll32 [path] RyDial.dll, QuickStart2 00 45Tesco.net dial-up ISP software - not required34https://register.tesco.net/online/0
1 9SurfBuddy0 26rundll32 [path] sbuddy.dll2 00 92SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!44http://www.surfapps.com/surfbuddy/index.html0
111WebSpecials0 27rundll32 [path] webspec.dll2 00 19WebSpecials spyware81http://www.giantcompany.com/antispyware/research/spyware/spyware-WebSpecials.aspx0
115New.net Startup0 36rundll32 [path], NewDotNetStartup -s2 00 19NewDotNet foistware42http://doxdesk.com/parasite/NewDotNet.html0
2 7AME_CSA0 28rundll32 amecsa.cpl, RUN_DLL2 00 37Loads ADSL modem Control Panel applet 01
3 7AudCtrl0 31RunDll32 AudCtrl.dll, RCMonitor2 00 20Audio control panel? 01
2 8AxFilter0 31Rundll32 AXFILTER.DLL, Rundll322 00  2?? 01
2 7Cmaudio0 32Rundll32 cmicnfg.cpl, CMICtrlWnd2 00163System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start - Settings - Control Panel 01
216Rundll32 cmicnfg0 32Rundll32 cmicnfg.cpl, CMICtrlWnd2 00163System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start - Settings - Control Panel 01
3 7Cmaudio0 31RunDll32 cmicnfg.cpl,CMICtrlWnd211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6babeie0 31rundll32 cnbabe.dll, dllstartup2 00 49CommonName Toolbar spyware. To uninstall see here62http://www.commonname.com/english/ug/toolbar/default.asp?idx=10
1 5Zenet0 31rundll32 CNBabe.dll, DllStartup2 00  062http://www.commonname.com/english/ug/toolbar/default.asp?idx=10
011SoundFusion0 21rundll32 cwcprops.cpl2 00184Control panel item for the Terratec DMX Xfire 1024 soundcard (Start - Settings - Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time? 01
311SoundFusion0 37rundll32 hercplgs.cpl, BootEntryPoint2 00195Control panel item for Hercules Fortissimo soundcards (Start -&gt; Settings -&gt; Control Panel) based upon a Cirrus Logic &quot;SoundFusion&quot; DSP. Does it need to run at start-up every time? 01
1 5Image0 27rundll32 image.dll, Install2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 9xkstartup0 39RunDll32 InstZ82.dll, SetUsbPrinterPort2 00 34On a system with a Lexmark printer 01
112ControlPanel0 42rundll32 internat.dll, LoadKeyboardProfile2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9kernctl320 31rundll32 kctl32.dll, initialize2 00 29Added by the AGENT.AT TROJAN! 01
3 9WinXPLoad0 39Rundll32 LoadDll, LoadExe WinXPLoad.exe2 00 55Compaq hotkey related - required if you use the hotkeys 01
3 7NVCLOCK0 31rundll32 nvclock.dll, fnNvclock2 00 53Overclocking utility for nVidia based graphics cards? 01
2 9P17Helper0 27Rundll32 P17.dll, P17Helper2 00 98ASIO driver for the Sound Blaster Audigy & Audigy 2 series sound card - is it required in startup?65http://www.soundblaster.com/resources/read.asp?articleid=60&cat=20
4 8Pwrmonit0 21Rundll32 PwrMonit.dll2 00 79IBM's proprietary 'battery maximiser' and power monitoring software for laptops 01
3 6BMMGAG0 38Rundll32 PWRMONIT.DLL, StartPwrMonitor2 00165Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window 01
1 3RSS0 35rundll32 RSSToolbar.dll, DllRunMain2 00 55Related Sites toolbar - SearchAndClick hijacker variant 01
313SbUsb AudCtrl0 32RunDll32 sbusbdll.dll, RCMonitor2 00 54Control for Soundblaster MP3 external (USB) sound card 01
1 9keymgrldr0 52rundll32 setupapi, InstallHinfSection... keymgr3.inf2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 6SysPnP0 55rundll32 setupapi, InstallHinfSection.... oemsyspnp.inf2 00 27Search hijacker - see  here82http://www.spywareinfo.com/forums/index.php?s=&act=ST&f=11&t=8643&st=0&#entry605600
010SRFirstRun0 39rundll32 srclient.dll, CreateFirstRunRp2 00227Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup? 01
210SRFirstRun0 38rundll32 srclient.dll,CreateFirstRunRp211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Tweak UI0 40RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup2 00116Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup&quot;79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.subwoofer.html0
111NT security0 12rundll32.com1 00133Added by the W32/Rbot-AJC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajc.html0
3 8BatInfEx0 12rundll32.exe1 00 54Displays battery status information on an IBM Thinkpad 01
139Background Intelligent Transfer Service0 12rundll32.exe1 00  8Added by55Troj/VB-ZD, which also adds another to insure starting.0
1 9loadMecq30 12rundll32.exe1 00 52Added by the Troj/LegMir-A password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmiras.html0
1 8loadMefs0 12rundll32.exe1 00 36Added by the  Troj/LegMir-JA TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlegmirja.html0
116LoadPowerProfile0 12Rundll32.exe1 00144Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line76http://securityresponse.symantec.com/avcenter/venc/data/w32.miroot.worm.html0
1 4LTT20 12rundll32.exe1 00 82Added by the Troj/Lineage-BI password-stealing Trojan for the online game lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagebi.html0
1 5Regrx0 12rundll32.exe1 00161Added by the Troj/Wayic-A information stealing Trojan. bNote: /b This should not be confused with the legitimate rundll32.exe file in your Windows system folder.56http://www.sophos.com/virusinfo/analyses/trojwayica.html0
1 8rundll320 12rundll32.exe1 00133Added by the SANKER WORM! Note that the valid "rundll32.exe" resides in C:\Windows\System32 wheras this version resides in C:\Windows76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sanker.html0
1 2rx0 12rundll32.exe1 00 51Added by the Troj/Gamec-G password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojgamecg.html0
1 2rz0 12rundll32.exe1 00 82Added by the Troj/Lineage-BP password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagebp.html0
1 5SysWy0 12rundll32.exe1 00 85Added by the Troj/Lineage-JH information-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagejh.html0
1 7TaskMan0 12rundll32.exe1 00109Added by the DVLDR TROJAN! Note - this is not the valid "rundll32.exe" as it's in the Windows\Fonts directory75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dvldr.html0
110UPDATEHOOK0 12Rundll32.exe1 00  2?? 01
119Win32 Rundll Loader0 12Rundll32.exe1 00235Added by the SDBOT.A TROJAN! Note: Rundll32.exe is a valid Windows application called &quot;Run a DLL as an App&quot; and stored in the C:\Windows directory. The version created by this virus is saved in the C:\Windows\System directory75http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.A0
118Windows DLL Loader0 12rundll32.exe1 00236Added by the WHIPSER-B WORM! Note - rundll32.exe file is placed in the Windows\System folder, wheras the legitimate rundll32.exe is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)57http://www.sophos.com/virusinfo/analyses/w32whipserb.html0
1 8he3bbcff0 47rundll32.exe (path) he3bbcff.dll,EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8icddefff0 47rundll32.exe (path) icddefff.dll,EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8ielcaabe0 47rundll32.exe (path) ielcaabe.dll,EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8wmcbaaca0 47rundll32.exe (path) wmcbaaca.dll,EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 6Bridge0 26rundll32.exe ...Bridge.dll2 00 31Flingstone.com browser hijacker 01
2 8NVMCTRAY0 43RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
2 8lhttseng0 42rundll32.exe ..lhttseng.inf, RemoveCabinet2 00116Left over after installation of the British English version of the Lernout &amp; Hauspie Text To Speech (TTS) Engine 01
3 9BMMMONWND0 53rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor2 00 21IBM Thinkpad related. 01
1 8cfgmgr520 39RunDLL32.EXE [path] cfgmgr52.dll,DllRun2 00 26BookedSpace adware variant48http://www.doxdesk.com/parasite/BookedSpace.html0
1 8he3e3fc40 48rundll32.exe [path] he3e3fc4.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8icdd7ee60 48rundll32.exe [path] icdd7ee6.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8iel2cde80 48rundll32.exe [path] iel2cde8.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8kw3eef760 48rundll32.exe [path] kw3eef76.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8li01f9480 48rundll32.exe [path] li01f948.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
3 7LicCtrl0 37rundll32.exe [path] MMFS.DLL, Service2 00180Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program 01
1 8readdb400 48rundll32.exe [path] readdb40.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8si91e44b0 48rundll32.exe [path] si91e44b.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 8LoadSIPS0 42rundll32.exe [path] SIPSPI32.dll, SIPSPI322 00 15123Mania adware 01
138{12EE7A5E-0674-42f9-A76B-000000004D00}0 41rundll32.exe [path] stlb2.dll, DllRunMain2 00 28BrowserAid/Startium parasite47http://www.doxdesk.com/parasite/BrowserAid.html0
125IE Menu Extension toolbar0 40rundll32.exe [path] tbextn.dll DllShowTB2 00 53Topconverting.com/180Search "IEMenuExtension" toolbar 01
113Games toolbar0 41rundll32.exe [path] tbGame.dll, DllShowTB2 00 50Topconverting.com\180Search "Games Toolbar" adware 01
1 8wm41a3980 48rundll32.exe [path] wm41a398.dll, EnableRunDLL322 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
1 6winupd0 40RUNDLL32.EXE [random value].dll, _mainRD2 00 25Added by the MOTA.A WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.mota.a.html0
1 7winupdt0 25RUNDLL32.EXE [random.dll]2 00 26Added by the MABUT.A WORM!62http://www.viruslist.com/en/viruses/encyclopedia?virusid=574060
313VoodooBanshee0 44rundll32.exe 3DBBps.dll, BansheeLoadSettings2 00186Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not&nbsp; 01
2103dfx Tools0 42rundll32.exe 3dfxCmn.dll,UpdateRegSettings211HKEY_LM\Run0122Besturingssysteem Microsoft(R) Windows (R) 2000 5.00.2134.1, Microsoft Corporation. Een DLL-bestand als toepassing starten39http://www.absolutestartup.com/startup/1
1 9delsubmit0 52rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 6BCMHal0 33rundll32.exe bcmhal9x.dll, bcinit2 00171BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings 01
1 3BIE0 35Rundll32.exe BDSrHook.dll, Rundll322 00 17BDplugin parasite49http://www.pestpatrol.com/PestInfo/b/bdplugin.asp0
115Systems Restart0 40Rundll32.exe beem.dll, DllRegisterServer2 00 84Browser hijacker - the file serves to register a dll implemented as a browser plugin 01
115Systems Restart0 40Rundll32.exe boln.dll, DllRegisterServer2 00 12Added by the16Troj/StartPa-FQ.0
1 6RunDLL0 29rundll32.exe bridge.dll, Load2 00 31Flingstone.com browser hijacker 01
1 4Bsx30 28Rundll32.exe bs3.dll, DllRun2 00 28BookedSpace parasite variant48http://www.doxdesk.com/parasite/BookedSpace.html0
1 5bxsx50 21RunDLL32.EXE bsx5.dll2 00 28BookedSpace parasite variant44http://doxdesk.com/parasite/BookedSpace.html0
328bluetoothauthenticationagent0 55rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent2 00209Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer,  when connecting a PDA to your computer -  necessary for the computer and the PDA to communicate. 01
215WildTangent CDA0 44RUNDLL32.exe cdaEngine0400.dll,cdaEngineMain2 00 45Part of the WildTangent on-line games system.38http://www.wildtangent.com/default.asp0
1 6CnsMin0 33Rundll32.exe CNSMIN.DLL, Rundll322 00 42CnsMin "Chinese Keywords" hijacker related 8<a href=0
215CrazyTalk Serve0 45rundll32.exe CrazyTalk.dll, DIIServeMediaFile2 00320CrazyTalk from Reallusion - &quot;the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions.&quot; Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS47http://www.reallusion.com/crazytalk/default.asp0
1 7Control0 46rundll32.exe ctrlpan.dll, Restore ControlPanel2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
11298d0ce0c16b10 34rundll32.exe D0CE0C16B1,D0CE0C16B12 00 36BrowserAid/Startium parasite related47http://www.doxdesk.com/parasite/BrowserAid.html0
2 7DeadAIM0 43rundll32.exe DeadAIM.ocm, ExportedCheckODLs2 00 71DeadAIM - feature enhancing product for AOL's Instant Messenger program40http://www.jdennis.net/DeadAIM/about.php0
136a70f6a1d-0195-42a2-934c-d8ac0f7c08eb0 35rundll32.exe E6F1873B.DLL,D9EBC318C2 00 36BrowserAid/Startium parasite related47http://www.doxdesk.com/parasite/BrowserAid.html0
114Instant Access0 45rundll32.exe EGDACCESS_1057.dll,InstantAccess2 00 93Porn Dialer - Instant Access Dialer.F. File will be found in the %windir%\system32 directory.34http://www.mac-net.com/474482.page0
114Instant Access0 44rundll32.exe EGDHTML_1023.dll, InstantAccess2 00 29Adult content dialler related 01
3 7ICSDCLT0 35rundll32.exe Icsdclt.dll, ICSClient2 00164Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines 01
110Rundll32_80 38rundll32.exe inetp60.dll, DllRunServer2 00 27BrowserAid parasite variant47http://www.doxdesk.com/parasite/BrowserAid.html0
329BlueToothAuthentication Agent0 54RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent2 00362Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig  Startup24Infrared Port properties0
3 8rundll320 54RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent2 00362Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig  Startup24Infrared Port properties0
328BluetoothAuthenticationAgent0 54rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent211HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
226MigrationVendorSetupCaller0 45rundll32.exe migrate.dll, CallVendorSetupDlls2 00  2?? 01
316MigrateMMDrivers0 34rundll32.exe mmsys.cpl,mmseRunOnce215HKEY_LM\RunOnce0102Microsoft(R) Windows (R) 2000 Operating System 5.00.2134.1, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
1 6Dialer0 25rundll32.exe msa32chk.dll2 00 19Unidentfied malware 01
115ContentDownload0 37rundll32.exe MSA64CHK.dll, DllMostrar2 00 20MatrixDialer related49http://www.doxdesk.com/parasite/MatrixDialer.html0
113CoolDownloads0 37rundll32.exe MSA64CHK.dll, DllMostrar2 00  049http://www.doxdesk.com/parasite/MatrixDialer.html0
1 7CoolMP30 37rundll32.exe MSA64CHK.dll, DllMostrar2 00 20MatrixDialer related49http://www.doxdesk.com/parasite/MatrixDialer.html0
118DownloadLegalMusic0 37rundll32.exe MSA64CHK.dll, DllMostrar2 00  049http://www.doxdesk.com/parasite/MatrixDialer.html0
115FreeMP3download0 37rundll32.exe MSA64CHK.dll, DllMostrar2 00 20MatrixDialer related49http://www.doxdesk.com/parasite/MatrixDialer.html0
111GetTheMusic0 37rundll32.exe MSA64CHK.dll, DllMostrar2 00  049http://www.doxdesk.com/parasite/MatrixDialer.html0
113NiceDownloads0 37rundll32.exe MSA64CHK.dll, DllMostrar2 00 20MatrixDialer related49http://www.doxdesk.com/parasite/MatrixDialer.html0
1 7Desktop0 42rundll32.exe msconfd, Restore ControlPanel2 00 74Added by the Adware.CWSMSConfd hijacker!  This is for the 95/98/Me version61http://www.sarc.com/avcenter/venc/data/adware.cwsmsconfd.html0
1 7Desktop0 46rundll32.exe msconfd.dll, Restore ControlPanel2 00 31Added by the BOOKMARKER TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.html0
227Mass storage check registry0 40rundll32.exe MSDServ.dll, check registry2 00 44Used with a USB based smartmedia card reader 01
1 8LoadHTML0 35rundll32.exe mshtmpre.dll, MShtmpre2 00 16Browser hijacker 01
110Rundll32_70 39rundll32.exe MSIEFR40.DLL, DllRunServer2 00 46BrowserAid "Featured Results" hijacker variant47http://www.doxdesk.com/parasite/BrowserAid.html0
117Protected Storage0 35RUNDLL32.EXE MSSIGN30.DLL ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
128VFW Encoder/Decoder Settings0 35RUNDLL32.exe MSSIGN30.DLL ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 6NAVUpd0 32rundll32.exe navupd.dll, Startup2 00 25Added by the NAVU TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.navu.html0
1 7New.net0 42rundll32.exe NewDotNetStartup Newdot~2.exe2 00 19NewDotNet foistware42http://doxdesk.com/parasite/NewDotNet.html0
1 8NEWDOT~10 42rundll32.exe NewDotNetStartup Newdot~2.exe2 00 19NewDotNet foistware42http://doxdesk.com/parasite/NewDotNet.html0
215NMGameX_AutoRun0 40Rundll32.exe nmgamex.dll,LiveProcess /aa211HKEY_LM\Run0102Microsoft(R) Windows (R) 2000 Operating System 5.00.2134.1, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
216RFX_auto_upgrade0 25rundll32.exe npvpg005.dll2 00116A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade47http://download.richfx.com/player/uninstall.exe0
3 5NvCpl0 33rundll32.exe NvCpl.dll, NvStartup2 00106Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card 01
311NvCplDaemon0 33rundll32.exe NvCpl.dll, NvStartup2 00106Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card 01
3 5NVIEW0 37rundll32.exe nview.dll, nViewLoadHook2 00128This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers 01
2 8RunDLL320 40RunDLL32.exe NvMCTray.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
313NvMediaCenter0 40RunDLL32.exe NvMCTray.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
2 8RUNDLL320 32RUNDLL32.EXE NvQtwk, NvCplDaemon2 00473System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)28NVIDIA Driver Helper Service0
211NvColorInit0 36rundll32.exe NvQtwk.dll, NvColorInit2 00 43Associated with Nvidia based graphics cards 01
211NvCplDaemon0 36rundll32.exe NvQtwk.dll, NvCplDaemon2 00473System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)28NVIDIA Driver Helper Service0
216NvidiaQuickTweak0 38rundll32.exe NvQtwk.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
212NVQuickTweak0 38rundll32.exe NvQtwk.dll, NvTaskbarInit2 00246System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties 01
212NvInitialize0 33rundll32.exe NvQtwk.dll, NvXTInit2 00117Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled 01
222OfotoNow USB Detection0 52Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow2 00128Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start - Programs81http://www.ofoto.com/DownloadClient30.jsp?UV=673857175481_20140377403&US=0&c=f_on0
1 3oo40 28RunDLL32.EXE oo4.dll, DllRun2 00 28BookedSpace parasite variant44http://doxdesk.com/parasite/BookedSpace.html0
114Instant Access0 44rundll32.exe p2esocks_xxxx.dll,InstantAccess2 00109Added by the Instant Access Adware.  The file name always starts with p2esocks_ followed by 4 random numbers.64http://www.sarc.com/avcenter/venc/data/adware.instantaccess.html0
316LoadPowerProfile0 25Rundll32.exe powrprof.dll2 00277Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel - Power Options settings62http://support.microsoft.com/default.aspx?scid=kb;en-us;1876110
116LoadPowerProfile0 46Rundll32.exe powrprof.dll,LoadCurrentPwrScheme2 00126Sistema operativo Microsoft(R) Windows (R) 2000 5.00.2134.1, Microsoft Corporation. Modulo di esecuzione DLL come applicazioni 01
1 8Rundll320 37Rundll32.exe ptipbm.dll, SetWriteBack2 00111Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. 01
0 7ptipbmf0 43rundll32.exe ptipbmf.dll, SetWriteCacheMode2 00  0 01
0 8rundll320 43rundll32.exe ptipbmf.dll, SetWriteCacheMode2 00223Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller 01
1 7Ptipbmf0 42rundll32.exe ptipbmf.dll,SetWriteCacheMode211HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
1 9ForceShow0 36rundll32.exe QaBar.dll, ForceShowBar2 00 33AdultLinks/QAbar parasite related47http://www.doxdesk.com/parasite/AdultLinks.html0
122Module Call initialize0 31RUNDLL32.EXE reg.dll, ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
129Remote Procedure Call Locator0 33RUNDLL32.EXE reg678.dll ondll_reg2 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
112RUSBHOLoader0 43rundll32.exe RUSBHOLoader.dll, AutoRegister2 00  2?? 01
1 9saSyncMgr0 33rundll32.exe sasync.dll, SyncWait2 00 47Browser hijacker - redirecting to Searchant.com 01
124Compaq Computer Security0 34Rundll32.exe SECURE32.CPL, Service2 00  2?? 01
1 61234560 54rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl2 00 84Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.c.worm.html0
3 8SiSPower0 35Rundll32.exe SiSPower.dll,ModeAgent211HKEY_LM\Run0119Sistema operativo Microsoft® Windows® 5.1.2600.2180, Microsoft Corporation. Ejecutar un archivo DLL como una aplicación39http://www.absolutestartup.com/startup/1
115Systems Restart0 40Rundll32.exe snim.dll, DllRegisterServer2 00 84Browser hijacker - the file serves to register a dll implemented as a browser plugin 01
1 3sre0 29rundll32.exe sre.dll,Register2 00 19Unidentified adware 01
213WIAWizardMenu0 44RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu2 00 53Still Image Class Installer - installed with a webcam 01
138{12EE7A5E-0674-42f9-A76B-000000004D00}0 33rundll32.exe stlb2.dll,DllRunMain211HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
138{2CF0B992-5EEB-4143-99C0-5297EF71F444}0 37rundll32.exe stlbdist.dll, DllRunMain2 00 28BrowserAid/Startium parasite47http://www.doxdesk.com/parasite/BrowserAid.html0
138{2CF0B992-5EEB-4143-99C2-5297EF71F44B}0 37rundll32.exe stlbupdt.DLL, DllRunMain2 00 28BrowserAid/Startium parasite47http://www.doxdesk.com/parasite/BrowserAid.html0
1 8stlbupdt0 37rundll32.exe stlbupdt.DLL, DllRunMain2 00 28BrowserAid/Startium parasite47http://www.doxdesk.com/parasite/BrowserAid.html0
411AdslTaskBar0 33rundll32.exe stmctrl.dll, TaskBar2 00 35ISP software, initializes DSL modem 01
2 8Ccdecode0 43rundll32.exe streamci, StreamingDeviceSetup2 00 70Part of the closed caption decdoder/MS VBI codec. Should only run once 01
114SynUSB Manager0 32rundll32.exe SynUSB.dll,RunDll322 00 33Added by the Troj/Riler-A trojan.56http://www.sophos.com/virusinfo/analyses/trojrilera.html0
312System Check0 38Rundll32.exe SysDll32.dll, SystemCheck2 00 58XPCSpy Pro keylogger, surveillance and monitoring software24http://www.x-pcsoft.com/0
3 8Tweak UI0 36rundll32.exe tweakui.cpl, tweaklogon2 00 89Automatically logs you on if you have Microsoft's Tweak UI &quot;powertoy&quot; installed 01
3 8Tweak UI0 35rundll32.exe tweakui.cpl, tweakmeup2 00 94Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed 01
321tweak ui 1.33 deutsch0 35RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp2 00111Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version 01
334UCmore XP - The Search Accelerator0 36rundll32.exe UCMTSAIE.dll, DllShowTB2 00 35UCmore toolbar - search accelerator22http://www.ucmore.com/0
4 7V128IID0 40Rundll32.exe v128iitw.dll, STB_InitTweak2 00142Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages 01
110W3KNetwork0 35rundll32.exe w3knet.dll, dllinitrun2 00 68Advertising spyware. Check here for more info on this particular one45http://www.safersite.com/PestInfo/Web3000.asp0
3 8rundll320 47Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings2 00 57Loads default settings for Leadtek Winfast graphics cards 01
320Winfast2KLoadDefault0 48Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings2 00 57Loads default settings for Leadtek Winfast graphics cards 01
313WinFast_Gamma0 48Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings2 00 72Loads if you change the gamma settings on Leadtek WinFast graphics cards 01
315WinFast_Taskbar0 49rundll32.exe wftask.dll, WFDllLoadDefaultSettings2 00 57Loads default settings for Leadtek WinFast graphics cards 01
2 9WinHacker0 29rundll32.exe wh95.dll, HackMe2 00102Tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free25http://www.winhacker.com/0
126Windows Security Assistant0 12rundll32.vbe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8stlbdist0 36rundll32exe stlbdist.DLL, DllRunMain2 00 43Hijacker pointing to www.searchandclick.com 01
110[not used]0 12rundll64.exe1 00 91Added by the Troj/Legmir-BD informations stealing Trojan for the online game Legend of Mir.58http://www.sophos.com/virusinfo/analyses/trojlegmirbd.html0
1 8rundll320 12rundll64.exe1 00 34Added by the TROJ_DELF.BKC Trojan.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDELF%2EBKC&VSect=T0
129Mircrosoft Windows Config DLL0 14rundllc32b.exe1 00  8Added by12W32/Rbot-ZY.0
115PowerManagement0 11Rundlll.exe1 00 27Added by the SURDUX TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.surdux.html0
124Microsoft Windows Update0 11rundlls.exe1 00 26Added by the HABRACK WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.habrack.html0
114Rundllsystem320 18Rundllsystem32.exe1 00 32Added by the  NETDEVIL.B TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.B0
111RUNDLLW.EXE0 11RUNDLLW.EXE1 00124Added by the W32/Dumaru.w Trojan! Acts as a keylogger and sends out the stolen information to a predetermined email address.43http://vil.nai.com/vil/content/v_100977.htm0
1 6Rundnm0 10Rundnm.exe1 00 28Added by the DELF-HA TROJAN!56http://www.sophos.com/virusinfo/analyses/trojdelfha.html0
123Microsoftf DDEs ContDLL0  8rune.pif1 00 31Added by the W32/Rbot-AGF worm.56http://www.sophos.com/virusinfo/analyses/w32rbotagf.html0
1 2fc0  9runfc.exe1 00 26Added by the CAMPURF WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.campurf@mm.html0
118Java Runtime Value0 11runjava.exe1 00 48Added by the W32/Rbot-DDJ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddj.html0
1 5chope0 12runlli32.exe1 00 27Added by the  Troj/QQPass-U57http://www.sophos.com/virusinfo/analyses/trojqqpassu.html0
1 6hkeyok0 12runlli32.exe1 00  057http://www.sophos.com/virusinfo/analyses/trojqqpassu.html0
1 8Rnudll320 12runlli32.exe1 00 34Added by the Troj/QQPass-U Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqpassu.html0
115[various names]0 13runload32.exe1 00 89TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here47http://www.easydesksoftware.com/news/news29.htm0
123Microsoftf DDEs ContrDL0  8runm.pif1 00127Added by the W32/Rbot-AFQ worm. When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafq.html0
110Open2Enter0  9runme.exe1 00 21Adult content dialler 01
110Open2Enter0 10runme2.exe1 00 21Adult content dialler 01
110runnidll320 14runnidll32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113oledb service0 14runoledb32.exe1 00 42Added by a variant of the  SPYRE.B TROJAN!56http://www.sophos.com/virusinfo/analyses/trojspyreb.html0
212mdac_runonce0 11runonce.exe1 00141Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".  01
3 7RunOnce0 11RUNONCE.EXE1 00 66Part of MS Data Access Components - only required if you use these 01
2 9Paperport0 12runppdrv.exe1 00128Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here97http://groups.google.com/groups?q=runppdrv.exe&hl=en&rnum=7&selm=6v04nv%24q3l%241%40supernews.com0
123Microsoftf DDos Contr0l0  8runs.pif1 00132Added by the W32/Rbot-AMH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamh.html0
2 7LicCrtl0 14runservice.exe1 00 68eLicense, licensing system incorporated with some software and games24http://www.elicense.com/0
3 7LicCtrl0 14runservice.exe1 00180Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program 01
415LicCtrl Service0 14runservice.exe1 00143Elicense is a common licensing tool used and installed by many programs.  It should only be disabled if it is known to be causing you problems.24http://www.elicense.com/0
119Srv32 spool service0 12runsrv32.exe1 00 93Topantispyware.com malware, recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b36http://www.kaspersky.com/personalpro0
111RunServices0 12runsvc32.exe1 00 28Added by the AGOBOT.QJ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.QJ0
3 9RunSysd320 13RunSysd32.exe1 00223DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within 01
1 5setup0 10runt32.exe1 00 34Added by the Troj/QQPass-K Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqpassk.html0
1 6setupa0 10runt32.exe1 00 35Added by the  TROJ/QQPASS-K TROJAN!57http://www.sophos.com/virusinfo/analyses/trojqqpassk.html0
1 8runwin320 12runwin32.exe1 00 30Added by the ESEARCH-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojesearcha.html0
3 7Rupsw320 11Rupsw32.exe1 00 35for Unix / Plus) operating systems. 01
1 3NAV0 12RuxDLL32.exe1 00 27Added by the MAPSON.D WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.mapson.d.worm.html0
1 6ofkxsi0 10ruzypk.exe111HKEY_LM\Run0 79TODO: <Product name> 0, 0, 7, 0, TODO: <Company name>. TODO: <File description>39http://www.absolutestartup.com/startup/1
114AdobeReaderPro0 12rvdjlefr.exe1 00 48Added by the W32/Rbot-CQZ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcqz.html0
0 8RVS CAPI0 12rvs_cent.exe1 00125A href="http://www.rvs.de/start.html"RVCS_CENT is used by certain Internet Providers in Germany for ISDN and DSL connections. 01
1 6updmgr0 12rvupdmgr.exe1 00 39Added by the Adware.Keenval redirector.58http://www.sarc.com/avcenter/venc/data/adware.keenval.html0
1 8rwdgrfmb0 12rwdgrfmb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 6RWipeD0 10rwiped.exe1 00 53scheduled tasks in R-Wipe&Clean then it does not run. 01
413RWipeKbdDemon0 10RWKbdD.exe1 00 21process does not run. 01
1 4Soar0  8Rwon.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
124Microsoft Update Machine0 10rxhost.exe1 00 26Added by the RBOT.FC WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.FC0
217RoxioAudioCentral0  9RxMon.exe1 00233Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly. 01
2 5RxMon0 11rxmon9x.exe1 00 25Dell Resolution Assistant 01
120microsoft update dll0 11rxxhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124microsoft update machine0 11rxxhost.exe1 00 27Added by the  RBOT.EP WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.EP0
210ntlfreedom0 22RyDial.dll, QuickStart2 00 50NTL Freedom ISP software - reportedly not required 01
1 6rypamc0 10rypamc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8SB13mini0 10RYZO32.EXE1 00133Added by the W32/Spybot-EJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotej.html0
1 7browser0 10s_menu.exe1 00 38Added by the  WIN32.TACTSLAY.C TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
1 3cpl0 10s_menu.exe1 00 38Added by the  WIN32.TACTSLAY.C TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
1 9StartMenu0 10s_menu.exe1 00 40Added by a variant of the DELF-A TROJAN! 01
1 5scain0 16s030109.Stub.exe1 00 98Adware downloader/installer,  Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530767750
3 8S24EvMon0 12S24EvMon.exe1 00 79Event Monitor - supports driver extensions to NIC Driver for wireless adapters. 01
3 7S3apphk0 11S3apphk.exe1 00 20S3 graphics related? 01
0 8S3Hotkey0 12s3hotkey.exe1 00 24S3 Video driver related. 01
3 8S3hotkey0 12S3hotkey.exe111HKEY_LM\Run0 64S3 Graphics, Inc. S3Hotkey  1.0.0.5, S3 Graphics, Inc.. S3Hotkey39http://www.absolutestartup.com/startup/1
3 5S3Mon0  9S3Mon.exe1 00 53S3DuoVue multi-monitor taskbar helper by S3 Graphics. 01
116S3 Internal Chip0 10s3serv.exe1 00 28Added by the AGOBOT-DD WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotdd.html0
2 6S3TRAY0 10S3Tray.exe1 00135S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start- Settings - Control Panel - Display 01
0 7s3tray20 11s3tray2.exe1 00 39Same as the s3tray entry in this table? 01
3 7S3TRAY20 11S3tray2.exe111HKEY_LM\Run0 63S3 Graphics Utilities 1.00.18-0214, S3 Graphics, Inc.. s3contrl39http://www.absolutestartup.com/startup/1
0 8S3TRAYHP0 12S3trayhp.exe1 00 24S3 Video driver related. 01
116My Search Bar Eq0 11S4BAREQ.EXE1 00 21MySearch bar parasite41http://doxdesk.com/parasite/MySearch.html0
3 3S4F0  7S4F.exe1 00 31S4F internet filtering software43http://www.s4f.com/home/filterpak/index.asp0
1 8s4helper0 12s4helper.exe1 00 22Searchcentrix hijacker54http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp0
216Spellex Anywhere0  6sa.exe1 00140Spellex-Anywhere - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used51http://www.spellex.com/Spellex-Anywhere/default.htm0
3 9StayAlive0  6sa.exe1 00161StayAlive from TFI Technology.&nbsp;&quot;This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work.&quot;43http://www.tfi-technology.com/stayalive.htm0
1 2sm0 10sa_exe.exe1 00 91Added by the  OLFEB.A TROJAN!  This infection allows spam to be sent through your computer.62http://www.symantec.com/avcenter/venc/data/trojan.olfeb.a.html0
3 2SA0  7Sa3.exe1 00 25Logitech QuickCam driver. 01
2 7Sa3dsrv0 11Sa3dsrv.exe1 00 303D sound extension for Windows 01
428Aureal A3D Interactive Audio0 11sa3dsrv.exe1 00 80For Aureal based 3D soundcards. A3D sound features won't work with this disabled 01
1 4saap0  8saap.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
211Sabreserver0 11SABSERV.EXE1 00 71Airline reservation software from Sabre. Available via Start - Programs 01
1 3sac0  7sac.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 4SACC0  8sacc.exe1 00 40Added by the Adware.SurfAccuracy adware.63http://www.sarc.com/avcenter/venc/data/adware.surfaccuracy.html0
112surfaccuracy0  8sacc.exe1 00 19SurfAccuracy adware67http://www.symantec.com/avcenter/venc/data/adware.surfaccuracy.html0
1 8Mmsystem0 15Sachiel.sys.bat1 00 32Added by the W32/Sachiel-D worm.57http://www.sophos.com/virusinfo/analyses/w32sachield.html0
114onluna sarvice0 11sachost.exe1 00 36Added by the  TROJ/TOFGER-AA TROJAN!58http://www.sophos.com/virusinfo/analyses/trojtofgeraa.html0
114Onlune Sarvice0 11sachost.exe1 00 35Added by the Troj/Multidr-E Trojan.59http://www.sophos.com/virusinfo/analyses/trojmultidreb.html0
1 7HostSrv0 12sachostx.exe1 00 47Added by the Troj/Multidr-EP downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojmultidrep.html0
314SuperAdBlocker0 12SAdBlock.exe1 00 14SuperAdBlocker26http://superadblocker.com/0
215Mobile User VPN0 11SafeCfg.exe122StartUp menu\All users0 47SafeNet VPN Client , SafeNet. Secure VPN Client39http://www.absolutestartup.com/startup/1
316netscreen-remote0 11SafeCfg.exe1 00 36NetScreen_Remote VPN Client Software49http://www.nscreensales.com/products/nsremote.php0
215SafeInstall.exe0 12SAFEIN~1.EXE1 00 89Monitors a download and ensures an newer version of a file isn't replaced by an older one 01
2 7SafeOFF0 11SafeOff.exe1 00108Provides protection that if user accidentally presses the power switch a dialog will pop up for confirmation 01
110SafeSearch0 14safesearch.exe1 00 27AutoSearch parasite variant47http://www.doxdesk.com/parasite/AutoSearch.html0
1 7Unshare0 13SafeShare.exe1 00105P2P Program typically installed with adware or spyware.  Typically found in C:\Program Files\safe-share\. 01
1 4Safe0 11SafeWin.exe1 00 30Added by the FOCOSENHA TROJAN!65http://www.symantec.com/avcenter/venc/data/pwsteal.focosenha.html0
114MSNPluginSrvcs0 10sagate.exe1 00 42.AKJ&VSect=P" target=_blankSDBOT.AKJ WORM! 01
124Sagate Security Firewall0 10sagate.exe1 00 29Added by the GAOBOT.BOW WORM!62http://www.symantec.com/avcenter/venc/data/w32.gaobot.bow.html0
311SystemAgent0  8Sage.exe1 00180Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times 01
113Laptop Access0  8Sage.exe1 00134Added by the W32/Sdbot-NB worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnb.html0
313sagentservice0 10Sagent.exe1 00 74Added by  TinySpyAgent **Note this application must be manually installed.81http://securityresponse.symantec.com/avcenter/venc/data/spyware.tinyspyagent.html0
313sagentservice0 17Sagent.exe -start2 00 74Added by  TinySpyAgent **Note this application must be manually installed.81http://securityresponse.symantec.com/avcenter/venc/data/spyware.tinyspyagent.html0
214SAgent2ExePath0 11SAgent2.exe1 00 70Seiko Epson printer status agent. Disable if printer is not used often 01
1 5sagnt0  9sagnt.exe1 00 21Adware web downloader 01
4 9PrevxHome0  9SAGUI.exe1 00 40PrevX Home intrusion prevention software21http://www.prevx.com/0
4 8PrevxPro0  9SAGUI.exe1 00 55Pro version of PrevX Home intrusion prevention software21http://www.prevx.com/0
1 8SAHagent0 12Sahagent.exe1 00 25ShopAtHomeSelect parasite 7#FF00000
319SaitekAutoConfigure0 12saicnfig.exe1 00 41Configuration for Saitek game controllers22http://www.saitek.com/0
1 4saie0  8saie.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
3 6SAIMON0 10SaiMon.exe1 00 22Saitek joystick driver22http://www.saitek.com/0
1 4sain0  8sain.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
3 4sais0  8sais.exe111HKEY_LM\Run0 67Search Assistant 5, 15, 0, 15, 180solutions, Inc.. Search Assistant39http://www.absolutestartup.com/startup/1
1 4sais0  8sais.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
3 8SaiSmart0 12SaiSmart.exe1 00138Smart Button Special Sauce - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button.48- included with the latest software for <a href=0
310salamander0 12salamand.exe125StartUp menu\Current user0 64Servant Salamander 2.0, . File Manager for Windows NT/95/98/200039http://www.absolutestartup.com/startup/1
1 4salm0  8salm.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
3 3SAM0  7SAM.exe125StartUp menu\Current user0 72SAM 1, 0, 4, 0, Alex Rosenbaum. SAM - Answering Machine for Skype® users39http://www.absolutestartup.com/startup/1
3 6SAMcal0 10SAMcal.exe1 00 34SamCal - calendar/reminder program50http://home.houston.rr.com/samware/samcal_body.htm0
120DirectX shell driver0 11sammp32.exe1 00 36Added by the Troj/MarktMan-B Trojan.59http://www.sophos.com/virusinfo/analyses/trojmarktmanb.html0
126Mapa de caracteres para NT0 13sampaerio.exe1 00 53Added by the Troj/Bancos-PV password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancospv.html0
123syelimS-esreveR-troppuS0 10sample.exe1 00 44Added by the Troj/Lootbot-B backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojlootbotb.html0
128Security Accounts Manager SM0  9samsm.exe1 00 28Added by the SPYBOT.JE WORM!84http://nl.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SPYBOT.JE0
1 7samsong0 11Samsong.exe1 00 29Added by the  SDBOT.BNE WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BNE&VSect=P0
1 8sam-sung0 12Sam-sung.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 7Samsung0 12Samsungs.exe1 00 32Added by an  IRC_TROJAN variant!71http://securityresponse.symantec.com/avcenter/venc/data/irc.trojan.html0
124Security Account Manager0 10SAMSvc.exe1 00 50Added by the W32/Tilebot-DL worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdl.html0
115FireWire Driver0  8samx.exe1 00 27Added by the SDBOT.AE WORM!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ae.html0
410[not used]0 19SandboxieHelper.dll1 00 46Installed by the Sandboxie  security software.25http://www.sandboxie.com/0
2 8SandIcon0 12SandIcon.exe1 00394SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources 01
127System Applications Profile0  7sap.exe1 00 26Added by the RBOT-QF WORM!58http://www.sophos.com.au/virusinfo/analyses/w32rbotqf.html0
1 4sapp0  8sapp.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
115[Various Names]0 10SAPSTR.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
010SA Service0 13SAservice.exe1 00138Associated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. 01
113Syntax Script0 12saskatcw.exe1 00 12Added by the38W32/Sdbot-TE WORM/IRC backdoor trojan!0
1 3usb0  8SASS.EXE1 00 34Added by the Troj/Funsta-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojfunstaa.html0
1 8scandisc0  9satan.exe1 00 38Added by the GregStar backdoor TROJAN! 01
3 8SATARaid0 12SATARaid.exe1 00141RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives 01
1 6satdll0 10satdll.dll1 00 57Added by the Troj/Haxdoor-AS information stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdooras.html0
1 6satmat0 10satmat.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 6satmat0 10satmat.exe111HKEY_LM\Run0 570, 1, 1, 3, Better Internet Inc.. www.abetterinternet.com39http://www.absolutestartup.com/startup/1
1 6satmmc0 10satmmc.dll1 00 84Added by the Troj/Haxdoor-BT Trojan. This infection utilizes the rootkit vxvgfv.sys.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbt.html0
1 3sau0  7sau.exe1 00 37Added by the Adware.180Search adware.60http://www.sarc.com/avcenter/venc/data/adware.180search.html0
1 4saud0  8saud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318ATTBroadbandUpdate0 12SAUpdate.exe1 00 59Big Brother from Quest Software. System and network monitor15http://bb4.com/0
3 8SAUpdate0 12SAUpdate.exe1 00 59Big Brother from Quest Software. System and network monitor15http://bb4.com/0
314SAutoLaunchExe0 18SAutoLaunchExe.exe1 00 88Sharp Zaurus PDA related,  needed to synchronize information with a Desktop or Notebook. 01
4 8SAVAgent0 12SAVAgent.exe1 00181Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users 01
1 4Save0  8Save.exe1 00 48Rebranded version of SaveNow advertising spyware 01
1 9WhenUSave0  8Save.exe1 00 48Rebranded version of SaveNow advertising spyware 01
1 9WhenUSave0  8Save.exe111HKEY_LM\Run0 40Save! 2, 6, 4, 7, WhenU.com, Inc.. Save!39http://www.absolutestartup.com/startup/1
1 7Savenow0 11savenow.exe1 00 28Added by the SPREDA.B VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.spreda.b.html0
1 7Savenow0 11SaveNow.exe1 00 84Advertising spyware. Installed as part of the Kazaa Media Desktop bundle for example43http://www.kazaa.com/en/privacy/bundles.htm0
1 8SaveDate0 17SaveStartDate.Exe1 00 19Unidentified adware 01
4 7SAVScan0 11SAVScan.exe1 00 99This process is part of the real-time scanning engine for Norton Antivirus and associated products. 01
125Microsoft Security Center0 15savservices.exe1 00142Added by the W32/Rbot-ANU worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanu.html0
1 3saw0  7saw.exe1 00 86Added by the Adware.SmartAdware adware.  This software delivers popups advertisements.62http://www.sarc.com/avcenter/venc/data/adware.smartadware.html0
1 6SaYaNz0 10sayanx.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
316Say The Time 5.00 11SAYTIME.EXE1 00172This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly 01
3 2SB0  6SB.exe1 00 35Acer Soft Button on Acer Tablet PCs 01
312SBAutoUpdate0 16sbautoupdate.exe1 00 27SpywareBlaster auto-updater51http://www.javacoolsoftware.com/spywareblaster.html0
1 8svchosts0 11sbchost.exe1 00 48Added by the W32/Rbot-DCM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdcm.html0
111sbchosy.bat0 11sbchosy.bat1 00 45Added by the Troj/GrayBir-AA backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybiraa.html0
3 8SBDrvDet0  9SBDrv.exe1 00156Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one 01
2 8sbdrvdet0 12sbdrvdet.exe1 00 61Checks to see if Creative sound card driver should be updated 01
2 8SBDrvDet0 15SBDrvDet.exe /r2 00 84Creative Sound Blaster Drive Detector 1.0.0.0, Creative Technology Ltd. SBDrvDet.exe 01
4 8SBDrvDet0 15SBDrvDet.exe /r211HKEY_LM\Run0 84Creative Sound Blaster Drive Detector 1.0.0.0, Creative Technology Ltd. SBDrvDet.exe39http://www.absolutestartup.com/startup/1
1 4SBHC0  8sbhc.exe1 00 45SuperBar parasite - uninstall available  here45http://www.doxdesk.com/parasite/SuperBar.html0
115[Various Names]0  8sbin.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
132spam blocker for outlook express0 10SBInst.exe1 00 14HotBar related62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530754740
136Windows System Restore Configuration0 11Sblhost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 6sbmpop0 10SBMPop.exe1 00 20SearchByMedia adware 01
2 4SBMX0  8sbmx.exe1 00 79SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only) 01
138{89aef01d-d237-49c7-84dc-4e1904c1fd31}0 10sbnudh.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{89aef01d-d237-49c7-84dc-4e1904c1fd31}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
111spamblocker0 13SbOEAddOn.exe1 00 60Related to  Hotbar's Weather Forecast tool for your desktop.53http://sarc.com/avcenter/venc/data/adware.hotbar.html0
414ScriptBlocking0 10SBServ.exe1 00354Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information31http://www.symantec.com/search/0
210Eapcisetup0 11sbsetup.exe1 00 71Rockwell RipTide soundcard application software. Sound works without it 01
113sbss Launcher0  8sbss.exe1 00 71Added by the Adware.SideBySide search hijacker to sidebysidesearch.com.61http://www.sarc.com/avcenter/venc/data/adware.sidebyside.html0
111SB Watchdog0 14SBWatchdog.exe1 00199Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank. See  here for more information51http://trek.thesteveco.com/slashnot.cgi?article=3290
113weatherontray0 19SbWeatherOnTray.exe1 00 60Related to  Hotbar's Weather Forecast tool for your desktop.53http://sarc.com/avcenter/venc/data/adware.hotbar.html0
3 2sc0  6sc.exe1 00 42Watchdog 2.0 Software - monitoring program56http://www.rhombustechnologies.com/watchdog_software.htm0
232Adobe Acrobat Speed Launcher.lnk0 14SC_Acrobat.exe1 00171Added by Adobe Acrobat Reader Standard 7.0, and possibly other versions.  This program preloads certain aspects of the program so that it will launch quicker as necessary. 01
328Adobe Acrobat Speed Launcher0 14SC_Acrobat.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
0 8sc23exec0 12sc23exec.exe1 00 36Possibly related to a digital camera 01
4 8SC3300CC0 12SC3300CC.exe1 00 40SiPix digital camera Twain device driver 01
121WINDOWS SYSTEM SCALPE0 12scalpe91.exe1 00 44Added by the W32/Mytob-HI mass-mailing worm.56http://www.sophos.com/virusinfo/analyses/w32mytobhi.html0
1 8Driver320 10Scam32.exe1 00 26Added by the  SIRCAM WORM!66http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html0
1 6Win32G0 12Scandisk.com1 00 28Added by the ESTRELLA TROJAN73http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html0
111MS Scandisk0 12Scandisk.exe1 00 39Added by the Backdoor.AntiLam backdoor.77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.antilam.html0
1 8ScanDisk0 12ScanDisk.exe1 00103Added by the GANDA.A WORM! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker62http://www.symantec.com/avcenter/venc/data/w32.ganda.a@mm.html0
112scands32.exe0 12scands32.exe1 00 43Added by a variant of the Adclicker TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html0
1 8Scandsk20 12scandsk2.exe1 00135Added by the W32/Agobot-PK trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotpk.html0
115ScanSpyware v *0 11Scanner.exe1 00130Spyware remover (where * = the version number) of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
018hpScannerFirstBoot0 13scannerfb.exe1 00 18HP scanner related 01
318hpScannerFirstBoot0 13scannerfb.exe111HKEY_LM\Run0 62Preload Application 1, 0, 0, 2, Hewlett-Packard Co.. ScannerFB39http://www.absolutestartup.com/startup/1
1 7Reg_WFT0 13scanreg32.com1 00 36Added by the Troj/SennaSpy-F trojan.59http://www.sophos.com/virusinfo/analyses/trojsennaspyf.html0
1 8scanregg0 12scanregg.exe1 00 39Added by the Troj/ScKeylog-A keylogger.59http://www.sophos.com/virusinfo/analyses/trojsckeyloga.html0
112ScanRegistry0 12scanregv.exe1 00176Added by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe42http://vil.nai.com/vil/content/v_98023.htm0
112ScanRegistry0 12Scanregw.exe1 00308Added by the STATOR WORM! Not to be confused with the legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%System (where %windir% is the Windows directory - C:\Windows or C:\Winnt). Runs from the registry RunServices key as opposed to the Run key74http://securityresponse.symantec.com/avcenter/venc/data/w32.stator@mm.html0
412ScanRegistry0 21scanregw.exe /autorun2 00  0 01
115[Various Names]0 11scanSYS.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
115Windows Service0 12Scanvegw.exe1 00125Added by the Backdoor.Delf  backdoor.  This infection will attempt to protect itself by terminating known antivirus programs.57http://www.sarc.com/avcenter/venc/data/backdoor.delf.html0
1 5scApp0  9scApp.exe1 00 31Added by the W32/Stando-E worm.56http://www.sophos.com/virusinfo/analyses/w32standoe.html0
117Smart Card Client0 13SCardClnt.exe1 00 29Added as a new service by the65W32/Codbot-K WORM/IRC backdoor, using SCardClnt as a servicename.0
211TwkSCardSrv0 12SCardS32.Exe1 00 57Used with Towitoko SmartCard Readers for card recognition 01
2 8SCardSvr0 12scardsvr.exe1 00 72Related to SmartCard readers and sometimes uses lots of system resources 01
218Smart Card Service0 12ScardSvr.exe1 00155For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see here. Probably not required unless you use such a device regularly90http://support.microsoft.com/support/kb/articles/Q293/5/07.ASP?LN=EN-GB&amp;SD=gn&amp;FR=00
110NavAgent320 14SCardSvr32.Exe1 00 26Added by the MOFEI.B WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B0
1 8SCardSvr0 14SCardSvr32.Exe1 00 26Added by the MOFEI.B WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOFEI.B0
117SearchEnhancement0  9scbar.exe1 00 18IE search hijacker 01
236Compaq Computer Corp SCCenter Module0 12SCCENTER.EXE1 00 32For Compaq PC's. Part of Backweb 01
236Compaq Computer Corp SCCenter Module0 12SCCENTER.EXE1 00 32For Compaq PC's. Part of Backweb 01
218Service Connection0 12sccenter.exe1 00  0 01
112Alive SYstem0 11scchost.exe1 00 43Added by the Troj/Tofdrop-B dropper Trojan.58http://www.sophos.com/virusinfo/analyses/trojtofdropb.html0
113Services Host0 11Scchost.exe1 00 23Added by the DONK WORM!61http://www.symantec.com/avcenter/venc/data/w32.hllw.donk.html0
1 7Systems0 11scchost.exe1 00 29Added by the DAEMOZ.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A0
112alive system0 12scchostc.exe1 00 28Added by the  Troj/Tofdrop-B58http://www.sophos.com/virusinfo/analyses/trojtofdropb.html0
124microsoft windows update0 12sccvhost.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
313scdemuapp.exe0 13SCDEmuApp.exe1 00 72Related to PowerISO  Computing Inc. A CD/DVD image file processing tool.24http://www.poweriso.com/0
117MS Windows Update0 11scguard.exe1 00 37Added by a variant of the  RBOT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotyz.html0
326IE 3.0 RegSvr schannel.dll0 12schannel.dll115HKEY_LM\RunOnce0101System operacyjny Microsoft® Windows® 5.1.2600.0, Microsoft Corporation. Serwer rejestru Microsoft(C)39http://www.absolutestartup.com/startup/1
1 6scheck0 12scheck**.exe1 00 66Added as a result of the KETCH VIRUS! where ** represents a number75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ketch.html0
1 8scheck450 12scheck45.exe1 00 64Related to unknown Malware - hidden installer associated with it 01
326Acronis Scheduler2 Service0 12schedhlp.exe1 00254Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images42http://www.acronis.com/products/trueimage/0
311WTIndicator0 12SchedInd.exe1 00 79WinTask - software that automates a variety of routine tasks quickly and simply23http://www.wintask.com/0
121Task Scheduler Engine0 14schedsvc32.exe1 00145Added by the W32/Rbot-ASJ worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotasj.html0
1 9scheduler0 12schedul3.exe1 00132Added by the W32/Rbot-AVX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavx.html0
212scheduleTest0 12Schedule.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221Scheduled Maintenance0 25Scheduled_Maintenance.exe1 00161Scheduler for Iolo System Mechanic tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start - Programs19http://www.iolo.com0
3 9Scheduler0 20Scheduler daemon.exe2 00 55GhostSurf 3.00, Tenebril Incorporated. Scheduler daemon 01
3 9scheduler0 20Scheduler daemon.exe2 00120Tenebril GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleanings.33http://www.tenebril.com/consumer/0
321MRU-Blaster Scheduler0 13scheduler.exe1 00 90MRU-Blaster scheduler - detects and cleans MRU (most recently used) lists on your computer46http://www.wilderssecurity.com/mrublaster.html0
116Scheduling Agent0 13Scheduler.exe1 00109Added by the SUBWOOFER TROJAN! Note - this is not the real MS Scheduling agent as the executable is incorrect79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.subwoofer.html0
117Service Scheduler0 13scheduler.exe1 00 37Added by the W32/Agobot-OA infection.57http://www.sophos.com/virusinfo/analyses/w32agobotoa.html0
318NovastorSchedulerd0 11SCHENGD.EXE1 00113NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it 01
3 8Schmaili0 12Schmaili.exe1 00 51Schmaili - insert animated smilies into your e-mail33http://www.schmaili.com/index.htm0
310schoolpop00 14Schoolpop0.exe1 00 24Schoolpop Shopping Buddy49http://independent-school.org/Schoolpopbuddy.html0
210WinManager0 10schost.exe1 00  2?? 01
120Generic Host Process0 10SCHOST.EXE1 00 26Added by the RBOT-NC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnc.html0
114Update Install0 10Schost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
411avschedscan0 11SCHSC9X.EXE1 00 25Command antivirus related47http://www.authentium.com/products/avmatrix.htm0
219Home Theater SchSvr0 10SchSvr.exe1 00195WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start - Programs25http://www.intervideo.com0
223Intervideo WinScheduler0 10SchSvr.exe1 00193WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -&gt; Programs25http://www.intervideo.com0
213WinDVR SchSvr0 10SchSvr.exe1 00 74InterVideo(R) WinDVR 3.0.88.4, InterVideo Inc.. InterVideo Schedule Server 01
213WinDVR SchSvr0 10SchSvr.exe1 00189WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start - Programs25http://www.intervideo.com0
327InterVideo Scheduler server0 10SchSvr.exe122StartUp menu\All users0 74InterVideo(R) WinDVR 3.0.88.0, InterVideo Inc.. InterVideo Schedule Server39http://www.absolutestartup.com/startup/1
123microsoft update 64 bit0 11schvost.exe1 00 28Added by the  RBOT.CAU WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CAU&VSect=P0
415CSScheduleCheck0 12SCHWIZEX.EXE1 00264Part of  ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot47http://www.imaginelan.com/configsafe/index.html0
4 8SCHWIZEX0 12SCHWIZEX.EXE1 00264Part of  ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot47http://www.imaginelan.com/configsafe/index.html0
1 7taskmrg0 11schwoch.exe1 00 53Added as result of a  Troj/LDPinch-Y trojan infection58http://www.sophos.com/virusinfo/analyses/trojldpinchy.html0
218SecureCleanIEClean0 13SCIEClean.exe1 00113SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches62http://www.accessdata.com/Product05_Overview.htm?ProductNum=050
216sos sql database0  7scm.exe1 00 66SQL Server Service Control Manager. Available via Start - Programs 01
210SQL Server0  7scm.exe1 00 66SQL Server Service Control Manager. Available via Start - Programs 01
234stardust screen saver control 20030 10SCMain.exe1 00 56Related to  Stardust_Software  Screen Saver Control 200332http://www.stardustsoftware.com/0
310SurfChoice0  9SCMan.exe1 00242SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa 01
1 9ScManager0  9scman.exe1 00 28Added by the FORBOT-CW WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcw.html0
325chipdrivesmartcardmanager0  9SCMgr.exe1 00 28ChipDrive Smartcard software44http://www.chipdrive.de/cgi-bin/edcstore.cgi0
1 7Spore.b0 11Scmhlpr.vbs1 00 26Added by the SPORE.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.b@mm.html0
321Smart Connect Monitor0  9SCMon.exe1 00270Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio 01
116windows services0  9scmsg.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
114Security Patch0  9scmss.exe1 00 12Added by the37W32/Rbot-ZW WORM/IRC backdoor Trojan.0
1 6scnbcp0 10scnbcp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 9scanpanel0 12ScnPanel.exe1 00 35Trust  Easy_Webscan scanner related54http://www.trust.com/products/product.aspx?artnr=129190
1 8scopedll0 12scopedll.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 9MCX Updte0 10scorti.exe1 00139Added by a variant of the Rbot worm.  This infection will connect to a remote IRC server and wait for commands to execute on your computer. 01
314StartupCop Pro0  7scp.exe125StartUp menu\Current user0 54StartupCop Pro 1, 0, 0, 1, PC Magazine. StartupCop Pro39http://www.absolutestartup.com/startup/1
1 3Scr0  7scr.scr1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 9W32.Scran0  9Scran.exe1 00 24Added by the NARCS WORM!57http://www.symantec.com/avcenter/venc/data/w32.narcs.html0
2 8ScrapPad0 12Scrappad.exe1 00141ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper38http://www.jackcreations.com/scrappad/0
1 6scrbmk0 10scrbmk.exe1 00 47Added by the Troj/Dloader-VP downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloadervp.html0
315Screen Calendar0 10scrcal.exe1 00106Screen Calendar allows you to create custom desktop wallpapers with built in active calendar and scheduler30http://www.screencalendar.com/0
315Screen Calendar0 13scrcal.exe -m2 00  0 01
133Microsoft Synchronization Manager0 10screen.exe1 00133Added by the W32/Sdbot-ACO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaco.html0
2 6cursor0 27Screendragon_VS_Taskbar.exe1 00 25ScreenDragon video player28http://www.screendragon.com/0
213ScreenPrint320 17ScreenPrint32.exe1 00 64ScreenPrint32 screen capture software - can be launched manually52http://www.provtech.co.uk/software/screenprint32.asp0
213ScreenPrint320 26ScreenPrint32.exe -startup2 00 65ScreenPrint32 - v3.5 3.50.0515, Provtech Limited. Main Executable 01
210dm_service0 21ScreenSaver.v.2.1.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
222secureclean4regmanager0 17scregmanager4.exe1 00116WhiteCanyon  SecureClean_4 disk cleaner - clean hard drive data, MRUs, temp files and more.  Can be started manually59http://www.whitecanyon.com/secureclean-clean-hard-drive.php0
117Microsoft Restore0 10scrgrd.exe1 00 28Added by the SPYBOT.BR WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.BR0
124Microsoft Windows Update0 11scrhost.exe1 00133Added by the W32/Rbot-AOW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaow.html0
119WindowSystemMonitor0 11scrhost.exe1 00 50Added by the W32/Tilebot-DV worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdv.html0
110PAX SYSTEM0 10scrigz.exe1 00 51Added by the W32.Mytob.KM@mm worm and IRC backdoor.76http://www.sarc.com/avcenter/venc/data/w32.mytob.km@mm.html#technicaldetails0
110RAX SYSTEM0 10scrigz.exe1 00133Added by the W32/Mytob-ER worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytober.html0
332BritneySpearsScreensaverWInstall0 17ScrInstall.exe /i211HKEY_LM\Run0 63ScrInstall Application 1, 0, 0, 1, . ScrInstall MFC Application39http://www.absolutestartup.com/startup/1
0 6script0 10script.bat1 00 44Maybe associated with DOS on a Win9x machine 01
412ScriptSentry0 16Scriptsentry.exe1 00204Script Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly46http://www.jasons-toolbox.com/scriptsentry.asp0
1 7Crnsava0 12scrnsave.pif1 00133Added by the W32/Sdbot-ZV worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzv.html0
112Screen Saver0 13scrnsaver.scr1 00132Added by the W32/Rbot-AGP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagp.html0
110Crnsavsund0 12scrnsund.pif1 00 49Added by the W32/Sdbot-AJQ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotajq.html0
221SCROLL-IN-MOUSE V2.120 10Scroll.exe122StartUp menu\All users0 36AYScroll 2, 0, 0, 1, A. C.. AYScroll39http://www.absolutestartup.com/startup/1
320Scroll-In-Mouse V2.00 10SCROLL.EXE1 00 95Toolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special features37http://www.qtronix.com/Lynx3dnet.html0
115MS Screen Saver0 11scrsave.scr1 00132Added by the W32/Rbot-AGT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagt.html0
1 4Gray0  6Scrsss1 00 45Added by the Troj/GrayBrd-AM backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdam.html0
1 6scrsvc0 10scrsvc.exe1 00 40Added by the Troj/Agent-DS proxy trojan.57http://www.sophos.com/virusinfo/analyses/trojagentds.html0
1 6ScrSvr0 10ScrSvr.exe1 00 26Added by the OPASERV WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html0
118system csrss patch0 11scrtkfg.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 2sc0 11scrubxp.exe1 00 83ScrubXP - utility that deletes safe to remove files, cookies, browsing history, etc44http://www.bartdart.com/modules/mydownloads/0
2 6screxe0 13scruser2k.exe1 00  2?? 01
319Smart Connect Setup0 11SCSetup.exe1 00270Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio 01
4 4Scsi0  8Scsi.exe1 00 20SCSI Miniport driver 01
1 5scsrs0  9scsrs.exe1 00131Added by the W32/Rbot-VF worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotvf.html0
1 9SCService0  9SCSrv.dll1 00 71Added by the Troj/Agent-BRK backdoor Trojan with rootkit functionality.58http://www.sophos.com/virusinfo/analyses/trojagentbrk.html0
312SecondChance0 10sctray.exe1 00136Power Quest Second Chance. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash61http://www.pcug-colorado.org/newsletter/pcoc0200/2ndchanc.htm0
216secureclean4tray0 11sctray4.exe1 00116WhiteCanyon  SecureClean_4 disk cleaner - clean hard drive data, MRUs, temp files and more.  Can be started manually59http://www.whitecanyon.com/secureclean-clean-hard-drive.php0
3 8OmniPass0 12scureapp.exe1 00 63OmniPass from Softex Inc. - secure password management software25http://www.softexinc.com/0
117Nortons AV SYSTEM0 12scvchost.exe1 00 34Added by a Rbot variant infection.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7SCVHOST0  7SCVHOST1 00 88Added by the Troj/Feutel-D TROJAN as a new service using the same name as a displayname.57http://www.sophos.com/virusinfo/analyses/trojfeuteld.html0
3 7scvhost0 11scvhost.exe1 00112Added by the Spyware.Wiretap surveillance software.  Uninstall this software if you did not install it yourself.59http://www.sarc.com/avcenter/venc/data/spyware.wiretap.html0
113Config Loader0 11scvhost.exe1 00 42Added by the GAOBOT.AE or GAOBOT.AO WORMS!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ae.html0
120Configuration Loader0 11scvhost.exe1 00 33Added by the W32/Agobot-AAE worm.58http://www.sophos.com/virusinfo/analyses/w32agobotaae.html0
142Local Security Authority Subsystem Service0 11scvhost.exe1 00 50Added by the W32/Tilebot-CU worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcu.html0
123macromedia flash update0 11scvhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
129microsoft scvhost for windows0 11scvhost.exe1 00134Added by the W32/Randex-S worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexs.html0
116Microsoft Update0 11scvhost.exe1 00133Added by the W32/Rbot-AEM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaem.html0
124Microsoft Update Machine0 11scvhost.exe1 00 26Added by the RBOT-GS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgs.html0
124Microsoft Update Manager0 11scvhost.exe1 00146Added by the W32/Agobot-TV worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.57http://www.sophos.com/virusinfo/analyses/w32agobottv.html0
124microsoft windows updata0 11scvhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
117Personal Computer0 11scvhost.exe1 00132Added by the W32/Rbot-AJE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaje.html0
1 7SCVHOST0 11SCVHOST.EXE1 00  8Added by14W32/Agobot-RK.0
111scvhost.exe0 11scvhost.exe1 00 28Added by the LOHAV-N TROJAN!56http://www.sophos.com/virusinfo/analyses/trojlohavn.html0
115Security Center0 11scvhost.exe1 00111W32/Rbot-TG is a network worm with IRC backdoor functionality. File is located in the Windows system directory.55http://www.sophos.com/virusinfo/analyses/w32rbottg.html0
118SunJavaUpdateSched0 11scvhost.exe1 00 12Added by the39W32/Sdbot-AVX WORM/IRC backdoor Trojan!0
117Windows Firewalll0 11scvhost.exe1 00232Added by the W32/Rbot-EK trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection also attempts to terminate various processes including other infections.55http://www.sophos.com/virusinfo/analyses/w32rbotek.html0
120Windows Service Host0 11scvhost.exe1 00 28Added by the SDBOT.N TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.n.html0
114Windows Update0 11scvhost.exe1 00 12Added by the18W32/Sdbot-XT WORM.0
110Winmgr.exe0 11scvhost.exe1 00 67me=WORM_AGOBOT.AFG"  rel="nofollow" target="_blank"AGOBOT.AFG WORM! 01
1 7WINTASK0 11scvhost.exe1 00 76Added by the W32/Mytob-I mass-mailing worm with IRC backdoor functionality..55http://www.sophos.com/virusinfo/analyses/w32mytobi.html0
135Generic Host Process2 System Backup0 12scvhost2.exe1 00 48Added by the W32/Rbot-BAH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbah.html0
127Microsoft LSASS386 Protocol0 13scvhost32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
128Microsoft SCVHOST32 Protocol0 13scvhost32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
138Generic Host Process326a System Backup0 15scvhost326a.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
337Generic Host Process32c System Backup0 15scvhost32cd.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7starter0 14scvhosting.exe1 00 29Added by the IRCBOT.E TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.e.html0
1 7Starter0 14scvhosting.exe1 00 27Added by the SDBOT.RU WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.RU0
1 7starter0 15scvhostingg.exe1 00134Added by the W32/Forbot-FB worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfb.html0
221Windows Print Spooler0 12SCVHOSTS.EXE1 00 64Suspicious due to the similarity to the valid "svchost.exe" file 01
1 7spoolsv0 12scvhosts.exe1 00 29Added by the SMALL-AW TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallaw.html0
123Microsoft Office Studio0 11scvhvst.exe1 00 85Added by the W32/Sdbot-VQ WORM/Backdoor!  File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvq.html0
124Microsoft Windows Update0 12scvvhost.exe1 00 28Added by the FORBOT-DH WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdh.html0
1 2SD0  6SD.exe1 00 62Added by the WORM_MYTOB.PU mass-mailing worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EPU&VSect=T0
1 8sd32info0 12sd32info.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
3 7SDaemon0 11sdaemon.exe1 00361PC Security from Tropical Software. 'PC Security™ 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security offers flexible and complete password protection, &quot;Drag and Drop&quot; support, plus many other handy features' 01
1 6vccacA0 10sdaxzl.exe1 00130Added by the W32/Sdbot-RP worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrp.html0
322Iomega iStorage Backup0 15sdbackup.exe /s222StartUp menu\All users0 36SDBackup 2.03.0023, SwapDrive, Inc..39http://www.absolutestartup.com/startup/1
115Direct settings0 11sdchost.exe1 00 30Added by the DAEMONI-I TROJAN!58http://www.sophos.com/virusinfo/analyses/trojdaemonii.html0
216Scanner Detector0 11SDetect.exe1 00307ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the &quot;GO&quot; button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the &quot;GO&quot; button 01
2 7SDetect0 11SDetect.exe1 00287ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button 01
1 5sdigr0  9sdigr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112SDIN Adapter0  8sdin.exe1 00 28Added by the FORBOT-AP WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotap.html0
115Winsock2 driver0 11SDJOIJE.EXE1 00 30Added by the SPYBOT.DR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dr.html0
116Winsock32 driver0 11Sdjoije.exe1 00 27Added by the SPYBOT.B WORM!56http://www.sophos.com/virusinfo/analyses/w32spybotb.html0
111sdkupdate220 13SDK0mCORE.exe1 00132Added by the W32/Forbot-DT network worm.  When started this infections connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32forbotdt.html0
126SDKcore Update Components20 11SDKC0R3.exe1 00 12Added by the38W32/Rbot-ABA WORM/IRC backdoor trojan!0
118SDK Core Component0 11SDKC0RE.exe1 00 32Added by the  W32/SDBOT-WC WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotwc.html0
1 6SDKz0r0 16SDKc55rezzz2.exe1 00136Added by the W32/Sdbot-UN worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotun.html0
118SDK Core Component0 11sdkcore.exe1 00 51Added by the W32/Sdbot-WC WORM/IRC backdoor Trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwc.html0
120SDK Codre Function220 20sdkimddprovment2.exe1 00121Added by the W32/Sdbot-YJ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyj.html0
117sdk core function0 17sdkimprovment.exe1 00 28Added by the  RBOT.BHL WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHL&VSect=P0
118sdk core function20 18sdkimprovment2.exe1 00 34Added by the  W32.SPYBOT.OGX WORM!62http://www.symantec.com/avcenter/venc/data/w32.spybot.ogx.html0
124mascro soft sdk updates20 14SDKrepair2.exe1 00 44Added by a variant of the  W32/SDBOT.W WORM!43http://vil.nai.com/vil/content/v_127104.htm0
118Microsoft sdk temp0 11sdktemp.exe1 00132Added by the W32/Rbot-ANP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanp.html0
1 7sdktemp0 11SDKTEMP.EXE1 00122Added by the W32/Tilebot-A worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32tilebota.html0
1 5KeSDM0 10Sdmapi.sys1 00153Added by the HaxDoor.B rootkit/backdoor Trojan.  This service is installed as a system driver and is part of the rootkit functionality of this infection.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.b.html0
3 9monitorsd0 13SDMonitor.exe1 00 20Max Spyware Detector 01
214SDPhotoBar.exe0 14SDPhotoBar.exe1 00141SmartDraw Photo - "organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics"36http://www.ttp.co.uk/abtsdphoto.html0
112genserv path0 10sdqdqg.exe1 00130Added by the W32/Sdbot-RF worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrf.html0
1 5sdrss0  9sdrss.exe1 00 27Added by the SDBOT-SQ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotsq.html0
1 4sads0  8sdsa.exe1 00108Added by the W32/Rbot-PA worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotpa.html0
217FlashPath Monitor0 10SDSTAT.EXE1 00184System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start - Programs 01
216FlashPath Status0 10SDSTAT.EXE1 00184System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start - Programs 01
115Windows Updater0  9sdsys.exe1 00133Added by the W32/Forbot-JG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotjg.html0
112systemtraysd0 16SDSystemTray.exe1 00178Max Spyware Detector,   bogus "Spyware remover"  - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"15Spyware remover0
3 6sdtray0 10sdtray.exe1 00203RSA Keon  Web_PassPort - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signed.43http://www.rsasecurity.com/node.asp?id=12300
114Windows Update0 11sdvhost.exe1 00 61W32/Agobot-AEU is a network worm with backdoor functionality.58http://www.sophos.com/virusinfo/analyses/w32agobotaeu.html0
320pc dynamics sdwmon320 12sdwmon32.exe1 00149SafeHouse "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted.38http://www.pcdynamics.com/SafeHousePP/0
319safehousesystemtray0 11SDWTRAY.EXE1 00171SafeHouse "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted.38http://www.pcdynamics.com/SafeHousePP/0
1 8sdxsys320 12sdxsys32.exe1 00 53Added by the Troj/Brogger-A password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbroggera.html0
1 2sp0 17se.dll,DllInstall1 00115Added by the Troj/StartPa-FJ  TROJAN and might also install another start-page Trojan with the filename "fpid.dll".59http://www.sophos.com/virusinfo/analyses/trojstartpafj.html0
1 2sp0 17SE.DLL,DllInstall1 00147Start Page Hijacker.  More information can be at this site.  For help removing this infection please post a HijackThis log in our HijackThis forum.59http://www.sophos.com/virusinfo/analyses/trojadclickai.html0
1 2sp0 17SE.DLL,DllInstall1 00147Start Page Hijacker.  More information can be at this site.  For help removing this infection please post a HijackThis log in our HijackThis forum.59http://www.sophos.com/virusinfo/analyses/trojadclickai.html0
1 2sp0 17se.dll,DllInstall111HKEY_LM\Run0114Added by the Troj/StartPa-FJ TROJAN and might also install another start-page Trojan with the filename "fpid.dll".53http://www.bleepingcomputer.com/startups/sp-7869.html0
110Search-Exe0  6SE.exe1 00 19Search-Exe hijacker51http://www.pestpatrol.com/PestInfo/s/search-exe.asp0
113[random name]0 12se?vices.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
3 7sealmon0 11sealmon.exe1 00172SealedMedia enables you to combine document protection and control with your existing applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email48http://www.sealedmedia.com/solutions/default.asp0
210MoveSearch0 10Search.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111WhenUSearch0 10Search.exe1 00 18WhenUSearch adware68http://www.kephyr.com/spywarescanner/library/whenusearch/index.phtml0
1 6mswspl0 17searchbarcash.exe1 00 20SearchBarCash adware 01
1 9searchnav0 13searchnav.exe1 00 44SearchNav adware - IEFeatures/Popnav variant 01
116SearchNavVersion0 20searchnavversion.exe1 00 44SearchNav adware - IEFeatures/Popnav variant 01
1 3SSL0 18SearchNDestrou.exe1 00 80Added by the W32/Sdbot-WG WORM/IRC backdoor Trojan to the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotwg.html0
112SearchSetter0 19searchsetter[1].exe1 00 53Browser hijacker - redirecting to FindWhateverNow.com 01
114SearchSquire330 18SearchUpdate33.exe1 00 21SearchSquire parasite49http://www.doxdesk.com/parasite/SearchSquire.html0
114SearchUpgrader0 18SearchUpgrader.exe1 00  8Hijacker 01
1 4run=0 11sec5dec.exe1 00 25Added by the ATAK.G WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.g@mm.html0
316second copy 20000 11SecCopy.exe1 00 81Related to Second_Copy®, http://www.centered.com/ A files/Folders Backup Utility. 01
316Second Copy 20000 11SecCopy.exe111HKEY_CU\Run0 56Second Copy 2000 6.2, Centered Systems. Second Copy 200039http://www.absolutestartup.com/startup/1
116*security center0 10secctr.exe1 00 29Added by the  SDBOT.BRO WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BRO&VSect=P0
1 6Secret0 10Secret.exe1 00101Added by the Troj/Delf-LW Trojan.  This infection will attempt to delete every file on your computer.56http://www.sophos.com/virusinfo/analyses/trojdelflw.html0
311secretmaker0 15secretmaker.exe1 00209SECRETMAKER is a combonation of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage Cleaner.27http://www.secretmaker.com/0
311SECRETMAKER0 22secretmaker.exe /Logon2 00 59All-in-One SECRETMAKER 4, 2, 0, 0, Secretmaker. Secretmaker 01
111secserv.exe0 11secserv.exe1 00161Reported by Panda as an EasySearch Adware variant. Note: EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer. 01
1 8secsrvrc0 12secsrvrc.exe1 00 39Added by the Troj/SCKeyLog-G keylogger.59http://www.sophos.com/virusinfo/analyses/trojsckeylogg.html0
116Network Security0 10secsvc.exe1 00133Added by the W32/Rbot-ALX  worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalx.html0
120system event manager0 10secsvc.exe1 00 28Added by the  RBOT.BMY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BMY&VSect=T0
1 8secsvc320 12secsvcnt.exe1 00 35Added by the  Global_Patrol TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530767160
3 6Secsys0 10Secsys.exe1 00155Key Interceptor - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it35http://www.ultrasoft.ro/page_ky.htm0
114Yahoo Patcher!0 14sectoriate.exe1 00 91Added by the W32.Haytap@mm mass-mailing worm that sends itself to Yahoo messenger contacts.74http://www.sarc.com/avcenter/venc/data/w32.haytap@mm.html#technicaldetails0
123Windows Security Update0 10secupd.exe1 00 12Added by the110Troj/Sepuc0
123Windows Security Update0 11secupd.exe.1 00 12Added by the110Troj/Sepuc0
114security agent0 11securag.exe1 00 28Added by the  Troj/Bancban-F58http://www.sophos.com/virusinfo/analyses/trojbancbanf.html0
1 6secure0 10secure.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
1 6secure0 10secure.exe111HKEY_LM\Run0 59Redirect Application 1, 0, 0, 1, . Redirect MFC Application39http://www.absolutestartup.com/startup/1
1 3Bat0 11secure2.bat1 00 28Added by the ZCREW.C TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.c.html0
138Network Configuration Security Manager0 12secure32.exe1 00 49Added by the W32/Sdbot-AVZ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotavz.html0
119Winsecure Antivirus0 19SecureAntivirus.exe1 00107Added by a Spybot worm variant. Attempts to connect to the IRC server bckup7.rioxx.ms to wait for commands. 01
311SecureItPro0 19Secureitpro470p.exe1 00108SecureIt Pro - lock your computer when you're not there, to stop malicious users from accessing your desktop62http://homepages.ihug.com.au/~ipex/secureitpro/secureitpro.htm0
125&lt;random characters&gt;0 20securewinload32x.exe1 00133Added by the Troj/OptixP-N worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/trojoptixpn.html0
215Security iGuard0 19Security iGuard.exe2 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
111Disk Keeper0 12SECURITY.EXE1 00 45Added by the Troj/Daoser-A trojan downloader.57http://www.sophos.com/virusinfo/analyses/trojdaosera.html0
125Microsoft Security Update0 14security32.exe1 00 78Added by the Troj/Delf-JJ Trojan!  File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
222aluria security center0 18SecurityCenter.exe1 00176Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see  here and  here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
138Microsoft Secure Messenger.NET Service0 15securitychk.exe1 00 27Added by the SDBOT.VT WORM!88http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_SDBOT.VT0
316Security Manager0 19SecurityManager.exe1 00200A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private 01
4 8SECWIZ980 12SECWIZ98.EXE1 00147Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available here59http://www.zdnet.com/downloads/stories/info/0,,000T5S,.html0
1 5CLSID0  7sed.exe1 00 21Adult content dialler 01
1 6SESync0  7sed.exe1 00 34Downloadware/SED adware downloader45http://doxdesk.com/parasite/DownloadWare.html0
1 7gqvqevs0 12seeffkme.exe1 00132Added by the W32/Sdbot-QDworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotqd.html0
1 6seekmo0 10seekmo.exe1 00 62Seekmo Search,  a_180Solutions adware variant - also see  here80http://securityresponse.symantec.com/avcenter/venc/data/adware.180solutions.html0
2 5seeve0  9seeve.exe111HKEY_LM\Run0 21pop64 6.04, Network1.39http://www.absolutestartup.com/startup/1
1 5seeve0  9seeve.exe1 00 81A media-motors.net adware variant.  Will cause popups to appear on your computer. 01
1 6Selene0 10Selene.exe1 00 37Added by the Trojan.Eneles infection!74http://www.sarc.com/avcenter/venc/data/trojan.eneles.html#technicaldetails0
223FriendlyWebQuick-Launch0 12SELFCERT.EXE1 00272selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well 01
1 4seli0  8seli.exe1 00 36Added by the Troj/LowZone-AS Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzoneas.html0
110[not used]0 19sembako-cfzjkmg.exe1 00 32Added by the W32/Brontok-M worm.57http://www.sophos.com/virusinfo/analyses/w32brontokm.html0
110[not used]0 19sembako-cfzjmmg.exe1 00 32Added by the W32/Brontok-N worm.57http://www.sophos.com/virusinfo/analyses/w32brontokn.html0
323talk&surf 6.0 - Monitor0 11semon21.exe122StartUp menu\All users0 38talk&surf 6.0 600.25.0576, Siemens AG.39http://www.absolutestartup.com/startup/1
114Bron-Spizaetus0 13sempalong.exe1 00 32Added by the W32/Brontok-E worm.57http://www.sophos.com/virusinfo/analyses/w32brontoke.html0
3 4SeMS0  8SeMS.exe1 00103p align=leftPCsms - tool that enables you to send sms text messages from your PC to any UK mobile phone21http://www.pcsms.net/0
1 2QQ0 12sendmess.exe1 00 26Added by the SEMES TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.semes.html0
3 7Sensiva0 11Sensiva.exe1 00289Symbol Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly39http://www.sensiva.com/symbolcommander/0
3 7Sensiva0 11Sensiva.exe111HKEY_CU\Run0 62Sensiva Pro 1, 0, 7, 0, Sensiva, Inc.. Sensiva Pro for Windows39http://www.absolutestartup.com/startup/1
1 6SENTRY0 10SENTRY.exe1 00273From IP Insight. Allows website owners &quot;to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website&quot;. Will be detected by most firewalls and the majority of home users should disable it&nbsp;36http://www.ipinsight.com/default.asp0
3 9RNBOStart0 12sentstrt.exe1 00317Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools 01
124Sepate Security Firewall0 10sepate.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6avnort0  9serbw.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5ltwob0  9serbw.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5serpe0  9serbw.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
113Window Server0 12Sererver.exe1 00169Added by the Troj/Feutel-BB backdoor Trojan. This infection also creates the files C:\Windows\Sererver.DLL, C:\Windows\SererverKey.DLL, and C:\Windows\Sererver_HOOk.DLL.58http://www.sophos.com/virusinfo/analyses/trojfeutelbb.html0
2 6SerExt0 16SerExt.exe /plug211HKEY_LM\Run0 63SerExt Application 600.25.0.576, Siemens AG. SerExt Application39http://www.absolutestartup.com/startup/1
1 7Serials0 11serials.exe1 00 41Any one of a variety of worms and trojans 01
1 7Anthrax0 11serious.exe1 00 43Added by the W32/Mirsa-B mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32mirsab.html0
1 5Ebola0 11serious.exe1 00 43Added by the W32/Mirsa-B mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32mirsab.html0
1 3F4J0 11serious.exe1 00 43Added by the W32/Mirsa-B mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32mirsab.html0
1 7Fathers0 11serious.exe1 00  055http://www.sophos.com/virusinfo/analyses/w32mirsab.html0
1 4Four0 11serious.exe1 00 43Added by the W32/Mirsa-B mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32mirsab.html0
1 7Justice0 11serious.exe1 00  055http://www.sophos.com/virusinfo/analyses/w32mirsab.html0
120Microsoft WinUpdates0 10serm32.exe1 00 26Added by the RBOT.GE WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GE&VSect=T0
1 4sern0 12Sernet32.exe1 00175Added by the Troj/Bancos-CV password-stealing trojan.  If you were infected with this trojan you should immediately change all your passwords for your online banking programs.58http://www.sophos.com/virusinfo/analyses/trojbancoscv.html0
120Networok Derve H1ots0  9serop.exe1 00 44Added by the Troj/GrayBrd-I backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojgraybrdi.html0
412serrdctl.exe0 12serrdctl.exe1 00174&quot;Shared Modem Service Client Event Viewer&quot; - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems 01
126Microsoft Windows Services0 12Sersices.exe1 00134Added by the W32/Sdbot-NO worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotno.html0
120Configuration Loader0 10seru32.exe1 00 76Added by the 32/Forbot-EL WORM!  File is found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvr.html0
123generic service process0 12serv1ces.exe1 00 33Added by the  W32/Agobot-JK WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotjk.html0
115Service Manager0 16serv3manager.exe1 00133Added by the W32/Sdbot-AGO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotago.html0
114WINDOWS SYSTEM0 10servce.exe1 00132Added by the W32/Mytob-EI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobei.html0
124Microsoft Windows Update0 10servcs.exe1 00 77Backdoor.Sdbot.A  backdoor Infection!  Found in the Windows system directory.78http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.al.html#technicaldetails0
3 4Key20  9serve.exe1 00  2?? 01
112NDIS Adapter0 13servenxpp.exe1 00170The W32/Forbot-GP WORM/Backdoor Trojan adds this, also creating a new service. The service is named "NDIS TCP Layer Transport Device", it's displayname is "NDIS Adapter".57http://www.sophos.com/virusinfo/analyses/w32forbotgp.html0
131NDIS TCP Layer Transport Device0 13servenxpp.exe1 00 97The service is added by the W32/Forbot-GP WORM using this file, it's displayname is NDIS Adapter.57http://www.sophos.com/virusinfo/analyses/w32forbotgp.html0
1 6Win32R0 10Server.com1 00 29Added by the ESTRELLA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html0
334Ashampoo Mail Virus Blocker Server0 10Server.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 8easyServ0 10Server.exe1 00 29Added by the EASYSERV TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.easyserv.html0
1 8pcServer0 10server.exe1 00 14Ssppyy spyware75http://securityresponse.symantec.com/avcenter/venc/data/spyware.ssppyy.html0
113Pigeon_Server0 10server.exe1 00137Added by the Troj/Feutel-AQ backdoor Trojan.  This infection also creates the files c:\windows\server.dll and c:\windows\server_HOOk.DLL.58http://www.sophos.com/virusinfo/analyses/trojfeutelaq.html0
1 8Registry0 10Server.exe1 00 44Added by the Troj/Small-ALO backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojsmallalo.html0
1 7RunProg0 10Server.exe1 00 31Added by the OPTIX.04.A TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIX.04.A0
1 6server0 10server.exe1 00 27Added by the DELTAD.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A0
110Server 2.00 10Server.exe1 00 45Added by the Troj/GrayBrd-AN backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdan.html0
110SERVER.EXE0 10SERVER.EXE1 00 45Added by the BUSHTRO122 or SMOKODOOR TROJANS!60http://www.sophos.com/virusinfo/analyses/trojbushtro122.html0
110SERVER.EXE0 10SERVER.EXE1 00 45Added by the BUSHTRO122 or SMOKODOOR TROJANS!60http://www.sophos.com/virusinfo/analyses/trojbushtro122.html0
1 8startkey0 10server.exe1 00 35Added by the Troj/Bifrose-B Trojan.58http://www.sophos.com/virusinfo/analyses/trojbifroseb.html0
129VMWare Authorization Servicec0 10Server.exe1 00102Added by the Backdoor.Graybird.O backdoor Trojan.  This infection also drops the file  %System%8g.DLL.80http://www.sarc.com/avcenter/venc/data/backdoor.graybird.o.html#technicaldetails0
120Windows Media Player0 10Server.exe1 00 44Added by the Troj/Feutel-AE backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelae.html0
121Windows Updata Server0 10server.exe1 00 42Added by the Backdoor.Graybird.N backdoor.80http://www.sarc.com/avcenter/venc/data/backdoor.graybird.n.html#technicaldetails0
1 7WinProt0 10server.exe1 00 31Added by the CHUPACABRA TROJAN!40http://www.hackfix.org/miscfix/cha.shtml0
1 6server0 17server.EXE /nomsg2 00  0 01
1 8serverex0 14Server.txt.vbs1 00 27Added by the DELTAD.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A0
1 9winserver0 14Server.txt.vbs1 00 27Added by the DELTAD.A WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELTAD.A0
115ZtgServerSwitch0 10server.vbs1 00172ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware 01
115Server Backbone0 12server05.exe1 00 30Added by the W32/Rbot-ZM worm.55http://www.sophos.com/virusinfo/analyses/w32rbotzm.html0
1 9Server2.00 13Server2.0.exe1 00 44Added by the Troj/Feutel-AY trojan Backdoor.58http://www.sophos.com/virusinfo/analyses/trojfeutelay.html0
114WindowsAPI.DLL0 11Server5.exe1 00 36Added by the "Fear and Hope" TROJAN!54http://www.pestpatrol.com/pestinfo/f/fear_and_hope.asp0
311LyraControl0 17ServerControl.exe111HKEY_LM\Run0 66ShowCenter 1.2.0.1, Pinnacle Systems. Pinnacle Server Control Tool39http://www.absolutestartup.com/startup/1
111run windows0 10servic.bat1 00 31Added by the  REBOOT-AP TROJAN!43http://vil.nai.com/vil/content/v_135822.htm0
119Microsoft Update 320 10servic.exe1 00132Added by the W32/Rbot-AXN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxn.html0
130Sygate Personal Firewall Start0 10servic.exe1 00 26Added by the RBOT-RY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotry.html0
115WINDOWS SYSTEMn0 13servicces.exe1 00133Added by the W32/Mytob-EL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobel.html0
3 7Service0 11service.exe1 00 30Added by the ALADINZ.H TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.h.html0
114AdobeReaderPro0 11service.exe1 00 48Added by the W32/Rbot-BCA worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbca.html0
1 6Config0 11service.exe1 00 26Added by the ISRAZ.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.israz.b@mm.html0
120Configuration Loader0 11Service.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 8MSN BETA0 11SERVICE.EXE1 00 75Added by the W32/Rbot-WZ WORM/backdoor Trojan to the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwz.html0
1 5Myapp0 11service.exe1 00 17Homepage hijacker 01
1 8r_server0 11SERVICE.EXE1 00142Added by the Troj/Multidr-CP TROJAN! A new service is set also, with the displayname of Remote Administrator Service and servicename r_server.59http://www.sophos.com/virusinfo/analyses/trojmultidrcp.html0
119Registry Value Name0 11service.exe1 00133Added by the W32/Rbot-AHT worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaht.html0
128Remote Administrator Service0 11SERVICE.EXE1 00 79A service displayname set by the Troj/Multidr-CP with a servicename of reg_run.59http://www.sophos.com/virusinfo/analyses/trojmultidrcp.html0
1 7Service0 11service.exe1 00 30Added by the ALADINZ.H TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.h.html0
111Service App0 11Service.exe1 00138Added by the Trojan.Boetac backdoor Trojan.  This Trojan should not be confused with the legitimate file c:\Windows\System32\services.exe.74http://www.sarc.com/avcenter/venc/data/trojan.boetac.html#technicaldetails0
115service manager0 11service.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
115Service Process0 11service.exe1 00 43Added by the Troj/Dcmbot-C backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojdcmbotc.html0
111Service.exe0 11Service.exe1 00 36servedby.advertising popup generator 01
110Servicemng0 11service.exe1 00 54The path to windows may be different on your computer. 01
124Sygate Personal Firewall0 11service.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9SYS_CLEAN0 11Service.exe1 00 27Added by the FLOPCOPY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.flopcopy.html0
1 9SYS_CLEAN0 11Service.exe1 00 27Added by the FLOPCOPY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.flopcopy.html0
1 8systrans0 11service.exe1 00 45Added by the Troj/StartPa-GZ backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpagz.html0
119Win32 USB2.0 Driver0 11service.exe1 00 27Added by the SDBOT-QF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqf.html0
119Windows Screensaver0 11Service.exe1 00 32Added by the  W32.KELVIR.P WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.p.html0
123Windows Service Manager0 11service.exe1 00131Added by the Troj/Bckdr-IAQ backdoor Trojan. This should not be confused with the legitimate file C:\Windows\System32\services.exe.58http://www.sophos.com/virusinfo/analyses/trojbckdriaq.html0
116Windows Services0 11service.exe1 00 27Added by the RANDEX.R WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.r.html0
115Windows_Serivce0 11SERVICE.exe1 00 29Added by the WOOTBOT.AH WORM!92http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AH0
114WindowsService0 11service.exe1 00 32Added by the W32/Tilebot-K worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotk.html0
1 7Service0 11Service.pif1 00 38Added by the W32/Assiral-C email worm.57http://www.sophos.com/virusinfo/analyses/w32assiralc.html0
115kernel services0 13service32.exe1 00 32Added by the  TROJ/PRX-B TROJAN!54http://www.sophos.com/virusinfo/analyses/trojprxb.html0
1 9service320 13service32.exe1 00 33Added by the  W32/AGOBOT-ST WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotst.html0
120Configuration Loader0 12service5.exe1 00 28Added by the GAOBOT.AF WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.af.html0
118MS Security Hotfix0 12service5.exe1 00 28Added by the GAOBOT.AG WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ag.html0
1 8WinLsass0 12servicec.exe1 00 24Added by the SCANE WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.scane.html0
114serviceconnect0 18serviceconnect.exe1 00 30Added by the  AGOBOT.AIR WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AIR&VSect=P0
412ServiceLayer0 16ServiceLayer.exe1 00129Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly 01
110USB Device0 14servicelog.exe1 00 29Added by the WOOTBOT.CB WORM!81http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.CB0
114wind logd file0 15servicelogd.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
226Windows XP Service Monitor0 12servicem.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
115Service Manager0 14SERVICEMGR.EXE1 00 33Added by the W32/PassMail-D worm.58http://www.sophos.com/virusinfo/analyses/w32passmaild.html0
126Microsoft Servicez Manager0 15servicemgrz.exe1 00133Added by the  W32/Rbot-ASN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasn.html0
114System Service0 13servicent.exe1 00132Added by the W32/Rbot-AJI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotajv.html0
115[Various Names]0 18Serviceprocess.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
310SysService0 12SERVICES.EXE1 00179Added by the Spyware.NSKeyLogger keylogger. This program  has the ability to log keystrokes and capture screenshots. bUninstall if you did not intentionally install this program/b80http://securityresponse.symantec.com/avcenter/venc/data/spyware.nskeylogger.html0
3 5WSVCS0 12SERVICES.EXE1 00131Added by the Spyware.WALogge surveillance program.  If you did not install this program on your computer then it should be removed.60http://www.sarc.com/avcenter/venc/data/spyware.walogger.html0
1 5.Prog0 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
111_SystemBoot0 12services.exe1 00101your email address. Sober.Q infects those machines with the Sober.P infection via an upgrade feature. 01
112_SystemCheck0 12services.exe1 00 12Added by the17W32/Sober-M WORM!0
1 9_WinCheck0 12services.exe1 00142Added by the WORM_SOBER.AD mass-mailing worm. Note: This should not be confused with the legitimate services.exe in the Windows system folder.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSOBER%2EAD&VSect=T0
1 8_Windows0 12services.exe1 00 46Added by the W32.Sober.X@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.sober.x@mm.html#technicaldetails0
1 8_WinINet0 12services.exe1 00 38c:\WINDOWS\ConnectionStatus\socket.dli 01
1 9_winstart0 12services.exe1 00306Added by the  W32.SOBER.O WORM! - Note - this file is placed in a "%Windir%\Connection Wizard\Status folder,  and should NOT be confused with the legitimate Windows  services.exe process,   located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/w32.sober.o@mm.html0
138{357AA41A-B7A8-4632-A27D-5B980B25CF43}0 12services.exe1 00 84Added by the Adware.Clickbank  adware.  File is found in %windir%\system32\inetsrv\.60http://www.sarc.com/avcenter/venc/data/adware.clickbank.html0
121AdRotator.Application0 12services.exe1 00  060http://www.sarc.com/avcenter/venc/data/adware.clickbank.html0
1 8BuildLab0 12services.exe1 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 6ccApps0 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 4Dual0 12services.exe1 00137Added by the Troj/Dloadr-SJ Trojan. This file should not be confused with the legitimate Microsoft file C:\Windows\System32\services.exe.58http://www.sophos.com/virusinfo/analyses/trojdloadrsj.html0
1 6Events0 12services.exe1 00 39Added by the Backdoor.EggHead backdoor.77http://www.sarc.com/avcenter/venc/data/backdoor.egghead.html#technicaldetails0
116FriendlyTypeName0 12services.exe1 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 5golum0 12services.exe1 00334Added by the GOLUM.A TROJAN! - Note - this services.exe file is placed in a Winnt\System32\Golum or Windows\System32\Golum subdirectory,  and should NOT be confused with the legitimate Windows  services.exe process,   located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!72http://www.liutilities.com/products/wintaskspro/processlibrary/services/0
1 6golumm0 12services.exe1 00132CoolWebSearch parasite variant. Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
128Microsoft Service Controller0 12services.exe1 00138Added by the W32.Kalel.B@mm mass-mailing worm.  bBe careful that you do not delete the legitimate file c:\windows\system32\services.exe./b75http://www.sarc.com/avcenter/venc/data/w32.kalel.b@mm.html#technicaldetails0
118Microsoft Services0 12services.exe1 00127Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.alets.html0
127Microsoft Visual SourceSafe0 12services.exe1 00182Added by the NEVEG.B or NEVEG.C WORMS!. Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup or the Microsoft Visual SourceSafe program75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
132Microsoft Windows Update Service0 12services.exe1 00 50Added by the W32/Tilebot-DJ worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdj.html0
1 8MSOffice0 12services.exe1 00185Browser hijacker. The file is placed in a newly created MSOffice folder in System32. Note - this is NOT the legitimate services.exe process, which should NOT figure in Msconfig/Startup!72http://www.liutilities.com/products/wintaskspro/processlibrary/services/0
1 3Net0 12services.exe1 00 33Added by the Troj/Bravo-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojbravoc.html0
111NetBios Ext0 12services.exe1 00158Added by the W32.Mydoom.AB@mm worm. bNote:/b This should not be confused with the legitimate windows file, services.exe, found in the Windows System32 folder.94http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ab@mm.html#technicaldetails0
113NetBios Ext320 12services.exe1 00 35Added by the W32.Mydoom.AN@mm worm.94http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.an@mm.html#technicaldetails0
119Norton Auto-Protect0 12SERVICES.EXE1 00 31Added by the Anker e-mail WORM!45http://www.f-secure.com/v-descs/anker_a.shtml0
1 7NTSet320 12services.exe1 00 34Added by the Troj/WinSpy-C Trojan.57http://www.sophos.com/virusinfo/analyses/trojwinspyc.html0
1 7RegDone0 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 9RPCser32g0 12services.exe1 00 52Added by the W32/Ritdoor-C worm and backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/w32ritdoorc.html0
1 9RPCserv320 12SERVICES.EXE1 00 69Added by the MyDoom.AN WORM!  File is found in the Windows directory.47http://www.f-secure.com/v-descs/mydoom_an.shtml0
110RPCserv32g0 12services.exe1 00 44Added by the W32.Bobax.AA mass-mailing worm.73http://www.sarc.com/avcenter/venc/data/w32.bobax.aa.html#technicaldetails0
1 3run0 12services.exe1 00 91Added by the Adware.CWSConyc hijacker. Found in the %WINDIR%\inet10050\services.exe folder.59http://www.sarc.com/avcenter/venc/data/adware.cwsconyc.html0
1 7Service0 12services.exe1 00138Added by the NETSKY or NETSKY.B WORMS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.html0
1 8Services0 12services.exe1 00148Added by a number of VIRUSES, WORMS and TROJANS! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!72http://www.liutilities.com/products/wintaskspro/processlibrary/services/0
114Services Logon0 12services.exe1 00103Added by the W32.Crowt.A@mm infection. Found in C:\Documents and Settings\[user name]\Templates folder.75http://www.sarc.com/avcenter/venc/data/w32.crowt.a@mm.html#technicaldetails0
116Services Process0 12services.exe1 00 84Added by unidentified spyware - recognized by Kaspersky antivirus as Small.X TROJAN!36http://www.kaspersky.com/personalpro0
116Services Startup0 12services.exe1 00 79Added by the W32.Crowt.A@mm infection. Found in c:\program files\common files\.75http://www.sarc.com/avcenter/venc/data/w32.crowt.a@mm.html#technicaldetails0
112Services.EXE0 12services.exe1 00126Added by the KAZPING WORM! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!64http://www.symantec.com/avcenter/venc/data/w32.hllw.kazping.html0
118SuperBar.Component0 12services.exe1 00 95Added by the Adware.Clickbank  adware.  File is found in the %windir%\system32\inetsrv\ folder.60http://www.sarc.com/avcenter/venc/data/adware.clickbank.html0
1 7sysinit0 12services.exe1 00131Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojnewifrma.html0
110SysService0 12SERVICES.EXE1 00179Added by the Spyware.NSKeyLogger keylogger. This program  has the ability to log keystrokes and capture screenshots. bUninstall if you did not intentionally install this program/b80http://securityresponse.symantec.com/avcenter/venc/data/spyware.nskeylogger.html0
114System Update20 12services.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
110SystemBoot0 12services.exe1 00260Added by the Sober.Q mass-mailing worm.  This worm does not spread itself via email but rather sends out political messages in German or English depending on your email address.  Sober.Q infects those machines with the Sober.P infection via an upgrade feature.45http://www.f-secure.com/v-descs/sober_q.shtml0
1 8TEXTCONV0 12services.exe1 00139Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
114Torjan Program0 12services.exe1 00153Added by the W32.Autex.C shared folder/drive worm. This should not be confused with the legitimate Microsoft file located in the Windows %System% folder.72http://www.sarc.com/avcenter/venc/data/w32.autex.c.html#technicaldetails0
110upDpacketo0 12services.exe1 00  056http://www.sophos.com/virusinfo/analyses/w32nafbota.html0
1 8WinCheck0 12services.exe1 00  089http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSOBER%2EAD&VSect=T0
125Windows Logon Application0 12services.exe1 00 35Added by the Troj/Ciadoor-L trojan.58http://www.sophos.com/virusinfo/analyses/trojciadoorl.html0
115Windows Service0 12SERVICES.EXE1 00  045http://www.f-secure.com/v-descs/anker_a.shtml0
126Windows Service Controller0 12services.exe1 00157Added by the W32/Kalel-B mass-mailing worm and backdoor Trojan. bNote: This file should not be confused with the legitimate %WinDir%\System32\services.exe./b55http://www.sophos.com/virusinfo/analyses/w32kalelb.html0
1 7WinINet0 12services.exe1 00 42c:\WINDOWS\ConnectionStatus\socket.dlibr / 01
1 7winsrv30 12services.exe1 00252Added by the W32/Nafbot-A P2P worm.  This infection will also modify your hosts file so that you are unable to reach various antivirus vendor's web sites.  This infection should not be confused with the legitimate C:\Windows\system32\services.exe file.56http://www.sophos.com/virusinfo/analyses/w32nafbota.html0
1 8WinStart0 12services.exe1 00366Added by the W32/Sober.p@MM worm.  To remove this infection, reboot into safe mode and delete C:\WINDOWS\Connection Wizard\Status\services.exe.  Then reboot back to normal mode.  This will stop the infection but there will be leftover files behind that will not be causing harm.  Visit the link in this description for more information on what other files to delete.54http://vil.mcafeesecurity.com/vil/content/v_133409.htm0
1 7WMAudio0 12services.exe1 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html0
1 5WSVCS0 12SERVICES.EXE1 00131Added by the Spyware.WALogge surveillance program.  If you did not install this program on your computer then it should be removed.60http://www.sarc.com/avcenter/venc/data/spyware.walogger.html0
1 9xp_system0 12services.exe1 00 38Added by the Adware.CWSConyc hijacker.59http://www.sarc.com/avcenter/venc/data/adware.cwsconyc.html0
1 8Xpsystem0 12SERVICES.EXE1 00129Added by the DAEMOZ.A TROJAN! Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DAEMOZ.A0
115Windows Startup0 14services21.exe1 00 28Added by the AGOBOT-MX WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotmx.html0
122microsoft system debug0 14services32.exe1 00 28Added by the  RBOT.AKH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AKH&VSect=P0
116Service Sequence0 14services32.exe1 00133Added by the W32/Tilebot-C worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tilebotc.html0
110services320 14services32.exe1 00 47Added by the W32/Esbot-B worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32esbotb.html0
114services32.exe0 14services32.exe1 00133Added by the W32/Forbot-FN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfn.html0
130Sygate Personal Firewall Start0 14services32.exe1 00 26Added by the RBOT-MB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmb.html0
112system32.exe0 14services32.exe1 00 50Added by a variant of the BACKDOOR.IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
114wins update 320 14services32.exe1 00 27Added by the  W32/Forbot-FN57http://www.sophos.com/virusinfo/analyses/w32forbotfn.html0
1 8System330 14services33.exe1 00108Added by the W32/Rbot-VQ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotvq.html0
120Configuration Loader0 13Servicess.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 6usbdrv0 15servicetask.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
124Microsoft Update Machine0 12servicez.exe1 00 28Added by the  SPYBOT.BI WORM91http://se.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.BI0
114System Service0 12servicez.exe1 00133Added by the W32/Rbot-AOY worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaoy.html0
121ASP.NET State Service0 13servicos..exe1 00 46Added by the Troj/Dadobra-I downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojdadobrai.html0
1 7servics0 11servics.exe1 00 60Added by the Troj/Singu-J password stealing backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojsinguj.html0
1 6k3ym4n0 14servicsmjr.exe1 00108Added by the W32/Rbot-RW worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrw.html0
124Microsoft Update Machine0 11servicz.exe1 00 26Added by the RBOT-HU WORM!51http://sophos.com/virusinfo/analyses/w32rbothu.html0
118Windows ExplorerTM0 12servinfo.exe1 00109A service initiated by the W32/Forbot-EN,  with a display name of "Windows Server Information" on NT systems.57http://www.sophos.com/virusinfo/analyses/w32forboten.html0
118Windows ExplorerTM0 12servinfo.exe1 00109A service initiated by the W32/Forbot-EN,  with a display name of "Windows Server Information" on NT systems.57http://www.sophos.com/virusinfo/analyses/w32forboten.html0
126Windows Server Information0 12servinfo.exe1 00158Added by the W32/Forbot-EN WORM/IRC backdoor Trojan, which also starts a new service "Windows ExplorerTM" with a display name of "Windows Server Information".57http://www.sophos.com/virusinfo/analyses/w32forboten.html0
1 8servisec0 12servisec.exe1 00 29Added as a new service by the52Troj/Xrat-B TROJAN, using a displayname of the same.0
114WINDOWS SYSTEM0 12servises.exe1 00131Added by the W32/Zotob-I worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32zotobi.html0
124microsoft update machine0 10serviz.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7servlce0 11SERVlCE.EXE1 00 27Added by the  W32/Agobot-UB57http://www.sophos.com/virusinfo/analyses/w32agobotub.html0
1 7SVCHOST0 12SERVlCES.EXE1 00 42Added by the Troj/Delf-LF backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflf.html0
112blah service0 11servoxt.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
111Mirsft sdce0  9servs.exe1 00 53Added by a variant of the Rbot worm and IRC backdoor. 01
114[unknown name]0 13SERVSYS32.EXE1 00121Added by the W32/Sdbot-KQ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkq.html0
2 6Serv-U0 12serv-u32.exe1 00 10FTP server 01
013ServUTrayIcon0 13ServUTray.exe1 00 39System Tray icon for Serv-U FTP server. 01
114System Service0 10servza.exe1 00 48Added by the W32/Rbot-CRG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcrg.html0
1 6System0 10serwin.exe1 00 67Added by the Troj/LdPinch-BN password-stealing and backdoor trojan.59http://www.sophos.com/virusinfo/analyses/trojldpinchbn.html0
314session client0 10sescli.exe1 00 86SurfSpy keystroke logger/monitoring program - remove unless you installed it yourself!63http://www.symantec.com/avcenter/venc/data/spyware.surfspy.html0
317PPK Setup(Server)0 11SEServe.exe1 00286Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended" 01
111irc session0 14sessionmgr.exe1 00 28Added by the SDBOT-ACE WORM!57http://www.sophos.com/virusinfo/analyses/w32sdbotace.html0
316QWS3270 Sessions0 12sessions.exe1 00 42QWS3270 Secure terminal emulation software 01
115Session Manager0 12sessmngr.exe1 00 42Added by the Troj/Theef-F backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheeff.html0
411HPLJ Config0 13SetConfig.exe1 00 40Connects system to networked HP printer. 01
411HPLJ Config0 57SetConfig.exe -c Direct -p USB -pn "" -n 0 -l  -sl 1200002 00 77SetConfig Application 2, 0, 0, 0, Hewlett-Packard Inc.. SetConfig Application 01
012Update local0 12SetCPQLC.exe1 00 39Running on a Compaq desktop. Any ideas? 01
129Microsoft ActiveX Debugger NT0 14setdebugnt.exe1 00160Added by the Troj/Bancos- Trojan.  If you are infected with this infection you should immediately change all passwords to any online banking sites that you use.58http://www.sophos.com/virusinfo/analyses/trojbancosdo.html0
136Microsoft&laquo; ActiveX Debugger NT0 14setdebugnt.exe1 00 93Added by the Troj/Bancos-CZ Internet banking trojan.  This infection targets Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbancoscz.html0
130Microsoft« ActiveX Debugger NT0 14setdebugnt.exe1 00 93Added by the Troj/Bancos-CZ Internet banking trojan.  This infection targets Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbancoscz.html0
0 9setdefprt0 13setdefprt.exe1 00 29Related to a Brother printer? 01
3 8UniPrint0 19SetDfltSettings.exe1 00231Drivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or Citrix 01
312GammaHotKeys0 12setgamma.exe1 00191Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop37http://radeontweaker.sourceforge.net/0
221MediaFace Integration0 11Sethook.exe1 00131Fellowes Neato™ cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" 01
2 7SetHook0 11SetHook.exe1 00130Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar" 01
2 9SETI@home0 13SETI@home.exe1 00226SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data 01
210seticlient0 13SETI@home.exe1 00  0 01
210seticlient0 18SETI@home.exe -min2 00 61SETI@home 3.08, University of California, Berkeley. SETI@home 01
2 7SetIcon0 11SetIcon.exe1 00180Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog 01
2 7SetIcon0 11SetIcon.exe1 00180Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog 01
2 7SetIcon0 11Seticon.exe1 00114SMSC USB Custom Icons Application 1, 2, 0, 6, Standard Microsystems Corp.. Custom Icons Application For USB Drives 01
3 7Seticon0 11Seticon.exe111HKEY_LM\Run0115SMSC USB97C210 Custom Icons Application 1, 2, 0, 0, Standard Microsystems Corp.. USB97C210 Custom Icons Application39http://www.absolutestartup.com/startup/1
2 9SetiQueue0 12Setiqu~1.exe1 00 78Provides work unit buffering for Seti@Home clients - see here for more details39http://www.reneris.com/seti/default.asp0
2 7SetiSpy0 11SetiSpy.exe1 00192From the site - 'SETI Spy is a little program I wrote to "spy" on the progress and performance of the SETI@home client. I call it a "spy" because I tried to make it as unobtrusive as possible'36http://pages.tca.net/roelof/setispy/0
3 6SetKbd0 10SetKbd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
317Logitech SetPoint0 12SetPoint.exe1 00 84Logitech SetPoint 2.40.849, Logitech Inc.. Logitech SetPoint Event Manager (UNICODE) 01
317Logitech SetPoint0 12SetPoint.exe122StartUp menu\All users0 74Logitech SetPoint 2.31.546, Logitech Inc.. Logitech SetPoint Event Manager39http://www.absolutestartup.com/startup/1
1 8SetPoint0 12SetPoint.exe1 00134Added by the  W32/Rbot-BWI worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbwi.html0
311Set Printer0 14SetPrinter.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
310SetRefresh0 14SetRefresh.exe1 00 49Found on a Compaq PC. Video refresh rate utility? 01
017InstallNAIProduct0  9SETUP.EXE1 00235Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error? 01
010MM Install0  9setup.exe1 00 38Possibly Money Manager from Moneysoft? 7#FF00000
0 5Tango0  9Setup.exe1 00 32Tango Broadband access software. 01
215RjLyraInstaller0  9setup.exe1 00  2?? 01
2 7IPSetup0  9SETUP.EXE111HKEY_LM\Run0199InstallShield®                                               2.03                                                        , Installshield Software Corporation                          . Setup Launcher39http://www.absolutestartup.com/startup/1
213msiloadr_10640  9Setup.Exe115HKEY_LM\RunOnce0112Microsoft? Visual Studio .NET 7.00.9466, Microsoft Corporation. Microsoft (R) Visual Studio Windows °˛×°ŇýµĽłĚĐň39http://www.absolutestartup.com/startup/1
213msiloadr_11960  9Setup.Exe115HKEY_LM\RunOnce0112Microsoft? Visual Studio .NET 7.00.9466, Microsoft Corporation. Microsoft (R) Visual Studio Windows °˛×°ŇýµĽłĚĐň39http://www.absolutestartup.com/startup/1
213msiloadr_12200  9Setup.Exe115HKEY_LM\RunOnce0112Microsoft? Visual Studio .NET 7.00.9466, Microsoft Corporation. Microsoft (R) Visual Studio Windows °˛×°ŇýµĽłĚĐň39http://www.absolutestartup.com/startup/1
317InstallNAIProduct0  9SETUP.EXE1 00235Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error? 01
310MM Install0  9setup.exe1 00 38Possibly Money Manager from Moneysoft? 7#FF00000
3 5Tango0  9Setup.exe1 00 32Tango Broadband access software. 01
320Windows Accelerators0  9setup.exe1 00173KeySpy keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove22http://www.keyspy.net/0
310zzzhpsetup0  9setup.exe1 00  2?? 01
316zzzCamlnSuitelll0 15setup.exe 46***2 00  0 01
310PreloadApp0 12setup.exe -d211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5win320 12Setup_32.exe1 00 30Added by the EVILBOT.B TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evilbot.b.html0
110[not used]0 11setup32.exe1 00127Added by the W32/Rbot-AFJ worm. When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafj.html0
115[Various Names]0 15SetupExeDll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9MemConfig0 11SetupIE.com1 00 25Added by the TAPLAK WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html0
3 6setuzp0 10setuzp.exe1 00  2?? 01
1 5_Setv0  8Setv.com1 00 28Added by the W32.Besam worm.70http://www.sarc.com/avcenter/venc/data/w32.besam.html#technicaldetails0
114Windows secure0 12setver32.exe1 00 28Added by the SPYBOT.EP WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.EP0
1 6SetVrc0 10setvrc.exe1 00 26Added by the HUNTOCX WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.huntocx.html0
1 8sevghuot0 12sevghuot.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5sevry0  9sevry.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4hsim0 11sexgame.exe1 00 20Unidentified malware 01
1 6Sexnow0 10Sexnow.exe1 00 51Added by the Dial/Senow-B premium rate porn dialer.56http://www.sophos.com/virusinfo/analyses/dialsenowb.html0
1 4INF00 12SEXSPEED.EXE1 00 34Added by the Troj/Sexspeed trojan.58http://www.sophos.com/virusinfo/analyses/trojsexspeed.html0
124Sygate Personal Firewall0  8sexy.exe1 00153An Rbot WORM variant adds the file to download additional files, steal CD keys and become involved in DoS attacks via an IRC channel and remote attacker.55http://www.sophos.com/virusinfo/analyses/w32rbotxy.html0
1 7Sexy_sg0 11Sexy_sg.exe1 00 34Premium rate adult content dialler 01
111SystemTasks0 12sexypicz.exe1 00 21Adult content dialler 01
1 2sf0  6sf.exe1 00 35Added by the WIN32.FAVADD.O TROJAN! 01
1 2sm0 10sf_exe.exe1 00 29Added by the  OLFEB.A TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.olfeb.a.html0
317spamfighter agent0 11SFAgent.exe1 00 34SPAMfighter anti email spam filter27http://www.spamfighter.com/0
317SPAMfighter Agent0 27SFAgent.exe update delay 602 00 58SPAMfighter 1, 1, 6, 1, SPAMfighter ApS. SPAMfighter Agent 01
1 6Update0 11sfcnmdd.exe1 00 44Added by the Troj/PPdoor-AS backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojppdooras.html0
110[not used]0 11sfcrt20.exe1 00 44Added by the Troj/PPdoor-AP backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojppdoorap.html0
3 8PCShield0 12sfg_6453.dll111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5sfita0  9sfita.exe1 00 29Added by the FAVADD.O TROJAN! 01
1 6mssfos0  9sfool.exe1 00 28Added by the  W32.Randex.EUS75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.eus.html0
1 9sfool.exe0  9sfool.exe1 00 33Added by the W32.Randex.EUS worm.75http://www.sarc.com/avcenter/venc/data/w32.randex.eus.html#technicaldetails0
3 4sfpc0  8sfpc.exe1 00144Spy4PC is a spyware program that monitors user activity, logs keystrokes, and takes screenshots.  If you didn't install this yourself remove it.54http://sarc.com/avcenter/venc/data/spyware.spy4pc.html0
167Microsoft PC Health Remote Assistance File Open &amp; Save controls0 13sfrcdlg32.exe1 00132Added by the W32/Rbot-AVY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavy.html0
1 4sful0  8sful.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
314SfWinStartInfo0 20sfWinStartupInfo.exe1 00 43p align=leftSFIRM32 Online Banking software 01
313Startup Guard0  6sg.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8Sgecrypt0 12Sgecrypt.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
2 6sginst0 10sginst.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
312SpywareGuard0 10sgmain.exe1 00 88p align=left&quot;SpywareGuard provides a real-time protection solution against spyware"48http://www.wilderssecurity.net/spywareguard.html0
325Screen Guard Message Scan0  8sgms.exe1 00 51Part of Access Denied security and privacy software22http://www.johnru.com/0
3 9MSRegScan0  7SGP.exe1 00126Added by the Spyware.SpyGator surveillance program.  If you did not install this program, you should uninstall it immediately.60http://www.sarc.com/avcenter/venc/data/spyware.spygator.html0
313SyGateService0 12sgserv95.exe1 00203SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start - Programs22http://www.sygate.com/0
3 6SGTBox0 10SGTBox.exe1 00 21Canon scanner driver. 01
3 6sgtray0 10sgtray.exe1 00329StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups83http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard0
312StorageGuard0 10sgtray.exe1 00330StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups 83http://www.veritas.com/products/category/ProductDetail.jhtml?productId=storageguard0
313UpdateManager0 10sgtray.exe1 00353StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups 01
312StorageGuard0 13sgtray.exe /r2 00 48, VERITAS Software, Inc.. VERITAS Update Manager 01
313UpdateManager0 13sgtray.exe /r2 00 39, Sonic Solutions. Sonic Update Manager 01
329Startup Guru Advanced Remover0 17sguru_preload.exe115HKEY_LM\RunOnce0107Startup Guru 1.0.0.0, Lincoln Beach Software. Removes user specified registry entries from system on bootup39http://www.absolutestartup.com/startup/1
1 8sgvwbqun0 12sgvwbqun.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112hp center UI0 13ShadowBar.exe1 00 28User Interface for HP Center 01
212hp center UI0 22ShadowBar.exe -STARTUP222StartUp menu\All users0 61ShadowBar Module Version 1.0 (Build 194R), . ShadowBar Module39http://www.absolutestartup.com/startup/1
115[Various Names]0 15Shaitan1678.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5win320 30Shakira_1997_Part_1_.Mpeg_.scr1 00 27Added by the MYLIFE.N WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mylife.n@mm.html0
1 8Registry0 19ShakiraPics.jpg.vbs1 00 34Added by the VBS.VBSWG.AQ@mm worm.79http://securityresponse.symantec.com/avcenter/venc/data/pf/vbs.vbswg.aq@mm.html0
1 5load=0 12shambl3r.exe1 00 25Added by the REMABL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
1 9shambl3r*0 12shambl3r.exe1 00 44Added by the REMABL WORM! where * is 2 to 1176http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
1 9(Default)0 10Shania.vbs1 00 27Added by the SHANIA TROJAN!71http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania.html0
1 6shania0 10Shania.vbs1 00190Added by the  SHANIA VIRUS! - NOTE:  this malware actually changes the default value data of the Registry "Run"  key in order to force Windows to launch it at boot.  Name field may be empty.71http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania.html0
2 8Shareaza0 12Shareaza.exe1 00 19Shareaza P2P client24http://www.shareaza.com/0
2 8Shareaza0 18Shareaza.exe -tray211HKEY_CU\Run0 78Shareaza 2, 1, 0, 0, Shareaza Development Team. Shareaza Ultimate File Sharing39http://www.absolutestartup.com/startup/1
110sharedprem0 14sharedprem.exe1 00 29Added by the MAKECALL TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/w32.makecall.trojan.html0
115[various names]0  8shch.exe1 00 34Premium rate adult content dialler 01
111MsnExplorer0  8SHCH.EXE1 00 34Added by the  TROJ/BDOOR-EB TROJAN57http://www.sophos.com/virusinfo/analyses/trojbdooreb.html0
1 9quicktime0  8shch.exe1 00 48Added by a variant of the  TROJ/BDOOR-EB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojbdooreb.html0
1 7SvcH0st0  8SHCH.EXE1 00 35Added by the  TROJ/BDOOR-EB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojbdooreb.html0
2 8SheduIer0 11shch.exe /i211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5shdde0  9shdde.exe1 00 40Added by the Backdoor.Masteseq backdoor.95http://securityresponse.symantec.com/avcenter/venc/data/backdoor.masteseq.html#technicaldetails0
1 5shdll0  9shdll.dll1 00 35Added by the Troj/Bckdr-DBQ Trojan.58http://www.sophos.com/virusinfo/analyses/trojbckdrdbq.html0
1 6fhpage0 11shdochp.exe1 00 40Added by the  Troj/Delf-Ks TROJAN! Note:67http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/0
1 7fhstart0 12shdocsvc.exe1 00 40Added by the  Troj/Delf-Ks TROJAN! Note:67http://www.pctools.com/mrc/infections/id/Trojan.Downloader.Delf.KS/0
2 5frguk0 12shdrkmck.exe1 00  2?? 01
113Windows Shell0  9shell.exe1 00 31Added by the W32/Mytob-CA worm.56http://www.sophos.com/virusinfo/analyses/w32mytobca.html0
1 7command0 11shell12.exe1 00 84Added by the Backdoor.Ghoice.12 backdoor.  This infections listens on TCP port 1001.62http://www.sarc.com/avcenter/venc/data/backdoor.ghoice.12.html0
112System Icons0 11shell16.exe1 00 67Added by the W32/Sdbot-VD WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvd.html0
1 7Default0 11shell32.exe1 00123.html" target="_blank"BINGHE backdoor Trojan!  It has the ability to log your keystrokes, steal data, and execute commands. 01
1 6LTSMSG0 11Shell32.exe1 00 28Added by the LEMIR.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.b.html0
142Microsoft Windows Explorer Shell Subsystem0 11shell32.exe1 00 51Added by the W32/Tilebot-CX  worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcx.html0
1 5Shell0 11Shell32.exe1 00 30Added by the BADSECTOR TROJAN!44http://www.f-secure.com/v-descs/badsec.shtml0
1 7Shell320 11Shell32.vbs1 00 30Added by the VBS.Scafene WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.scafene@mm.html0
110Shellapi320 14Shellapi32.exe1 00 40Added by the NETDEVIL (or NERTE) TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netdevil.html0
1 7ShellEx0 11ShellEx.exe1 00 27Added by the ANAKHA TROJAN!63http://www.symantec.com/avcenter/venc/data/backdoor.anakha.html0
112shell update0 13shellexec.exe1 00132Added by the W32/Rbot-ANC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanc.html0
1 8Explorer0 12shellexp.exe1 00 41Added by a variant of the SHELDOR TROJAN!63http://www.symantec.nl/avcenter/venc/data/backdoor.sheldor.html0
1 8Explorer0 13shellexpl.exe1 00 39Added by the  GPIX and SHELDOR VIRUSES!45http://www.z-virus.com/Eng-virus-HTM/gpix.htm0
1 8ShellApi0 12SHELLMSN.EXE1 00 29Added by the NETDEV.B TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEV.B0
111shellsystem0 15shellsystem.exe1 00 27Added by the UPCHAN TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.upchan.html0
117Shell Tray Window0 16ShellTraywnd.exe1 00 45Added by the Troj/Stultdor-A backdoor trojan.59http://www.sophos.com/virusinfo/analyses/trojstultdora.html0
1 6shhost0 10shhost.exe1 00 45Added by the  BACKDOOR.WIN32.AGENT.CE TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530886110
2 7shicoxp0 11shicoxp.exe1 00262Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer 01
314spyware shield0 10Shield.exe1 00134Acronis Privacy Expert  Spyware_Shield prevents spyware and other suspicious programs from being installed on desktop PCs and laptops.76http://www.acronis.com/enterprise/products/privacyexpert/spyware-shield.html0
1 5Shine0  9Shine.exe1 00 41Added by the HAPPYLOW (or NISHE-A) VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html0
1 5Tiger0  9Shine.exe1 00  078http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html0
3 7SHINITV0 11shinitv.exe1 00  2?? 01
1 4game0  8shit.exe1 00 42Added by the Netclap Gold backdoor TROJAN! 01
1 6WinSrv0 11SHIZZLE.EXE1 00 27Added by the HOBBIT.C WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.C0
115Battery Monitor0 13shlapiw32.dll1 00 96Added by the Troj/Delf-BPC Trojan.br /br /Uses CLSID: b(459352B2-D4CE-13D4-2D78-03501003EF20)/b.57http://www.sophos.com/virusinfo/analyses/trojdelfbpc.html0
1 8navcheck0  9shman.exe1 00 34Adult material premium rate dialer 01
1 5QTSvc0  9shman.exe1 00 34Premium rate adult content dialler 01
113SystemService0  9shman.exe1 00 34Premium rate adult content dialler 01
115Sub Connections0 10shmyga.exe1 00383Added by an unknown Trojan Downloader.  It installs itself as a service with a servicename of Pro. Shmyga.exe is located in the Windows system folder. When executed it downloads zalupen.exe from a website which then copies two files, serve.exe and serve.dll to the Windows system folder and starts serve.exe. Serve.exe listens on port 80 and udp port 53 and appears to be a backdoor. 01
1 9paint.exe0 10shnlog.exe1 00 33Added by the Troj/Puper-A trojan.56http://www.sophos.com/virusinfo/analyses/trojpupera.html0
1 9sahbundle0 12shop1003.exe1 00 23ShopAtHomeSelect adware53http://www.doxdesk.com/parasite/ShopAtHomeSelect.html0
1 9SAHBundle0 16shop1003.exe run211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
219Shortcut to Startup0 19Shortcut to Startup225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
212ShortKeys 990 12SHORTKEY.EXE1 00 88ShortKeys from Insight Software Solutions - allows you to program keys with text strings25http://www.shortkeys.com/0
110hellodolly0  9shost.exe1 00 23Added by the YODO WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.yodo@mm.html0
114Services Hosts0  9shost.exe1 00 49Added by the  W32/Rbot-AXG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotaxg.html0
1 9rpc Win320 11shost32.exe1 00 12Added by the118W32/Rbot-A0
110Showbehind0 14SHOWBEHIND.EXE1 00 47Advertisement display which can be stopped here38http://www.showbehind.com/adremove.exe0
1 6ShowFF0 10ShowFF.exe1 00 45Added by the Adware.FFToolBar adware toolbar.60http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html0
310Cyber Trio0 12showmode.exe1 00246From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs 01
1 7showwnd0 11ShowWnd.exe1 00 41Added by an unidentified backdoor TROJAN! 01
1 7ShowWnd0 11ShowWnd.exe111HKEY_LM\Run0 41Added by an unidentified backdoor TROJAN!39http://www.absolutestartup.com/startup/1
3 6SHPC320 10SHPC32.exe1 00157Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled 01
113Micosoftartup0  8shrl.exe1 00121Added by the W32/Sdbot-JQ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotjq.html0
2 8RHSI SHS0  7SHS.exe1 00232Rogers Hi-Speed Internet software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"75http://www.rogershelp.com/help/content/download/software/softwareinfo.shtml0
4 9ShStatEXE0 10SHSTAT.EXE1 00175From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -&gt; Programs 01
4 9ShStatEXE0 22SHSTAT.EXE /STANDALONE211HKEY_LM\Run0 82VirusScan Enterprise 7.0.0, Network Associates, Inc.. On-access scanner statistics39http://www.absolutestartup.com/startup/1
122Windows Task Scheduler0 11shtasks.exe1 00 33Added by the W32/Tilebot-EB worm.58http://www.sophos.com/virusinfo/analyses/w32tileboteb.html0
117Windows Update 630 11shupd64.exe1 00 41Added by the W32/Forbot-GA backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32forbotga.html0
313Shutdownaware0 17shutdownaware.exe1 00111Loaded by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it is connected to your system45http://www.sweexeurope.com/product.asp?pid=980
311ShutDownPro0 15ShutDownPro.exe1 00 71ShutDownPro - shutdown, reboot, logoff your System with one mouse click55http://home.tiscali.de/kurtzimmermann/shutdownpro_e.htm0
3 7protect0 10SHVRTF.EXE1 00220PC_Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registry.25http://www.pcangelle.com/0
012kye_showicon0 11shwicon.exe1 00 63USB Card Reader tray icon.  Shows when the device is plugged in 01
056ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e0510 11shwicon.exe1 00 50Card reader for memory cards from digital cameras. 01
3 9Sunkist2k0 13shwicon2k.exe1 00 54Card reader for memory cards from digital cameras, etc 01
3 9Sunkist2k0 13shwicon2k.exe111HKEY_LM\Run0 59Alcor Micro Sunkist 1, 0, 0, 7, Alcor Micro, Corp.. Sunkist39http://www.absolutestartup.com/startup/1
3 7Sunkist0 13shwicon98.exe1 00 54Card reader for memory cards from digital cameras, etc 01
2 9SunKistEM0 13shwiconem.exe111HKEY_LM\Run0 54Multimedia Card Reader 1, 4, 0, 8, Alcor Micro, Corp..39http://www.absolutestartup.com/startup/1
3 9sunkistem0 13shwiconem.exe1 00124Used by your computer to communicate with your  Alcor_Micro Multimedia Card Reader - necessary if you're using this software53http://www.alcormicro.com/products_list.php?main_id=50
3 7siapro60  7sia.exe1 00 42Steganos  Internet_Anonym privacy software67http://www.steganos.com/?product=SIA2006&language=en&layout=web20050
1 5Sicom0  9Sicom.exe1 00 25Added by the NETLIP WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netlip.worm.html0
3 7SideACT0 11SideACT.exe1 00 26SideACT organizer software47http://www.actaddons.com/products/jm_getorg.asp0
1 7Sidebar0 11Sidebar.exe1 00 22Searchcentrix hijacker54http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp0
321Install Pending Files0 12sifxinst.exe1 00139Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here.26http://www.lanovation.com/0
310SightSpeed0 25SightSpeed.exe -minimized211HKEY_CU\Run0 53SightSpeed 3, 0, 0, 3037, SightSpeed Inc.. SightSpeed39http://www.absolutestartup.com/startup/1
4 7TV_Path0 11sigmatv.exe1 00 21Sigma TV Card driver. 01
2 4SigX0  8sigx.exe1 00  2?? 01
1 5SigXC0  8SigX.exe1 00198SigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more"22http://sigx.yuriy.net/0
1 7siijeia0 11siijeia.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
323Compaq Knowledge Center0 21silent.exe matcli.exe2 00669matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support. You decide 01
323Compaq Knowledge Center0 25silent.exe&amp;matcli.exe1 00669matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support. You decide 01
2 7Simcast0 17SimcastAlerts.exe1 00198Simcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say35http://www.simcast.com.au/index.jsp0
1 7cpntmgc0 10simcss.exe1 00 38MagicControl downloader trojan variant49http://www.doxdesk.com/parasite/MagicControl.html0
112apyginapygin0 10simenu.exe1 00 29Added by the  SDBOT.BTR WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BTR&VSect=P0
110sakemsneql0 10simenu.exe1 00 29Added by the  SDBOT.BTO WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BTO&VSect=P0
2 8Si Meter0 11SIMETER.EXE1 00  2?? 01
312SimpLite-MSN0 16SimpLite-MSN.exe1 00116Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service) 01
1 6scoupa0 10sincra.exe1 00130Added by the W32/Sdbot-ST worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotst.html0
1 9Singapore0 13singapore.exe1 00289Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself138http://group0
3 5SIPPS0  9SIPPS.exe1 00 29Web.de Internet phone utility 01
2 8SISAM10M0 12SISAM10M.exe1 00  2?? 01
414sis7012utility0 12SiSAudUt.exe1 00 33SiS Corporation sound card driver 01
313siService.exe0 13siService.exe1 00 41Spam Inspector - anti email spam software70http://www.giantcompany.com/(xg1iwg55yqze3245i5lvaqbb)/p_features.aspx0
011SiSSetCDfmt0 15SiSSetCDfmt.exe1 00 59Related to a Silicon Integrated Systems Corp (SiS) product? 01
3 8SiSSWLED0 12sisswled.exe1 00 45System Tray utility for SiS 900 network cards 01
152Windows Ba&thorn;lang&yacute;&ccedil; Dosyas&yacute;0 10sistem.exe1 00 23Added by the MUZK WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.muzk.irc.html0
125Windows Baţlangýç Dosyasý0 10sistem.exe1 00 23Added by the MUZK WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.muzk.irc.html0
111sistrai.exe0 11sistrai.exe1 00 27Added by the  PROVA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.prova.html0
3 8SiS Tray0 11sistray.EXE1 00142SiS (R) Compatible Super VGA SiSTray application 0.0.0.3540, Silicon Integrated Systems Corporation. SiS Compatible Super VGA Tray Application 01
3 8SiS Tray0 11sistray.exe1 00 81System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System 01
3 7sistray0 11sistray.exe1 00 81System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System 01
316Utility Tray.lnk0 11sistray.exe1 00 40System Tray icon for SiS based graphics. 01
312Utility Tray0 11sistray.exe122StartUp menu\All users0142SiS (R) Compatible Super VGA SiSTray application 0.0.0.3620, Silicon Integrated Systems Corporation. SiS Compatible Super VGA Tray Application39http://www.absolutestartup.com/startup/1
1 7sistray0 11sistray.exe1 00 27Added by the  PROVA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.prova.html0
1 6sistry0 10sistry.exe1 00 23Added by the CEBE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cebe.html0
2 8SiSUSBRG0 12SiSUSBrg.exe1 00 98SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP 01
1 8win idol0 12Sitelies.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 4siuu0  8siuu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
138{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}0 11sivudro.dll1 00148A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar and install SpywareQuake without your consent.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
1 8sixtysix0 15sixtypopsix.exe1 00 19Unidentified adware 01
1 4Snow0  6Sk.exe1 00 26Added by Backdoor.Blizzard61http://www.sarc.com/avcenter/venc/data/backdoor.blizzard.html0
3 4sk510  8SK51.EXE1 00 87SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself!64http://www.symantec.com/avcenter/venc/data/spyware.savekeys.html0
3 4sk600  8SK60.EXE1 00103Added by the  SaveKeys surveillance software. Uninstall this software unless you put it there yourself.77http://securityresponse.symantec.com/avcenter/venc/data/spyware.savekeys.html0
323Hot Key Kbd 2690 Daemon0 12SK9910DM.exe1 00 66Multimedia keyboard manager - required if you use any special keys 01
325Hot Key Keybd 9910 Daemon0 12SK9910DM.exe1 00 66Multimedia keyboard manager - required if you use any special keys 01
3 8SK9910DM0 12SK9910DM.EXE1 00131Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
1 36660  7Ska.exe1 00 26Added by the PIPES TROJAN!55http://www.sophos.com/virusinfo/analyses/trojpipes.html0
322USB Hub Keyboard Patch0 12SKBPATCH.EXE1 00 14USB HUB Update 01
3 8SKDAEMON0 12SKDAEMON.EXE1 00137Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys&nbsp; 01
1 9KERNEL 320 13SKERNEL32.com1 00 12Added by the143W32/Semapi-A.0
315bbc news alerts0 12skinkers.exe1 00163BBC News Desktop Alerts service; see  here - The BBC News desktop alert and breaking news e-mail services let you find out about all the latest news as it happens.43http://news.bbc.co.uk/2/hi/help/3533099.stm0
320HalifaxHowardCluster0 12skinkers.exe1 00135Howard the Weatherman desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages36http://www.skinkers.com/clients.html0
3 8skinkers0 12skinkers.exe1 00189Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here. Leave enabled if you want to receive messages12Desktop Ozzy0
1 8skkhwbxr0 12skkhwbxr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313Spy-Keylogger0  7skl.exe1 00106Added by the Spyware.SpyKeylogger keylogger. bIf this was not installed by you, you should uninstall it./b64http://www.sarc.com/avcenter/venc/data/spyware.spykeylogger.html0
1 8sks2drvr0 12sks2drvr.sys1 00 48Added by the Backdoor.Haxdoor.G backdoor Trojan.79http://www.sarc.com/avcenter/venc/data/backdoor.haxdoor.g.html#technicaldetails0
1 6sks-320 12SKS32P~1.EXE1 00 91SpyKeySpy logs keystrokes and sends the stolen information to a configurable email address.57http://sarc.com/avcenter/venc/data/spyware.spykeyspy.html0
3 6sks-320 13sks32proc.exe1 00125Added by the Spyware.SpyKeySpy surveillance software.  If you did not install this software you should remove it immediately.61http://www.sarc.com/avcenter/venc/data/spyware.spykeyspy.html0
1 6sksdll0 10sksdll.dll1 00 45Added by the Backdoor.Haxdoor.F proxy Trojan.79http://www.sarc.com/avcenter/venc/data/backdoor.haxdoor.f.html#technicaldetails0
1 8sksdrvr20 12sksdrvr2.sys1 00 45Added by the Backdoor.Haxdoor.F proxy Trojan.79http://www.sarc.com/avcenter/venc/data/backdoor.haxdoor.f.html#technicaldetails0
1 9Skunk.exe0  9Skunk.exe1 00187Added by the W32/Sunk-A overwriting virus.  This virus will copy itself to various locations on your hard drive and then start replacing .exe files on your computer with copies of itself.54http://www.sophos.com/virusinfo/analyses/w32sunka.html0
111WINDOWS SKY0  7sky.exe1 00131Added by the W32/Mytob-CJ worm. This infection when started connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcj.html0
114WINDOWS SYSTEM0 10skybot.exe1 00150Added by the W32.Mytob.EB@mm mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.76http://www.sarc.com/avcenter/venc/data/w32.mytob.eb@mm.html#technicaldetails0
114Windows System0 11skybotx.exe1 00137Added by the W32.Mytob.FO@mm worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.fo@mm.html#technicaldetails0
113skynetave.exe0 13skynetave.exe1 00 27Added by the SASSER.D WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.d.html0
2 5Skype0  9Skype.exe1 00118&quot;Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes&quot;21http://www.skype.com/0
2 5Skype0 30Skype.exe /nosplash /minimized2 00  0 01
115Skype Messenger0 11skype32.exe1 00112Added by the W32/Dolebot-A email worm and IRC backdoor.  This infection also installs the rootkit file rofl.sys.57http://www.sophos.com/virusinfo/analyses/w32dolebota.html0
115[Various Names]0  9slamm.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9RA Server0  9Slave.exe1 00 23Added by the RA TROJAN!46http://www.avp.ch/avpve/trojan/backdoor/ra.stm0
113Slayhacker7340 12slay7383.exe1 00 40Added by the Troj/SikBot-A IRC backdoor.57http://www.sophos.com/virusinfo/analyses/trojsikbota.html0
115Systems Restart0 11slchost.exe1 00 30Added by the BANCOS.RF TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANCOS.RF0
113Select server0 10slcsvr.exe1 00 47Added by the Troj/Dloader-WD Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloaderwd.html0
455Steganos Live Encryption Engine (Version 401) [Service]0 11SLEE401.exe1 00 90This is part of the Steganos Security Suite and involved in handling real-time encryption. 01
212SleepManager0 12SleepMgr.exe1 00184This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode 01
312SelfHostUtil0 12slefhost.exe1 00  2?? 01
133Microsoft Synchronization Manager0 10slhost.exe1 00 27Added by the SDBOT.YH WORM!88http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_SDBOT.YH0
2 6slimp30 17SliMP3 Server.exe2 00221Slimp3 Server - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"41http://www.macupdate.com/info.php/id/89730
124Sygate Personal Firewall0  7Slinder1 00 48Added by the W32/Rbot-BFQ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfq.html0
2 9Slingshot0 12SLINGS~1.EXE1 00143Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more"55http://www.atomica.com/us/products/slingshot/index.html0
326SlipStream Web Accelerator0 13slipaccel.exe125StartUp menu\Current user0  93.2.12, .39http://www.absolutestartup.com/startup/1
310slipstream0 12slipcore.exe1 00 27Sliptstream Web Accelerator26http://www.slipstream.com/0
318isp.com high speed0 11slipgui.exe1 00 27Sliptstream Web Accelerator26http://www.slipstream.com/0
1 8slkygsgh0 12slkygsgh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Net0 11sllserv.exe1 00 35Added by the Troj/LegMir-BW Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirbw.html0
1 9SLMDriver0  9SLM32.sys1 00 37Added by the Troj/Rootkit-AA rootkit.59http://www.sophos.com/virusinfo/analyses/trojrootkitaa.html0
1 5slmss0  9slmss.exe1 00 48SeekSeek search hijacker related - as seen  here115http://www0
1 5sload0  9sload.exe1 00 64Win SynchroAd adware,  also detected as  TROJ/DLOADER-QG TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderqg.html0
1 5sload0 11sload32.exe1 00134Added by the W32/Sdbot-OY worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoy.html0
125Windows Svchost Authority0 10slsass.exe1 00157Added by the W32/Rbot-UA network worm and IRC backdoor.  When started this infection connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotua.html0
326System LifeGuard Scheduler0 11Slsched.exe1 00 26System LifeGuard scheduler56http://www.bmtmicro.com/BMTCatalog/win/syslifeguard.html0
316SmartLinkService0 10slserv.exe1 00 98Associated with SmartLink modem and is used to show a tray icon that gives connection information. 01
115Windows Service0 12slserv32.exe1 00216Added by the W32/Rbot-KO trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection can will terminate antivirus programs to avoid detection.55http://www.sophos.com/virusinfo/analyses/w32rbotko.html0
116NAV Auto Updates0 12slserves.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
313Skrót do slsk0  8slsk.exe125StartUp menu\Current user0 38UI4 Application 1, 0, 0, 1, . SoulSeek39http://www.absolutestartup.com/startup/1
1 2270 11slsorve.exe1 00151Added by the Troj/Slsorve-A trojan.  Using it's own own SMTP engine it sends email to a remote address and will terminate anti-virus related processes.58http://www.sophos.com/virusinfo/analyses/trojslsorvea.html0
115msoft-updater230 13slssystem.exe1 00132Added by the W32/Rbot-ASR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasr.html0
117Windows Update 320  9slsys.exe1 00143Added by the W32/Forbot-FT worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotft.html0
110slvchost320 14slvchost32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 9hollaback0 12slvhosts.exe1 00 29Added by the  SDBOT.BMO WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BMO&VSect=P0
111Web Service0  6sm.exe1 00 45Added by the Troj/Psyme-BQ downloader trojan.57http://www.sophos.com/virusinfo/analyses/trojpsymebq.html0
1 2sm0 10sm_exe.exe1 00 91Added by the  OLFEB.A TROJAN!  This infection allows spam to be sent through your computer.62http://www.symantec.com/avcenter/venc/data/trojan.olfeb.a.html0
0 5SM1BG0  9SM1BG.EXE1 00131USB driver for downloading from within Napster to portable MP3 players. Is it required to run at startup or can it be run manually? 01
3 5SM1BG0  9SM1BG.EXE111HKEY_LM\Run0124Cypress USB Mass Storage Adapter 6.01.1000.0 , Cypress Semiconductor. Cypress USB Mass Storage Driver Background Application39http://www.absolutestartup.com/startup/1
2 7Sm56acl0 12sm56hlpr.exe1 00 83Helper utility for Motorola based SM56 software modems - resides in the System Tray 01
2 7SM56ACL0 12sm56hlpr.exe1 00 92Motorola SM56-ACL Modem SM56 AC-L Rel. 4.10 IS34 Build 75, Motorola Inc.. SM56 Win32 Utility 01
4 8Smserial0 12sm56hlpr.exe1 00 27Motorola based modem driver 01
4 8SMSERIAL0 12sm56hlpr.exe1 00 98Motorola SM56 Tray Application SM56 Rel. 6.07 Build 03, Motorola Inc.. Motorola SM56 Win32 Utility 01
1 5smail0  9smail.exe1 00 36Added by the W32/Sexer-C email worm.55http://www.sophos.com/virusinfo/analyses/w32sexerc.html0
121Windows Smart Manager0  9smart.exe1 00 26Added by the RBOT-SL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsl.html0
316dRMON SmartAgent0 12SmartAgt.exe1 00 87Part of the network monitoring program group for 3Com NIC cards. See here for more info78http://support.3com.com/infodeli/tools/netmgt/rmonprob/product/drmon/chap1.htm0
210SmartBarXP0 14SmartBarXP.exe1 00286SmartBarXP is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few56http://www.smartbarxp.com/cgi-bin/cws/home.php?page=desc0
2 9sMaRTcaPs0 12SMARTC~1.EXE1 00114sMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys52http://www.phoebusllc.com/index.htm#SC%20Description0
217Certificate Mover0 18SmartCertmover.exe122StartUp menu\All users0 81SmartTrust Certificate Mover 3, 4, 1, 0, SmartTrust. SmartTrust Certificate Mover39http://www.absolutestartup.com/startup/1
310SmartClock0 20SmartClock.exe /boot211HKEY_CU\Run0 44SmartClock II 2.2, Pavel Chmelar. SmartClock39http://www.absolutestartup.com/startup/1
216Lotus QuickStart0 12smartctr.exe1 00224Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start - Programs 01
316ASUS SmartDoctor0 22SmartDoctor.exe /start211HKEY_CU\Run0 54ASUS SmartDoctor 4, 6, 0, 0, ASUSTeK Inc.. SmartDoctor39http://www.absolutestartup.com/startup/1
3 8SPSTEALT0 21SmartProtectorPro.exe1 00 78Smart Protector Pro - internet privacy tool that erases tracks, MRU lists, etc42http://smartprotector.com/eraser/index.htm0
313smartsync pro0 13SmartSync.exe1 00121Related to  CompanionLink Software Inc., Synchronization solutions for ACT!, GoldMine, Lotus Notes and Microsoft Outlook.29http://www.companionlink.com/0
313SmartSync Pro0 20SmartSync.exe /Logon211HKEY_CU\Run0130SmartSync Pro 2.10, SmartSync Software. SmartSync Pro - Easily backup and synchronize your important data with this handy utility.39http://www.absolutestartup.com/startup/1
3 7SmartUI0 11SmartUI.exe122StartUp menu\All users0 71SmartUI Application 3, 0, 0, 0, Scansoft, Inc.. SmartUI MFC Application39http://www.absolutestartup.com/startup/1
320Skyscape smARTupdate0 15smARTupdate.exe125StartUp menu\Current user0 87Skyscpe smARTupdate  Application 1, 0, 0, 2, Skyscape, Inc. smARTupdate MFC Application39http://www.absolutestartup.com/startup/1
428SkySurfer Management Service0 11SmaServ.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
2 5SMax40  9SMax4.exe1 00120System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel 01
2 8SoundMAX0  9SMax4.exe1 00120System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel 01
2 8SoundMAX0 15Smax4.exe /tray211HKEY_LM\Run0 81SoundMAX Control Panel 4, 0, 4, 25, Analog Devices, Inc.. SoundMAX Control Center39http://www.absolutestartup.com/startup/1
3 8SMax4PNP0 12SMax4PNP.exe1 00112SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments 01
311SoundMAXPnP0 12SMax4PNP.exe1 00  0 01
311SoundMAXPnP0 12smax4pnp.exe111HKEY_LM\Run0 79SMax4PNP Application 5, 2, 0, 5, Analog Devices, Inc.. SMax4PNP MFC Application39http://www.absolutestartup.com/startup/1
119Windows SMB Manager0  9smb32.exe1 00 48Added by the W32/Rbot-BHZ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbhz.html0
3 7smbdpmi0 11smbdpmi.exe1 00 65IBM Netfinity Director and Universal Management Services related. 01
110Backup One0 12smbguard.exe1 00133Added by the W32/Sdbot-MI worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmi.html0
124Sygate Personal Firewall0  7smc.exe1 00132Added by the W32/Rbot-AZY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotazy.html0
4 3smc0  7smc.exe1 00 15Sygate Firewall 01
411SMC Service0  7smc.exe1 00 15Sygate Firewall 01
410smcservice0  7smc.exe1 00 24Sygate Personal Firewall63http://www.sygate.com/products/sygate-personal-firewall-pro.htm0
411SmcServices0  7smc.exe1 00  0 01
122Windows Update Service0  8smcg.exe1 00 27Added by the SDBOT.QY WORM!90http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.QY0
122system messaging queue0  9SMCSS.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
122system startup manager0  9smcss.exe1 00 28Added by the  RBOT.AMD WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AMD&VSect=P0
010Smcsta.exe0 10Smcsta.exe1 00 38SMC Networks wireless PCI card driver. 01
1 6smcsvr0 10SmcSVR.exe1 00 23Added by the  LEGMIR.JU109http://se0
213control panel0 11smctrlw.exe1 00 68System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card 01
1 3Lgv0  7Smi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
127Microsoft Internet Explorer0 11smiissm.exe1 00123Added by the Troj/Delf-KK Trojan!  The infection creates a folder called SYS in the Windows folder and copies itself there.56http://www.sophos.com/virusinfo/analyses/trojdelfkk.html0
215Smith Micro try0 12smiptray.exe1 00 51Smith Micro shared files. Comes with D-Link web cam 01
1 8systtray0 12SMLBSBV4.exe1 00130Added by the Troj/IMFlood-A Trojan. This infection will attempt to spam the contacts in your Yahoo Instant Messenger contact list.58http://www.sophos.com/virusinfo/analyses/trojimflooda.html0
211SMSI Loader0 12SMLoader.exe1 00 33Smith Micro HotFax - fax software187http://store.smit0
227Performance Logs and Alerts0 12smlogsvc.exe1 00191This is a Microsoft services that collects performance data from various applications running on a Windows computer.  This service should be set to manual as it will start and stop as needed. 01
129client server runtime process0  9smmss.exe1 00 41Backdoor TROJAN!, possible  W32/Sdbot-gen57http://www.sophos.com/virusinfo/analyses/w32sdbotgen.html0
1 9Service 80  9smncs.exe1 00 50Added by the W32/Tilebot-DF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdf.html0
114Service Filter0  9smncs.exe1 00 50Added by the W32/Tilebot-CK worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotck.html0
112blah service0  8smnp.exe1 00 26Added by the RBOT.IZ WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.IZ0
1 7smnpnwf0 11smnpnwf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114WINDOWS SYSTEM0  8smoc.exe1 00136Added by the W32.Mytob.FU@mm worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.fu@mm.html#technicaldetails0
119MicroedSoft Toolbar0 10Smoked.exe1 00132Added by the W32/Rbot-ALN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaln.html0
210smoothview0 14SmoothView.exe1 00145TOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe-Reader and also desktop icons. 01
310SmoothView0 14SmoothView.exe111HKEY_LM\Run0 68TOSHIBA Zooming Utility 2, 0, 0, 18, TOSHIBA Corporation. SmoothView39http://www.absolutestartup.com/startup/1
110OLE Module0  7smp.dll1 00 95Added by the Trojan.SpBot Trojan.br /br /Uses CLSID: b{0211C4D9-BC71-8916-38AD-9DEA5D213614}/b.90http://securityresponse.symantec.com/avcenter/venc/data/trojan.spbot.html#technicaldetails0
1 9elnkproxy0 11smproxy.exe1 00 17Surfmonkey adware60http://www.spyany.com/program/article_spw_rm_Surfmonkey.html0
220ShockmachineReminder0 14SmReminder.exe1 00216Shockmachine is an entertainment playback device that lets you save your favorite Shockwave.com titles and play them back in full-screen mode, off-line, anytime. Could be a registration reminder for the trial version60http://www.shockwave.com/sw/downloads/collections/favorites/0
1 5smres0  9smres.exe1 00133Added by the W32/Agobot-UA worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotua.html0
116Ethernet Drivers0  9smrrs.exe1 00 12Added by the38W32/Rbot-AAK WORM/IRC backdoor trojan!0
137Universal Serial Bus Control Protocol0  8smrs.exe1 00 43Added by the Troj/Bdoor-JD backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorjd.html0
1 7vsadmin0  8smrs.exe1 00 52Added by the W32/Agobot-RC WORM/IRC backdoor Trojan!57http://www.sophos.com/virusinfo/analyses/w32agobotrc.html0
121Windows Smrss Service0  9smrss.exe1 00 49Added by the W32/Tilebot-X worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32tilebotx.html0
1 9Connector0  7sms.EXE1 00 52Added by the Dial/ExDial-B premium rate porn dialer.57http://www.sophos.com/virusinfo/analyses/dialexdialb.html0
114KernelFaultChk0  7sms.exe1 00119Added by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html0
124Microsoft Virual Machine0  7sms.exe1 00 26Added by the RBOT-SP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsp.html0
1 3sms0  7sms.exe1 00 36Added by the Troj/Dloader-KR TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderkr.html0
1 7sms_msn0 11sms_msn.exe1 00 45Added by an unknown WORM or TROJAN infection. 01
1 9sms_msn400 13sms_msn40.exe1 00 45Added by an unknown WORM or TROJAN infection. 01
120Configuration Loader0  9smsai.exe1 00130Added by the W32/Sdbot-YE worm. This infection connects to an IRC server on startup where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotye.html0
122ApplicationProtocolRun0 12smsbvl32.exe1 00 35Added by the Troj/IRCBot-CX Trojan.58http://www.sophos.com/virusinfo/analyses/trojircbotcx.html0
125System Management Service0  8smsc.exe1 00132Added by the W32/Rbot-ANN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotann.html0
124System Messenger Service0  8smsc.exe1 00133Added by the W32/Tilebot-F worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tilebotf.html0
117Win32 USB2 Driver0  8smsc.exe1 00 27Added by the SDBOT.FO WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FO&Vsect=T0
114WINDOWS SYSTEM0  8smsc.exe1 00128Added by the W32/Mytob-BR worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobbr.html0
119EventApplicationCmd0 10smschk.exe1 00 48Added by the Troj/IRCBot-AO IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojircbotao.html0
115System Mng Srvc0  8smsg.exe1 00 50Added by the W32/Tilebot-AB worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotab.html0
1 8GLSetT320 12smsiexec.exe1 00 28Added by the OPTIX-D TROJAN!56http://www.sophos.com/virusinfo/analyses/trojoptixd.html0
132Microsoft Services Manual Contrl0  9smsks.exe1 00 62Added by the WORM_MYTOB.NO mass-mailing worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ENO&VSect=T0
129windows system manager loader0  9smsls.exe1 00 29Added by the  AGOBOT.TF WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TF&VSect=Sn0
1 4smsm0  8smsm.exe1 00108Added by the Troj/Banker-CO trojan.  This infection attempts to steal information about your online banking.58http://www.sophos.com/virusinfo/analyses/trojbankerco.html0
323SMS Win9x Message Agent0 10SMSMsg.exe1 00 63This program assigns a user to a Systems Management Server site 01
117SystemComputerLog0 12smsogx32.exe1 00 42Added by the Troj/Stinx-K backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxk.html0
110WinLongLdr0 12smsonx32.exe1 00 33Added by the Troj/Stinx-I Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxi.html0
1 4dark0  8smsr.scr1 00 83Added by the Troj/Bancban-NU password/information-stealing Trojan for online banks.59http://www.sophos.com/virusinfo/analyses/trojbancbannu.html0
113wintask dll320 10smsrss.exe1 00 32Added by the  W32.MYTOB.BS WORM!63http://www.symantec.com/avcenter/venc/data/w32.mytob.bs@mm.html0
4 4run=0 12smsrun16.exe1 00225Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs 01
1 5smsrv0  9smsrv.exe1 00134Added by the W32/Agobot-SX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32agobotsx.html0
113_Services.dll0  8SMSS.EXE1 00105Added by the W32/Sober-L WORM!  File is found in a subfolder of the Windows folder named \MSAGENT\SYSTEM.55http://www.sophos.com/virusinfo/analyses/w32soberl.html0
114_winsystem.sys0  8smss.exe1 00 93Added by the W32/Sober-K infection!  File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
130Application Management Browser0  8smss.exe1 00154Added by the Troj/Comhush-A Trojan.  This infection should not be confused with the legitimate smss.exe found in the C:\Windows\System32 (%System%)folder.58http://www.sophos.com/virusinfo/analyses/trojcomhusha.html0
1 5Debug0  8SMSS.exe1 00 65Added by the Adware.DreamAd adware.  Found in the Windows folder.14Adware.DreamAd0
1 9InteliSys0  8smss.exe1 00218Advertisingvision adware - file is located in C:\Windows or C:\Winnt, and not in it's System32 subdirectory, as is the case with the legitimate  Smss.exe system file which would normally NOT figure in Msconfig/Startup!68http://www.liutilities.com/products/wintaskspro/processlibrary/smss/0
1 8internet0  8smss.exe1 00 52Added by the Troj/Mifeng-B password-stealing trojan.57http://www.sophos.com/virusinfo/analyses/trojmifengb.html0
113KernellApps320  8smss.exe1 00 36Added by the Troj/Bancban-AN Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanan.html0
135Microsoft Session Manager Subsystem0  8smss.exe1 00135Added by the W32.Kalel.B@mm mass-mailing worm.   bBe careful that you do not delete the legitimate file c:\windows\system32\smss.exe./b75http://www.sarc.com/avcenter/venc/data/w32.kalel.b@mm.html#technicaldetails0
114Microsoft SMSS0  8smss.exe1 00 35Added by the Troj/Dloadr-MG Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrmg.html0
143Microsoft Windows Session Manager Subsystem0  8smss.exe1 00128Added by the Troj/KillSec-A Trojan.  This should not be confused with the legitimate file found in the Windows system directory.58http://www.sophos.com/virusinfo/analyses/trojkillseca.html0
116Services Process0  8smss.exe1 00 43Added by the Troj/Small-EK backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojsmallek.html0
112services.dll0  8smss.exe1 00290Added by the  W32/SOBER-L WORM! - NOTE - this file is placed in a %WinDir%\msagent\system folder,  and should NOT be confused with the legitimate Windows  smss.exe process,  located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!55http://www.sophos.com/virusinfo/analyses/w32soberl.html0
1 4SMSS0  8smss.exe1 00132Added by the FLOOD.F TROJAN! Note - this is not the legitimate  Smss.exe system file should normally NOT figure in Msconfig/Startup!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.f.html0
110smsslevel40  8smss.exe1 00340UNidentified malware - NOTE - this file is placed in a:\Program Files\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4 Level4 folder,  and should NOT be confused with the legitimate Windows  smss.exe process,  always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!68http://www.liutilities.com/products/wintaskspro/processlibrary/smss/0
113System Server0  8smss.exe1 00135Added by the Troj/Feutel-T backdoor Trojan. This should not be confused with the legitimate file found in the Windows system directory.57http://www.sophos.com/virusinfo/analyses/trojfeutelt.html0
122system session manager0  8smss.exe1 00 25Added by the  W32/Kalel-E55http://www.sophos.com/virusinfo/analyses/w32kalele.html0
113Tok-Cirrhatus0  8smss.exe1 00 50Added by the W32/Korbo-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32korboa.html0
114Torjan Program0  8smss.exe1 00 52Added by the Troj/WowPWS-A password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojwowpwsa.html0
1 8userinit0  8smss.exe1 00148Added by the Troj/Dloadr-B downloader Trojan. This infection should not be confused with the legitimate Microsoft file c:\windows\system32\smss.exe.57http://www.sophos.com/virusinfo/analyses/trojdloadrb.html0
1 7Windows0  8smss.exe1 00156Added by the Troj/Bancban-OF Internet banking trojan. This infection should not be confused with the legitimate Microsoft file c:\windows\system32\smss.exe.59http://www.sophos.com/virusinfo/analyses/trojbancbanof.html0
133windows session manager subsystem0  8smss.exe1 00 25Added by the  W32/Kalel-B55http://www.sophos.com/virusinfo/analyses/w32kalelb.html0
113winsystem.sys0  8smss.exe1 00 91Added by the W32/Sober-K infection!  File will be found in the %WINDIR%msagentwin32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
1 4zsms0  8smss.exe1 00 35Added by the Troj/Bancos-CK TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosck.html0
1 5zsmss0  8smss.exe1 00 35Added by the Troj/Bancos-DD trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosdd.html0
123Microsoftf smss Control0  8smss.pif1 00 73Identified as a variant of Backdoor.Win32.Rbot.gen worm and IRC backdoor. 01
120Configuration Loader0 10smss32.exe1 00 28Added by the AGOBOT.MB WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MB0
114graphic driver0 10smss32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
117Microsoft DirectX0 10SMSS32.exe1 00204Added by the W32/SDBot-FP worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute. This infection may also listen on TCP port 1550 for commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotfp.html0
127Microsoft Internet Services0 10Smss32.exe1 00 26Added by the RBOT.MS WORM!89http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.MS0
118Microsoft Services0 10SMSS32.EXE1 00144Added by the W32/Rbot-AD trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotad.html0
116Microsoft Update0 10Smss32.exe1 00 26Added by the RBOT.CB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcb.html0
116Microsoft Update0 10Smss32.exe1 00 26Added by the RBOT.CB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcb.html0
110MSConfig320 10smss32.exe1 00 12Added by the30Troj/Flood-EL TROJAN/backdoor.0
1 4UsbD0 10smss32.exe1 00 84Adware downloader - recognized by Kaspersky antivirus as Trojan-Proxy.Win32.Agent.cj36http://www.kaspersky.com/personalpro0
123windows session manager0 10smss32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110MSConfig640 10smss64.exe1 00 34Added by the Troj/Flood-ES Trojan.57http://www.sophos.com/virusinfo/analyses/trojfloodes.html0
125Session Manager Subsystem0  9smssa.exe1 00132Added by the W32/Rbot-AGS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotags.html0
1 9Microsoft0 14smssdriver.exe1 00126The Troj/Roneve-A TROJAN places the file into the Program files folder, creating a sub-folder it calls Xerox.nt when doing so.57http://www.sophos.com/virusinfo/analyses/trojronevea.html0
121System Config Manager0  9smssl.exe1 00 28Added by the AGOBOT-ZJ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotzj.html0
1 5SMSSS0  9smsss.exe1 00 27Added by the SDBOT.ZD WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZD0
112SMSSS Loader0  9smsss.exe1 00 28Added by the AGOBOT.MQ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.MQ0
115start uploading0  9smsss.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
1 5SMSSU0  9SMSSU.EXE1 00 42Added by the Troj/Small-EI trojan dropper.57http://www.sophos.com/virusinfo/analyses/trojsmallei.html0
1 6My App0 10SMSSvc.exe1 00 30Added by the NEGASMS.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NEGASMS.A0
112Sms System320 15SmsSystem32.exe1 00 20Unidentified malware 01
119ProtocolControlStat0 12smsxir32.exe1 00 33Added by the Troj/Stinx-L Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxl.html0
112DiskEventChk0 12smszac32.exe1 00100Added by the Troj/Stinx-H Trojan. This infection also creates the files Temp442.bat and Temp952.bat.56http://www.sophos.com/virusinfo/analyses/trojstinxh.html0
3 3smt0  7SMT.exe1 00 86Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself!23http://www.win-spy.com/0
2 9SMToolbar0 13SMToolbar.exe1 00 21StartMake.com toolbar 01
123SMTP32 Mailing Protocol0 10smtp32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7SMTPSVC0 11smtpsvc.exe1 00134Added by the W32/Tilebot-AU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotau.html0
2 5Smapp0 10smtray.exe1 00 82System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller 01
2 5Smapp0 10SMTray.exe111HKEY_LM\Run0 88SoundMAX Integrated Digital Audio 3, 2, 0, 0, Analog Devices, Inc.. SoundMAX System Tray39http://www.absolutestartup.com/startup/1
3 5Smapp0 10Smtray.exe111HKEY_LM\Run0 89SoundMAX Integrated Digital Audio 3, 2, 10, 0, Analog Devices, Inc.. SoundMAX System Tray39http://www.absolutestartup.com/startup/1
1 9XP Backup0  9smtxp.exe1 00 74Identified as a variant of Backdoor.Win32.SdBot.aad worm and IRC backdoor. 01
216iolo utility bar0 16SMUtilityBar.exe1 00 64Iolo "System Mechanic"   Utility_Bar - can be launched manually.15System Mechanic0
112MicrosoftOEM0  9smvss.exe1 00 29Added by the DEDLER-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
1 9MSInstall0  9smvss.exe1 00  057http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
110SoundMixer0  9smvss.exe1 00 29Added by the DEDLER-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
113SunJavaUpdate0  9smvss.exe1 00  057http://www.sophos.com/virusinfo/analyses/trojdedlerg.html0
011CM-SmWizard0 12SmWizard.exe1 00130SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. 01
0 8SmWizard0 12SmWizard.exe1 00  0 01
1 7smxwlgy0 11smxwlgy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6snaehy0 10snaehy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8SnagIt 70 12SnagIt32.exe122StartUp menu\All users0 45SnagIt 7.2.3, TechSmith Corporation. SnagIt 739http://www.absolutestartup.com/startup/1
310SnapDetect0 14SnapDetect.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 7snapple0 11snapple.exe1 00133Added by the W32/Forbot-EG worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forboteg.html0
2 4snbr0  8snbr.exe1 00  2?? 01
2 6snbupt0 10snbupt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6snbupt0 10snbupt.exe1 00 28UpSpiralBar adware component66http://www.symantec.com/avcenter/venc/data/adware.upspiralbar.html0
1 6sncntr0 10sncntr.exe1 00 21Adult content dialler 01
1 6snd3320 10snd332.exe1 00 30Added by an unidentified WORM! 01
1 8sounddrv0 15sndbdrv3104.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
121MS Sound Config 16bit0 12sndcfg16.exe1 00 29Added by the SDBOT.MB TROJAN!46http://www.f-secure.com/v-descs/sdbot_mb.shtml0
110WinProfile0 12sndcfg16.exe1 00 25Added by the SNDC.A WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=397710
1 9Sndcompat0 13Sndcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
124SndDRV (MS Sound Driver)0 10snddrv.exe1 00 48Added by the W32/Rbot-BSC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbsc.html0
112Sound Loader0 13sndloader.exe1 00 28Added by the AGOBOT-BV WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotbv.html0
3 6SNDMon0 10SNDMon.exe1 00381Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadtes but probably require if you leave them to run automatically. Also, if one runs a small office network and SNDMon is disabled on one of the computers – then other computers disappear from the network for this computer, including shared devices like printers and scanners. Hence the "U" recommendation 01
326Symantec NetDriver Monitor0 10SNDMon.exe1 00  0 01
326Symantec NetDriver Monitor0 10SNDMon.exe111HKEY_LM\Run0 94Symantec Security Drivers 5.4, Symantec Corporation. Symantec Security Drivers Install Monitor39http://www.absolutestartup.com/startup/1
326Symantec NetDriver Monitor0 20SNDMon.exe /Consumer2 00  0 01
121windows sound manager0 12SndMon16.exe1 00 43Added by a variant of the  W32/FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
120Windows Sound Driver0 12SndMon32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
121Windows Sound Manager0 12SndMon32.exe1 00 28Added by the FORBOT-BU WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbu.html0
1 8sndriv320 12sndriv32.exe1 00 61A variant of Backdoor.Win32.Agobot.gen worm and IRC backdoor. 01
1 8Sndsaver0 12Sndsaver.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
0 7sndsrvc0 11SNDSRVC.EXE1 00 61Part of Norton Personal Firewall and Norton Internet Security 01
332Symantec Network Drivers Service0 11SNDSRVC.EXE1 00250Part of Norton Personal Firewall and Norton Internet Security. Sndsrvc.exe is the module controlling the send scan for outbound email if the optioin is selected to integrate into the mail client.  It is not necessary if you do not scan outbound email 01
1 6sndu320 10sndu32.dll1 00 84Added by the Troj/Haxdoor-IN Trojan. This infection utilizes the sndu64.sys rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorin.html0
117SoundDriver SDB320 10sndu64.sys1 00123Added by the Troj/Haxdor-Fam rootkit. This infection also creates a service called SoundDriver SDB64 to start this rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdorfam.html0
326symantec netdriver warning0 11SNDWarn.exe1 00 99Part of Symantec Live Update -  displays the warning when you need to update the firewall database. 01
320SystemWizard Sniffer0 11Sniffer.exe1 00103SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC59http://www.systemsoft.com/l-2/l-3/products-systemwizard.htm0
311MerlinSnipe0 15Snipe.exe quiet211HKEY_LM\Run0 24Snipe 1.00, PC TechZone.39http://www.absolutestartup.com/startup/1
3 7snippet0 16SnippingTool.exe1 00351The Snipping Tool (part of the  Experience_Pack for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an e-mail message.81http://www.microsoft.com/windowsxp/downloads/tabletpc/experiencepack/default.mspx0
3 7Snippet0 19SnippingTool.exe /i2 00 73Microsoft Snipping Tool 2.0.2005.225, Microsoft Corporation. SnippingTool 01
116Microsoft Update0 12snlogsvc.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 4snlq0  8snlq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Inom0  9snmoo.exe1 00 48Added by the W32/Rbot-DPM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdpm.html0
1 7SysTray0 11Snnpapi.exe1 00 32Added by an unidentified TROJAN! 01
3 5Snoop0  9Snoop.exe1 00131Added by the Spyware.Snoop surveillance program.  You should uninstall this program immediately if you did not install it yourself.57http://www.sarc.com/avcenter/venc/data/spyware.snoop.html0
311snoopfreeui0 15SnoopFreeUI.exe1 00 54Anti-keylogging software made by  SnoopFree_Software._25http://www.snoopfree.com/0
1 3IE90 11snowing.exe1 00 48Added by the W32/Rbot-DRD worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdrd.html0
2 7Snsicon0 11Snsicon.exe1 00 49Launches a screensaver program from Second Nature 01
1 8SNSS.EXE0  8SNSS.EXE1 00 41Added by the Dialer.Nunci premium dialer.56http://www.sarc.com/avcenter/venc/data/dialer.nunci.html0
118dot.net networking0 10Snss32.exe1 00 39Added by a variant of the  IRC_TROJAN !71http://securityresponse.symantec.com/avcenter/venc/data/irc.trojan.html0
1 9Diskstart0  7Snt.exe1 00 21Adult content dialler 01
1 6sysnet0 12snuninst.exe1 00 19Unidentified adware 01
115System Soap Pro0  8soap.exe1 00102System Soap Pro internet cleaning software. Bundles foistware like  HTTPER and  Zipclix - best avoided26http://www.systemsoap.com/0
119Norton Live Updater0 11Sochost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 6Sock320 10sock32.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 8services0  9socks.exe1 00153Added by the WIN32.SMALL.N Proxy TROJAN! - A PT is a backdoor trojan which allows a remote hacker to connect to other systems via the compromised system. 01
2 7socnbgd0 11socnbgd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
412SoDA Startup0 15SodaStartup.exe1 00146Used by the Rational SoDA project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software47http://www.rational.com/products/soda/index.jsp0
123Microsoftf DDEs Control0  8soff.pif1 00132Added by the W32/Rbot-AKH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakh.html0
2 7soffice0 11SOFFICE.EXE1 00330Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -&gt; Programs. Automatically started when any StarOffice 6.0 component is started from the Start -&gt; Programs. A resource hog (it eats &gt; 16 MB of memory). 01
111Web Service0  8soft.exe1 00 89Added by the W32/Bube-F virus.  This infection also displays popups in Internet Explorer.54http://www.sophos.com/virusinfo/analyses/w32bubef.html0
114Service System0 13softdwind.exe1 00 53Added by the Troj/Bancos-JS password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosjs.html0
1 8hErcUnes0 12softhost.exe1 00 26Added by the GARROCH WORM!62http://www.symantec.com/avcenter/venc/data/w32.garroch@mm.html0
1 8Softload0 12softload.exe1 00118A SDBot WORM/IRC backdoor variant adds this. The filename buds.exe and the filename forcepog.exe may also be involved.56http://www.sophos.com/virusinfo/analyses/w32sdbotsv.html0
1 7csoftok0 10softok.exe1 00 12Added by the51Troj/QQPass-H to log key presses & steal passwords.0
327softstuff wallpaper changer0 12softstrt.exe1 00 26AzureBay wallpaper changer24http://www.azurebay.com/0
1 8Software0 12software.exe1 00 30Added by the CRABTON-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrabtonb.html0
023SO5 Integrator Pass One0 11sointgr.exe1 00 39StarOffice 5. See here for more details 7#FF00000
023SO5 Integrator Pass Two0 11sointgr.exe1 00  0 7#FF00000
323SO5 Integrator Pass One0 11sointgr.exe1 00 39StarOffice 5. See here for more details 7#FF00000
319chipdrivepinmanager0 12sokscmpn.exe1 00 28ChipDrive Smartcard software44http://www.chipdrive.de/cgi-bin/edcstore.cgi0
319CHIPDRIVEPinManager0 12sokscmpn.exe1 00 81Smartcard Office Kernel 1.1, SCM Microsystems. Smartcard Office Kernel PIN Server 01
312SoloSchedule0 11SOLOCFG.EXE1 00  0 01
312SoloSchedule0 11Solocfg.exe1 00136Scheduler for a target="_blank" href="http://www.srnmicro.com/"Solo Antivirus. Leave enabled unless you scan manually on a regular basis 01
411Solo Sentry0 12Solosent.exe1 00 63a target="_blank" href="http://www.srnmicro.com/"Solo Antivirus 01
1 7somatic0 11somatic.exe1 00 22Searchcentrix hijacker54http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp0
1 7msn.exe0  7son.exe1 00 36Added by the Troj/StartPa-GS trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpags.html0
0 7SonnReg0 11SonnReg.exe1 00 78Part of E-Color 3Deep for color calibration. Possibly a registration reminder?97http://www.ecolor.com/page.asp?content=colorific_and_3deep&amp;lev1=1&amp;lev2=1_4&amp;lev3=1_4_10
1 8SonudMan0 12SonudMan.exe1 00104Added by the Trojan.Startpage.Q browser hijacker.  This file hijacks the browser to open www.joyiex.com.79http://www.sarc.com/avcenter/venc/data/trojan.startpage.q.html#technicaldetails0
1 8SonudMon0 12SonudMon.exe1 00 33Added by the Troj/Lewor-J Trojan.56http://www.sophos.com/virusinfo/analyses/trojleworj.html0
214image transfer0 12SonyTray.exe1 00119Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually. 01
320Picture Package Menu0 12SonyTray.exe122StartUp menu\All users0 59SonyTray.exe 1, 0, 31121, 1, Sony Corporation. SonyTray.exe39http://www.absolutestartup.com/startup/1
0 8sophagnt0 12sophagnt.exe1 00 53Possibly related to Sophocles Screenwriting Software? 7#FF00000
127SOProc_RegSoAlertWxLiteNnAj0 10soproc.exe1 00 33Identified as Adware.MyWebSearch. 01
1 6regrun0  8sory.exe1 00 22New Purityscan Variant 01
1 3SOS0  7SOS.exe1 00 26Added by the PHILIS VIRUS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.html0
013SoSyncMonitor0 17SoSyncMonitor.exe1 00 20SuperOffice related.27http://www.superoffice.com/0
123SOUNDMAN Microsoft Help0  8soun.pif1 00133Added by the W32/Rbot-AIU worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaiu.html0
1 5AUDIO0  9SOUND.exe1 00 46Added by the Dial/Ployb-A premium porn dialer.56http://www.sophos.com/virusinfo/analyses/dialployba.html0
128Microsoft Server Application0  9Sound.exe1 00 26Added by the RBOT-NE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotne.html0
110[not used]0 17sound_drive16.exe1 00 43Added by the Troj/Bdoor-GP backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html0
122Microsoft Sound Driver0 11sound32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114Sound services0 11SOUND32.EXE1 00 28Added by the AGOBOT.GG WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GG0
115[Various Names]0 11sound64.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
111Micr Update0 16soundblaster.exe1 00 27Added by the SDBOT.NP WORM!90http://no.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.NP0
115logitech camera0 13Soundcane.exe1 00 40Added by an unidentified WORM or TROJAN! 01
111soundcontrl0 15soundcontrl.exe1 00 29Added by the GAOBOT.AFJ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afj.html0
132Compaq Sound Drivers For WINDOWS0 11sounddr.exe1 00 12Added by the38W32/Sdbot-XG WORM/IRC backdoor trojan!0
127Windows Stand Sound Drivers0 12Sounddrv.exe1 00 12Added by the38W32/Sdbot-XF WORM/IRC backdoor trojan!0
120WIN32 Sound Drivers.0 11sounddv.exe1 00133Added by the W32/Tilebot-Z worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tilebotz.html0
1 8soundfun0 12soundfun.exe1 00 36Added by the Troj/Banloa-AKQ Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloaakq.html0
011SISSoundman0 12Soundman.exe1 00 59Related to a Silicon Integrated Systems Corp (SiS) product? 01
2 8SoundMan0 12SOUNDMAN.EXE1 00 82Realtek Sound Manager 5.1.0.42, Realtek Semiconductor Corp.. Realtek Sound Manager 01
2 8soundman0 12soundman.exe1 00127System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start - Settings- Control Panel 01
311SISSoundman0 12Soundman.exe1 00 59Related to a Silicon Integrated Systems Corp (SiS) product? 01
1 8SoundMAX0 12SoundMAX.exe1 00 30Added by the W32/Rizon-A worm.55http://www.sophos.com/virusinfo/analyses/w32rizona.html0
1 7Soundmx0 11Soundmx.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
118MotherBoard Sounds0 10SOUNDS.EXE1 00 12Added by the38W32/Rbot-AAP WORM/IRC backdoor trojan!0
127microsoft intrenet explorer0 13Soundsyst.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9soundtask0 13soundtask.exe1 00 28Added by the AGOBOT-MD WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotmd.html0
110soundtasks0 14soundtasks.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
111soundtctrls0 15soundtctrls.exe1 00 28Added by the AGOBOT-ZV WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotzv.html0
1 8sounofts0 12sounofts.exe1 00 28Added by the AGOBOT-ND WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnd.html0
114sountskmanager0 11sountaskmgr1 00 40Added by an unidentified WORM or TROJAN! 01
111autoupdater0  7sox.exe1 00 54Added by the Troj/LdPinch-DH password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojldpinchdh.html0
119WindowsProxyService0  8sox1.exe1 00 45Added by the Troj/Proxyser-S backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojproxysers.html0
311SP TimeSync0 15SP TimeSync.exe2 00 99SP TimeSync lets you synchronize your computer's clock with any Internet atomic clock (time server)33http://www.spdialer.com/timesync/0
1 2sp0  6sp.reg1 00 80IE search hijacker - changes the default search to http://www.gocybersearch.com/ 01
3 4nwss0  7Sp0.exe1 00105Added by the  SpyOutside surveillance software. Uninstall this software unless you put it there yourself.66http://www.symantec.com/avcenter/venc/data/spyware.spyoutside.html0
122Windows Update Service0 11SP00ISS.exe1 00130Added by the W32/Sdbot-ZH worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzh.html0
1 7huigezi0 11SP00LSV.EXE1 00 28Added by Backdoor.Graybird.J63http://www.sarc.com/avcenter/venc/data/backdoor.graybird.j.html0
1 7SP00LSV0 11Sp00lsv.exe1 00 31Added by the GRAYBIRD.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.e.html0
124(L4r1$$4) (4nt1) (V1ruz)0 13SP00Lsv32.pif1 00144Added by the W32/Assiral-B WORM! This worm will terminate processes and also install/run a file C:\WINDOWS\WinVBS.vbs to restrict user activity.57http://www.sophos.com/virusinfo/analyses/w32assiralb.html0
116Cinnabd Prompt320 13SP00Lsv32.pif1 00148Added by the W32/Assiral-B WORM! This worm will also install and run a file C:\WINDOWS\WinVBS.vbs to restrict user activity and terminate processes.57http://www.sophos.com/virusinfo/analyses/w32assiralb.html0
1 9MSLARISSA0 13SP00Lsv32.pif1 00148Added by the W32/Assiral-B WORM! This worm will also install and run a file C:\WINDOWS\WinVBS.vbs to restrict user activity and terminate processes.57http://www.sophos.com/virusinfo/analyses/w32assiralb.html0
1 7SVCH0TS0 11sp00lvs.exe1 00 82Added by the Troj/Lineage-AZ password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageaz.html0
110SP1-Update0 13sp1update.exe1 00143Added by the W32/Rbot-JG trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotjg.html0
1 8Firewall0 14SP2 UPDATE.exe2 00183Added by the W32/Elitper-E WORM, and it will exploit P2P applications. Many additional files are created in varios folders found in Documents and Settings and Program Files locations.57http://www.sophos.com/virusinfo/analyses/w32elitpere.html0
118fdr command module0  7sp2.exe1 00 28Added by the  SDBOT.WP WORM!104http://ww0
124Microsoft Update Machine0  7SP2.exe1 00 28Added by the SPYBOT.FP WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SPYBOT.FP0
110sp2chk.exe0 10sp2chk.exe1 00 22blankALUROOT.A TROJAN! 01
014sp2connpatcher0 18sp2connpatcher.exe1 00100Unidentified - possibly part of the "Warez"  P2P client software what does it do and is it required? 01
322sp2 connection patcher0 18SP2ConnPatcher.exe1 00 70Changes limit of concurrent TCP connections of Windows Service Pack 2. 01
1 6sp2ctr0 10sp2ctr.exe1 00 28Added by the DLUCA-M TROJAN!56http://www.sophos.com/virusinfo/analyses/trojdlucam.html0
126Windows Service Pack 2 Fix0 12sp2fix32.exe1 00 48Added by the W32/Rbot-BYA worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbya.html0
1 7sp2fwxp0 11sp2fwxp.exe1 00 36Added by the WIN32.SMALL.ABW TROJAN! 01
1 9sdfsdfsdf0 13sp2update.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9sp2update0 13sp2update.exe1 00 49Added by the Adware.SP2Update adware and spyware.60http://www.sarc.com/avcenter/venc/data/adware.sp2update.html0
118Windows SP2 Update0 13Sp2update.exe1 00 29Added by the WOOTBOT.BS WORM!90http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.BS0
115Winsock32driver0 15sp2XPupdate.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 6Win3860  8sp32.dll1 00 54Homepage hijacker. Not a dll but a regfile in disguise 01
123microsoft updates 5 usb0 12sp3fixer.exe1 00 26Added by the  W32/Rbot-ADS56http://www.sophos.com/virusinfo/analyses/w32rbotads.html0
312spamihilator0 16spamihilator.exe1 00 26Spamihilator - spam filter28http://www.spamihilator.com/0
312Spamihilator0 16spamihilator.exe1 00 52Spamihilator 0, 9, 9, 9, Michel Krämer. Spamihilator 01
3 6MSKExe0 14spamkiller.exe1 00 18McAfee  SpamKiller80http://us.mcafee.com/root/PkgPricePlan.asp?pkgid=123&amp;ACTION=BUY&amp;cid=51770
3 7SpamPal0 11spampal.exe1 00 24SpamPal - anti-spam tool26http://www.spampal.org.uk/0
311Spam Sleuth0 14SpamSleuth.exe1 00 41Spam Sleuth E-mail spam detection program 01
312spamsubtract0 14SpamSub.exe -q225StartUp menu\Current user0 67SpamSubtract from interMute 1,0,0,76, interMute, Inc.. SpamSubtract39http://www.absolutestartup.com/startup/1
312SpamSubtract0 16SpamSubtract.exe1 00 65Intermute SpamSubtract - junk email detection and removal program38http://www.intermute.com/spamsubtract/0
312spamsubtract0 19SpamSubtract.exe -q2 00 67SpamSubtract from interMute 1,0,0,66, interMute, Inc.. SpamSubtract 01
117Anti Spam Service0 11spamsvc.exe1 00127Added by the W32/Mytob-BK worm. When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobbk.html0
115Systems Restart0 11spchost.exe1 00 43Added by a variant of the BANCOS.RF TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANCOS.RF0
321Speaking Clock Deluxe0 11SpClDlx.exe1 00219Speaking Clock Deluxe - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly33http://www.lux-aeterna.com/clock/0
1 3Ill0  7Spd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
424cFosSpeed System Service0  7spd.exe1 00 30Internet acceleration program. 01
1 8wincheck0 12spdcheck.exe1 00 47A variant of the Tilebot worm and IRC backdoor. 01
124service pack dll runtime0 11spdll32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110[not used]0  8spdr.exe1 00 35Added by the Troj/Zagaban-E Trojan.58http://www.sophos.com/virusinfo/analyses/trojzagabane.html0
2 8Spdstart0 12Spdstart.exe1 00124Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel." 01
211DSL Monitor0 11spdstrm.exe1 00 94Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray 01
1 9PcEXPLODE0 15specialfile.exe1 00 26Added by the RBOT.RH WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.RH0
113SpecialOffers0 30SpecialOffers*.exe [* = digit]2 00178Specialoffersnetworks.com adware. "Special Offers is a state of the art advertising product that delivers to you contextually relevant web offers including discounts and coupons" 01
113SpecialOffers0 17SpecialOffers.exe1 00178Specialoffersnetworks.com adware. "Special Offers is a state of the art advertising product that delivers to you contextually relevant web offers including discounts and coupons" 01
1 8specific0 12specixic.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
221FastTrack Accelerator0 12SPEED UP.EXE2 00136FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus40http://www.sharemonkey.com/fta/index.php0
3 9SpeedBoot0 19SpeedBoot.exe -hklm211HKEY_LM\Run0 41SpeedBoot 1.5.0.3, Power Admin. SpeedBoot39http://www.absolutestartup.com/startup/1
3 8SpeedFan0 12speedfan.exe125StartUp menu\Current user0 48SpeedFan 4.23, Almico Software (www.almico.com).39http://www.absolutestartup.com/startup/1
325Microsoft Intellitype Pro0 12speedkey.exe1 00 57Additional keyboard shortcuts on MS programmable keyboard 01
3 8Speedkey0 12SPEEDKEY.EXE1 00  0 01
310SpeedMeter0 14SpeedMeter.exe1 00 47Application measuring upload and download speed 01
214T-DSL SpeedMgr0 12SpeedMgr.exe1 00 76T-DSL SpeedManager 5, 2, 0, 1, T-Systems Nova, Berkom. T-DSL SpeedManager UI 01
214T-DSL SpeedMgr0 12speedmgr.exe1 00 98T-Online ISP SpeedManager - shows upload and download speed. Also checks for updates automatically 01
313speedswitchxp0 17SpeedswitchXP.exe1 00 73SpeedswitchXP is a CPU frequency control for notebooks running Windows XP35http://www.diefer.de/speedswitchxp/0
3 9Speed Tec0 12speedtec.exe1 00248Accel SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled45http://www.montanasoft.com/speedtec/index.asp0
311speedupmypc0 15SpeedUpMyPC.exe1 00157SpeedUpMyPC "automatically fine-tunes all your resources including hardware, system settings and internet usage to operate at peak performance at all times."58http://www.lidownloads.com/partners/sites/sofotex/speedup/0
311SpeedUpMyPC0 23speedupmypc.exe traybar222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 6Spees20 10Speedy.bat1 00 29Added by the OPASERV.AD WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html0
1 6Spees30 10SPEEDY.PIF1 00 29Added by the OPASERV.AD WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AD0
1 6Spees10 10speedy.scr1 00 28Added by the OPASERV.Y WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.Y0
4 3smc0 10spfsmc.exe1 00 15Sygate Firewall 01
411SMC Service0 10spfsmc.exe1 00  0 01
411SmcServices0 10spfsmc.exe1 00 15Sygate Firewall 01
3 8zSPGuard0 11Spguard.exe1 00229StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'.38http://pjwalczak.com/spguard/index.php0
117Windows Firewalll0 10sphost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
410SpIDerMail0 12spiderml.exe1 00 42DrWeb antivirus Spider Mail e-mail scanner38http://www.drweb-online.de/index_e.htm0
212Spinner Plus0 11spinner.exe1 00339Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness. Available via Start - Programs 01
0 7spkrmon0 11spkrmon.exe1 00 32SoundMAX SpeakerMonitor service. 01
216myCIO.com Splash0 10Splash.exe1 00 55Splash screen for McAfee VirusScan ASaP on-line scanner60http://www.mcafeeasap.com/content/virusscan_asap/default.asp0
225Introducing Media Manager0 11SPLASHA.EXE1 00 35MS Media Manager tour. Not required69http://www.frontpageworld.com/frontpagetools/mediamanager/default.htm0
312tabletwizard0 12SPLSHWRP.EXE1 00  9Microsoft21http://microsoft.com/0
1 7default0  9splvs.exe1 00153Added by the WORM_SDBOT.FS backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.FS&VSect=T0
226SPMonitor_-_Personal_Guard0  7spm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
012SonyPowerCfg0  9SPMgr.exe1 00 51Related to Sony Power Management for VAIO Computers 01
312SonyPowerCfg0  9SPMgr.exe111HKEY_LM\Run0 57Sony Power Management 1.6.0, Sony Corporation. SPM Module39http://www.absolutestartup.com/startup/1
310changeicon0 11SPMSMON.EXE1 00145Card reader related program. Note: May cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem. 01
1 4SPnt0  8SPnt.exe1 00 34Premium rate adult content dialler 01
314SpeedOptimizer0  7spo.exe1 00162SpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication30http://www.speedoptimizer.com/0
314SpeedOptimizer0 10SPO.EXE -s2 00 55SpeedOptimizer Application 2, 0, 0, 3, . SpeedOptimizer 01
312SpokeSysTray0 16SpokeSysTray.exe1 00286Spoke Software client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry"48http://www.spoke.com/products/enterpriseFAQ.html0
111helpmanager0 10spoler.exe1 00 27Added by the RANDEX.J WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.j.html0
115Shell Extension0 11spollsv.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
114print services0 14spolserv32.exe1 00 27Added by the  RBOT.ZP WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ZP&VSect=P0
112SpoolService0 10spolsv.exe1 00 28Added by the AGOBOT-CS WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotcs.html0
115Winsock2 driver0 10SPOLSV.EXE1 00 28Added by the SPYBOT-CM WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcm.html0
1 2[]0 12spolsvr2.exe1 00 32Added by the EVILSOCK.10 TROJAN! 01
1 8spolsvr20 12spolsvr2.exe1 00199Added by the Win32/Evilsock.10 TROJAN! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot.  Name field may be empty. 01
1 7spoo1sv0 11spoo1sv.exe1 00 28Added by the SOULJET TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.souljet.html0
1 7SVCH0ST0 11spoo1sv.exe1 00 31Added by the Troj/VB-HF trojan.54http://www.sophos.com/virusinfo/analyses/trojvbhf.html0
123SpoolerSubSystemProcess0 11SpooI32.exe1 00104Added by the EHKS.21 keylogger! Note - the "I" between "o" and "3" is a captial "i" not a lower case "L"49http://www.pestpatrol.com/pestinfo/e/ehks_2_1.asp0
121Spooler SubSystem App0 11spooIsv.exe1 00 32Added by the W32.Linkbot.M worm.74http://www.sarc.com/avcenter/venc/data/w32.linkbot.m.html#technicaldetails0
129Logical Disk Manager Provider0  9spool.exe1 00 34Added by the Troj/Agent-DA trojan.57http://www.sophos.com/virusinfo/analyses/trojagentda.html0
113Print Spooler0  9spool.exe1 00 43Added by the Troj/Bdoor-IS backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdooris.html0
116Printer Services0  9spool.exe1 00108Added by the W32/Rbot-RL worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrl.html0
121Printer spool Service0  9spool.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
112spool loader0  9spool.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112Spool lptt010  9spool.exe1 00184Variant of the  RapidBlaster parasite (in a &quot;spool&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112Spool ml097e0  9spool.exe1 00174Variant of the  RapidBlaster parasite (in a "spool" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
115Windows Spooler0  9spool.exe1 00134Added by the W32/Sdbot-ADP worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotadp.html0
124Windows Spooler Services0  9spool.exe1 00126The W32/Agobot-AMO WORM adds this to corrupt the HOSTS file, terminate processes,and open a backdoor on the infected computer.58http://www.sophos.com/virusinfo/analyses/w32agobotamo.html0
1 9MSWindows0 11spool16.exe1 00 29Added by the Avkiller.Trojan.59http://www.sarc.com/avcenter/venc/data/avkiller.trojan.html0
126Spooler Sub System Process0 11SPOOL32.EXE1 00 26Added by the YAB.A TROJAN!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YAB.A0
127Windows SpoolaPrint Service0 13spoolasrv.exe1 00133Added by the W32/Sdbot-AYD worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotayd.html0
113Event Monitor0 12spoolcll.exe1 00 33Added by the W32.Spybot.IVQ worm.92http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.ivq.html#technicaldetails0
114system service0 12spoolcrv.cpl1 00 30Added by the INSPIR.11 TROJAN! 01
119Print Spool Handler0 11spooler.exe1 00 31Added by the W32/Codbot-X worm.56http://www.sophos.com/virusinfo/analyses/w32codbotx.html0
115Printer Spooler0 11spooler.exe1 00 77Added by the Troj/Delf-JJ Trojan!  File is found in the root of the C: drive.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
122windows system gateway0 11SPOOLER.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115Printer Spooler0 13spooler32.exe1 00 45Added by the W32/Sharp-L IRC backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32sharpl.html0
132Windows Config for Spool Service0 13SPOOLER32.EXE1 00152Added by the W32/Sdbot-DX backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdx.html0
126Windows SpoolPrint Service0 14spoolersrv.exe1 00128Added by the W32/Sdbot-ZT worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzt.html0
120System Tray Services0 13spooles32.exe1 00 28Added by the AGOBOT.ZH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZH&VSect=T0
1 8vscanner0 12spooll32.exe1 00 32Added by the OPTIXPRO.10 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.100
1 5spool0 11spoollv.exe1 00133Added by the W32/Sdbot-AES worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaes.html0
115spoolsv manager0 12SpoolMgr.exe1 00 75Added by the W32/Assiral-A Infection!  File is found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/w32assirala.html0
124Windows Spoolsrv Service0 12spoolmsv.exe1 00128Added by the W32/Sdbot-ZS worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzs.html0
112Start Upping0 11spoolnt.exe1 00 50Added by the W32/Rbot-TM WORM/IRC backdoor trojan!55http://www.sophos.com/virusinfo/analyses/w32rbottm.html0
124Microsoft Windows Update0 10spools.exe1 00 27Added by the SDBOT.TD WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/virus_encyclopedia.php?VName=WORM_SDBOT.TD0
113Print Spooler0 10spools.exe1 00 26Added by the RBOT-LD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotld.html0
1 8Shellspl0 10spools.exe1 00 32Added by an unidentified TROJAN! 01
125Spools Service Controller0 10spools.exe1 00 12Added by the420W32/Kassbot-C. It will modify the HOSTS f0
117Microft Exploerer0 12spoolsac.exe1 00132Added by the W32/Rbot-AMD worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamd.html0
115Windows Updated0 12spoolsac.exe1 00 48Added by the W32/Rbot-BBX worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbx.html0
114Micrcoft Updat0 12spoolsae.exe1 00133Added by the W32/Rbot-AIB worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaib.html0
115Windows Updated0 12spoolsae.exe1 00133Added by the W32/Rbot-APM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapm.html0
114Micrcoft Updat0 13spoolsaex.exe1 00133Added by the W32/Rbot-AJM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajm.html0
118Micrcoft Exploerer0 12spoolsal.exe1 00132Added by the W32/Rbot-AKK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakk.html0
1 8WCESMngr0 11spoolsb.exe1 00120An Agobot WORM/IRC backdoor variant adds this to provide unauthorised access which will allow multiple actions to occur.57http://www.sophos.com/virusinfo/analyses/w32agobotqz.html0
1 9rpc win320 12spoolscv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
117Microsoft DirectX0 13Spoolserv.exe1 00 25Added by the DINFOR WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.worm.html0
1 7reggsdg0 13spoolserv.exe1 00 27Added by the SDBOT-MS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotms.html0
1 9spoolserv0 13spoolserv.exe1 00 27Added by the SDBOT-PN WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpn.html0
126Windows spoolservr Service0 14spoolservr.exe1 00134Added by the W32/Sdbot-AAN worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaan.html0
124Windows Spoolsre Service0 12spoolsre.exe1 00134Added by the W32/Sdbot-AAE worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaae.html0
119Microsoft Client Pc0 12spoolsrv.exe1 00133Added by the W32/Rbot-AQM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaqm.html0
132Microsoft Spool Server for Win320 12spoolsrv.exe1 00 27Added by the RANDEX.H WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.h.html0
113Spool Manager0 12spoolsrv.exe1 00 94Added by the Troj/Banker-FR password stealing Trojan targeted at customers of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerfr.html0
115Spooler Service0 12Spoolsrv.exe1 00 30Added by the JOINER.C1 TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JOINER.C10
119Windows DLL Tracker0 12spoolsrv.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
120Windows Spool Server0 12spoolsrv.exe1 00133Added by the W32/Sdbot-ACT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotact.html0
115Windows Spooler0 12SPOOLSRV.EXE1 00 27Added by the SPYBOT.P WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.P0
119Srv32 spool service0 14spoolsrv32.exe1 00 93Topantispyware.com malware, recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b36http://www.kaspersky.com/personalpro0
114AdobeReaderPro0 11spoolss.exe1 00 49Added by the W32/Sdbot-AKZ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotakz.html0
125printer spooler subsystem0 11spoolss.exe1 00218Added by a variant of the  WIN32.RBOT WORM! - Note - this is NOT the legitimate Windows  spoolss.exe process,  located in the Winnt/System32 or Windows\System32 folder,  and which should NOT figure in Msconfig/Startup!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124windows spoolsrv service0 12spoolssv.exe1 00135Added by the W32/Sdbot-AWV worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotawv.html0
1 6System0 11SPOOLSU.EXE1 00 90Added by the Troj/Banker-BJ password stealing Trojan! File is found in the Windows folder.58http://www.sophos.com/virusinfo/analyses/trojbankerbj.html0
117Spooler Subsystem0 12spoolsub.exe1 00134Added by the W32/Sdbot-ABG worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotabg.html0
125Windows Spoolsurf Service0 13spoolsurf.exe1 00133Added by the W32/Sdbot-ZZ worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzz.html0
1 5load=0 11Spoolsv.exe1 00162Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html0
113Print Spooler0 11Spoolsv.exe1 00163Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html0
1 7Spoolsv0 11Spoolsv.exe1 00163Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file 01
117SunJavaUpdatSched0 11spoolsv.exe1 00 36Added by the Troj/Bancban-NP Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbannp.html0
111msn updates0 13spoolsv32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115spoolsv service0 13spoolsv32.exe1 00133Added by the W32/Rbot-AHP worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotahp.html0
1 9SPOOLSV320 13SPOOLSV32.EXE1 00 39Added by the Troj/CWS-I Trojan dropper.54http://www.sophos.com/virusinfo/analyses/trojcwsi.html0
1 8spoolsvc0 12spoolsvc.dll1 00141Added by the Troj/Dropper-AT trojan dropper.  The presence of this infection usually means there is other malware installed on your computer.59http://www.sophos.com/virusinfo/analyses/trojdropperat.html0
112spoolsvc.dll0 12spoolsvc.dll1 00 47Added by the Troj/SCKeyLog-L keylogging Trojan.59http://www.sophos.com/virusinfo/analyses/trojsckeylogl.html0
118Microsoft MSUPDATE0 12SpoolSvc.exe1 00 27Added by the SXTB-A TROJAN!55http://www.sophos.com/virusinfo/analyses/trojsxtba.html0
119SPOOL Configuration0 12spoolsvc.exe1 00 27Added by the SDBOT-KD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotkd.html0
121Spooler SubSystem App0 12spoolsvc.exe1 00 44Added by the W32/Poebot-J WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotj.html0
129Spooler SubSystem Application0 12spoolsvc.exe1 00 36Added by the Troj/Dloader-NY trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderny.html0
120Spooler Subsytem App0 12spoolsvc.exe1 00 27Added by the SDBOT-MM WORM!57http://www.sophos.com/virusinfo/analyses/trojsdbotmm.html0
1 8spoolsvc0 12spoolsvc.exe1 00 12Added by the16Troj/Dropper-AT.0
1 7Systems0 12spoolsvc.exe1 00 47Added by the Troj/Dloadr-SW downloading Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrsw.html0
118Win32 System Spool0 12spoolsvc.exe1 00 27Added by the SDBOT.UK WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UK0
122WINDOWS SYSTEM MANAGER0 12spoolsvc.exe1 00132Added by the W32/Mytob-LY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobly.html0
113Print Spooler0 14spoolsvc32.exe1 00 29Added by the SDBOT.BB TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.BB0
119spool server daemon0 14SPOOLSVD32.EXE1 00 23Win32.Rbot worm variant64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6SYStry0 12spoolsvr.exe1 00 27Added by the SDBOT.GN WORM!88http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=429840
118vital load process0 12Spoolsvr.exe1 00 28Added by the  RBOT.AIF WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AIF&VSect=P0
1 8Winspool0 12spoolsvr.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
112spoolsvs.exe0 12spoolsvs.exe1 00 47Added by the Troj/Dloader-RK downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderrk.html0
1 5ALG320 12SPOOLSVU.EXE1 00 90The Troj/Agent-CJ TROJAN drops this file, alg32.exe and htass.dll into the Windows folder.57http://www.sophos.com/virusinfo/analyses/trojagentcj.html0
1 8spoolsvu0 12SPOOLSVU.EXE1 00 33Added by the  StartPage.K TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.k.html0
1 8spoolsvv0 12spoolsvv.exe1 00 22Searchcentrix hijacker54http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp0
112MicrosoftSys0 12SPOOLSYS.exe1 00 54Added by the PWSteal.Tarno.N password-stealing Trojan.76http://www.sarc.com/avcenter/venc/data/pwsteal.tarno.n.html#technicaldetails0
127Windows SpooltPrint Service0 13spooltsrv.exe1 00135Added by the W32/Sdbot-AYE worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaye.html0
113spool loadkit0 10spoolv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Spooler SubSystem App0 10spoolv.exe1 00225Added by the W32/Sdbot-BN backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.  This infection also steals cd keys from popular games and applications.56http://www.sophos.com/virusinfo/analyses/w32sdbotbn.html0
113System-Config0 10spoolv.exe1 00225Added by the W32/Sdbot-Br backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.  This infection also steals cd keys from popular games and applications.56http://www.sophos.com/virusinfo/analyses/w32sdbotbr.html0
1 6spoolv0 10spoolv.sys1 00133Added by the W32/Sdbot-AES worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaes.html0
1 9[unknown]0 12SPOOLVLC.EXE1 00142Added by the W32/Sdbot-HD worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbothd.html0
119Microsoft Update 320 11spoolvs.exe1 00 48Added by the W32/Rbot-BBQ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbq.html0
1 7spoolvs0 11spoolvs.exe1 00 29Added by the  SDBOT.AUS WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AUS&VSect=P0
116start extracting0 11spoolvs.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116start extracting0 12spoolvse.exe1 00193Added by the W32/Rbot-XF WORM/backdoor Trojan.  It allows unauthorized access by malicious user(s) of the IRC network, killing processes and participating in DoS attacks among other activities.55http://www.sophos.com/virusinfo/analyses/w32rbotxf.html0
124Windows Spoolvvv Service0 12spoolvvv.exe1 00134Added by the W32/Sdbot-AAW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotaaw.html0
112Service Host0 11spoolxx.exe1 00 25Added by the TORVEL WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel@mm.html0
0 7TSPower0 10spower.drv1 00 55Found on a Toshiba laptop. Related to power management? 01
0 9sppbridge0 13sppbridge.exe1 00161Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually?  01
2 6csaRem0 12spqmdmui.exe1 00 30Compaq modem country selection 01
010SprintPort0 15SprintPortA.exe1 00 31Novatel wireless modem related. 01
310SSPrnAgent0 13SPrnAgent.exe111HKEY_LM\Run0 34OmniPage Pro 14.0, ScanSoft, Inc..39http://www.absolutestartup.com/startup/1
1 7Sproc320 11sproc32.exe1 00 34Added by the Troj/Rightu-A trojan.57http://www.sophos.com/virusinfo/analyses/trojrightua.html0
1 7Sproc320 12sproc32.exe.1 00 34Added by the Troj/Rightu-A trojan.57http://www.sophos.com/virusinfo/analyses/trojrightua.html0
3 5spsvc0  9spsvc.exe1 00108Added by the Hacktool.Spagent surveillance tool.  If you did not install this software it should be removed.60http://www.sarc.com/avcenter/venc/data/hacktool.spagent.html0
110SP service0  9spsys.exe1 00 49Added by the W32/Codbot-AV worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32codbotav.html0
4 4sptd0  8sptd.sys1 00128Driver used by the CD Rom emulation program, Daemon Tools Version 4.  There have been some reports of problems with this driver.27http://www.daemon-tools.cc/0
017Sony SPTI Service0 11Sptisrv.exe1 00 56Legitimate service from Sony.  Anyone know what it does? 01
323Ńîęđŕň Ďĺđńîíŕëüí˙ů 4.10  7spv.exe125StartUp menu\Current user0 78Socrat Personal 4, 1, 1, 11, Arsenal Company. Socrat Personal Interface Module39http://www.absolutestartup.com/startup/1
2 8IC_KEY_30  9spvic.exe1 00 21Instant Chess related58http://www.instantchess.com/?SN=Z4dMzyutgpE9Pspv&amp;ABT=30
126Microsoft Windows Security0 11spvsper.exe1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
110wnxpupdate0 12spvspool.exe1 00 47Added by the W32.Dabora.B@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.dabora.b@mm.html#technicaldetails0
123The Service Pack Loader0  8spxp.exe1 00 48Added by the W32/Rbot-BYM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbym.html0
3 61Srv320 13SpyAgent4.exe1 00111SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."41http://www.spytech-web.com/spyagent.shtml0
3 8Srv32Win0 13SpyAgent4.exe1 00  0 01
3 8Srv32Win0 13SpyAgent4.exe1 00146SpyAgent - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it41http://www.spytech-web.com/spyagent.shtml0
1 7Printer0 14Spyassault.exe1 00 50Dubious "spyware killer" - see here. To be avoided14spyware killer0
3 7printer0 21SpyAssaultScanner.exe1 00 89SpyAssault keystroke logger/monitoring program - remove unless you installed it yourself!66http://www.symantec.com/avcenter/venc/data/spyware.spyassault.html0
1 6spyaxe0 10spyaxe.exe1 00112Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
1 6spyban0 10SpyBan.exe1 00 92Spyware remover of dubious repute - see  this list of non-Recommended anti parasite software33of dubious repute - see  <a href=0
1 8SpyBlast0 12SpyBlast.exe1 00 90Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others 01
311Spy Blocker0 14spyblocker.exe1 00319SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all47http://personal.atl.bellsouth.net/mia/k/r/kryp/0
310SpyBlocker0 14spyblocker.exe1 00318SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but cant exchange data with the server to which it should report. Ensuring spyware cant communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all.47http://personal.atl.bellsouth.net/mia/k/r/kryp/0
1 8SpyBlocs0 12SpyBlocs.exe1 00 26Rogue anti-spyware program59http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm0
111spyblocs3.00 15SpyBlocs3.0.exe1 00 27Rogue anti-spyware program.59http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm0
3 9SpyBotSnD0 12Spybotsd.exe1 00 78Spybot - Search & Destroy - free multi-spyware removal tool from Patrick Kolla34http://spybot.safer-networking.de/0
325Spybot - Search & Destroy0 12SpybotSD.exe125StartUp menu\Current user0 74SpyBot-S&D 1, 4, 0, 0, Safer Networking Limited. Spybot - Search & Destroy39http://www.absolutestartup.com/startup/1
3 9SpybotSnD0 23SpybotSD.exe /autocheck2 00 75SpyBot-S&D 1, 3, 0, 12, Safer Networking Limited. Spybot - Search & Destroy 01
3 9SpybotSnD0 32SpybotSD.exe /autocheck /autofix2 00  0 01
114Spybott lptt010 11spybott.exe1 00176Variant of the  RapidBlaster parasite (in a "Spybott" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Spybott ml097e0 11spybott.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
3 91Win32Cfg0 12SpyBuddy.exe1 00 28SpyBuddy monitoring software46http://www.parental-controls.com/spy_buddy.asp0
319SpyCatcher Reminder0 23SpyCatcher.exe reminder211HKEY_LM\Run0 61SpyCatcher 3.5, Tenebril Inc.. SpyCatcher anti-spyware system39http://www.absolutestartup.com/startup/1
111spy-control0 15Spy-Control.exe1 00 92Spyware remover of dubious repute - see  this list of non-recommended anti parasite software33of dubious repute - see  <a href=0
3 9SpyderBar0 13SpyderBar.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
314Spyware Doctor0 13spydoctor.exe1 00 30Spyware Doctor spyware remover38http://www.pctools.com/spyware-doctor/0
115[Various Names]0 11SpyElim.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9SpyFalcon0 13SpyFalcon.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
117spyfightermonitor0 14SpyFighter.exe1 00 92Spyware remover of dubious repute - see this  list of non-Recommended anti parasite software38of dubious repute - see this  <a href=0
2 9SpyHunter0 13SpyHunter.exe1 00 64SpyHunter - spyware remover of somewhat dubious repute, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note0
3 9Spykiller0 13Spykiller.exe1 00119Shareware "Spyware remover" of questionable quality and repute. There are better alternatives that are freeware to boot 01
3 9SpyKiller0 22spykiller.exe /startup211HKEY_CU\Run0 62SpyKiller 2005 1.00, www.spykiller.com. SpyWare/AdWare Remover39http://www.absolutestartup.com/startup/1
1 8SpyNuker0 12Spynuker.exe1 00314A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers ‘TrekData’ and ‘Blue Haven Media’, who distribute spyware through ActiveX drive-by-download on web pages 01
110SpySheriff0 14SpySheriff.exe1 00110Rogue antispyware application.  Should be uninstalled due to its false positives and sneaky way of installing. 01
210SpySpotter0 14SpySpotter.exe1 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
210SpySpotter0 23SpySpotter.exe -startup2 00 28SpySpotter 3.01, Oemtec LTD. 01
310SpyStopper0 14spystopper.exe1 00138SpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked36http://www.itcompany.com/Privacy.htm0
311SpySubtract0 10SpySub.exe1 00 40SpySubtract - multi spyware removal tool37http://www.intermute.com/spysubtract/0
311spysubtract0 21SpySub.exe -autostart222StartUp menu\All users0 58SpySubtract 2.64, InterMute, Inc.. SpySubtract Program EXE39http://www.absolutestartup.com/startup/1
310SpySweeper0 14SpySweeper.exe1 00 41Spy Sweeper - detects and removes spyware55http://www.webroot.com/wb/products/spysweeper/index.php0
310SpySweeper0 17SpySweeper.exe /02 00 56Spy Sweeper 1.0.0.0, Webroot Software, Inc.. Spy Sweeper 01
310SpySweeper0 17SpySweeper.exe /12 00 52Spy Sweeper 3.5, Webroot Software, Inc.. Spy Sweeper 01
310SpySweeper0 27SpySweeper.exe /startintray2 00 71Spy Sweeper 4, 5, Webroot Software, Inc.. Spy Sweeper Client Executable 01
415spy sweeper fix0 17SpySweeperFix.bat1 00 30Related to  Webroot_SpySweeper23http://www.webroot.com/0
110spytrooper0 14SpyTrooper.exe1 00 67SpyTrooper,  malware,  posing as a spyware remover - alse see  here72http://virus.headliner.org/headliner.php?c=us&id=1159&abbr=pandasoftware0
327Spyware Guard Control Panel0 12spywar~1.exe1 00 88p align=left&quot;SpywareGuard provides a real-time protection solution against spyware"48http://www.wilderssecurity.net/spywareguard.html0
1 7Spyware0 11Spyware.exe1 00132p align=leftBPS Spyware Remover - reportedly uses an old, "borrowed" SpyBot database. Read this and this. Do not support these guys! 8borrowed0
214Spyware Begone0 17SpywareBeGone.exe1 00 73Spyware BeGone - free spyware removal utility. Not recommended - see note52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
115spyware cleaner0 18SpywareCleaner.Exe1 00118Spyware remover  of dubious repute  -  see the  SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites39of dubious repute  -  see the  <a href=0
315Spyware Cleaner0 24SpywareCleaner.Exe /boot211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
111spyware-cop0 15Spyware-Cop.exe1 00137Spyware-Cop alias SpywareKilla - "Spyware remover"  of dubious repute,  see this  list of Rogue/Suspect Anti-Spyware Products & Web Sites15Spyware remover0
112SpyDetectSVC0 22SpywareDetectorSVC.exe1 00178Max Spyware Detector,   bogus "Spyware remover"  - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"15Spyware remover0
119Spywareguard lptt010 16Spywareguard.exe1 00177Variant of the  RapidBlaster parasite (in a "Spyguard" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
119Spywareguard ml097e0 16Spywareguard.exe1 00177Variant of the  RapidBlaster parasite (in a "Spyguard" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
212SpywareKilla0 16SpywareKilla.exe1 00153Spyware remover of ill repute. For more info about it do a search for 'SpyareKilla' at this web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
324ANONYMIZER_SPYWAREKILLER0 17SpyWareKiller.exe1 00 25Anonymizer Spyware Killer40http://www.anonymizer.com/spywarekiller/0
324ANONYMIZER_SPYWAREKILLER0 28spywarekiller.exe /BOOT /GUI211HKEY_CU\Run0 57SpyWare Killer 2, 0, 5, 1, Anonymizer.com. SpyWare Killer39http://www.absolutestartup.com/startup/1
1 9spywareno0 13SpywareNo.exe1 00107Bogus "Spyware remover"  -  see the  SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites15Spyware remover0
123Spyware Nuker Installer0 25SpywareNukerInstaller.exe1 00326p align=leftA "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers ‘TrekData’ and ‘Blue Haven Media’, who distribute spyware through ActiveX drive-by-download on web pages 01
422Spyware Protection Pro0 24SpywareProtectionPro.exe111HKEY_LM\Run0 48Spyware Protection Pro 2.00, www.3bsoftware.com.39http://www.absolutestartup.com/startup/1
112SpywareQuake0 16SpywareQuake.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
114Spyware Slayer0 17SpywareSlayer.Exe1 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
215Spyware Stormer0 18SpywareStormer.Exe1 00 58SpywareStormer spyware remover. Not recommended - see here52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
113spywarestrike0 17SpywareStrike.exe1 00 22Rogue Spyware  product61http://www.spywarewarrior.com/rogue_anti-spyware.htm#products0
320spyware x-terminator0 12SpywareX.exe1 00 36Spyware_X-terminator spyware remover48http://www.stompsoft.com/spywarexterminator.html0
3 8SPYWATCH0 12SpyWatch.exe1 00142p align=leftBPS Spyware Remover - reportedly uses an old, &quot;borrowed&quot; SpyBot database. Read this and this. Do not support these guys!104http://ww0
3 8SPYWATCH0 21SpyWatch.exe /STARTUP2 00  0 01
111SQInstaller0 15SQInstaller.exe1 00 16Xupiter hijacker40http://doxdesk.com/parasite/Xupiter.html0
118sql server service0  7sql.exe1 00 26Added by the  W32/Rbot-ADF56http://www.sophos.com/virusinfo/analyses/w32rbotadf.html0
115windowsflashbrg0 12sqldata1.exe1 00 43Added by a variant of the  AGENT-IC TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentic.html0
1 6SQLDGM0 11sql-dgm.exe1 00112Added by the W32/Tilebot-EX worm and IRC backdoor. This infection utilizes the Remon.sys rootkit to hide itself.58http://www.sophos.com/virusinfo/analyses/w32tilebotex.html0
1 7directx0 14Sqlexploit.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
215Service Manager0 16sqlmangr.exe  /n2 00 81Microsoft SQL Server 8.00.2039, Microsoft Corporation. SQL Server Service Manager 01
215Service Manager0 12sqlmangr.exe1 00133SQL Server&nbsp;Service Manager - provides tray access to SQL server,&nbsp;the server agent and MSDTC. Available via Start - Programs 01
215Service Manager0 15sqlmangr.exe /n2 00 80Microsoft SQL Server 8.00.760, Microsoft Corporation. SQL Server Service Manager 01
1 8MSSQL2K60 10sqlsrv.exe1 00134Added by the W32/Tilebot-AV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotav.html0
114Windows Update0 10Sqltob.exe1 00 32Added by the WORM_DASHER.A worm.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDASHER%2EA&VSect=T0
217SoniqueQuickStart0 11sqstart.exe1 00 67Quickstart for Sonique audio player. Available via Start - Programs23http://www.sonique.com/0
1 8sqvynikp0 12sqvynikp.exe1 00 28Free_Scratch_Cards foistware 01
1 4sqxo0  8sqxo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8SlickRun0  6sr.exe1 00246SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL31http://www.bayden.com/SlickRun/0
1 2sm0 10sr_exe.exe1 00 30Added by the  LUKUSPAM TROJAN!63http://www.symantec.com/avcenter/venc/data/trojan.lukuspam.html0
3 7sisraid0  9SRaid.exe1 00 64Related to the  SIS_RAID system from Silicon Integrated Systems.19http://www.sis.com/0
115[Various Names]0  9srbho.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9Micro SVC0  7src.exe1 00107Added by the W32/Rbot-Q worm.  This infection connects to an IRC server where it waits for remote commands.54http://www.sophos.com/virusinfo/analyses/w32rbotq.html0
117XNSearchAssistant0 12SrchAsst.exe1 00 31iWon Search Assistant - spyware 01
311Search Hook0 12srchhook.exe1 00  2?? 01
113SrchfstUpdate0 12srchupdt.exe1 00 28SearchFast adware downloader 01
321SureCleanProfessional0 11SRClean.exe1 00 40SureClean PC and Internet tracks cleaner47http://www.panicware.com/product_sureclean.html0
111OEM32 Tools0 10sres32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
327Hitman Pro SurfRight Helper0 12srhelper.exe111HKEY_CU\Run0 20, . SurfRight Helper39http://www.absolutestartup.com/startup/1
3 8srmclean0 12srmclean.exe1 00  0 01
3 8Srmclean0 12srmclean.exe1 00262Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card" 01
114[unknown name]0 11SRMER32.EXE1 00121Added by the W32/Sdbot-IG worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotig.html0
1 4SRNG0  8srng.exe1 00 48Added by the Spyware.2020search search hijacker.62http://www.sarc.com/avcenter/venc/data/spyware.2020search.html0
1 4srow0  8srow.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311SRP Startup0 10srrpro.exe1 00300System Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium &quot;features.&quot; This is enabled if you tick the &quot;Remove unnecessary System Restore information on startup&quot; box. Available via Start -&gt; Settings -&gt; Control Panel35http://www.definition-software.com/0
111srshost.exe0 11srshost.exe1 00136Added by a variant of the  RBOT-ASW worm!  Note: This wormtrojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.56http://www.sophos.com/virusinfo/analyses/w32rbotasw.html0
1 8srspltca0 12srspltca.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
410SRS Applet0 11SrsTray.Exe1 00 63S3 Sonic Vibes sound card drivers - if disabled you loose sound 01
112systemtraysr0 16SRSystemTray.exe1 00182Max Secure Spyware Detector, bogus "Spyware remover" - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"15Spyware remover0
1 4Oesi0  8srts.exe1 00 52PurityScan delivers advertisements to your computer.63http://www.sarc.com/avcenter/venc/data/adware.purityscan.b.html0
1 7Classes0  7srv.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 7Classes0  8srv2.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 5Srv320  9Srv32.exe1 00 28Added by the OPASERV.J WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html0
1 6Srv3250 10Srv325.exe1 00 59Added by W32/Agobot-PR. Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotpr.html0
120Local runole service0 10srvc32.exe1 00151A TROJAN, Troj/Small-DP uses this file, after first downloading C:\t.exe, C:\n.exe or C:\m.exe.  It will also try to modify the Windows Explorer files.57http://www.sophos.com/virusinfo/analyses/trojsmalldp.html0
110srvexc.exe0 10srvexc.exe1 00 28Added by the SERVSAX TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.servsax.html0
112Pluto! Pager0 13srvhandle.exe1 00  072http://www.sarc.com/avcenter/venc/data/w32.redplut.html#technicaldetails0
114system handler0 13srvhandle.exe1 00258Added by the W32.Redplut worm.  This worm spreads through open shares and installs these other files: C:\Windows\System32\lcc.exe, C:\Windows\System32\gcc.exe,C:\Windows\services.exe, C:\Windows\msdef.exe, C:\Windows\notepad.exe, and C:\Windows\setup32i.exe.72http://www.sarc.com/avcenter/venc/data/w32.redplut.html#technicaldetails0
3 6srvprc0 10srvprc.exe1 00112Added by the Spyware.ActMon surveillance software.  Uninstall this software if it was not installed by yourself.58http://www.sarc.com/avcenter/venc/data/spyware.actmon.html0
124Microsoft Windows System0 11srwhost.exe1 00132Added by the W32/Rbot-AWU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawu.html0
2 7srxtray0 11srxTray.exe1 00 29Titan FTP Server - FTP server30http://www.southrivertech.com/0
114windows-server0 11srystem.bat1 00 44Added by the Troj/Feutel-CK backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelck.html0
324OnlinePCfix SmoothSurfer0  6SS.exe1 00 81Smooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file lists29http://www.smooth-surfer.com/0
313secretsmileys0  6ss.exe1 00300Secret_Smileys is an add-on for AIM® that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window.39http://www.secretsmileys.com/index.html0
310SurfSecret0 12ss2-full.exe1 00357House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache 01
0 9SsAAD.exe0  9SsAAD.exe1 00 60Sony SonicStage software related - "Atrac Hard Disk Monitor" 01
119WINDOWS SCREENSAVER0 10ssaver.scr1 00133Added by the W32/Sdbot-YZ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyz.html0
212SSBkgdUpdate0 16SSBkgdupdate.exe1 00 80ScanSoft OmniPage auto updater. Can be disabled using the main program's options 01
212SSBkgdUpdate0 33SSBkgdupdate.exe -Embedding -boot2 00 65SSBkgdUpdate Application 1, 0, 0, 0, Scansoft, Inc.. SSBkgdUpdate 01
319SSC Service Utility0 12ssc_serv.exe1 00 70SSC Service Utility is a printer utility for refilled Epson cartridges33http://www.ssclg.com/epsone.shtml0
1 5ushli0 12sscbltqu.exe1 00 80Obtained from an MP3 search list site. Also generates random processes on reboot 01
011SSCFBTN.EXE0 11SSCFBTN.EXE1 00 34Samsung Scanner or Printer related 01
122Media Software UPdater0  8sscs.exe1 00 12Added by the147W32/Rbot-ABE.0
1 9msregscan0 10SSDemo.exe1 00 24Added by the  Supremespy66http://www.symantec.com/avcenter/venc/data/spyware.supremespy.html0
0 6ssdiag0 10ssdiag.exe1 00 72Equinox "Configuration and DOS Diagnostic for DOS and Windows platforms"40http://www.equinox.com/Utilities147.html0
2 7SSDPSRV0 11ssdpsrv.exe1 00412Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play 01
1 8Realplus0 11sserver.exe1 00 34Added by the Troj/Paltus-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojpaltusa.html0
129DirectX for Microsoft Windows0 12Sservice.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
1 8StubPath0 12Sservice.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
420SkyBlaster Scheduler0 10SSFSch.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
3 5ssh320  9SSh32.exe1 00 832Spy keystroke logger/monitoring program - remove unless you installed it yourself!60http://www.symantec.com/avcenter/venc/data/spyware.2spy.html0
119Microsoft Command C0 10sshost.exe1 00 48Added by the W32/Rbot-CMK worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcmk.html0
0 3SSI0  6ssi /s211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
128Microsoft SSISVRI32 Protocol0 11ssisvri.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
319SuperSpamKiller Pro0  7Ssk.exe1 00 38SuperSpamKiller Pro email spam blocker30http://www.superspamkiller.de/0
112SurfSideKick0  7Ssk.exe1 00  063http://www.sarc.com/avcenter/venc/data/adware.surfsidekick.html0
114SurfSideKick 20  7Ssk.exe1 00  0 01
114SurfSideKick 20  7Ssk.exe1 00 19SurfSideKick adware55http://www.spynet.com/spyware/spyware-SurfSideKick.aspx0
114SurfSideKick 30  7Ssk.exe1 00 40Added by the Adware.SurfSideKick adware.63http://www.sarc.com/avcenter/venc/data/adware.surfsidekick.html0
113Microsoft SSL0  7ssl.exe1 00 31Added by the W32/Cuebot-D worm.56http://www.sophos.com/virusinfo/analyses/w32cuebotd.html0
129windows ssl secondary drivers0 11SSL32Dr.exe1 00 23Added by the  SDBOT.ASQ86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ASQ&VSect=T0
1 5ssldr0 11ssldr32.dll1 00116Added by the Troj/Agent-ZD Trojan.  This infection will also install and run the file c:\windows\system32\doser.exe.57http://www.sophos.com/virusinfo/analyses/trojagentzd.html0
220Smart Label RFViewer0 12SSLFVIEW.EXE1 00 94Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely 01
220Smart Label O Server0 12ssloserv.exe1 00 94Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely 01
1 9Svcphpwin0 12sslphp32.exe1 00 50Added by the W32/Agobot-ABR worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32agobotabr.html0
130prote&ccedil;&atilde;o de tela0 10ssmaze.scr1 00 32Added by the  BANCBAN-FB TROJAN!59http://www.sophos.com/virusinfo/analyses/trojbancbanfb.html0
1 6System0  8ssmc.dll1 00100Added by the Backdoor.Berbew.R Trojan.br /br /Uses CLSID: b{DD434173-550E-401D-9B0F-78A5481B2AA8}/b.95http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.r.html#technicaldetails0
312WinService320  9ssmgr.exe1 00171007 Spy Software - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"30http://www.e-spy-software.com/0
3 6ssmmgr0 10ssmmgr.exe1 00 55Samsung printer monitor - for checking ink levels, etc. 01
1 7ssmmrbx0 11ssmmrbx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112WinSecured320  8ssmr.exe1 00 38Added by a variant of the FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
113Scan Register0  8SSMS.EXE1 00144Added by the W32/Rbot-AT trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotat.html0
1 8ssms.exe0  8SSMS.EXE1 00 30Added by the  W32.GISMOR WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gismor@mm.html0
121windows file explorer0  8ssms.exe1 00 50Added by the W32/Tilebot-EN worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboten.html0
315SSMSAudioFilter0 21SSMSFilter.exe /setup211HKEY_LM\Run0 72, Sony Corporation. SonicStage Mastering Studio Audio Filter Application39http://www.absolutestartup.com/startup/1
123firefox service drivers0  9ssmss.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 3IE60  9ssmss.exe1 00 33Added by the W32.Gaobot.DXO worm.75http://www.sarc.com/avcenter/venc/data/w32.gaobot.dxo.html#technicaldetails0
1 8ssp2.exe0  8ssp2.exe1 00 48Added by the W32/Rbot-BBK worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbk.html0
115Wind0ws Sharing0 15ssprotecter.exe1 00150Added by the W32/Rbot-AHW worm. When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.56http://www.sophos.com/virusinfo/analyses/w32rbotahw.html0
1 4ssqw0  8ssqw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115ProtocolDiskChk0  9ssrms.exe1 00 43Added by the Troj/Bdoor-ML backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorml.html0
1 9win32usbd0  8ssrs.exe1 00 26Added by the RBOT-RA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotra.html0
110sssasasb320 14sssasasb32.exe1 00 86Adware trojan - recognized by  Kaspersky antivirus as Trojan-Downloader.Win32.Agent.ig50http://www.tkqlhce.com/ig104ft1zt0GINJPQOHGOJHHQHM0
120windows reg services0 13ssservice.exe1 00 34Added by the  TROJ/PRORAT-D TROJAN57http://www.sophos.com/virusinfo/analyses/trojproratd.html0
1 8usbhwdrv0  8sst4.exe1 00 49Added by a variant of the  TROJ/LOWZONE-I TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlowzonei.html0
1 9USBHWINFO0  8sst6.exe1 00 35Added by the Troj/LowZone-I trojan.58http://www.sophos.com/virusinfo/analyses/trojlowzonei.html0
1 8SStb.exe0  8SStb.exe1 00 45Adpowerzone.com "ServerSide" keyword hijacker 01
219nForce Tray Options0 10sstray.exe1 00108nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys 01
2 6sstray0 10sstray.exe1 00  0 01
219nForce Tray Options0 13sstray.exe /r2 00 89NVIDIA nForce(TM) 1.00.00.0362, NVIDIA Corporation. NVIDIA nForce(TM) Taskbar Application 01
117SafeSurfingUpdate0 12SSUpdate.exe1 00 33DyFuCa/MoneyTree parasite variant54http://www.doxdesk.com/parasite/InternetOptimizer.html0
1 8SSUpdate0 12SSUpdate.exe1 00 33DyFuCa/MoneyTree parasite variant54http://www.doxdesk.com/parasite/InternetOptimizer.html0
120&lt;Random CLSID&gt;0 12ssvchost.com1 00 79Added by the Troj/BluEye-D backdoor Trojan.br /br /Uses CLSID: bRandom CLSID/b.57http://www.sophos.com/virusinfo/analyses/trojblueyed.html0
1 8ssvchost0 12ssvchost.exe1 00 29Added by the HELIOS.B TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.helios.b.html0
1 7window20 12ssvchost.exe1 00 29Added by the IRCBOT.H TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.h.html0
116internet service0 11ssvhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111msofficecfg0  8ssvr.exe1 00 34Premium rate adult material dialer 01
1 5QTSvc0  8ssvr.exe1 00 34Premium rate adult content dialler 01
115[Various Names]0 12ssweeper.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 9X-Grabber0 12sswizard.exe1 00 81a target="_blank" href="http://www.lamantine.com/ssw/index.html"ScreenShot Wizard 01
112SSWPlauncher0 16SSWPlauncher</a>1 00 28CometCursor by Comet Systems48http://www.doxdesk.com/parasite/CometCursor.html0
314System Monitor0  8ssys.exe1 00319STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more".  This software should be uninstalled if it was not installed by yourself. 01
114Windows Config0  8SSYS.EXE1 00 28Added by the SPYBOT-DA WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotda.html0
3 4sspy0 10SSYTEM.EXE1 00 89SurfingSpy keystroke logger/monitoring program - remove unless you installed it yourself!66http://www.symantec.com/avcenter/venc/data/spyware.surfingspy.html0
1 9Sex Teris0  9st01b.exe1 00 24Added by the REPAD WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.repad.worm.html0
1 3st30  7st3.dll1 00 33Added by the Troj/Hasum-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojhasuma.html0
220Smart Type Assistant0  7sta.exe1 00100Smart Type Assistant - a complex typing automation tool, intended to make your work faster and safer36http://www.blazingtools.com/sta.html0
2 7Stacmon0 11Stacmon.exe1 00159Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects 01
316SigmaTel StacMon0 11stacmon.exe111HKEY_LM\Run0 49SigmaTel C-Major Audio 1, 0, 0, 3, SigmaTel Inc..39http://www.absolutestartup.com/startup/1
311StacSysTray0 15StacSysTray.exe111HKEY_LM\Run0 32StacSysTray 5.10.4228, Sigmatel.39http://www.absolutestartup.com/startup/1
117Windows Systemnmg0 10stagmr.exe1 00 56Added by the W32/Mytob-J mass-mailing WORM/IRC backdoor!55http://www.sophos.com/virusinfo/analyses/w32mytobj.html0
114standalone.exe0 14standalone.exe1 00134Added by the W32/Agobot-ADS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32agobotads.html0
3 8starskin0 12starskin.exe1 00121StarSkin allows you to change the view and appearance of your Windows XP box with the use of publically available themes.39http://www.rocketdivision.com/skin.html0
1 5lsass0  9start.bat1 00 26Added by the ZCREW TROJAN!55http://www.sophos.com/virusinfo/analyses/trojzcrew.html0
113print sharing0  9start.bat1 00  055http://www.sophos.com/virusinfo/analyses/trojzcrew.html0
1 8services0  9start.bat1 00 26Added by the ZCREW TROJAN!55http://www.sophos.com/virusinfo/analyses/trojzcrew.html0
2 5start0  9start.exe1 00  2?? 01
112Secret-Crush0  9start.exe1 00 99Hijacker that may reset your browser's home page and/or search settings to point to undesired sites 01
3 9STARTPAGE0 10start1.exe1 00140NoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder23http://www.nospy.org/1/0
3 8Startacc0 12startacc.exe1 00158Launches Webroot's Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection55http://www.webroot.com/wb/products/accelerate/index.php0
118Auth Starter Ident0 13startauth.exe1 00 31Added by the W32/Rbot-WP  WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwp.html0
312Start Up Cop0 12startcop.exe1 00 29StartUp Cop - startup manager50http://www.pcmag.com/article2/0,4149,897438,00.asp0
115[Various Names]0 12StartCpl.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
4 8StartEAK0 12StartEAK.exe1 00 68Easy Access Button Support for Compaq PCs. Required if you use these75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
240Creative PCI Audio Configuration Utility0 11starter.exe1 00192System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer58http://www.pacs-portal.co.uk/startup_pages/starter_exe.htm0
312EnsoniqMixer0 11starter.exe1 00325Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility126Our mixer i0
312EnsoniqMixer0 11starter.exe1 00 88starter 5.00.05, Creative Technology, Ltd.. This program launches the mixer application. 01
1 8precpop20 11starter.exe1 00 19PrecisionPop adware 01
312Start Killer0 15StartKiller.exe111HKEY_CU\Run0 69StartKiller Application 2, 3, 0, 0, TrueSoft. StartKiller Application39http://www.absolutestartup.com/startup/1
210startl.exe0 10startl.exe1 00 66Lingocom LingoWare - translates any application into your language33http://www.lingoware.com/english/0
213NB Start Menu0 10STARTM.EXE1 00106Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B 01
115[Various Names]0 12startman.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
225MessagerStarter Freeserve0 17StartMessager.exe1 00 19Freeserve Messenger31http://messenger.freeserve.com/0
314StartupMonitor0 15StartMonPrj.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 9startpage0 13startpage.exe1 00 49Browser hijacker - redirecting to pages2start.com 01
312StartSurfing0 10STARTS.exe1 00346Start Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a &quot;filter&quot; between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start - Programs27http://www.startsurfing.com0
3 9StartStop0 13STARTSTOP.EXE1 00 47StartStop from TFI Technology - startup manager51http://www.tfi-technology.com/startstop/default.htm0
111pnpsvc_lock0 12startsvs.exe1 00 16Browser hijacker 01
420Yahoo! Companion BHO0 11StartUp.exe111HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
213StartupFaster0 13StartupFaster125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
329System Mechanic Startup Guard0 16StartupGuard.exe111HKEY_CU\Run0 50System Mechanic ® 5.5.1.0, iolo technologies, LLC.39http://www.absolutestartup.com/startup/1
312Startup Guru0 18startupguru.exe /B211HKEY_CU\Run0 81Startup Guru 1.1.0.0, Lincoln Beach Software. Manages Startup areas in Windows OS39http://www.absolutestartup.com/startup/1
121windows setup manager0 14startupmgr.exe1 00 48Added by the W32/Rbot-BFX worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfx.html0
318Run StartupMonitor0 18StartupMonitor.exe1 00  0 01
318Run StartupMonitor0 18StartupMonitor.exe1 00170Mike Lin's  StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu40http://www.mlin.net/StartupMonitor.shtml0
323startup manager scanner0 18StartupMonitor.exe1 00125Startup-Mechanic Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumware.31http://www.startupmechanic.com/0
314StartupMonitor0 18StartupMonitor.exe1 00170Mike Lin's  StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu40http://www.mlin.net/StartupMonitor.shtml0
1 8startwin0 12startwin.exe1 00 33Added by the  W32.ANTIMAN.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.antiman.a@mm.html0
1 6starsk0  9stask.exe1 00 53Added by the Troj/Bancos-IJ password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosij.html0
2 8win name0  8stat.exe1 00  2?? 01
3 7StatBar0 11StatBar.exe1 00  0 01
3 7StatBar0 11STATBAR.exe1 00 80StatBar (system status bar) allows you to quickly get an overview of your system22http://www.statbar.nl/0
4 9*StateMgr0 12statemgr.exe1 00 54Windows ME default for System Restore. Do NOT disable! 01
212Bart Station0 12station.sbrt1 00 64Related to  PeoplePC ISP. May be a dialler for dial-up accounts? 7#FF00000
223Stat &#039;n&#039; Perf0 13StatnPerf.exe1 00102Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes38http://www.soft4ever.com/StatnPerf/En/0
213Stat 'n' Perf0 13StatnPerf.exe1 00102Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes38http://www.soft4ever.com/StatnPerf/En/0
110Statistics0 13statslist.exe1 00132Added by the W32/Opanki-S worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32opankis.html0
1 7DllName0 10status.dll1 00201Added by the Troj/Haxdoor-R rootkit.  This infection makes it so you can not see certain processes, files, or registry keys on your computer.  It is usually installed in conjunction with other malware.58http://www.sophos.com/virusinfo/analyses/trojhaxdoorr.html0
210Supastatus0 10status.exe1 00 20Supanet ISP software23http://www.supanet.com/0
115[Various Names]0 15StatusCheck.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
012StatusClient0 16StatusClient.exe1 00 47Part of Hewlett Packard network printer drivers 01
016StatusClient 2.60 16StatusClient.exe1 00 48Part of Hewlett Packard network printer drivers. 01
216StatusClient 2.60 22StatusClient.exe /auto211HKEY_LM\Run0 98Hewlett-Packard T-TR Status Client 00 .00 .15, Hewlett-Packard. Hewlett-Packard T-TR Status Client39http://www.absolutestartup.com/startup/1
215Stay Connected!0 11StayCon.exe1 00173More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start - Programs 01
0 9STBVision0 11STBVisn.exe1 00 42Related to the STB Velocity graphics card. 01
2 8STBWEBTV0 12STBWEBTV.EXE1 00 29Used to display TV on your PC 01
021fritz!dsl startcenter0 12StCenter.exe1 00136FRITZ! ISP software "StartCenter" User interface that allows you to manage,  tweak and diagnose many aspects of your internet connection 01
111stchost.exe0 11stchost.exe1 00 33Added by the Troj/Vixup-D trojan.56http://www.sophos.com/virusinfo/analyses/trojvixupd.html0
1 8STCLOA~10 12STCLOA~1.exe1 00  0 01
1 9stcloader0 12STCLOA~1.exe1 00 35Popup adware by 2ndThought software 01
1 8STCLOA~10 13stcloader.exe1 00 35Popup adware by 2ndThought software 01
1 9stcloader0 13stcloader.exe1 00 35Popup adware by 2ndThought software 01
0 5STCPE0  9STCPE.exe1 00 46Used to allow access to UCLA computer systems. 01
4 5STCPO0  9STCPO.exe1 00 31Sophos Sweep antivirus software 01
4 3Ssd0  7Std.exe1 00 52Stealthdisk - file and folder hiding/locking utility27http://www.stealthdisk.com/0
4 5STDSB0  9STDSB.exe1 00 91Scrollbar driver for notebooks. If taken out of the Startup, it will not provide scrolling. 01
3 9sysconfig0 18Stealth KeySpy.exe2 00 87Added by StealthKeySpy Commercial Keylogger ** Note Product must be manually installed. 01
116stealth.dcom.exe0 16stealth.dcom.exe1 00 47Added by the W32.Theals.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.theals.a@mm.html#technicaldetails0
116stealth.ddos.exe0 16stealth.ddos.exe1 00 47Added by the W32.Theals.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.theals.a@mm.html#technicaldetails0
3 6CCWC7s0 11stealth.exe1 00 51Moleculesoft Cache, Cookie & Windows Cleaner Ver. 739http://www.moleculesoft.se/index2b.html0
111stealth.exe0 11stealth.exe1 00 47Added by the W32.Theals.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.theals.a@mm.html#technicaldetails0
120stealth.injector.exe0 20stealth.injector.exe1 00 47Added by the W32.Theals.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.theals.a@mm.html#technicaldetails0
116stealth.stat.exe0 16stealth.stat.exe1 00 47Added by the W32.Theals.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.theals.a@mm.html#technicaldetails0
114stealth.wm.exe0 14stealth.wm.exe1 00 47Added by the W32.Theals.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.theals.a@mm.html#technicaldetails0
110[not used]0 16stealth.worm.exe1 00 39Added by the PE_THEALS.A file infector.87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE%5FTHEALS%2EA&VSect=T0
322Stealth Anonymizer 2.50 13stealth25.exe1 00104Now named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacy50http://www.photono-software.de/Stealther/main.php30
2 5Steam0  9steam.exe1 00395Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game28http://www.steampowered.com/0
1 5steam0  9steam.exe1 00133Added by the  W32/Rbot-AJT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotajt.html0
112Winlogin.exe0  9steam.exe1 00 42Added by a variant of the AGENT.AH TROJAN! 01
2 5Steam0 17steam.exe -silent2 00 39Steam 1.0.0.0, Valve Corporation. Steam 01
1 8stefanie0 12SteFanie.vbs1 00 24Added by the  VBS.Stefan71http://securityresponse.symantec.com/avcenter/venc/data/vbs.stefan.html0
1 7systray0 12SteFanie.vbs1 00  071http://securityresponse.symantec.com/avcenter/venc/data/vbs.stefan.html0
110systemidle0 12stemIdle.exe1 00 43Added as a result of the  WOOTBOT.AO VIRUS!90http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.AO0
110[not used]0  8STFU.exe1 00 46Added by the W32/Rirc-E worm and IRC backdoor.54http://www.sophos.com/virusinfo/analyses/w32rirce.html0
1 6stgayy0 10stgayy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313WIAWizardMenu0 30sti_ci.dll,WiaCreateWizardMenu115HKEY_LM\RunOnce0106System operacyjny Microsoft® Windows® 5.1.2600.0, Microsoft Corporation. Uruchamia plik DLL jako aplikację39http://www.absolutestartup.com/startup/1
2 8Stickies0 12STICKIES.EXE1 00163Stickies - utility that allows you to put yellow &quot;Post-It&quot; type messages on your desktop and can be used to set reminders. Available via Start - Programs38http://www.btinternet.com/~tom.revell/0
2 8Stickies0 12stickies.exe1 00 30Stickies 5.2a, . Stickies 5.2a 01
138{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}0 12stickrep.dll1 00164A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}/b.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
210StickyNote0 14StickyNote.exe1 00109Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start - Programs 01
212Sticky Notes0 12stikynot.exe1 00 50Microsoft Sticky Notes - virtual sticky notes tool 01
317StillImageMonitor0 10Stimon.exe1 00418Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners 01
1 6stisrv0 10stisrv.exe1 00 28Added by the  RBOT.BQF WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BQF&VSect=P0
113PDA Commander0 12stisvc32.exe1 00133Added by the W32/Agobot-TX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobottx.html0
126Internet Connection Wizard0 11stisvsq.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
110[not used]0  9stivc.exe1 00 34Added by the Troj/Agent-FN Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfn.html0
138{12EE7A5E-0674-42f9-A76B-000000004D00}0  9stlb2.dll1 00 28BrowserAid/Startium parasite61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
316Track4WinMonitor0 13STMonitor.exe1 00127Added by the Spyware.Track4Win surveillance program.  If you did not install this program, you should uninstall it immediately.61http://www.sarc.com/avcenter/venc/data/spyware.track4win.html0
224EPSON Background Monitor0  8STMS.EXE1 00115Supposed to keep an Epson printer ready for quick printing.  Users report little difference whether it is on or not 01
112Windows Help0  9Stney.exe1 00 49Added by the W32/Agobot-VI worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotvi.html0
1 5stone0  9stone.exe1 00271http://www.sophos.com/virusinfo/analyses/w32agobotpx.html"W32/Agobot-PX WORM!  File is found in the Windows system folder.W32/Agobot-PX is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command. 01
110adsblocker0 11stopAds.exe1 00 37Reported as Win32/Dialer.DW by  NOD3234http://www.nod32.com/home/home.htm0
2 7webscan0 14stopsignav.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
2 7webscan0 17stopsignav.exe -k211HKEY_LM\Run0 85Stop-Sign Threat Scanner 0,0,1,3925, eAcceleration Corp. Stop-Sign Threat Scanner GUI39http://www.absolutestartup.com/startup/1
214StopSignStatus0 33stopsinfo.dll&quot;, VerifyStatus2 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
214StopSignStatus0 27stopsinfo.dll, VerifyStatus2 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
319Sureshotpopupkiller0 14Stopthepop.exe1 00 29Stop-the-Pop-Up popup blocker41http://www.bysoft.se/sureshot/stopthepop/0
3 9STOPzilla0 13Stopzilla.exe1 00 26StopZilla! - pop-up killer147http://www.st0
3 9STOPzilla0 22Stopzilla.exe /autorun2 00 99STOPzilla! Application 3, 2, 5, 2, International Software Systems Solutions. STOPzilla! Application 01
3 9STOPzilla0 24STOPzilla.exe /autostart211HKEY_LM\Run0 99STOPzilla! Application 4, 0, 0, 0, International Software Systems Solutions. STOPzilla! Application39http://www.absolutestartup.com/startup/1
0 7spstore0 11storesp.exe1 00167Softprobe - program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup25http://www.softprobe.com/0
119internet suspention0  9story.exe1 00 30Added by the  WOOTBOT.HV WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.HV&VSect=T0
0 6STPMGR0 10STPMGR.EXE1 00152Part of SafeTP which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -&gt; Programs 7#FF00000
312strgsync.exe0 12StrgSync.exe1 00101SimpleTech Inc's  StorageSync backup software - backs up an entire PC, or selected files and folders. 01
1 7Strng320 12strngbox.exe1 00 25Added by the STRANO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.strano.html0
3 8strokeit0 12strokeit.exe1 00 81StrokeIt is an "advanced mouse gesture recognition engine and command processor".30http://www.tcbmi.com/strokeit/0
013StartupFaster0 14StrpFstCfg.exe1 00 19Startup Faster 200424http://www.pcfaster.com/0
1 5strto0  9strto.exe1 00  8Added by119Troj/Killa0
317All Aboard Status0 10stswin.exe1 00134a target="_blank" href="http://yippee.i4free.co.nz/html/win/internet/title6724.htm"All Aboard! Internet Connection Sharing status icon 01
018sigmatelsystrayapp0 12stsystra.exe1 00 20Related to  Sigmatel24http://www.sigmatel.com/0
1 4Taba0  8stte.exe1 00 19Clickspring spyware 01
216WebOutfitterTray0 10sttray.exe1 00 43Intel WebOutfitter service System Tray icon60http://www.intel.com/pressroom/archive/releases/cn032699.htm0
110media_stub0  8stub.exe1 00227a target="_blank" href="http://www.mini-player.com/"Mini-Player,&nbsp; IMESH related foistware, see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=2633;start=0#msg20371"here 01
1 8Stubbish0 12Stubbish.exe1 00 45Added by the W32/Stubbot-A WORM/IRC backdoor!57http://www.sophos.com/virusinfo/analyses/w32stubbota.html0
120180clientstubinstall0 21stubinstaller4528.exe1 00 34180Solutions/N-Case adware related42http://www.doxdesk.com/parasite/nCase.html0
121Sygate Personal Block0 10Studio.exe1 00 31Added by the  W32/RBOT-TW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbottw.html0
115[Various Names]0 12stuffmon.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
113PCHEasySearch0 12STUpdate.exe1 00 18PCH EasySearch bar 01
410CPQSTUTFIX0 11stutfix.exe1 00193For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton17files/StutFix.exe0
3 7StyleXP0 11StyleXP.exe1 00151StyleXP allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it35http://www.tgtsoft.com/product.html0
3 7STYLEXP0 17StyleXP.exe -Hide2 00 58StyleXP Application 0, 20, 0, 0, . StyleXP MFC Application 01
414StyleXPService0 18StyleXPService.exe1 00142How sleek is your desktop? Style XP unleashes the full potential of your Windows XP desktop by allowing you to download and install XP themes.35http://www.tgtsoft.com/prod_sxp.php0
314SuNotification0 12suatshut.exe1 00183ShadowSurfer - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode™ system state no matter what changes have occurred to your PC."48http://www.shadowstor.com/products/ShadowSurfer/0
1 5subah0  9SubAH.exe1 00 35Added by the SubAH backdoor TROJAN! 01
135Automatic Microsoft Windows Updater0 11suchost.exe1 00 26Added by the RBOT-EQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rboteq.html0
112COM++ System0 11suchost.exe1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
121Configuration Service0 11suchost.exe1 00 25Added by the TREB TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.treb.html0
1 8MSChoExE0  8suge.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
316Suitcase Startup0 12Suitcase.exe1 00 98Suitcase. System font manager start up utility. Used for dynamic managment of fonts on your system55http://www.extensis.com/en/products/font_management.jsp0
1 5Suite0 16SuiteOffices.exe1 00 37Added by the LAZAR trojan downloader.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html0
1 5Suite0 25SuiteOffices.exe /cleandb2 00 43ml" target="_blank"LAZAR trojan downloader. 01
316Lotus SuiteStart0 11SUITEST.EXE1 00 95Lotus SuiteStart Release 9.5 99.5, Lotus Development Corporation.. Lotus SuiteStart Release 9.5 01
316Lotus SuiteStart0 11suitest.exe1 00217Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG - Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start - Programs 01
111SULFNBJ.EXE0 11SULFNBJ.EXE1 00 34Added by the PE_MAGISTR.DAM VIRUS!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.DAM0
115Microsoft Sum320  9sum32.exe1 00 43Added by the W32/Rbot-YW WORM/IRC backdoor!55http://www.sophos.com/virusinfo/analyses/w32rbotyw.html0
311sunasDTServ0 15sunasDTServ.exe1 00 68CounterSpy 1.00.0121, Sunbelt Software Inc.. CounterSpy Data Service 01
311sunasdtserv0 15sunasDTServ.exe1 00 58SunBelt  CounterSpy spyware detection and removal software46http://www.sunbelt-software.com/CounterSpy.cfm0
3 9sunasServ0 13sunasServ.exe1 00 75CounterSpy 1.00.0054, Sunbelt Software Inc.. CounterSpy AntiSpyware Service 01
3 9sunasserv0 13sunasServ.exe1 00 58SunBelt  CounterSpy spyware detection and removal software46http://www.sunbelt-software.com/CounterSpy.cfm0
319sunprotectionserver0 23SunProtectionServer.exe1 00 31CounterSpy antispyware software46http://www.sunbelt-software.com/CounterSpy.cfm0
3 9sunserver0 13SunServer.exe1 00 31CounterSpy antispyware software46http://www.sunbelt-software.com/CounterSpy.cfm0
112Winspector_s0  8sup2.lnk1 00 44Added by the TROJ_MULDROP.GP dropper Trojan.91http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMULDROP%2EGP&VSect=T0
3 8SupaDial0 12SupaDial.exe1 00 32SupaNet.com modem driver related 01
315supelek bogiego0 13supb.exe -spr211HKEY_CU\Run0 46supełek bogiego 0.0.0.0, bogi. supełek bogiego39http://www.absolutestartup.com/startup/1
1 5super0  9super.exe1 00145Added by the W32/Agobot-QT WORM/IRC backdoor, which changes the HOSTS file and allows an attacker access - making possible several other actions.57http://www.sophos.com/virusinfo/analyses/w32agobotqt.html0
312Supercleaner0 16Supercleaner.exe1 00 56Supercleaner - all in one disk cleaner for your computer96http://www.softandco.com/redir.html?u=http://www.SouthBayPC.com/SuperCleaner&amp;pn=SuperCleaner0
113superheisssex0 17SuperHeissSex.exe1 00 57Added by the  HeissSex premium rate adult content dialer!76http://securityresponse.symantec.com/avcenter/venc/data/dialer.heisssex.html0
113SuperHeissSex0 17SuperHiessSex.exe1 00 50Added by the Dialer.HeissSex premium adult dialer.76http://securityresponse.symantec.com/avcenter/venc/data/dialer.heisssex.html0
314Supervisor.exe0 14Supervisor.exe1 00162Has been reported to be associated with various antitrojan software like ATS and PC Doorguard. If so it's required in Startup - any further information is welcome24http://www.atshield.com/0
1 9loads.exe0 12suploads.exe1 00 31Popuppers.com adware downloader 01
2 9DwlClient0 11Support.exe1 00 38Dell Support 1, 0, 0, 1, Dell. Support 01
2 9DwlClient0 11support.exe1 00 40Download manager for Dell support alerts 01
110supporter50 14supporter5.exe1 00216Part of eScorcher anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead25http://www.escorcher.com/0
138{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}0 10suprox.dll1 00210A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar and install SpywareQuake without your consent.br /br /Uses CLSID: b{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}/b.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
313SurfAnonymous0 20SurfAnonymous.exe -1211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7ENCSurf0 13surfboard.exe1 00  2?? 01
218HP Internet Center0 11SURFBRD.EXE1 00191Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel -- Keyboards to change them 01
113Surfer lptt010 10surfer.exe1 00177Variant of the  RapidBlaster parasite (in a "mssurfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113Surfer ml097e0 10surfer.exe1 00177Variant of the  RapidBlaster parasite (in a "mssurfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here49http://www.doxdesk.com/parasite/RapidBlaster.html0
310surfhelper0 12SurfHelp.exe1 00118Related to  SurfHelperA A free tool to remove popup windows, clear history, control window properties of IE, and more.47http://www.codeproject.com/shell/surfhelper.asp0
310SurfStream0 14SurfStream.exe1 00328Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings" 01
1 8ieaccess0 10surfya.exe1 00 50IEAccess premium rate adult content dialer variant57http://www.extremetech.com/article2/0,1697,1125674,00.asp0
0 8Surveysa0 12surveysa.exe1 00 56Found in the SonyVaiosurvey directory on a Sony Vaio PC. 01
310VAIOSurvey0 12surveysa.exe111HKEY_LM\Run0 33NewSurvey 1.00, Sony Electronics.39http://www.absolutestartup.com/startup/1
1 7susaflg0 11susaflg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Susp0  8Susp.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
125microsoft windows updater0 11suvhost.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8sv_chost0 12sv_chost.dll1 00115Added by the Troj/Wanda-B keylogging Trojan.  This Trojan also contains rootkit technology in order to hide itself.56http://www.sophos.com/virusinfo/analyses/trojwandab.html0
1 7SV00LSV0 11SV00LSV.EXE1 00 45Added by the Troj/GrayBird-C backdoor trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdc.html0
122Tok-Cirrhatus-1959sarc0 16sv711224030r.exe1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
118Microsoft Explorer0 12svapache.exe1 00231Added by the W32/Rbot-VR worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.  These infections also log keystrokes, so if you are infected you should change all your passwords.55http://www.sophos.com/virusinfo/analyses/w32rbotvr.html0
110SVA Player0 13SVAplayer.exe1 00106QuickFlicks Streaming Player - regarded as spyware. See here for details of how to disable or uninstall it37http://www.quickflicks.com/index.html0
1 7erthgdr0  7svc.exe1 00 35Added by the W32.Beagle.BW@mm worm.77http://www.sarc.com/avcenter/venc/data/w32.beagle.bw@mm.html#technicaldetails0
1 3Svc0  7svc.exe1 00113Hijacker,  Clientman parasite variant, redirecting to madfinder.com. Detected by Symantec as the  MADFIND TROJAN!46http://www.doxdesk.com/parasite/ClientMan.html0
122Microsoft Network Host0 12svc0host.exe1 00133Added by the W32/Sdbot-AEN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaen.html0
1 8erthgdr20  9svc23.exe1 00 48Added by the W32.Beagle.CE@mm mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.beagle.ce@mm.html#technicaldetails0
111SVC Service0  9svc32.pif1 00145Added by the W32/Rbot-ASC worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotasc.html0
122Services Administrator0 12svcadmin.exe1 00 36Added by the Troj/Dloader-NY trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderny.html0
324Windows Desktop Security0 11svcagnt.exe1 00118Added by the Spyware.DesktopScout surveillance software.  Uninstall this software if it was not installed by yourself.81http://securityresponse.symantec.com/avcenter/venc/data/spyware.desktopscout.html0
130Computing Technologie Firewall0 11svcauth.exe1 00146Added as a WORM with backdoor functionality, W32/Sdbot-VO  copies itself to the Windows system folder as svcauth.exe and creates registry entries.56http://www.sophos.com/virusinfo/analyses/w32sdbotvo.html0
122svshost update service0 11svcbind.exe1 00 28Added by the  MYTOB.LH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LH&VSect=P0
112ControlPanel0  8svcc.exe1 00 49Added by the Adware.WorldSearch browser hijacker.62http://www.sarc.com/avcenter/venc/data/adware.worldsearch.html0
1 8svclhost0 12svcchost.exe1 00 40Added by an unidentified WORM or TROJAN! 01
113Start Uppings0 13svcchosts.exe1 00 27Added by the SDBOT.VY WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VY0
111svcdata.exe0 11svcdata.exe1 00134Added by the W32.Spybot.ZIF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.75http://www.sarc.com/avcenter/venc/data/w32.spybot.zif.html#technicaldetails0
121Windows Registry Scan0 10svcdll.exe1 00 12Added by the37W32/Rbot-TP WORM/IRC backdoor trojan!0
1 5Svced0  9Svced.exe1 00 27Added by the DELF.F TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.f.html0
1 6System0 17svch&icirc;st.exe1 00 54Added by the Troj/LdPinch-BF password-stealing trojan.59http://www.sophos.com/virusinfo/analyses/trojldpinchbf.html0
3 6reg2.00 11SVCH0ST.EXE1 00112Added by the Spyware.eSpyNow surveillance software. Uninstall this software if it was not installed by yourself.59http://www.sarc.com/avcenter/venc/data/spyware.espynow.html0
1 8BoolTern0 11svch0st.exe1 00 49Added by the W32/Tilebot-U worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32tilebotu.html0
1 6fegoze0 11SVCH0ST.EXE1 00 31Added by the GRAYBIRD.D TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.d.html0
110LogService0 11SVCH0ST.EXE1 00 35Added by the Troj/Paproxy-B Trojan.58http://www.sophos.com/virusinfo/analyses/trojpaproxyb.html0
127Media Serial Number Service0 11SVCH0ST.EXE1 00168Added by the Troj/GrayBrd-BC backdoor Trojan. This infection should not be confused with the legitimate c:\windows\system32\svchost.exe that has a similar looking name.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbc.html0
1 8S0undMan0 11svch0st.exe1 00 29Added by the LOVGATE.AB WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.ab@mm.html0
1 7SVCH0ST0 11SVCH0ST.EXE1 00 32Added by the Troj/Lors-A trojan.55http://www.sophos.com/virusinfo/analyses/trojlorsa.html0
1 7svchost0 11Svch0st.exe1 00 31Added by the GRAYBIRD.B TROJAN!67http://www.symantec.com/avcenter/venc/data/backdoor.graybird.b.html0
1 7Systems0 11svch0st.exe1 00 33Added by the  W32.MYDOOM.BI WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.bi@mm.html0
123Windows Services Update0 11svch0st.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7winsock0 11svch0st.exe1 00 25Added by the SAGE-A WORM!54http://www.sophos.com/virusinfo/analyses/w32sagea.html0
112SVCH Service0 10svch32.pif1 00132Added by the W32/Rbot-ASZ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasz.html0
1 7svchast0 11svchast.exe1 00 82Added by the Troj/Lineage-AV password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageav.html0
130Remote Procedure Call (RPC) Lo0 11svchcst.exe1 00 44Added by the Troj/GrayBrd-K backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojgraybrdk.html0
123Windows NT Service Name0 11svchcst.exe1 00248Added by the W32/Rbot-NV trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotnv.html0
121system service helper0 13svchelper.exe1 00 32Added by the  W32/MONKBD-A WORM!56http://www.sophos.com/virusinfo/analyses/w32monkbda.html0
121windows service pack20 12svchhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115winsock32driver0 12svchhost.exe1 00 37Added by the  BKDR_HACKARMY.I TROJAN!92http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_HACKARMY.I0
118Coordinator System0 11svchoct.exe1 00134Added by the Troj/Sdbot-LI worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/trojsdbotli.html0
114System Updated0 11svchoes.exe1 00145Added by the W32/Rbot-ASF worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotasf.html0
115Winsock2 driver0 13svchorsst.exe1 00224Added by the W32/Spybot-EE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This infection also creates the file c:\windows\system32\kazaabackupfilesdownload_me.exe.57http://www.sophos.com/virusinfo/analyses/w32spybotee.html0
124Microsoft Windows Update0 10svchos.exe1 00 27Added by the SDBOT.AC WORM!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ac.html0
1 6svchos0 10svchos.exe1 00 33Added by the Troj/Singu-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojsinguc.html0
121Configuration Loading0 11svchos1.exe1 00 28Added by the GAOBOT.DK WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dk.html0
116MS Config Loader0 11svchos1.exe1 00 27Added by the AGOBOT.R WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.R0
118Micrcoft Exploerer0 11svchose.exe1 00132Added by the W32/Rbot-ASL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasl.html0
115start it upping0 13svchosets.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114Start It Uping0 15svchosets31.exe1 00 25Added by a SDBot variant.43http://vil.nai.com/vil/content/v_100454.htm0
113Config Loader0 11svchosl.exe1 00 27Added by the GAOBOT.P WORM!65http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.p.html0
1 7Svchost0 11svchosl.pif1 00 38Added by the INZAE.A or INZAE.B WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.a@mm.html0
1 9winreg_320 12svchosst.exe1 00 36added by the  Troj/Bancos-CE TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosce.html0
112_svchost.con0 11svchost.com1 00 26Added by the ERKEZ.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.c@mm.html0
113Services host0 11svchost.com1 00231Added by the W32/Rbot-EU trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection also attempts to terminate various processes including other infections.55http://www.sophos.com/virusinfo/analyses/w32rboteu.html0
1 7svchost0 11svchost.com1 00 36Added by the Troj/Banloa-ABL Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloaabl.html0
351MS Software Generic Host Process for Win32 Services0 11svchost.exe1 00222Added by the Spyware.AdvancedKey surveillance software. This software should be uninstalled if it was not installed by yourself. bNote:/b This is not the legitimate svchost.exe file found in the Windows system32 directory.80http://securityresponse.symantec.com/avcenter/venc/data/spyware.advancedkey.html0
3 5sds200 11svchost.exe1 00138Added by the Spyware.InlookExpress surveillance software.  If you did not install this software, then you should uninstall it immediately.65http://www.sarc.com/avcenter/venc/data/spyware.inlookexpress.html0
3 8Srv32Win0 11Svchost.exe1 00179Realtime-Spy keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove28http://www.realtime-spy.com/0
3 9winapplog0 11svchost.exe1 00364StingKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! - NOTE - this file is placed in a C:\Program Files\StingWare folder,  and should NOT be confused with the legitimate Windows  svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!70http://www.symantec.com/avcenter/venc/data/spyware.stingkeylogger.html0
327Windows LAN Service Manager0 11svchost.exe1 00119Added by the Spyware.ComSurveilSys surveillance software. bIf this was not installed by you, you should uninstall it./b65http://www.sarc.com/avcenter/venc/data/spyware.comsurveilsys.html0
138(357AA41A-B7A8-4632-A27D-5B980B25CF43)0 11svchost.exe1 00 34Added by the Troj/Small-AQ trojan!57http://www.sophos.com/virusinfo/analyses/trojsmallaq.html0
1 7.mscsbl0 11SVCHOST.EXE1 00147Added by the Troj/Borobot-A  infection! It is found in either the Windows system folder or the Application Data\Microsoft\Internet Explorer folder.58http://www.sophos.com/virusinfo/analyses/trojborobota.html0
110[not used]0 11svchost.exe1 00256A WORM/backdoor, W32/Kipis-J, opens notepad.exe and copies itself to the Windows folder as regedit.com and installs to it's newly created folder. A variety of anti-virus and security related processes may be terminated and backdoor opened on port TCP/9413.55http://www.sophos.com/virusinfo/analyses/w32kipisj.html0
115[Various Names]0 11Svchost.exe1 00 32Added by the W32.Welchia.K worm.91http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.k.html#technicaldetails0
111Auto Update0 11svchost.exe1 00 35Added by the Troj/DumarDl-A trojan.58http://www.sophos.com/virusinfo/analyses/trojdumardla.html0
112Auto Updates0 11svchost.exe1 00 34Added by the Troj/Cheuko-A trojan.57http://www.sophos.com/virusinfo/analyses/trojcheukoa.html0
111CashToolbar0 11svchost.exe1 00132CashToolbar Downloader-MY adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_126801.htm0
112COM++ System0 11svchost.exe1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
115Compaq Networks0 11svchost.exe1 00126Added by the Backdoor.XTS.B backdoor. bNote:/b This is not the legitimate svchost.exe found in the Windows system32 directory.92http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xts.b.html#technicaldetails0
110DNS Server0 11svchost.exe1 00 43Added by the Troj/Feutel-Y backdoor Trojab.57http://www.sophos.com/virusinfo/analyses/trojfeutely.html0
111DriverCheck0 11svchost.exe1 00 33Added by the Troj/Delf-KR trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfkr.html0
110DriverLoad0 11svchost.exe1 00 33Added by the Troj/Delf-KR trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfkr.html0
1 8EService0 11svchost.exe1 00127Added by the W32.Mular.A Emule worm. This file should not be confused with the legitimate C:\Windows\System32\svchost.exe file.72http://www.sarc.com/avcenter/venc/data/w32.mular.a.html#technicaldetails0
127FastUserSwitchingCompatibil0 11svchost.exe1 00148Added by the Troj/Keylog-AT keylogging Trojan.  This should not be confused with the legitimate svchost.exe file found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojkeylogat.html0
1 6France0 11svchost.exe1 00127Added by the MIMAIL.L WORM!. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.l@mm.html0
113F-Secure 20050 11svchost.exe1 00 36Added by the Troj/Bifrose-CH Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifrosech.html0
120Generic Host Process0 11svchost.exe1 00 47Added by the Troj/Dloader-NX trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloadernx.html0
124GNP Generic Host Process0 11svchost.exe1 00 48Added by the Troj/Zapchas-F TROJAN/IRC backdoor!58http://www.sophos.com/virusinfo/analyses/trojzapchasf.html0
1 4hoge0 11svchost.exe1 00 31Added by the Uploader-X trojan.72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1333840
111KAVPersonal0 11svchost.exe1 00 81Added by the Troj/Lineage-V password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagev.html0
1 4load0 11svchost.exe1 00 36Added by the  Troj/Lineage-K Trojan.58http://www.sophos.com/virusinfo/analyses/trojlineagek.html0
1 9microsoft0 11svchost.exe1 00134Added by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
130Microsoft Service Host Process0 11svchost.exe1 00149Added by the W32/Krynos-B WORM! It will send itself to email addresses it has identified on the infected computer.  Found in the Windows Help folder.56http://www.sophos.com/virusinfo/analyses/w32krynosb.html0
121Mircosoft DNS Service0 11svchost.exe1 00134Added by the Troj/IRCBot-AK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/trojircbotak.html0
118Monitoring Service0 11svchost.exe1 00124Added by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.c@mm.html0
1 5MSSVC0 11SVCHOST.EXE1 00 43Added by the Troj/Sandor-C backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojsandorc.html0
1 6MStask0 11svchost.exe1 00 54Added by the Troj/LdPinch-BV password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojldpinchbv.html0
1 8NetStart0 11svchost.exe1 00147Added by the W32/Mkar-A backdoor virus. This infection should not be confused with the legitimate svchost.exe found in the Windows %System% folder.54http://www.sophos.com/virusinfo/analyses/w32mkara.html0
116Network DDE DSMA0 11svchost.exe1 00 49Added by the W32/Sdbot-BDV worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotbdv.html0
123Network Drivers Service0 11svchost.exe1 00248Added by the Troj/Xbot-F backdoor Trojan. This infection also creates the files C:\Windows\dlcomcnf.exe and C:\Windows\svchost.ini.  This file, svchost.exe, should not be confused with the legitimate Windows file in the C:\\Windows\System32 folder.55http://www.sophos.com/virusinfo/analyses/trojxbotf.html0
115Network Service0 11svchost.exe1 00130CoolWebSearch parasite related. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111NortonVPlus0 11svchost.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
1 9NvClipRsv0 11svchost.exe1 00127Added by the DUMARU-AK WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!57http://www.sophos.com/virusinfo/analyses/w32dumaruak.html0
114Online Service0 11svchost.exe1 00156Added by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!82http://securityresponse.symantec.com/avcenter/venc/data/w32.hostidel.trojan.b.html0
1 8P0w3rF1Y0 11svchost.exe1 00 43Added by the Troj/Bdoor-MM backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormm.html0
119Perfomance Settings0 11svchost.exe1 00 44Added by the Troj/Tofger-AP backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtofgerap.html0
1 9Photoshop0 11svchost.exe1 00135Added by the Troj/Cdopen-E Trojan.  bNote:/b This should not be confused with the legitimate svchost.exe in your Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojcdopene.html0
112PowerManager0 11Svchost.exe1 00124Added by the JEEFO VIRUS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!50http://vil.mcafee.com/dispVirus.asp?virus_k=1002770
117Remote Connection0 11svchost.exe1 00156Added by the Troj/Singu-AF Trojan.  This infection should not be confused with the legitimate file of the same name found in the C:\Windows\System32 folder.57http://www.sophos.com/virusinfo/analyses/trojsinguaf.html0
1 8reseurce0 11svchost.exe1 00183Added by the Troj/Lineage-AI password-stealing Trojan for the online game Lineage. This infection should be confused with the legitimate file found at C:\Windows\System32\svchost.exe.59http://www.sophos.com/virusinfo/analyses/trojlineageai.html0
1 6Runner0 11svchost.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
1 5sds200 11svchost.exe1 00138Added by the Spyware.InlookExpress surveillance software.  If you did not install this software, then you should uninstall it immediately.65http://www.sarc.com/avcenter/venc/data/spyware.inlookexpress.html0
112Service Host0 11svchost.exe1 00124Added by the TORVEL WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel@mm.html0
112Service Host0 11SVCHOST.EXE1 00151Added by the Troj/Daoser-A trojan downloader.  This should not be confused with the valid svchost.exe that is found in the \Windows\system32 directory.57http://www.sophos.com/virusinfo/analyses/trojdaosera.html0
119Service Host Driver0 11svchost.exe1 00125Added by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/w32.hiton@mm.html0
115Service Process0 11SVCHOST.EXE1 00124Added by the DARKER WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.darker.worm.html0
116Setup experation0 11svchost.exe1 00123Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process, which NOT appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojtofgeraw.html0
1 5Shell0 11svchost.exe1 00 35Added by the Troj/Goldspy-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojgoldspyb.html0
124snp generic host process0 11svchost.exe1 00 28Added by the  Troj/Zapchas-O58http://www.sophos.com/virusinfo/analyses/trojzapchaso.html0
1 3SSL0 11svchost.exe1 00146Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!71http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/0
110SVC Module0 11svchost.exe1 00155Added by the W32/Sdbot-ADG worm. This file should not be confused with the legitimate Windows file of the same name located in the Windows %System% folder.57http://www.sophos.com/virusinfo/analyses/w32sdbotadg.html0
1 7svchost0 11svchost.exe1 00  0 01
1 7Svchost0 11svchost.exe1 00  8Added by95Troj/AdClick-AM, a TROJAN that copies itself to the C:\Program Files\Internet Explorer" folder.0
1 7svchost0 11svchost.exe1 00139Added by the MORB  WORM or TARNO TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!64http://www.symantec.com/avcenter/venc/data/w32.hllw.morb@mm.html0
1 7Svchost0 11svchost.exe1 00 77Added by the MOXE-A WORM! This is not the valid svchost.exe as described here54http://www.sophos.com/virusinfo/analyses/w32mozea.html0
1 7SVCHOST0 11svchost.exe1 00170System1060 homepage hi-jacker. Found in a Windows\System1060 directory. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!71http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/0
127SVCHOST Generic application0 11svchost.exe1 00 66Added by the  Trojan!  File is found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojdaemoniw.html0
123svchost Netware Manager0 11svchost.exe1 00157Added by the W32.Exvid.A@mm keylogging virus.  This infection should not be confused with the legitimate svchost.exe residing in the Windows %System% folder.75http://www.sarc.com/avcenter/venc/data/w32.exvid.a@mm.html#technicaldetails0
111svchost.exe0 11svchost.exe1 00123Added by the Troj/PWSjx-A password stealing trojan.  This infections attempts to steal your password for the game MuYangJX.56http://www.sophos.com/virusinfo/analyses/trojpwsjxa.html0
1 6SVHOST0 11SVCHOST.EXE1 00 30Added by the W32/Zori-A VIRUS!54http://www.sophos.com/virusinfo/analyses/w32zoria.html0
111syslnfo.hlp0 11svchost.exe1 00 44Added by the Troj/Aolog-A keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojaologa.html0
1 6System0 11SVCHOST.EXE1 00 12Added by the23Troj/LdPinch-AU TROJAN!0
1 6System0 11svchost.EXE1 00 44Added by the Troj/Bckdr-CST backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojbckdrcst.html0
116system configure0 11svchost.exe1 00 81Added by the Troj/Lineage-C password-stealing Trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagec.html0
116system event log0 11svchost.exe1 00155Added by the Troj/GrayBir-AC backdoor Trojan.  This should not be confused with the legitimate c:\windows\svchost.exe found in the Windows %System% folder.59http://www.sophos.com/virusinfo/analyses/trojgraybirac.html0
119System Host Service0 11svchost.exe1 00125Added the the CONE.F WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.f@mm.html0
114System Manager0 11svchost.exe1 00129Added by the BANKER-AE TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojbankerae.html0
114System Process0 11svchost.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
114System Update20 11svchost.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
111SystemCheck0 11svchost.exe1 00  056http://www.sophos.com/virusinfo/analyses/trojdelfkr.html0
117SystemDriverCheck0 11svchost.exe1 00 33Added by the Troj/Delf-KR trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfkr.html0
116SystemDriverLoad0 11svchost.exe1 00  056http://www.sophos.com/virusinfo/analyses/trojdelfkr.html0
1 9SystemReg0 11svchost.exe1 00127Added by the DEWIN.E TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_DEWIN.E0
123Task Monitoring Service0 11svchost.exe1 00124Added by the CONE.D WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.d@mm.html0
1 7taskmng0 11svchost.exe1 00 50Added by the W32/Tilebot-AW worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotaw.html0
1 9tjstartup0 11svchost.exe1 00127Added by the CURDEAL TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.curdeal.html0
1 6Update0 11svchost.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
110Webservice0 11svchost.exe1 00 29Added as a new service by the49Troj/Feutel-B TROJAN, using the same displayname.0
1 7windows0 11svchost.exe1 00 52Added by the W32/Slomirc-A WORM/IRC backdoor Trojan!57http://www.sophos.com/virusinfo/analyses/w32slomirca.html0
119Windows Audio Mixer0 11svchost.exe1 00163Added by the W32/Tilebot-BX worm and IRC backdoor.  This infection should not be confused with the legitimate svchost.exe  file found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32tilebotbx.html0
122Windows Driver Adapter0 11svchost.exe1 00 41Added by the W32/Antinny-K backdoor/worm.57http://www.sophos.com/virusinfo/analyses/w32antinnyk.html0
114Windows Kernel0 11svchost.exe1 00237Added by the W32/Rbot-ANO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. bNote: /b This should not be confused with the legitimate svchost.exe file in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32rbotano.html0
118Windows Management0 11svchost.exe1 00 35Added by the Troj/Feutel-AN Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelan.html0
124Windows Security Manager0 11svchost.exe1 00179Added by the W32.Antinny.AX worm for the Winny file-sharing network. This infection should not be confused with the legitimate svchost.exe found in the C:\Windows\System32 folder.75http://www.sarc.com/avcenter/venc/data/w32.antinny.ax.html#technicaldetails0
120Windows Service Host0 11svchost.exe1 00124Added by the CONE.B WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.b@mm.html0
128Windows Service Host Process0 11svchost.exe1 00 32Added by the W32.Ezio.A@mm WORM.57http://www.sarc.com/avcenter/venc/data/w32.ezio.a@mm.html0
121Windows Services Host0 11svchost.exe1 00133Added by the CONE or CONE.E WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!72http://securityresponse.symantec.com/avcenter/venc/data/w32.cone@mm.html0
119Windows Time Updata0 11Svchost.exe1 00 35Added by the Troj/Feutel-AG Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelag.html0
125Windows Xp Service Pack 20 11svchost.exe1 00 42Added by the Troj/Xplos-A backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojxplosa.html0
113WindowsUpdate0 11svchost.exe1 00152Added by the ASTEF or RESPAN WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html0
114Winlogon Shell0 11svchost.exe1 00 39mm.html" target=_blankW32.Kipis.M WORM! 01
1 6wnddrv0 11svchost.exe1 00294Aded by an unidentified TROJAN! - NOTE - this file is placed in the Winnt or Windows folder,  and should NOT be confused with the legitimate Windows  svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!71http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/0
1 7wsock320 11svchost.exe1 00125Added by the Troj/Horst-A keylogging trojan.  This infection logs your keystrokes to a file named c:\windows\system32\dll.txt56http://www.sophos.com/virusinfo/analyses/trojhorsta.html0
1 3xor0 11svchost.exe1 00127Added by the XORDOOR TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xordoor.html0
119Zone Labs Client Ex0 11svchost.exe1 00126Added by the NETSKY.F WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.f@mm.html0
1 4zztp0 11svchost.exe1 00 41Added by the Trojan.Tannick.B  infection.77http://www.sarc.com/avcenter/venc/data/trojan.tannick.b.html#technicaldetails0
113WindowsUpdate0 14svchost.exe /s2 00  0 01
1 7regedit0 20svchost.exe ccRegVfy2 00 25Added by the  Trojan.Rona72http://securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html0
328Hurtigstart for Adobe Reader0 27svchost.exe -k LocalService222StartUp menu\All users0114Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Generic Host Process for Win32 Services39http://www.absolutestartup.com/startup/1
1 6pnpsvc0 22svchost.exe -k netsvcs2 00  8Added by85Troj/StartPa-FP as a new service, using "Plug and Play svc service" as a displayname.0
112COM++ System0 14svchost.exe...1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
113Administrator0 11svchost.scr1 00 39Added by the Backdoor.Novacal backdoor.77http://www.sarc.com/avcenter/venc/data/backdoor.novacal.html#technicaldetails0
1 1c0 11svchost.scr1 00 36Added by the Troj/Bancban-BX TROJAN!59http://www.sophos.com/virusinfo/analyses/trojbancbanbx.html0
115random filename0 11svchost.scr1 00192http://www.sophos.com/virusinfo/analyses/trojbancbanbk.html"Troj/Bancban-BK.  This infections attempts to steal passwords for certain Brazilian banking sites. Found in the %System%\of Windows. 01
1 7svchost0 11svchost.scr1 00 25Added by  Troj/Bancos-CB.58http://www.sophos.com/virusinfo/analyses/trojbancoscb.html0
1 8svchost10 12svchost1.exe1 00 28Added by the AGOBOT.ZZ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.ZZ0
120configuration loader0 12svchost2.exe1 00 29Added by the  AGOBOT.JR WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JR&VSect=P0
125microsoft service pack2.10 12svchost2.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118CRC Value Verifier0 13svchost32.exe1 00 26Added by the RBOT-OA WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotoa.html0
117micr0s0ft upd4t4z0 13svchost32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Mircrosoft Svchost320 13svchost32.exe1 00 12Added by the38W32/Rbot-AZW WORM/IRC backdoor trojan!0
113Services Host0 13svchost32.exe1 00133Added by the W32/Agobot-TG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobottg.html0
1 3Sun0 13svchost32.exe1 00 35Added by the Troj/Banker-BP TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbp.html0
1 7SvcHost0 13svchost32.exe1 00134Added by the W32/Agobot-TM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32agobottm.html0
111svchost.exe0 13svchost32.exe1 00 90CoolWebSearch parasite related. Note - this is not the valid svchost.exe as described here53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 9SvcHost320 13svchost32.exe1 00 40Added by the MIMAIL.I or MIMAIL.J WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.i@mm.html0
121universal usb service0 13svchost32.exe1 00 32Added by the  W32.KELVIR.R WORM!60http://www.symantec.com/avcenter/venc/data/w32.kelvir.r.html0
120Windows Help Manager0 13svchost32.exe1 00 26Added by the RBOT-OZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotoz.html0
1 6WINRUN0 13svchost32.exe1 00 12Added by the135W32/Mytob-AI0
1 3AvG0 14svchost323.exe1 00 12Added by the26W32/Rbot-ZA WORM/backdoor!0
1 9svchost640 13svchost64.exe1 00 29Added by the SDBOTER.G VIRUS! 01
1 8svchosta0 12svchosta.exe1 00 29Added by the  Troj/Sniffer-I.58http://www.sophos.com/virusinfo/analyses/trojsnifferi.html0
123Windows Logon Procedure0 12Svchosta.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 8svchostb0 12svchostb.exe1 00 36Added by the  Troj/Sniffer-J TROJAN!58http://www.sophos.com/virusinfo/analyses/trojsnifferj.html0
1 9svchostBB0 13svchostBB.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
1 9svchostBD0 13svchostBD.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
111svchostBDJU0 15svchostBDJU.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
1 9svchostBN0 13svchostBN.scr1 00 36Added by the Troj/Dloader-MC TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloadermc.html0
1 9svchostCX0 13svchostCX.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
1 8MSN Beta0 14SVCHOSTdll.exe1 00117http://www.sophos.com/virusinfo/analyses/w32rbotwf.html"W32/Rbot-WF WORM! File is found in the Windows system folder. 01
114svchostdll.scr0 14svchostdll.scr1 00 80Added by the Troj/Bancban-FM password-stealing Trojan of certain bank web sites.59http://www.sophos.com/virusinfo/analyses/trojbancbanfm.html0
1 8Updaterd0 12SVCHOSTE.EXE1 00 48Added by the W32/Rbot-BBE worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbe.html0
120Windows Host Service0 12svchoste.exe1 00 89Added by the W32/Kelvir-U instant messenger worm.  This worm spreads using MSN Messenger.56http://www.sophos.com/virusinfo/analyses/w32kelviru.html0
123Windows Logon Procedure0 12Svchoste.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
112Start Upping0 13SVCHOSTES.EXE1 00 26Added by the RBOT-NB WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnb.html0
1 8MSUpdate0 14svchosthlp.exe1 00 28Added by the BLASTER.T WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html0
117Win32 USB2 Driver0 14svchosting.exe1 00 39Added by the FORBOT.J or SDBOT.HU WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.HU0
1 9svchostIT0 13svchostIT.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
110[not used]0 12svchostl.exe1 00 32Added by the W32/Blaster-M worm.57http://www.sophos.com/virusinfo/analyses/w32blasterm.html0
111netservices0 12svchostn.exe1 00 28Added by the  SDBOT.GI WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.GI&VSect=P0
1 8svchostr0 12svchostr.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9svchostRE0 13svchostRE.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
138{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}0 12svchosts.dll1 00114Click here to protect your computer from spyware."/bbr /br /Uses CLSID: b{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}/b. 01
113Reload Browse0 12svchosts.dll1 00233Added by the Adware.TopAV which replaces the Windows wallpaper with a fake virus alert message containing links to topantivirus.biz or Spyaxe and issues fake virus alerts.br /br /Uses CLSID: b{3F245C2A-1558-3CCA-04A8-7AA23B60E40F}/b.73http://securityresponse.symantec.com/avcenter/venc/data/adware.topav.html0
3 7RegHelp0 12svchosts.exe1 00 58activity report every 15 minutes...anywhere in the world." 01
119&reg;Windows Update0 12svchosts.exe1 00 27Added by the FRUCTA TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.frutca.html0
113[random name]0 12Svchosts.exe1 00 28Added by the SDBOT.N TROJAN!56http://www.sophos.com/virusinfo/analyses/trojsdbotn.html0
115®Windows Update0 12svchosts.exe1 00 27Added by the FRUCTA TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.frutca.html0
133Generic host proccess for windows0 12SVCHOSTS.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 3ine0 12svchosts.exe1 00 64http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx 01
115Internet Config0 12svchosts.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
115Internet Config0 12svchosts.exe1 00 26Added by the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
133Microsoft Synchronization Manager0 12svchosts.exe1 00133Added by the W32/Sdbot-LM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotlm.html0
113Norton System0 12svchosts.exe1 00 12Added by the16Troj/Dloader-GB.0
1 8services0 12svchosts.exe1 00134Added by the Troj/Sdbot-N worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/trojsdbotn.html0
1 8svchosts0 12svchosts.exe1 00 29Added by the  Troj/Bancban-DC59http://www.sophos.com/virusinfo/analyses/trojbancbandc.html0
112svchosts.exe0 12svchosts.exe1 00 33Added by the  W32/AGOBOT-JN WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotjn.html0
1 6SysTry0 12svchosts.exe1 00216Added by the Troj/Banker-BD password stealing Trojan! The file is found in the Windows system folder.  If you have this file on your computer, it is recommended that you change your online banking passwords and pins.58http://www.sophos.com/virusinfo/analyses/trojbankerbd.html0
115virtual-machine0 12svchosts.exe1 00 85Added by W32/Rbot-US, a WORM/backdoor IRC Trojan, found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotus.html0
112Win32 Driver0 12svchosts.exe1 00134Added by the W32/Forbot-FD worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfd.html0
121Win32 Svchosts Driver0 12svchosts.exe1 00133Added by the W32/Forbot-FO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfo.html0
117Windows Registers0 12Svchosts.exe1 00231Added by the W32/Rbot-HV trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection will also attempt to harvest keystrokes and cd keys from your computer.55http://www.sophos.com/virusinfo/analyses/w32rbothv.html0
116Windows Services0 12svchosts.exe1 00 30Added by the AGOBOT-KL TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotkl.html0
112svchosts.scr0 12svchosts.scr1 00 54Added by the Troj/Bancban-DQ password-stealing trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbandq.html0
1 9Microsong0 14svchosts11.exe1 00153Added by the Troj/Sdbot-EV backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotev.html0
120Windows Host Service0 14svchosts32.exe1 00 46Added by the W32/Kelvir-AK MSN messenger worm.57http://www.sophos.com/virusinfo/analyses/w32kelvirak.html0
115[various names]0 13svchostss.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
122WindowsUpdatesvchostss0 13svchostss.exe1 00116Added by the Troj/Agent-HZ Trojan.  This infectiona also installs the file C:\Windows\System32\helper\svchostss.exe.57http://www.sophos.com/virusinfo/analyses/trojagenthz.html0
110bot loader0 12svchostt.exe1 00 34Added by the  W32.GAOBOT.ALV WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.alv.html0
118Microsoft Registro0 12svchostt.exe1 00142Added by the Troj/Bancos-DH password-stealing trojan.  If you are infected with this infection you should change any online banking passwords.58http://www.sophos.com/virusinfo/analyses/trojbancosdh.html0
1 9msnager320 12svchostt.exe1 00 31Added by the  WOMANIZ.E TROJAN!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ.E&VSect=P0
116WSAConfiguration0 12svchostt.exe1 00 28Added by the AGOBOT.ZT WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_AGOBOT.ZT0
1 9svchostUN0 13svchostUN.scr1 00 12Added by the23Troj/Dloader-MC TROJAN!0
125Microsoft Windows Updater0 12svchostz.exe1 00 30Added by the DAEMONI-E TROJAN!58http://www.sophos.com/virusinfo/analyses/trojdaemonie.html0
1 9amircivil0 10svchot.exe1 00 33Added by the W32.Amirecivel worm.75http://www.sarc.com/avcenter/venc/data/w32.amirecivel.html#technicaldetails0
1 8boot_reg0 10svchot.exe1 00 77Added by Troj/Bancban-BQ, a TROJAN. It is found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbq.html0
1 6SVCHOT0 10SVCHOT.exe1 00 33Added by the Troj/QQRob-U Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobu.html0
1 7svchoxt0 11svchoxt.exe1 00 35Added by the Troj/QQPass-FC Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassfc.html0
1 6shoket0 11svchs0t.exe1 00149Added by the Troj/WowPWS-E Trojan. This infection should not be confused with the legitimate Microsoft file found at C:\Windows\System32\svchost.exe.57http://www.sophos.com/virusinfo/analyses/trojwowpwse.html0
110[not used]0 11svchsot.exe1 00 35Added by the Troj/GWGhost-N Trojan.58http://www.sophos.com/virusinfo/analyses/trojgwghostn.html0
1 3kav0 11svchsot.exe1 00 34Added by the Troj/QQRob-AE Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqrobae.html0
119Microsoft IT Update0 11svchsst.exe1 00 26Added by the RBOT-DH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdh.html0
121MSN Messenger Updater0 11SVCHSST.exe1 00 48Added by the W32/Rbot-BIR worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbir.html0
1 7Antivir0 10svchst.exe1 00 43Added by the Troj/Ragruk-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojragruka.html0
134microsoft outlook express protocol0 10svchst.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
127Microszoft Update Mach1nezs0 10svchst.exe1 00 26Added by the RBOT-ED WORM!55http://www.sophos.com/virusinfo/analyses/w32rboted.html0
111MsnExplorer0 10SVCHST.EXE1 00 34Added by the  TROJ/BDOOR-EB TROJAN57http://www.sophos.com/virusinfo/analyses/trojbdooreb.html0
1 8SheduIer0 10svchst.exe1 00 34Premium rate adult content dialler 01
1 7SvcH0st0 10SVCHST.EXE1 00 35Added by the  TROJ/BDOOR-EB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojbdooreb.html0
111useful-soft0 10svchst.exe1 00 66Added by the Troj/StartPa-H Internet Explorer start page hijacker.59http://www.sophos.com/virusinfo/analyses/trojstartpahh.html0
1 6ws2_320 10svchst.exe1 00 94Added by the Troj/Voken-A TROJAN, it will terminate anti-virus and security-related processes.56http://www.sophos.com/virusinfo/analyses/trojvokena.html0
110[not used]0 11svchsto.exe1 00 56Added by the Troj/GWGhost-R information stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojgwghostr.html0
1 6System0 11svchîst.exe1 00 54Added by the Troj/LdPinch-BF password-stealing trojan.59http://www.sophos.com/virusinfo/analyses/trojldpinchbf.html0
1 7svcinfo0 11svcinfo.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 4run=0 11svcinit.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111SVC Service0 11svcinit.exe1 00 26Added by the SINIT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sinit.html0
111SVC Service0 11svcinit.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 5syseq0 12svclgx32.exe1 00 36Added by the  TROJ/IRCBOT-AC TROJAN!58http://www.sophos.com/virusinfo/analyses/trojircbotac.html0
123Windows Service Manager0 10svcman.exe1 00 36Added by the Troj/Dloader-NY trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderny.html0
1 8DriverDB0 12svcmdx32.exe1 00 49Added by the  Troj/IRCBot-AR TROJAN/IRC backdoor!58http://www.sophos.com/virusinfo/analyses/trojircbotar.html0
1 9MainStart0 13svcmfte32.exe1 00 39Added by the Troj/Stinx-A IRC backdoor.56http://www.sophos.com/virusinfo/analyses/trojstinxa.html0
1 8startkey0 10svcmgr.exe1 00 43Added by the Troj/Hipper-B backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojhipperb.html0
110[not used]0 12svcmgr32.exe1 00128Added by the W32/Oscabot-D worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32oscabotd.html0
110[not used]0 16svcmgr32.exe.exe1 00128Added by the W32/Oscabot-D worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32oscabotd.html0
114USB controller0 11Svcmm32.exe1 00 30Ouchvideo.com 'n-Lite' spyware 01
3 6svcmon0 10svcmon.exe1 00118Added by the Spyware.PersonInspect surveillance software. Uninstall this software if it was not installed by yourself.65http://www.sarc.com/avcenter/venc/data/spyware.personinspect.html0
115Service Monitor0 10svcmon.exe1 00 51Added by the W32/Agent-FS worm and backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/w32agentfs.html0
115i/o controllers0 10svcnet.exe1 00 34Added by the  TROJ/TIBIK-B TROJAN!56http://www.sophos.com/virusinfo/analyses/trojtibikb.html0
111shell api320 10svcnet.exe1 00 34Added by the  WIN32.TIBICK.C WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=414290
110Shellapi320 10svcnet.exe1 00 71Added by W32/Tibick-C,  a P2P WORM with limited backdoor functionality.56http://www.sophos.com/virusinfo/analyses/w32tibickc.html0
114System Restore0 10svcnet.exe1 00 25Added by the TIBICK WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.tibick.html0
110ServiceHst0 11svcnost.exe1 00 12Added by the39W32/Agobot-RS WORM/IRC backdoor trojan!0
122System Power Managment0 11svcnost.exe1 00 55Added by the W32/Dref-I email worm and backdoor Trojan.54http://www.sophos.com/virusinfo/analyses/w32drefi.html0
1 8PService0 12svcnow32.exe1 00 75Added by Troj/Spybot-DJ,  a TROJAN, and found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/trojspybotdj.html0
110Fast Start0  9svcnt.exe1 00240Identified by numerous Antivirus products as Delf.KS.  When run this trojan will install a variety of other applications such as antivirus gold, ps guard, hookdump.exe, intel32.exe etc.  All of these files are malware and should be removed. 01
110start page0 11svcnt32.exe1 00 67Homepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ks 01
1 9faststart0 10svcnut.exe1 00 56Browser hijacker - a variant of the  STARTPAGE.L TROJAN!96http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.l.html#technicaldetails0
1 9faststart0 12svcnut32.exe1 00 56Browser hijacker - a variant of the  STARTPAGE.L TROJAN!96http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.l.html#technicaldetails0
111fast search0  9svcnv.exe1 00 78Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf 01
1 3fsh0 10svcnva.exe1 00 71Malware,  detected by  Ewido_Security_Suite as TrojanDownloader.Delf.ks24http://www.ewido.net/en/0
1 9fast home0 10svcnvt.exe1 00 67Reported by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Delf.ks 01
113WindowsXPserv0 12svcnxp32.exe1 00 77Added by the  Troj/Naninf-A trojan.  Located in the Windows system directory.57http://www.sophos.com/virusinfo/analyses/trojnaninfa.html0
127Microszoft Update Mach1nezs0 11SVCOHST.EXE1 00143Added by the W32/Rbot-EG trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboteg.html0
116Srvce Pack Updte0 11svcpack.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111SVC Service0 11svcpack.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122System Startup Service0 11svcproc.exe1 00426This infection is identified as Trojan.Win32.Stervis.b.  It is usually bundled with nail.exe, a Abetterinternet adware variant.  It is notoriously difficult to remove and is usually bundled with other malware that are hard to remove as well.  One method that we have found that is able to remove this infection and the other malware that are bundled with it is the ewido security suite which you can download and try for free.59http://www.bleepingcomputer.com/startups/Nail.exe-8593.html0
1 6ccAppr0 12svcrhost.exe1 00 34Premium rate adult content dialler 01
110[not used]0 11svcroot.exe1 00 43Added by the Troj/Heles-B keylogger Trojan.56http://www.sophos.com/virusinfo/analyses/trojhelesb.html0
1 7svcroot0 11svcroot.exe1 00 30Added by the KEYLOG-AC TROJAN!58http://www.sophos.com/virusinfo/analyses/trojkeylogac.html0
127Run Services as Application0 10svcrun.exe1 00 36Added by the Troj/Dloader-NY trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderny.html0
115system services0 12svcsenes.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115System Services0 15svcsenes32a.exe1 00132Added by the W32/Rbot-AFGworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotafg.html0
124Microsoft Windows Update0 12svcshost.exe1 00 28Added by the FORBOT-CF WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcf.html0
111officeagent0 12svcshost.exe1 00 38Added by the  WIN32.TACTSLAY.A TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=420220
113activexupdate0  9svcss.exe1 00 43Added by a variant of the  DEDLER.C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerc.html0
113officeguardui0  9svcss.exe1 00 30Added by the  DEDLER-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerc.html0
133Windows Svshost Service Update 320 15svcsshost32.exe1 00 32Added by the W32/Forbot-GD worm.57http://www.sophos.com/virusinfo/analyses/w32forbotgd.html0
114WindowsDiskEvt0 12svcsvh32.exe1 00 41Added by the roj/Stinx-U backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxu.html0
1 6SvcSys0 10svcsys.dll1 00117Added by the PWSteal.Bancos.Y password-stealing Trojan.br /br /Uses CLSID: b{FCF39D40-4CAB-49B4-B6F4-955EC73FD3B3}/b.94http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.y.html#technicaldetails0
1 5MSSVC0 10svcsys.exe1 00 29Added by the FATOOS-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojfatoosc.html0
1 8MSSYSTEM0 10svcsys.exe1 00 29Added by the FATOOS-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojfatoosc.html0
1 8svcsys320 12svcsys32.exe1 00 28Added by the AGOBOT-LL WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotll.html0
123svcsys registry manager0 13svcsysreg.exe1 00 96Added by a  TROJAN.CLICKER - identified by  Kaspersky antivirus as Trojan-Clicker.Win32.Agent.cv46http://www.f-secure.com/v-descs/trojclik.shtml0
1 7svctask0 11svctask.exe1 00 44Added by the Troj/Chuckyb-A backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojchuckyba.html0
319Microsoft Webserver0 10svctrl.exe1 00126Personal web server program which enables you to create and host a web server from your computer. Not required for most people 01
1 8IPConfig0 12svcxnv32.exe1 00 30Added by the HACARMY.E TROJAN!66http://www.symantec.com/avcenter/venc/data/backdoor.hacarmy.e.html0
1 8ipconfig0 12svcxnw32.exe1 00 44Added by a variant of the  HACARMY.E TROJAN!66http://www.symantec.com/avcenter/venc/data/backdoor.hacarmy.e.html0
3 8COMDRV320 11svdhost.exe1 00246Orvell Monitoring 2003 - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/26http://www.protectcom.com/0
126Microsoft Com Port Manager0 11svdhost.exe1 00134Added by the W32/Sdbot-NI worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotni.html0
112Hotfix Updat0 13svdhost32.exe1 00 28Added by the GAOBOT.ZW WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zw.html0
121Windows Print Spooler0 11SVEHOST.EXE1 00 27Added by the SPYBOT.H WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.H0
120Microsoft New Game 20 13svehost32.exe1 00 32Added by the W32/Tilebot-I worm.57http://www.sophos.com/virusinfo/analyses/w32tileboti.html0
112SVGA Adapter0 12svgainit.exe1 00 94Added by Backdoor.Deftcode. This infection connects to an IRC server where it awaits commands.61http://www.sarc.com/avcenter/venc/data/backdoor.deftcode.html0
1 5Shell0 11svghost.exe1 00 29Added by the  Troj/Lineage-J.58http://www.sophos.com/virusinfo/analyses/trojlineagej.html0
127windows update configurator0 11svghost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114microsoft help0 10svh0st.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
119Microsoft WinUpdate0 10svh0st.exe1 00 28Added by the SPYBOT.DL WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.DL&VSect=T0
115MicrosoftUpdate0 10svhest.exe1 00143Added by the W32/Rbot-ES trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotes.html0
116Win32 Usb Driver0 14svhosint32.exe1 00 42Added by the FORBOT-BE or  FORBOT-J WORMS!57http://www.sophos.com/virusinfo/analyses/w32forbotbe.html0
1 7IMClass0 10Svhosl.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7.mscsbl0 10svhost.exe1 00 34Added by the  BACKDOOR-CMQ TROJAN!54http://vil.mcafeesecurity.com/vil/content/v_130850.htm0
116AV_Update_Client0 10svhost.exe1 00 53Added by the TROJ_ISPY.B information-stealing Trojan.87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FISPY%2EB&VSect=T0
1 8CTHELPER0 10svhost.exe1 00130Added by the W32/Sdbot-RZ worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrz.html0
1 4inet0 10svhost.exe1 00133Added by the Troj/Sdbot-M worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/trojsdbotm.html0
121Microsoft AutoUpdater0 10svhost.exe1 00 26Added by the RBOT.QG WORM!87http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.QG0
123microsoft host protocol0 10svhost.exe1 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
133Microsoft Synchronization Manager0 10svhost.exe1 00 27Added by the SDBOT-PY WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpy.html0
119microsoft system nt0 10svhost.exe1 00 33Added by the  IRC/SDBOT.COU WORM!68http://www.enciclopediavirus.com/virus/vervirus.php?id=1446&alerta=10
124Microsoft System Startup0 10svhost.exe1 00 49Added by the W32/Sdbot-AKG worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotakg.html0
116Microsoft Update0 10svhost.exe1 00 26Added by the RBOT-PI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpi.html0
1 4NDAv0 10SVHOST.EXE1 00 56Added by the W32/Sumom-C instant messenger and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
1 4SDAv0 10SVHOST.EXE1 00 56Added by the W32/Sumom-C instant messenger and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
114Servicio Local0 10svhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
131Svchost Windows Remote Services0 10svhost.exe1 00133Added by the W32/IRCBot-IV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32ircbotiv.html0
1 6SVHOST0 10svhost.exe1 00 27Added by the MYDOOM.I WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.i@mm.html0
113svhost System0 10svhost.exe1 00 29Added as a new service by the51Troj/Xrat-A TROJAN, using a servicename of  svhost.0
114svhost updates0 10Svhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9updatemsn0 10svhost.exe1 00 40Added by an unidentified WORM or TROJAN! 01
112Win32 Loader0 10svhost.exe1 00 67Added by the W32/Sdbot-VH WORM. Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvh.html0
121Windows update config0 10svhost.exe1 00 27Added by the SDBOT-PF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpf.html0
110[not used]0 12svhost32.exe1 00 36Added by the Troj/Lineage-AB trojan.59http://www.sophos.com/virusinfo/analyses/trojlineageab.html0
1 3fzg0 12svhost32.exe1 00 57Added by the Troj/Lineage-JN information stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojlineagejn.html0
121Microsof Windows Host0 12svhost32.exe1 00 27Added by the RBOT.ADY WORM!79http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ADY0
123Updater Service Process0 12svhost32.exe1 00 28Added by the AGOBOT.TY WORM!80http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TY0
1 4UsbD0 12svhost32.exe1 00 29Added by the AGENT.IB TROJAN!90http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=TROJ_AGENT.IB0
116Services Startup0 12svhost33.exe1 00 28437" target=_blankRBOT WORM! 01
123svhost windows services0 11Svhost8.exe1 00105Added by a WORM, W32/Rbot-WQ,  with backdoor Trojan functionality and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwq.html0
127Windows Update System Shell0 14svhostcs32.exe1 00 12Added by the38W32/Rbot-AAZ WORM/IRC backdoor trojan!0
113Host Services0 11svhosts.exe1 00147Added by the W32/Tilebot-AC worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.58http://www.sophos.com/virusinfo/analyses/w32tilebotac.html0
1 3Rwx0 11svhosts.exe1 00 35Added by the Troj/Subzero-B trojan.58http://www.sophos.com/virusinfo/analyses/trojsubzerob.html0
122windows services hosts0 11svhosts.exe1 00 35Added by the  TROJ/SDBOT-YH TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsdbotyh.html0
1 7sdktemp0 13svhosts32.exe1 00 50Added by the W32/Tilebot-CD worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcd.html0
115ms valud loader0 10Svhots.exe1 00 33Added by the  W32/AGOBOT-SP WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotsp.html0
120Configuration Loader0  9svhst.exe1 00 28Added by the GAOBOT.YC WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yc.html0
2 8SVIDC32M0 12SVIDC32M.exe1 00  2?? 01
115Windows Updater0 11svigost.exe1 00 36W32/Rbot-VS is classified as a worm.55http://www.sophos.com/virusinfo/analyses/w32rbotvs.html0
1 9sviload320 13sviload32.exe1 00 51Added by the W32/Rbot-AAS WORM/IRC backdoor trojan!56http://www.sophos.com/virusinfo/analyses/w32rbotaas.html0
1 4SVKP0  8SVKP.sys1 00134Added by the W32/Spybot-FB worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32spybotfb.html0
1 7svlmngr0 11svlmngr.exe1 00 48Added by the W32/Rbot-BLW worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotblw.html0
124Microsoft Windows Update0 11svmhost.exe1 00 28Added by the FORBOT-CH WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotch.html0
125windows register settings0 11svmhost.exe1 00 43Added by a variant of the  W32/FORBOT WORM!57http://sophos.com.au/virusinfo/analyses/w32forbotgen.html0
2 7SVM Pop0 10svmpop.exe1 00  2?? 01
110svnlitup320 14svnlitup32.exe1 00 28Added by the  RBOT.CBJ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBJ&VSect=P0
1 9svnloader0 13svnload32.exe1 00121Added by the W32/Rbot-ACU worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotacu.html0
111svohcst.exe0 11svohcst.exe1 00 54Added by the PWSteal.Kurofoo password-stealing Trojan.76http://www.sarc.com/avcenter/venc/data/pwsteal.kurofoo.html#technicaldetails0
110[not used]0 11svohost.exe1 00161This dumaru variant attempts to terminate antivirus programs so that it remains undetected.  It is a mass-mailing worm with backdoor and keylogging capabilities.93http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html#technicaldetails0
110ctfnom.exe0 11SVOHOST.exe1 00 35Added by the Troj/Digidor-A trojan.58http://www.sophos.com/virusinfo/analyses/trojdigidora.html0
1 8scamdisk0 11SVOHOST.exe1 00 27Added by the  LEWOR.D WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LEWOR.D&VSect=P0
1 8system320 11svohost.exe1 00 33Added by the Troj/Bnkmr-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojbnkmra.html0
1 5AvSer0  9svosm.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6DsmSer0  9svosm.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6rollbk0  9svosm.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 7sytem320  9svost.exe1 00 43Added by the Troj/Feutel-Z backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelz.html0
111svphost.exe0 11svphost.exe1 00 29Added by the AGENT.CS TROJAN!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.CS&VSect=T0
110Windows TM0 11SVPHOST.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7svrhost0 11Svrhost.exe1 00 33Added by the Adware.Satbo adware.56http://www.sarc.com/avcenter/venc/data/adware.satbo.html0
310svrpcn.exe0 10svrrec.exe1 00121Added by the Spyware.Recon surveillance software.  If you did not install this software you should remove it immediately.57http://www.sarc.com/avcenter/venc/data/spyware.recon.html0
1 6svrrun0 10svrrun.exe1 00 32Adware hailing from Deskwizz.com 01
117Sygate Personal 30  8svrv.exe1 00121Added by the W32/Rbot-XD WORM/backdoor Trojan, which attempts to modify network shares and users and terminate processes.55http://www.sophos.com/virusinfo/analyses/w32rbotxd.html0
120Configuration Loader0 12SVSCHOST.EXE1 00134Added by the W32/Sdbot-NS worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotns.html0
1 7svsekin0 10svsekt.exe1 00 41Added by the  TROJAN.PWS.QQPASS.G TROJAN!67http://www.symantec.com/avcenter/venc/data/trojan.pws.qqpass.g.html0
114&lt;random&gt;0 11svshost.exe1 00 70Added by the W32/Kelvir-AX instant messaging worm and backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/w32kelvirax.html0
120Dll Service Manager.0 11SVSHOST.EXE1 00132Added by the W32/Robot-A backdoor trojan.  When started this infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32robota.html0
118Games Acceleration0 11svshost.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
125messenger service updater0 11svshost.exe1 00 28Added by the  MYTOB.GC WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.GC&VSect=P0
113Microsoft IPC0 11svshost.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
118Microsoft Services0 11svshost.exe1 00 28Added by the ALETS.B TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.alets.b.html0
124Microsoft Update Machine0 11svshost.exe1 00 26Added by the RBOT.AK WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AK0
124Microsoft Update Manager0 11svshost.exe1 00132Added by the W32/Rbot-BAL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbal.html0
124Microsoft Windows Update0 11svshost.exe1 00 29Added by the WOOTBOT.CJ WORM!109http://uk0
1 6secure0 11svshost.exe1 00127Added by the W32/Rbot-AFO worm. When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafo.html0
113Svhost Loader0 11svshost.exe1 00 27Added by the AGOBOT.G WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.G0
1 7svshost0 11svshost.exe1 00 48Added by the W32/Chode-H instant messenger worm.55http://www.sophos.com/virusinfo/analyses/w32chodeh.html0
113svshostdriver0 11svshost.exe1 00 29Added by the SDBOT-HN TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsdbothn.html0
1 9svshost320 13svshost32.exe1 00165Added by a variant of the Rbot worm.  This worm, when started, connects to IRC servers where it sits in a desginated channel waiting for commands from a remote user. 01
1 7svshots0 11svshots.exe1 00113The Troj/Botget-A TROJAN opens a backdoor, and via IRC channels will attempt to download and run C:\gdc.exe also.57http://www.sophos.com/virusinfo/analyses/trojbotgeta.html0
128Windows Service Support Call0 10SVSS32.EXE1 00111This R-Bot WORM varaiant adds the file to allow unauthorized access to an attacker through an open IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxq.html0
118Microsoft Services0 13svssshost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115Windows_Updates0 11svthost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
121windows update center0  9svthx.exe1 00 33Added by the  W32.STUBBOT.A WORM!64http://www.symantec.com/avcenter/venc/data/w32.stubbot.a@mm.html0
120configuration loader0 12svupdate.exe1 00 34Added by the  W32.RANDEX.DXP WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.dxp.html0
117Windows Firewalll0 11svvhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115Windows Service0 11svvhost.exe1 00 33Added by the  W32/AGOBOT-HL WORM!57http://www.sophos.com/virusinfo/analyses/w32agobothl.html0
115WindowsUpdateNT0 11svwhost.exe1 00 44Added by the Troj/Shellot-B backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojshellotb.html0
116Microsoft Office0 11svxhost.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
133Microsoft Synchronization Manager0 11svxhost.exe1 00133Added by the W32/Sdbot-ZU worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzu.html0
117Microsoft-Updates0 11svxhost.exe1 00 26Added by the RBOT-CT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotct.html0
119SVX Control Service0 11svxhost.exe1 00 27Added by the FORBOT-K WORM!56http://www.sophos.com/virusinfo/analyses/w32forbotk.html0
114update service0 11svxhost.exe1 00 26Added by the RBOT-MG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmg.html0
117Microsoft-Updates0 11svxhost.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
124Microsoft Windows Update0 11svzhost.exe1 00 12Added by the98W32/Forbot-EV WORM/IRC backdoor trojan, which also installs a new service called Microsoft Update.0
1 7scvhost0 11svzhost.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
3 4sw200  8sw20.exe1 00 43Related to  Dynamic_Overclocking_Technology48http://www.hardocp.com/article.html?art=ODAwLDI=0
3 4sw240  8sw24.exe1 00 43Related to  Dynamic_Overclocking_Technology48http://www.hardocp.com/article.html?art=ODAwLDI=0
120Configuration Loader0  8sw32.exe1 00 28Added by the AGOBOT.BQ WORM!91http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.BQ0
114Update ver 1.00  8Swap.exe1 00 25Added by the SWAP-C WORM!54http://www.sophos.com/virusinfo/analyses/w32swapc.html0
1 8SWCaller0 12SWcaller.exe1 00 28Homepage hijacker - see here75http://securityresponse.symantec.com/avcenter/venc/data/swporta.trojan.html0
1 8SWCaller0 13Swcaller2.exe1 00 28Homepage hijacker - see here75http://securityresponse.symantec.com/avcenter/venc/data/swporta.trojan.html0
1 6load320 11swchost.exe1 00 26Added by the TURTA.A WORM!97http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_TURTA.A&VSect=T0
1 9NvClipRsv0 11swchost.exe1 00 28Added by the DUMARU-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32dumaruak.html0
1 6winbin0 11swchost.exe1 00 28Added by the  RBOT.CLS WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CLS&VSect=P0
114Windows report0 11swchost.exe1 00 29Added by the SMALL-BD TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallbd.html0
1 7swcroot0 11swcroot.exe1 00 19Unidentified adware 01
314Spyware Doctor0 12swdoctor.exe1 00 30Spyware Doctor spyware remover38http://www.pctools.com/spyware-doctor/0
314Spyware Doctor0 22swdoctor.exe /C /FS /X215HKEY_LM\RunOnce0 43Spyware Doctor 3.1, PCTools. Spyware Doctor39http://www.absolutestartup.com/startup/1
314Spyware Doctor0 15swdoctor.exe /Q2 00 63Spyware Doctor 3.5.0, PC Tools Research Pty Ltd. Spyware Doctor 01
1 9MSNMSGRS10  8swed.bat1 00 28IRC backdoor TROJAN or WORM! 01
1 6helper0 10sweden.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
216Internet Sweeper0 11Sweeper.exe1 00 82Internet Sweeper - removes unnecessart left over files after browsing the internet23http://www.bmesite.com/0
1 8SweetBox0 12SweetBox.exe1 00 60Added by the Adware.SweetBar adware that display pop-up ads.59http://www.sarc.com/avcenter/venc/data/adware.sweetbar.html0
2 7sweetim0 11SweetIM.exe1 00198Related to  SweetIM Send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. BUT - they are only able to see these advanced smiley-faces if they also have SweetIM installed.23http://www.sweetim.com/0
1 8MSNMSGRE0  8swef.bat1 00 28IRC backdoor TROJAN or WORM! 01
1 7Swchost0 10Swhost.exe1 00 43Added by the Troj/Bdoor-MP backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormp.html0
119Windows System Tray0 10swhost.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
115SwimSuitNetwork0 19SwimSuitNetwork.exe1 00 19Advertising spyware 01
1 8MSNMSGRR0  8swin.bat1 00 28IRC backdoor TROJAN or WORM! 01
1 8swingsys0 12SWINGSYS.EXE1 00 35Added by the Troj/Bancos-CX trojan.58http://www.sophos.com/virusinfo/analyses/trojbancoscx.html0
214Shockwave Init0 10SWINIT.EXE1 00216Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs 01
113WinShowUpdate0 16Swinshow.dll</a>1 00 96Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version44http://www.doxdesk.com/parasite/Winshow.html0
1 8msnmsgrs0  9swiss.bat1 00 28IRC worm or backdoor trojan! 01
312switcher.exe0 12Switcher.exe1 00149Sony VAIO Wireless Switch Setting Utility.  This program allows you to use a switch to activate and deactivate the wireless lan or bluetooth adapter. 01
1 5switp0 10switpa.exe1 00 90Added by the Adware.OfferAgent adware.  This program will display popups on your computer.61http://www.sarc.com/avcenter/venc/data/adware.offeragent.html0
3 3SWL0  7SWL.dll1 00118Added by the Spyware.StealthWeblog surveillance software. Uninstall this software if it was not installed by yourself.65http://www.sarc.com/avcenter/venc/data/spyware.stealthweblog.html0
313Spyware Nuker0  8swn2.exe1 00 39Part of the Spyware Nuker 2004 program. 01
313Spyware Nuker0 11swn2.exe /h211HKEY_LM\Run0 57Spyware Nuker 2005 03.03.16, TrekBlue. Spyware Nuker 200539http://www.absolutestartup.com/startup/1
310Switch Off0  9swoff.exe1 00209Switch Off - tray-based system utility that can automatically perform various frequently