213ATI Launchpad0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
223iDuba Personal FireWall0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 3LDM0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
215Power2GoExpress0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
213RemoteControl0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
222Start WingMan Profiler0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5Steam0  0011HKEY_CU\Run0 25From Valve, for net games39http://www.absolutestartup.com/startup/1
212WebCamRT.exe0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
2 5ccApp0  0011HKEY_LM\Run0  2??39http://www.absolutestartup.com/startup/1
2 3ISC0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
210ISC_UpDate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
213New Autostart0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214QD FastAndSafe0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
214WMC_AutoUpdate0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
212yahoo! &maps0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 8PowerBar0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310RecordNow!0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
316Sonic RecordNow!0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
310SpySweeper0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 5Steam0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
316TransparentIcons0  0011HKEY_CU\Run0 39http://www.absolutestartup.com/startup/ 01
3 9TransTask0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8Tweak-XP0  0011HKEY_CU\Run0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
3 8farstone0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 9pdfSaver30  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
312PestPatrolCL0  0011HKEY_LM\Run0 90PestPatrol 4.4.4, Computer Associates International, Inc.. PestPatrol command line scanner39http://www.absolutestartup.com/startup/1
312screen miner0  0011HKEY_LM\Run0 70Screen Miner, screen capture tool, capture full screen, capture window39http://www.absolutestartup.com/startup/1
3 8SiS Tray0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
3 6UC_SMB0  0011HKEY_LM\Run0 81Name:, UC_SMB. Filename:, ucstart.exe. Description:, Part of IBM Update connector50www.bleepingcomputer.com/startups/UC_SMB-5915.html0
3 8Driver320  0019HKEY_LM\RunServices0101This entry has information about the driver32.exe file and whether or not it should be allowed to run57www.bleepingcomputer.com/ startups/driver32.exe-9053.html0
113MISAggregator0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
119windows auto update0  0011HKEY_LM\Run0 39http://www.absolutestartup.com/startup/ 01
126Shortcut to LAFNSlipstream0  0025StartUp menu\Current user0102Absolute StartUp 5.0, F-Group Software. Absolute StartUp provides absolute control on startup programs39http://www.absolutestartup.com/startup/1
312$sys$cor.sys0 12$sys$cor.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
328Plug and Play Device Manager0 18$sys$DRMServer.exe1 00376Added by the Sony/XCP DRM security software. This service is part of the digital rights management system utilized on certain Sony CDs.  If you remove this service, you may no longer be able to play certain CDs from Sony on your computer.br /br /If you have this service, then there is a good chance you also have the Sony XPC DRM rootkit.  Use the removal instructions below.54http://www.bleepingcomputer.com/forums/topic34904.html0
1 8$sys$drv0 12$sys$drv.exe1 00249Added by the Backdoor.Ryknos Trojan backdoor that attempts to utilize the SecurityRisk.First4DRM security risk to hide itself on the compromised computer.  It also adds a registry key at HKEY_CURRENT_USERWkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj76http://www.sarc.com/avcenter/venc/data/backdoor.ryknos.html#technicaldetails0
110$sys$crash0 18$sys$sonyTimer.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 17$sys$sos$sys$.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
110$sys$crash0 20$sys$WeLoveMcCOL.exe1 00 36Added by the Trojan.Welomoch Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.welomoch.html#technicaldetails0
1 8$sys$cmp0 11$sys$xp.exe1 00156Added by the Troj/Stinx-F backdoor Trojan.  Troj/Stinx-F may be stealthed on an infected system by exploiting Sony DRM (Digital Rights Management) software.56http://www.sophos.com/virusinfo/analyses/trojstinxf.html0
213%cmpmixtitle%0 11%cmpmixstr%1 00 48Possibly related to C-Media Mixer Control panel? 01
1 5Ctykd0 27%Malware path and filename%2 00 35Added by the TSPY_SMALL.SN spyware.96http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FSMALL%2ESN&VSect=Td0
1 7PAV.EXE0  8%Number%1 00 67Added by the  KITRO.D (or ARGEN.A) WORM! %Number% can be any number77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
214DumpFaultCheck0  8%system%1 00197Added by the W32/Scanbot-A worm and IRC backdoor.  Though this infection adds these entries, they have no effect on your computer other than open the %System% folder.  You can remove these entries.57http://www.sophos.com/virusinfo/analyses/w32scanbota.html0
129SystemWideHook for Windows NT0 14%WinHook32.exe1 00 28Added by the MYDOOM.AC WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ac@mm.html0
1 6alkasr0 41ÎäÒíÑ.exe1 00 28Added by the BALKART TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.balkart.html0
1 9(default)0 25¡¡NOTEPAD.EXE1 00 42Added by the Troj/Vaq-A Trojan downloader.54http://www.sophos.com/virusinfo/analyses/trojvaqa.html0
116Web Event Logger0 31<8 random characters>.dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79FEACFF-FFCE-815E-A900-316290B5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
1 7newname0 30<application executable>2 00 36Added by the Troj/Drsmartl-S Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartls.html0
1 7Proc1120 37<File name of the dropped file>2 00 31Added by the WORM_IXBOT.A worm.88http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FIXBOT%2EA&VSect=T0
111DllLoader320 20<filename>.exe1 00 43Added by the Troj/Bdoor-QD backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorqd.html0
111GlobalSCAPE0 20<filename>.exe1 00132Added by the W32/Rbot-AYM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaym.html0
1 9DTInstall0 21<filename.>.dll1 00 35Added by the Troj/Small-ALM Trojan.58http://www.sophos.com/virusinfo/analyses/trojsmallalm.html0
115Hutley-Spieluhr0 20<filename.exe>1 00 43Added by the Troj/Shpiel-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojshpiela.html0
1 6NAVNet0 26<Name of Executable>2 00 75Added by the Troj/Small-FR Trojan.  The filenames and locations are random.57http://www.sophos.com/virusinfo/analyses/trojsmallfr.html0
1 6winabc0 24<ORIGFILENAME>.DLL1 00 82Added by the Troj/Lineage-PN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagepn.html0
113Virus Cleaner0 32<original Trojan filename>2 00 33Added by the Troj/Delta-E Trojan.56http://www.sophos.com/virusinfo/analyses/trojdeltae.html0
1 9NTupdater0 37<path to a renamed Mirc client>2 00 44Added by the Troj/Digarix-D backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojdigarixd.html0
1 4Safe0 26<path to Trojan EXE>2 00 97Added by the Troj/Banker-DT password stealing Trojan aimed primarily at users of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdt.html0
111WheelsMouse0 22<path to Trojan>2 00 48Added by the Troj/SocksPr-D proxy server Trojan.58http://www.sophos.com/virusinfo/analyses/trojsocksprd.html0
1 8Win_BooT0 22<Path to Trojan>2 00 53Added by the Troj/Banker-GI password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankergi.html0
1 8WinShell0 20<path to worm>2 00 52Added by the W32/Fanbot-B mass-mailing and P2P worm.56http://www.sophos.com/virusinfo/analyses/w32fanbotb.html0
1 9Devicewin0 41<pathname of the Trojan executable>2 00 36Added by the Troj/Banker-AEV Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankeraev.html0
112kernel32.dll0 41<pathname of the Trojan executable>2 00 33Added by the Troj/Zlob-AP Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobap.html0
118Microsoft Redirect0 41<pathname of the Trojan executable>2 00 52Added by the Troj/Banker-FW Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerfw.html0
1 8msresear0 41<pathname of the Trojan executable>2 00 34Added by the Troj/Weasyw-B Trojan.57http://www.sophos.com/virusinfo/analyses/trojweasywb.html0
1 9Rapdyleys0 41<pathname of the Trojan executable>2 00 35Added by the Troj/QQPass-AD Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassad.html0
1 7MSPRO320 39<pathname of the worm executable>2 00 31Added by the W32/Hiberi-B worm.56http://www.sophos.com/virusinfo/analyses/w32hiberib.html0
113Winsocket log0 29<random characters>.exe2 00 50Added by the Troj/Sdbot-AKF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojsdbotakf.html0
112SysTray.Exys0 42<random filename with DLL extension>2 00 97Added by the Troj/Slogger-D Trojan.br /br /Uses CLSID: b{7368D5FC-6F5C-4f5b-B964-E67214F67852}/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerd.html0
1 6DER0050 23<random filename>2 00 43Added by the Troj/Hackvan-B Trojan rootkit.58http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 7Idoneus0 23<random filename>2 00 31Added by the MSIL.Idonut virus.72http://www.sarc.com/avcenter/venc/data/msil.idonut.html#technicaldetails0
118Msn Update SUPPORT0 23<random filename>2 00 48Added by the W32/Rbot-BPS worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbps.html0
114Service Screan0 23<random filename>2 00132Added by the W32/Rbot-BAC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbac.html0
1 8Telnet240 23<random filename>2 00133Added by the W32/Rbot-ARD worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotard.html0
113Win Prosess0r0 23<random filename>2 00 48Added by the W32/Rbot-BIT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbit.html0
1 6XRW0050 23<random filename>2 00  058http://www.sophos.com/virusinfo/analyses/trojhackvanb.html0
1 8DBGA0EEG0 27<random filename>.dll2 00119Added by the W32/Doxpar-D password-stealing network worm.br /br /Uses CLSID: b{6C7F7D05-2430-7FA8-28C5-2F9036BF28AF}/b.56http://www.sophos.com/virusinfo/analyses/w32doxpard.html0
1 7eTunnel0 27<random filename>.exe2 00 43Added by the Troj/Meteor-E backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojmeteore.html0
124Windows Firewall Monitor0 27<random filename>.exe2 00 40Added by the Troj/Proxy-AX proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxyax.html0
1 6wuauon0 27<random filename>.exe2 00 43Added by the Troj/Bdoor-MC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormc.html0
1 4st3i0 27<random filename.dll>2 00 33Added by the Troj/Hasum-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojhasuma.html0
1 6angnan0 27<random filename.exe>2 00 31Added by the W32/Bobax-DB worm.56http://www.sophos.com/virusinfo/analyses/w32bobaxdb.html0
122eMCryT Sh3ars Panagers0 27<random filename.exe>2 00132Added by the W32/Rbot-AWI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotawi.html0
128MICROSFT RAMA UPDATE SUPPORT0 27<random filename.exe>2 00132Added by the W32/Rbot-ASM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasm.html0
120Microsoft Anti-Virus0 27<Random Filename.exe>2 00 49Added by the W32/Kassbot-O worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32kassboto.html0
1 7Proc9920 27<random filename.exe>2 00 47Added by the W32/Ixbot-C worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbotc.html0
112Google Earth0 23<random name>.pif2 00132Added by the W32/Rbot-AXK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxk.html0
112SysTray.Exiv0 18<random>.dll1 00106Added by the Troj/Slogger-F backdoor Trojan.br /br /Uses CLSID: b(2963ECFC-4E5C-2f3b-B334-D67434FC72E0)/b.58http://www.sophos.com/virusinfo/analyses/trojsloggerf.html0
113System32Check0 18<random>.exe1 00 57Added by the Troj/Chast-A backdoor and keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojchasta.html0
1 6VSSTAT0 18<random>.exe1 00 47Added by the W32/Gobot-N worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32gobotn.html0
116Web Event Logger0 18<random>.exe1 00102Added by the Backdoor.Berbew.D backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.d.html#technicaldetails0
111nethost.exe0 26<randomfilename>.exe1 00 42Added by the Troj/Perda-J backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdaj.html0
126Windows Overlay Components0 26<randomfilename>.exe1 00 34Added by the Troj/Agent-JK Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentjk.html0
113Apoint System0 25<Trojan Executable>2 00 35Added by the Troj/Banker-WK Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerwk.html0
1 4cppc0 25<Trojan executable>2 00 80Added by the Troj/VB-NV Trojan.  This trojan pretends to be a Half-Life 2 crack.54http://www.sophos.com/virusinfo/analyses/trojvbnv.html0
1 8FindHack0 25<Trojan executable>2 00 34Added by the W32/Kelvir-BA Trojan.57http://www.sophos.com/virusinfo/analyses/w32kelvirba.html0
1 6HATAPE0 25<Trojan executable>2 00 35Added by the Troj/Banker-QF Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerqf.html0
1 8msapps320 25<Trojan executable>2 00 35Added by the Troj/Banker-IS Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeris.html0
113office_update0 25<Trojan executable>2 00 36Added by the Troj/Dloader-ZB Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderzb.html0
114PHIME2OO2ASyst0 25<Trojan executable>2 00120Added by the Troj/DBdoor-B backdoor Trojan.  This filename for this trojan can be change to one specified by the hacker.57http://www.sophos.com/virusinfo/analyses/trojdbdoorb.html0
112SmartTesting0 25<Trojan executable>2 00 45Added by the Troj/Ranck-DO http proxy trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdo.html0
1 7taskbar0 25<Trojan executable>2 00 42Added by the Troj/Perda-I backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdai.html0
1 7zzzsoft0 25<Trojan executable>2 00 34Added by the Troj/QQRob-AD Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqrobad.html0
1 9aaprotect0 23<Trojan Filename>2 00 36Added by the Troj/Bancban-MJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanmj.html0
1 4Tspy0 23<Trojan Filename>2 00 43Added by the Troj/TSpy-B keylogging Trojan.55http://www.sophos.com/virusinfo/analyses/trojtspyb.html0
1 7MSSever0 27<Trojan Filename.exe>2 00 50Added by the Troj/PWS-CW password-stealing Trojan.55http://www.sophos.com/virusinfo/analyses/trojpwscw.html0
1 7Myfault0 18<Trojan.exe>1 00 34Added by the Troj/Ranck-DJ Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckdj.html0
014CQSCP2P SERVER0 15<unknown>1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
0 8CQSCP2PS0 15<unknown>1 00  0 01
0 8V128IITV0 15<unknown>1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
228AccuWeather.com® Desktop0 15<unknown>1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0 15<unknown>1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0 15<unknown>1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0 15<unknown>1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0 15<unknown>1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0 15<unknown>1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0 15<unknown>1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0 15<unknown>1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0 15<unknown>1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0 15<unknown>1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0 15<unknown>1 00 26Related to an Iomega drive 01
2 5TGCMG0 15<unknown>1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0 15<unknown>1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0 15<unknown>1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
3 9EDRestore0 15<unknown>1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0 15<unknown>1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
323SMS Win9x Message Agent0 15<unknown>1 00 63This program assigns a user to a Systems Management Server site 01
111Bonzi Buddy0 15<unknown>1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0 15<unknown>1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
117Content connector0 29<various filenames.exe>2 00 34Added by the Troj/Dialer-Y dialer.57http://www.sophos.com/virusinfo/analyses/trojdialery.html0
125Microsoft Moniter Control0 21<worm filename>2 00 48Added by the W32/Rbot-BAX worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbax.html0
110[not used]0 27øb.Ýoç1 00138Added by the Backdoor.Beasty.D backdoor.  This backdoor listens on port 666.br /br /Uses CLSID: b{54AD0222-BB51-31EF-BBFA-06AA12E6115C}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.beasty.d.html0
114vbs.ipnuker@mm0 29(original worm file name).vbs2 00 23Added by the  VBS.Nukip70http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7windowz0 29(original worm file name).vbs2 00  070http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html0
1 7bcnswsx0 14(path to file)2 00 47Added as result of a  Ranck-AJ trojan infection57http://www.sophos.com/virusinfo/analyses/trojranckaj.html0
1 4ibin0 35(Pathname of the Trojan executable)2 00 26Added by the  Troj/Perda-C56http://www.sophos.com/virusinfo/analyses/trojperdac.html0
118virus removal tool0 35(pathname of the Trojan executable)2 00 27Added by the  Troj/Tometa-B57http://www.sophos.com/virusinfo/analyses/trojtometab.html0
1 5clock0 20(various file names)2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
1 9romahere20 34************.exe [* = random char]2 00 55SuperSpider hijacker - a CoolWebSearch parasite variant44http://doxdesk.com/parasite/SuperSpider.html0
1 9romahere30 34************.exe [* = random char]2 00  044http://doxdesk.com/parasite/SuperSpider.html0
115Control handler0 33***********.exe [* = random char]2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122Network Security Guard0 32**********.exe [* = random char]2 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
125WindowsRegKey upd4te2d4te0 31*********.exe [* = random char]2 00 26Added by the RBOT.XQ WORM!87http://it.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.XQ0
1 4sr640 13********. exe2 00 27Adware, as yet unidentified 01
1 8rate.exe0 30********.exe [* = random char]2 00 19Unidentified adware 01
116ms window update0 33******.exe (* = random character)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
121Cryptographic Service0 28******.exe [* = random char]2 00 50Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
1 8Narrator0 28******.exe [* = random char]2 00 30Transponder/VX2 related adware 01
1 3web0 28******.exe [* = random char]2 00 41Added by a variant of the EASTO.A TROJAN!78http://www.pestpatrol.com/pestinfo/w/win32_trojandownloader_easto_a_trojan.asp0
111pnpsvc_lock0 29******.exe [* = random digit]2 00 16Browser hijacker 01
1150utlook express0 33*****.exe (where * = random char)2 00 31Added by the  W32/RBOT-CC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcc.html0
122outlook express config0 33*****.exe (where * = random char)2 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113cyberfree.exe0 26****.dat [* = random char]2 00 19Unidentified adware 01
127Microsofts Security Manager0 29****.exe [**** = random char]2 00 28Added by the RBOT-WH TROJAN!55http://www.sophos.com/virusinfo/analyses/w32rbotwh.html0
118microsoft software0 31****.exe E255 [* = random char]2 00 40Added by an unidentified WORM or TROJAN! 01
118Win32SystemMonitor0 25***.exe [* = random char]2 00 16Browser hijacker 01
1 7Nero.ma0 29***.exe [*** = 2 to 3 digits]2 00 28Added by the JONBARR.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.jonbarr.d@mm.html0
224Description of Shortcuts0  5*.exe1 00227* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) 01
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
111App.EXEName0  4.exe1 00 25Added by the BODIRU WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.bodiru.html0
1 5ccapp0  4.EXE1 00 31Added by the  W32/RBOT-LJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
111Gray_Pigeon0  4.exe1 00111Added by the Troj/GrayBrd-EH backdoor Trojan.  This infection also creates the file c:\windows\temp\8e4ds4.dll.59http://www.sophos.com/virusinfo/analyses/trojgraybrdeh.html0
1 9supernova0  4.exe1 00 91Added as a result of the SURNOVA (or SUPOVA) VIRUS! <filename>.exe is the chosen name78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
118Default_Search_URL0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
111Search Page0 19//find.naupoint.com1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Start Page0 19//find.naupoint.com1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
116Default_Page_URL0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
115First Home Page0 23//find.naupoint.com</a>1 00 25Naupoint browser hijacker61http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
110Local Page0 23//find.naupoint.com</a>1 00  061http://www.spynet.com/spyware/spyware-NauPoint-Installer.aspx0
011com servoce0  2/a1 00  0 01
211com servoce0  2/a1 00  044http://www.esafe.com/esafe/default.asp?cf=tl0
110search.vbs0  2/a1 00  8Hijacker 01
4 6vs.vsn0  2/a1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
1 8WinTools0  5/boot115HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
324EPSON Stylus Photo RX5000 22/M Stylus Photo RX500"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
114WinMsgServices0  5?.exe1 00169Added by the  Troj/Kelebek-G.  This file is added to the Windows system folder.  The name of the filename is the ASCII character 255 which corresponds to an empty space.58http://www.sophos.com/virusinfo/analyses/trojkelebekg.html0
013Coupon Offers0  2??1 00  2?? 01
0 6Devlog0  2??1 00  2?? 01
0 6Dosbat0  2??1 00  0 01
0 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
0 5Vinny0  2??1 00  2?? 01
010Web Search0  2??1 00  0 01
011WRECK GUARD0  2??1 00  2?? 01
224AccuWeather.com® Desktop0  2??1 00 36Desktop weather from AccuWeather.com71http://wwwa.accuweather.com/adcbin/public/index.asp?partner=accuweather0
2 7AIMster0  2??1 00119Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start - Programs 01
223Compaq Video CD Watcher0  2??1 00 28For Compaq PC's. MPEG viewer 01
215HP Info Express0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
210HP Updates0  2??1 00120On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb 01
2 5Imesh0  2??1 00 30Imesh is a file sharing system20http://www.imesh.com0
217Imesh Auto Update0  2??1 00 83Update check for the Imesh file sharing system. Turn the update off under "options"20http://www.imesh.com0
225Introduction-Registration0  2??1 00 82For Compaq PC's. Should only run first time, PC Introduction & Compaq registration 01
215LS120 Superdisk0  2??1 00 77Supposed to accelerate transfer rate on LS-120, contributes to system lockups 01
215McAfee Winguage0  2??1 00243Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start - Programs 01
2 8Operator0  2??1 00 49Media Pilot operator, in Win.ini. Locks port open 01
2 7Startup0  2??1 00 26Related to an Iomega drive 01
2 5TGCMG0  2??1 00 91Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work 01
230Usrobotics Online Registration0  2??1 00 75Pop-up reminding customers to register their products online at US Robotics 01
212Windows Eyes0  2??1 00207For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start - Programs 01
311AAAKeyboard0  2??1 00  0 01
3 7Avxnews0  2??1 00  2?? 01
314CQSCP2P SERVER0  2??1 00154Compaq printer utility which is required in the startup menu in order to make the printer work correctly. Personally I doubt whether it is actually needed 01
3 6Devlog0  2??1 00  2?? 01
3 6Dosbat0  2??1 00  0 01
3 9EDRestore0  2??1 00110Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"42http://www.easydesksoftware.com/spoint.htm0
312HP RecordNow0  2??1 00114From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." 01
3 7mfgboot0  2??1 00  2?? 01
3 6Qdsafe0  2??1 00  2?? 01
3 8ScanFile0  2??1 00  0 01
323SMS Win9x Message Agent0  2??1 00 63This program assigns a user to a Systems Management Server site 01
3 8V128IITV0  2??1 00 94Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? 01
3 5Vinny0  2??1 00  2?? 01
310Web Search0  2??1 00  0 01
311WRECK GUARD0  2??1 00  2?? 01
111Bonzi Buddy0  2??1 00 69Spyware - read here for information and here for removal instructions57http://www.safersite.com/pestinfo/B/BonziBuddy_Adware.asp0
414FoolProofSweep0  2??1 00 63Part of FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
113[random name]0 12??anregw.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??chost.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
2 5Vgwxi0 12??erinit.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 12??erinit.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??ool32.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11??oolsv.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 3Fek0 11??oolsv.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0  9??rss.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??rvices.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 12??xplore.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 7Seibctd0 12??xplore.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0 11?hkntfs.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
114?ekio Startups0 12?nksvc32.exe1 00167Added by the W32/Agobot-OV WORM/IRC backdoor. ? is a random character. It will kill processes, record keystrokes, allowing unauthorised access to enable other actions.57http://www.sophos.com/virusinfo/analyses/w32agobotov.html0
113[random name]0 10?ttrib.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116@liberamovilespt0 16@liberamovilespt1 00 46Added by the Dialer.UDIS premium adult dialer.72http://securityresponse.symantec.com/avcenter/venc/data/dialer.udis.html0
1 8@tour_ww0 15@tour_ww[1].exe1 00 21Adult content dialler 01
131Windows System Security Monitor0 22[4 random letters].exe2 00 32Added by the W32.Pinkton.A worm.74http://www.sarc.com/avcenter/venc/data/w32.pinkton.a.html#technicaldetails0
1 4Nvid0 22[8 random charachters]2 00 19Unidentified adware 01
116Web Event Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.B backdoor.br /br /Uses CLSID: b{79FB9088-19CE-715E-D900-216290C5B738}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.b.html#technicaldetails0
115WebEvent Logger0 25[8 random characters].dll2 00102Added by the Backdoor.Berbew.F backdoor.br /br /Uses CLSID: b{79ECA078-17FF-726B-E811-213280E5C831}/b.78http://www.sarc.com/avcenter/venc/data/backdoor.berbew.f.html#technicaldetails0
123anti-virus product sync0 47[AN UNPRINTABLE CHARACTER][3 CHARACTERS]log.exe2 00 32Added by the  W32.Kedebe.D(AT)mm76http://securityresponse.symantec.com/avcenter/venc/data/w32.kedebe.d@mm.html0
137Remote Procedure Call (RPC) Activator0 19[Currently unknown]2 00 43Added by the Troj/Fiserv-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfiserva.html0
1 7NSystem0 17[downloaded file]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7hxadsec0 17[executable name]2 00 36Added by the Troj/AdClick-AP trojan.59http://www.sophos.com/virusinfo/analyses/trojadclickap.html0
1 6fsdsft0 11[file name]2 00 40Added by the Backdoor.Ranky.S  Backdoor!77http://www.sarc.com/avcenter/venc/data/backdoor.ranky.s.html#technicaldetails0
113winupdatefiv_0 11[file name]2 00 37Added by the W32/Combra-C email worm.56http://www.sophos.com/virusinfo/analyses/w32combrac.html0
1 6SYDNEY0 11[file path]2 00 24Added by the SYNEY WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.syney@mm.html0
1 7Systray0 14[filename.exe]1 00 19Winfavorites adware80http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
1 7;Rundll0 10[filename]1 00 32Added by the PWSLEGMIR.E TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PWSLEGMIR.E0
113Configuration0 10[filename]1 00 27Added by the SDBOT-ML WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotml.html0
114JavaUpdate0.070 10[filename]1 00 28Added by the JUPDATE TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html0
115LoadWindowsFile0 10[filename]1 00 65Added by the DELF.B TROJAN! where [filename] is the infected file76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.b.html0
115Locator Service0 10[filename]1 00 30Added by the AGOBOT-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/w32agobotky.html0
117LowVersionSupport0 10[filename]1 00 28Added by the LASTRAS TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastras.html0
1 6Mantis0 10[filename]1 00 27Added by the MANTIBE VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.mantibe.html0
112MatrixScreen0 10[filename]1 00 33Added by the MATRIXSCREEN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.matrixscreen.html0
129Microsoft Java Windows Update0 10[filename]1 00 26Added by the RBOT-DZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdz.html0
1 5Myapp0 10[filename]1 00 26Added by the FATEE.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fatee.b.html0
1 7NavScan0 10[filename]1 00 27Added by the OBSORB TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 3OLE0 10[filename]1 00 39Added by the STAWIN or TARNO.D TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stawin.html0
1 5putil0 10[filename]1 00 28Added by the LDPINCH TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.html0
1 7Scanreg0 10[filename]1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
1 6User320 10[filename]1 00 29Added by the NETTRASH TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nettrash.html0
110UserSystem0 10[filename]1 00 49CoolWebSearch SmartSearch variant - also see here53http://www.spywareinfo.com/~merijn/cwschronicles.html0
111VideoDriver0 10[filename]1 00 30Added by the GSPOT20.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A0
114Windows Update0 10[filename]1 00 82Added by the  NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites73http://securityresponse.symantec.com/avcenter/venc/data/trojan.norio.html0
1 9GustavVED0 14[filename].exe1 00 28Added by the OPASERV.H WORM!66http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
1 3hen0 14[filename].exe1 00 28Added by the TARNO.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.g.html0
112Service Host0 14[filename].exe1 00 27Added by the TORVEL.B WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel.b@mm.html0
113System Update0 14[filename].exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
116Windows Explorer0 14[filename].exe1 00144Added by the SDBOT TROJAN! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 5cAgOu0 14[filename].hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
1 6ZaCker0 14[filename].PIF1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
1 8AddClass0 19[Installation_Path]1 00 32Added by the STARTPAGE.F TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.f.html0
1 8Internal0 18[month number]</a>2 00 32Added by the FORTNIGHT.D TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.d.html0
1 9enbrowser0 14[name of file]2 00 22WINBO adware component60http://www.symantec.com/avcenter/venc/data/adware.winbo.html0
1 2c70 14[name of worm]2 00 35Added by the  W32.MEDIAKILL.A WORM!66http://www.symantec.com/avcenter/venc/data/w32.mediakill.a@mm.html0
1 6Update0 20[original file path]2 00 26Added by the LYNDEGG WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lyndegg.html0
1 7TSystem0 19[original filename]2 00 43Added by the Troj/Nsys-A trojan downloader.55http://www.sophos.com/virusinfo/analyses/trojnsysa.html0
1 7File0_00 16[path of Trojan]2 00 47Added by the Troj/Dloader-OR trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
137Anti-Virus Update Scheduler V1.39.12R0 14[path to .exe]2 00 12Added by the27Troj/Fireby-A proxy TROJAN!0
1 7Caesvrn0 14[path to .exe]2 00142Added by the Troj/Ranck-CQ.  This infection sits on a randomly selected TCP port between 1025 and 9997, awaiting contact by a remote attacker.57http://www.sophos.com/virusinfo/analyses/trojranckcq.html0
1 5ccApp0 14[path to .exe]2 00 50Added by the W32/Rbot-LJ WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotlj.html0
112Client Agent0 14[path to .exe]2 00 12Added by the110Troj/PPdoo0
113DllExecutable0 14[path to .exe]2 00 12Added by the15W32/VB-SP WORM!0
1 9fasdqwdwq0 14[path to .exe]2 00 12Added by the101Troj/Ranc0
1 5imgit0 14[path to .exe]2 00 36Added by the  Troj/Banker-CG TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankercg.html0
1 8loader320 14[path to .exe]2 00 42Added by Troj/Domcom-D downloading TROJAN.57http://www.sophos.com/virusinfo/analyses/trojdomcomd.html0
1 9msproject0 14[path to .exe]2 00 12Added by the21Troj/Sdbot-TF TROJAN!0
110OpenMstart0 14[path to .exe]2 00 34Added by the Dial/Switch-E DIALER.57http://www.sophos.com/virusinfo/analyses/dialswitche.html0
1 8PornoTop0 14[path to .exe]2 00  8Added by60Troj/Delf-RX, and will be found in the Program Files folder.0
119Srv32 spool service0 14[path to .exe]2 00  8Added by16Troj/Dloader-LB.0
118SunJavaUpdateSched0 14[path to .exe]2 00 36Added by the  Troj/Banker-AU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerau.html0
1 4GDAX0 18[path to backdoor]2 00 28Added by the RANKY.K TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.k.html0
114winupdateconn_0 13[path to exe]2 00 31Added by the W32/Combra-A WORM.56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
111WinUpgrader0 13[path to EXE]2 00 20Added by the trojan.57http://www.sophos.com/virusinfo/analyses/trojagentdz.html0
2 7Printer0 14[path to file]2 00 29Added by the LOWTAPER TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lowtaper.html0
1 9_Hazafibb0 14[path to file]2 00 25Added by the ZAFI.B WORM!86http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=PE_ZAFI.B0
1132thousandbuck0 14[path to file]2 00 28Added by the RANKY.L TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.l.html0
1 8Band-Aid0 14[path to file]2 00 28Added by the RANKY.O TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.o.html0
110dm_service0 14[path to file]2 00 34Added by the  MITGLIEDER.P TROJAN!67http://www.symantec.com/avcenter/venc/data/trojan.mitglieder.p.html0
1 7DSAcass0 14[path to file]2 00 28Added by the RANKY.M TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.m.html0
113Login Service0 14[path to file]2 00 27Added by the MIGMAF TROJAN!52https://www.europe.f-secure.com/v-descs/migmaf.shtml0
1 6MsgApi0 14[path to file]2 00 29Added by the DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
1 7MSSGisg0 14[path to file]2 00 28Added by the RANKY.N TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.n.html0
1 7REEGRUN0 14[path to file]2 00 30Added by the SECDROP.AI TROJAN79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SECDROP.AI0
112ShellCommand0 14[path to file]2 00 29Added by the REMCON-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojremcona.html0
1 6sysser0 14[path to file]2 00 25Added by the RAHACK WORM!58http://www.symantec.com/avcenter/venc/data/w32.rahack.html0
1 7Taskmgo0 14[path to file]2 00 30Added by the BANCBAN-T TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancbant.html0
1 9tjstartup0 14[path to file]2 00 29Added by the TJSERV.C TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.tjserv.c.html0
123Windows Taskbar Manager0 14[path to file]2 00 30Added by the PROTORIDE.B WORM!63http://www.symantec.com/avcenter/venc/data/w32.protoride.b.html0
110winupdate_0 14[path to file]2 00 32Added by the  W32.COMDOR.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.comdor.a@mm.html0
113winupdateconn0 14[path to file]2 00 32Added by the  W32/COMBRA-A WORM!56http://www.sophos.com/virusinfo/analyses/w32combraa.html0
1 9WinXP fix0 14[path to file]2 00 28Added by the RANKY.P TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.ranky.p.html0
1 5lsass0 19[path to lsass.exe]2 00127Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
1 7ansjava0 26[path to mirc application]2 00 50Added by the W32/Randon-AN worm and IRC backdoor..57http://www.sophos.com/virusinfo/analyses/w32randonan.html0
1 4smss0 18[path to smss.exe]2 00126Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.f.html0
3 5PPSVC0 26[path to Spyware.PCPolice]2 00116Added by the PC Police surveillance program. This program should be uninstalled if it was not installed by yourself.60http://www.sarc.com/avcenter/venc/data/spyware.pcpolice.html0
136357aa41a-b7a8-4632-a27d-5b980b25cf430 21[path to svchost.exe]2 00 30Added by the  SMALL-AQ TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallaq.html0
111winlogon32_0 18[PATH TO THE WORM]2 00 36Added by the W32.Mailbancos@mm worm.78http://www.sarc.com/avcenter/venc/data/w32.mailbancos@mm.html#technicaldetails0
1 45p4m0 16[path to Trojan]2 00 35Added by the Troj/Litebot-C Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotc.html0
117Connectivity Tool0 16[path to trojan]2 00 48Added by the Troj/Litebot-E IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebote.html0
1 5CTime0 16[path to trojan]2 00 28Added by the HTTPDOS TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.httpdos.html0
113Floppy Master0 16[path to trojan]2 00 31C:\WINDOWS\helloworld.exebr //b 01
1 6Irwftp0 16[path to trojan]2 00 30Added by the BANCOS.CR TROJAN!108http://uk0
1 7mdetect0 16[path to trojan]2 00 27Added by the SPABOT TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.spabot.html0
1 5msbsc0 16[path to trojan]2 00 72Added by the Troj/Banker-DF password-stealing trojan of Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdf.html0
1 9Mspatch690 16[path to trojan]2 00 26Added by the MPROX TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mprox.html0
1 5mssvc0 16[path to trojan]2 00 24Added by the PSK TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.psk.html0
123Network Host Controller0 16[path to trojan]2 00 28Added by the WHISPER TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.whisper.html0
110NTP Server0 16[path to trojan]2 00 28Added by the RANKY.F TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.f.html0
1 5rngmf0 16[path to trojan]2 00 28Added by the RANKY.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.c.html0
1 8Services0 16[path to trojan]2 00 33Added by the  METEORSHELL TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.meteorshell.html0
1 5Spool0 16[path to trojan]2 00 28Added by the RANKY.R TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html0
1 7svchost0 16[path to trojan]2 00126Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html0
1 9ValidData0 16[path to trojan]2 00 28Added by the RANKY.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.h.html0
1 7windows0 16[path to trojan]2 00 27Added by the AIMWIN TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aimwin.html0
111Windows NNT0 16[path to trojan]2 00 28Added by the RANKY.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.e.html0
112WindowsSetup0 16[path to trojan]2 00 26Added by the EZBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ezbot.html0
111WindUpdates0 16[path to trojan]2 00 29Added by the AGENT.BF TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.BF0
1 6WINSYS0 16[path to trojan]2 00 29Added by the GOLDPLAY TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.goldpay.html0
1 6winzip0 16[path to trojan]2 00 42Added by the BANCOS.G or BANCOS.K TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.g.html0
1 4x3yy0 16[path to trojan]2 00 28Added by the TANNICK TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.tannick.html0
1 8yyyyyyyy0 16[path to trojan]2 00 30Added by the MUMUBOY.B TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/trojan.mumuboy.b.html0
1 5Zen.A0 16[path to trojan]2 00 29Added by the ZOOMEN-A TROJAN!57http://www.sophos.com/virusinfo/analyses/perlzoomena.html0
130[Ephemeral 2.x] by TreeHugger,0 14[path to worm]2 00 55Added by the LEMOOR.A WORM! where "x" represents 3 or 473http://securityresponse.symantec.com/avcenter/venc/data/w32.lemoor.a.html0
113ACCDEFRAGINFO0 14[path to worm]2 00 26Added by the DARBY-O WORM!55http://www.sophos.com/virusinfo/analyses/w32darbyo.html0
1 3AHU0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 7Cekirge0 14[path to worm]2 00 27Added by the KERGEZ.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.kergez.a@mm.html0
119DLL Service Manager0 14[path to worm]2 00 29Added by the RPCBOT.F TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.rpcbot.f.html0
1 8Explorer0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
110ICQ Center0 14[path to worm]2 00 25Added by the RANDIN WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
117InterceptedSystem0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
1 6Msgmgr0 14[path to worm]2 00 27Added by the BABYBEAR WORM!63http://www.symantec.com/avcenter/venc/data/w32.babybear@mm.html0
115NAV Live Update0 14[path to worm]2 00102Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec66http://www.symantec.com/avcenter/venc/data/w32.hllw.deborms.c.html0
1 6Nocana0 14[path to worm]2 00 27Added by the ANACON-B WORM!56http://www.sophos.com/virusinfo/analyses/w32anaconb.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
111RPC Patcher0 14[path to worm]2 00 24Added by the BOLGI WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html0
1 8rundll320 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 8rundll640 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
115svcwinprocess320 14[path to worm]2 00 26Added by the UPERING WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.upering.worm.html0
1 6Systry0 14[path to worm]2 00 24Added by the AUTEX WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 7Systryt0 14[path to worm]2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.worm.html0
1 9WinKernel0 14[path to worm]2 00105Added by the a href"http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.htmlPLEA VIRUS!82http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.plea.html<a href=0
111Winres32vis0 14[path to worm]2 00 26Added by the THRAX.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_THRAX.A0
112ControlPanel0 50[path] cmd32.exe internat.dll, LoadKeyboardProfile2 00 21Awmcash.biz foistware 01
113print sharing0 39[path] hidden32.exe [path] explorer.exe2 00 89Added by the ZCREW.B TROJAN! Note - this is not the valid Windows Explorer (explorer.exe)81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.b.html0
254[System Mechanic Professional Update [Incinerator.dll]0 26[path] Incinerator.dll</a>2 00124System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again41http://www.iolo.com/sm/4pro/tutorials.cfm0
3 9BelNotify0 39[path] NPBelv32.dll, RunDll32_BelNotify2 00320BelTech enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service34http://www.belarc.com/BelTech.html0
114DATABASE MySql0 35[path] repcale.exe [path] beird.exe2 00 41Added by a variant of the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
116NBT System alias0 35[path] repcale.exe [path] beird.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
119System Restore Data0 35[path] repcale.exe [path] beird.exe2 00 28Added by the RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
1 9boarddata0 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
113element furth0 35[path] repcale.exe [path] palsp.exe2 00  091http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112installs sp20 35[path] repcale.exe [path] palsp.exe2 00 42Added by a variant of the  RANDON.AN WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RANDON.AN0
112PrinterSpool0 35[path] RESTORE.EXE [path] SPOOL.EXE2 00 30Added by the ALADINZ.K TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html0
110Protection0 40[path] runtask.exe [path] protection.exe2 00 44Added by a variant of the AGENT.3.AU TROJAN! 01
1 7svchost0 16[path] SETUP.EXE2 00 25Added by the SETCLO WORM!71http://securityresponse.symantec.com/avcenter/venc/data/w32.setclo.html0
1 7MEDIA320 28[pathname of the executable]2 00 35Added by the Troj/PurScan-Z trojan.58http://www.sophos.com/virusinfo/analyses/trojpurscanz.html0
112Root_Machine0 35[pathname of the Trojan executable]2 00 87Added by the Troj/Bancban-DP password-stealing trojan for customers of Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbandp.html0
1 7spoolax0 35[pathname of the Trojan executable]2 00 33Added by the Troj/Perda-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdad.html0
1 6stdlib0 35[pathname of the Trojan executable]2 00 51Added by the Troj/Perda-E password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdae.html0
124Windows Standard Securty0 26[random 3 letter filename]2 00 31Added by the W32/Rbot-ALF worm.56http://www.sophos.com/virusinfo/analyses/w32rbotalf.html0
1 6KavSvc0 24[random 6 char filename]2 00 81Qoologic downloader trojan variant using random file names (examples: nzkklz.exe) 01
121Startup Configuration0 26[random 6 letter filename]2 00145Added by the W32/Rbot-ARV worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotarv.html0
112SysTray.Excn0 24[random 8 character dll)2 00 97Added by the Troj/Cozdoor-C Trojan.br /br /Uses CLSID: b{1722ECFF-4356-4f5b-B534-E67294FE75E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoorc.html0
112SysTray.Exsh0 24[random 8 character dll]2 00105Added by the Troj/Cozdoor-D bacdoor Trojan.br /br /Uses CLSID: b{1768ECFC-4F5C-4f5b-B134-D67294FC78E9}/b.58http://www.sophos.com/virusinfo/analyses/trojcozdoord.html0
1 6Legacy0 19[RANDOM CHARACTERS]2 00 46Added by the Backdoor.Eparssa backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.eparssa.html#technicaldetails0
1 9WinNetDDE0 23[random characters].exe2 00 24_blankNETDEPIX.B TROJAN! 01
114Internet Agent0 14[random CLSID]2 00 12Added by the116Troj/PPdoo0
1 9*ms setup0 18[random file name]2 00 52Virtumondo adware,  also known as the  VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
113agent browser0 18[random file name]2 00 42Added by the PPdoor.M-bdr backdoor TROJAN! 01
128microsoft security gmanagers0 18[random file name]2 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
127microsoft security panagers0 18[random file name]2 00  043http://vil.nai.com/vil/content/v_100454.htm0
115voltage manager0 18[random file name]2 00 32Added by the  W32.DREFFORT WORM!60http://www.symantec.com/avcenter/venc/data/w32.dreffort.html0
1 9NetDDEipx0 22[Random file name].exe2 00 36Added by the Trojan.Netdepix Trojan.93http://securityresponse.symantec.com/avcenter/venc/data/trojan.netdepix.html#technicaldetails0
113AOL Messenger0 17[random filename]2 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7ara-key0 17[random filename]2 00 26Added by the ANTINNY WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.antinny.html0
120Avril Lavigne - Muse0 17[random filename]2 00 26Added by the AVRIL-A WORM!55http://www.sophos.com/virusinfo/analyses/w32avrila.html0
1 9bbdjmrxcX0 17[random filename]2 00135Added by the Troj/Ranck-AX proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckax.html0
111bdffefqes320 17[random filename]2 00134Added by the Troj/Ranck-Z proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckz.html0
1 7Bmsnwss0 17[random filename]2 00135Added by the Troj/Ranck-BK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbk.html0
1 5Bnexe0 17[random filename]2 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 5ccApp0 17[random filename]2 00 91Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus74http://securityresponse.symantec.com/avcenter/venc/data/trojan.obsorb.html0
1 7ctfmonn0 17[random filename]2 00134Added by the Troj/Ranck-O proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancko.html0
1 7Danton*0 17[random filename]2 00 51Added by the DANTON TROJAN! where * = random number76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.danton.html0
1 7dfasack0 17[random filename]2 00135Added by the Troj/Ranck-BE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbe.html0
1 4down0 17[random filename]2 00 52OADER.BG" target=_blankDLOADER.BG trojan downloader! 01
118educational writer0 17[random filename]2 00 26Added by the RBOT-LZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlz.html0
1 7ffeqOME0 17[random filename]2 00135Added by the Troj/Ranck-AR proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckar.html0
1 6fqxsbk0 17[random filename]2 00135Added by the Troj/Ranck-BS proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbs.html0
116halloween stream0 17[random filename]2 00135Added by the Troj/Ranck-AY proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckay.html0
110hpsysconf10 17[random filename]2 00 41Added by a variant of the VIVIA.A TROJAN!106http://de0
118ICQ Lite Messenger0 17[random filename]2 00231Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory 01
115IO System Debug0 17[random filename]2 00 21Added by Backdoor.Bla63http://www.sarc.com/avcenter/venc/data/backdoor.bla.trojan.html0
121ist service uninstall0 17[random filename]2 00 23ISTBar parasite related53http://sarc.com/avcenter/venc/data/adware.istbar.html0
1 7JVM0.120 17[random filename]2 00119Trojan downloaded with possible backdoor functionality.  Found in the Windows system directory with a random file name. 01
1 9kern64dll0 17[random filename]2 00 28Added by the TARNO.J TROJAN!63http://www.symantec.com/avcenter/venc/data/pwsteal.tarno.j.html0
121LoadOrderVerification0 17[random filename]2 00 27Added by the TRON.A TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TRON.A0
1 9MicroLoad0 17[random filename]2 00 24Added by the DARBY WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.darby.html0
121Microsoft Corporation0 17[random filename]2 00 42Added by various VIRUSES, WORMS & TROJANS! 01
120Microsoft Diagnostic0 17[random filename]2 00 27Added by the ACEBOT TROJAN!47http://www3.ca.com/virusinfo/Virus.asp?ID=115320
119Microsoft IT Update0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Microsoft Locals 3320 17[random filename]2 00 26Added by the RBOT-KU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotku.html0
112Microsoft LV0 17[random filename]2 00 35Added by the Troj/Bdoor-BDL trojan.58http://www.sophos.com/virusinfo/analyses/trojbdoorbdl.html0
126Microsoft Security Manager0 17[random filename]2 00108Added by the W32/Rbot-TU worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbottu.html0
114Microsoft Tray0 17[random filename]2 00 28Added by the DELF.BZ TROJAN!43http://www.vsantivirus.com/back-delf-bz.htm0
123Microsoft Update Loader0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft Update Machine0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
135Microsoft UpToDate Driver (32-bits)0 17[random filename]2 00254Added by the W32/Rbot-ZV worm.  When this infection starts it connects to an IRC server where it waits for remote commands to execute.  It also installs a file call c:\a.bat which is used to stop certain antivirus, antispyware, and firewall applications.55http://www.sophos.com/virusinfo/analyses/w32rbotzv.html0
1 9Microsong0 17[random filename]2 00134Added by the Troj/Ranck-A proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.59http://www.sophos.com/virusinfo/analyses/trojranckbota.html0
112Monitor Test0 17[random filename]2 00134Added by the W32/Sdbot-NC worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnc.html0
1 7MS-HTML0 17[random filename]2 00 31Added by the LATINUS.15 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LATINUS.150
1 8MSKCES320 17[random filename]2 00 27Added by the CLONER TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html0
1 7msmsgss0 17[random filename]2 00134Added by the Troj/Ranck-S proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojrancks.html0
1 8Msn Home0 17[random filename]2 00134Added by the Troj/Ranck-W proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckw.html0
1 6mswspl0 17[random filename]2 00 29Added by the SMALL.IQ TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.IQ0
1 9nssysconf0 17[random filename]2 00 28Added by the VIVIA.A TROJAN!106http://de0
1 8nsysconf0 17[random filename]2 00 36Added by the Adware.ZioCom.C adware.59http://www.sarc.com/avcenter/venc/data/adware.ziocom.c.html0
1 6NTServ0 17[random filename]2 00134Added by the Troj/Ranck-P proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckp.html0
114NVidia Drivers0 17[random filename]2 00134Added by the Troj/Ranck-R proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckr.html0
1 6PlanCx0 17[random filename]2 00135Added by the Troj/Ranck-CE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckce.html0
1 5qbotd0 17[random filename]2 00 27Added by the BOTTEN TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html0
1 8qffecdas0 17[random filename]2 00135Added by the Troj/Ranck-BF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbf.html0
113RealVNC Setup0 17[random filename]2 00134Added by the Troj/Ranck-V proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckv.html0
113RSPC Driver D0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Sav320 17[random filename]2 00 56Added by the W32/Famus-G WORM! File found in c:\recycled55http://www.sophos.com/virusinfo/analyses/w32famusg.html0
123support-reverse-smileys0 17[random filename]2 00 35Added by the Troj/Litebot-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebotd.html0
110svchosts320 17[random filename]2 00134Added by the Troj/Ranck-L proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckl.html0
1 7sws.exe0 17[random filename]2 00 33Haldex type adult content dialler74http://securityresponse.symantec.com/avcenter/venc/data/dialer.haldex.html0
117Symantec Autoscan0 17[random filename]2 00133Added by the  W32/Rbot-AJO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotajo.html0
1 7SysData0 17[random filename]2 00135Added by the Troj/Ranck-BA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckba.html0
118System CPL manager0 17[random filename]2 00108Added by the W32/Rbot-SR worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsr.html0
113System Update0 17[random filename]2 00 38Added by the KORGO.W or KORGO.X WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.w.html0
111System-Tray0 17[random filename]2 00 29Added by Backdoor.BladeRunner64http://www.sarc.com/avcenter/venc/data/backdoor.bladerunner.html0
1 7TaskReg0 17[random filename]2 00 24Added by the CBLAD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CBLAD.A0
1 8tkaskqjw0 17[random filename]2 00135Added by the Troj/Ranck-CA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckca.html0
1 5Trayz0 17[random filename]2 00105Added by the Troj/Bdoor-JG backdoor Trojan.br /br /Uses CLSID: b(F5B7D0BE-5f02-4211-96DB-386DFA244900)/b.57http://www.sophos.com/virusinfo/analyses/trojbdoorjg.html0
1 6UpdSys0 17[random filename]2 00 23Added by the BJ TROJAN!53http://hq.mcafeeasap.com/dispVirus.asp?virus_k=1000570
1 8vadeinst0 17[random filename]2 00135Added by the Troj/Ranck-CF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckcf.html0
111VCbvnczsxcX0 17[random filename]2 00135Added by the Troj/Ranck-AK proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckak.html0
1 9vcxcxvxcX0 17[random filename]2 00135Added by the Troj/Ranck-AQ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaq.html0
114vDGDGvvsa dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AV proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckav.html0
122vDSAGGQEvbA ASDAS dqdw0 17[random filename]2 00135Added by the Troj/Ranck-AT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckat.html0
113Video Process0 17[random filename]2 00 26Added by the RBOT-LM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlm.html0
110vxcxcvfck.0 17[random filename]2 00135Added by the Troj/Ranck-AZ proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaz.html0
1 9vXCXssdss0 17[random filename]2 00135Added by the Troj/Ranck-BO proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbo.html0
1 7Wdqvsst0 17[random filename]2 00135Added by the Troj/Ranck-BT proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckbt.html0
111Web Service0 17[random filename]2 00 40Added by the Trojan.Admincash infection!60http://www.sarc.com/avcenter/venc/data/trojan.admincash.html0
111Win32system0 17[random filename]2 00 24Added by the DDV.B WORM!70http://securityresponse.symantec.com/avcenter/venc/data/vbs.ddv.b.html0
117Windows Compliant0 17[random filename]2 00 26Added by the RBOT-IR WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotir.html0
116Windows ExpIorer0 17[random filename]2 00132Added by the W32/Rbot-AKO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotako.html0
120Windows Media Player0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
127Windows Media Player Update0 17[random filename]2 00 26Added by the RBOT-ET WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotet.html0
121Windows Media SP.2.370 17[random filename]2 00 28Added by the LEMIR.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.c.html0
110Windows NT0 17[random filename]2 00134Added by the Troj/Ranck-M proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckm.html0
124Windows Security Service0 17[random filename]2 00132Added by the W32/Rbot-ALV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalv.html0
120Windows Socketheader0 17[random filename]2 00 47Added by the W32/Ixbot-A worm and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32ixbota.html0
122Windows Update Checker0 17[random filename]2 00 24Adware downloader trojan 01
117Windows Update V60 17[random filename]2 00 26Added by the RBOT-KT WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkt.html0
119WindowsRegistration0 17[random filename]2 00 26Added by the RBOT-NO WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotno.html0
124WindowsRegKey Autoupdate0 17[random filename]2 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120WindowsRegKey update0 17[random filename]2 00  064http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinLoader0 17[random filename]2 00 42Added by variants of the  SUBSEVEN TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUB7.213.B0
1 9WinManage0 17[random filename]2 00135Added by the Troj/Ranck-KH proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.56http://www.sophos.com/virusinfo/analyses/trojranckh.html0
1 9zonealarm0 17[random filename]2 00132Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running 01
1 9(default)0 21[random filename].exe2 00 27Added by the BLACKMAL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html0
1 5Kadoc0 21[random filename].exe2 00 29Added by the  Staprew TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.html0
119Mickey Mouse Cereal0 21[random filename].exe2 00 28Added by the RANKY.Q TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html0
111RSPC Driver0 21[random filename].exe2 00 26Added by the RBOT-SN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsn.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
118WindowsReg% update0 21[random filename].exe2 00 26Added by the RBOT-HH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothh.html0
1 7W32Load0 21[random filename].scr2 00 25Added by the CASPID WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.caspid.html0
127AIM Instant Message Cookies0 18[random filenames]2 00134Added by the W32/Rbot-AFV worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafv.html0
121Norton Antivirus 7.0a0 18[random filenames]2 00 39Added by the Troj/Perda-B trojan proxy.56http://www.sophos.com/virusinfo/analyses/trojperdab.html0
117Internet Explorer0 20[random letters].dll2 00115Added by the Troj/Proxma-A proxy and backdoor Trojan.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.57http://www.sophos.com/virusinfo/analyses/trojproxmaa.html0
146Iamnacho On Irc. MusicIrc.com Is a Homosexual!0 13[random name]2 00134Added by the W32/Randex-T worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randext.html0
110Ndpldaemon0 13[random name]2 00 44Added by the W32/RpcSdbot-A backdoor trojan.58http://www.sophos.com/virusinfo/analyses/w32rpcsdbota.html0
119Windows ASN Service0 13[random name]2 00134Added by the W32/Agobot-TC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32agobottc.html0
117Internet Explorer0 17[RANDOM NAME].dll2 00102Added by the Backdoor.Berbew.T backdoor.br /br /Uses CLSID: b{F28A40D7-AD0E-034A-C651-5F0ED76232E6}/b.61http://www.sarc.com/avcenter/venc/data/backdoor.berbew.t.html0
118HDAudio Driver 1.00 17[random name].exe2 00 44Added by the Troj/Teadoor-D backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoord.html0
1 5xserv0 17[random name].exe2 00 34Added by the Troj/Stumpy-A trojan.57http://www.sophos.com/virusinfo/analyses/trojstumpya.html0
1 6center0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor30 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
1 8Reactor50 19[random name]32.exe2 00 26Added by the BOFRA.D WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.d@mm.html0
1 8Reactor60 19[random name]32.exe2 00 26Added by the BOFRA.C WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.c@mm.html0
1 8Reactor70 19[random name]32.exe2 00 26Added by the BOFRA.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.b@mm.html0
1 8Reactor80 19[random name]32.exe2 00 26Added by the BOFRA.E WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 8Reactor90 19[random name]32.exe2 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html0
1 5Rhino0 19[random name]32.exe2 00 26Added by the BOFRA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bofra.a@mm.html0
112MSN 9.0 Plus0 12[random.exe]1 00132Added by the W32/Rbot-ALY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaly.html0
1 6asfqft0  8[random]1 00 12Added by the107Troj/Ranc0
1 2BD0  8[random]1 00241The a href=http://www.sophos.com/virusinfo/analyses/trojagentcm.html"Troj/Agent-CM backdoor TROJAN will first place DC.EXE in the Temporary folder, then modify   HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure automatic startup. 01
114BIOS XP Loader0  8[random]1 00143Added by the W32/Rbot-IC trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotic.html0
1 9bluestart0  8[random]1 00 35Added by Troj/Dloader-IR, a TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderir.html0
111CacheLoader0  8[random]1 00171Troj/Dloader-IX will download the [random] file to the Windows folder, sub-folder "Cache". That done, it moves to "Security iGuard.exe", found in the Program Files folder.59http://www.sophos.com/virusinfo/analyses/trojdloaderix.html0
1 3DI20  8[random]1 00 24Added by Troj/Dloader-IK59http://www.sophos.com/virusinfo/analyses/trojdloaderik.html0
111Disk Keeper0  8[random]1 00 99Added by the a href"http://www.sophos.com/virusinfo/analyses/trojsmallve.html"Troj/Small-VE TROJAN! 01
1 6eProxy0  8[random]1 00 29Added as a new service by the85Troj/Daemoni-AL TROJAN, using a displayname of Microsoft Security Subsystem Provider.0
1 7Expatch0  8[random]1 00 54Added by the Troj/PWSLmir-G TROJAN to steal passwords.58http://www.sophos.com/virusinfo/analyses/trojpwslmirg.html0
113Floppy Master0  8[random]1 00 68Added by the Troj/Zonit-E TROJAN to send spam using other computers.56http://www.sophos.com/virusinfo/analyses/trojzonite.html0
120Generic Host Process0  8[random]1 00147http://www.sophos.com/virusinfo/analyses/trojciadoorh.html"Troj/Ciadoor-H TROJAN adds the file, enabling an attacker remote access to the computer. 01
1 7JVM0.140  8[random]1 00 44Added by the Troj/Teadoor-B backdoor TROJAN!58http://www.sophos.com/virusinfo/analyses/trojteadoorb.html0
1 8LanGuard0  8[random]1 00  1. 01
1 5lk3h10  8[random]1 00 65Added by the Troj/Mosuck-G TROJAN into the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojmosuckg.html0
135Microsoft (C) HTML Application host0  8[random]1 00139Added by the W32/Rbot-YB WORM/IRC backdoor, this file will allow termination of processes by way of a remote attacker using an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotyb.html0
117Microsoft DirectX0  8[random]1 00 59A variant of the Rbot WORM/IRC backdoor will add this file.55http://www.sophos.com/virusinfo/analyses/w32rbotdp.html0
113Microsoft IIS0  8[random]1 00 43Added by the WORM variant, W32/Francette-Q.59http://www.sophos.com/virusinfo/analyses/w32francetteq.html0
139Microsoft Internet Acceleration Utility0  8[random]1 00 34Added by the Troj/Agent-BM TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbm.html0
120Microsoft PCHealth320  8[random]1 00 90The Troj/Nice-A TROJAN will log keystrokes using this file, and submit the data via email.55http://www.sophos.com/virusinfo/analyses/trojnicea.html0
1 6minimo0  8[random]1 00141A backdoor Trojan, it can log keypresses, capture screen and webcam images, steal files, provide a remote command shell and download updates. 01
1 3msn0  8[random]1 00 55Added by the Troj/Bancban-BG TROJAN to steal passwords.59http://www.sophos.com/virusinfo/analyses/trojbancbanbg.html0
118NT Virtual Machine0  8[random]1 00110Added by Troj/Agent-BV,  a network WORM with backdoor Trojan functionality found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32scaerbota.html0
110nvviddrv320  8[random]1 00143Added by the W32/Rbot-HT trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotht.html0
1 6qgqqft0  8[random]1 00 12Added by the21Troj/Ranck-BX TROJAN!0
1 7reg_run0  8[random]1 00 35Added by the Troj/Banker-BQ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbq.html0
121Regisry Configuration0  8[random]1 00143Added by the W32/Rbot-IY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.98http://www.google.com/url?sa=U&start=1&q=http%3A//www.sophos.com/virusinfo/analyses/w32rbotiy.html0
1 6RunWin0  8[random]1 00 36Added by the Troj/Banker-BN  TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbn.html0
115Service Manager0  8[random]1 00 34Added by the Troj/Migmaf-G TROJAN!57http://www.sophos.com/virusinfo/analyses/trojmigmafg.html0
1 8Services0  8[random]1 00 35Added by the Troj/Agent-BV  Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentbv.html0
1 8sixtysix0  8[random]1 00120Troj/LowZone-R  TROJAN is responsible for a file found in the Windows folder that will reduce IE security zone settings.58http://www.sophos.com/virusinfo/analyses/trojlowzoner.html0
1 3sox0  8[random]1 00 91Added by the Troj/Proxyser-G  to start a SOCKS4 proxy server on a randomly-chosen TCP port.59http://www.sophos.com/virusinfo/analyses/trojproxyserg.html0
1 7sVideo20  8[random]1 00 54Added by Dial/Switch-D , a TROJAN premium-rate dialler57http://www.sophos.com/virusinfo/analyses/dialswitchd.html0
111taskmrg.exe0  8[random]1 00 74Added by Troj/Bancban-BN, a TROJAN that attempts to steal banking details.59http://www.sophos.com/virusinfo/analyses/trojbancbanbn.html0
1 7uFnV32i0  8[random]1 00 45Added by the Adware.Envolo Adware downloader.57http://www.sarc.com/avcenter/venc/data/adware.envolo.html0
1 4upme0  8[random]1 00 12Added by the37W32/Rbot-TH WORM/IRC backdoor trojan!0
114USB controller0  8[random]1 00 39Troj/Miewer-A, a TROJAN, adds the file!57http://www.sophos.com/virusinfo/analyses/trojmiewera.html0
1 4usbn0  8[random]1 00115Added by the Troj/Hogil-B  Trojan.  This infection adds various links to porn sites in your Desktop and Start Menu.56http://www.sophos.com/virusinfo/analyses/trojhogilb.html0
1 9vadseinst0  8[random]1 00 34Added by the Troj/Ranck-CM Trojan!57http://www.sophos.com/virusinfo/analyses/trojranckcm.html0
1 3vb60  8[random]1 00 12Added by the37W32/Rbot-TD WORM/IRC backdoor trojan!0
1 5Verif0  8[random]1 00 12Added by the17W32/Nopir-B WORM!0
1 6WebRun0  8[random]1 00  8Added by12Troj/Bube-K.0
1 8Win32DLL0  8[random]1 00 12Added by the17W32/Woned-A WORM!0
114Window service0  8[random]1 00 12Added by the128W32/Rbot-AC0
117Windows update 320  8[random]1 00 12Added by the38W32/Rbot-ADG WORM/IRC backdoor Trojan!0
1 9winreg_320  8[random]1 00 36Added by the Troj/Bancban-BY TROJAN!59http://www.sophos.com/virusinfo/analyses/trojbancbanby.html0
1 9WXcmeinst0  8[random]1 00156Added by Troj/Ranck-CD, a backdoor TROJAN! It will chose a TCP port in the range 10000-49999 to notify a remote web server on that port using a web request.57http://www.sophos.com/virusinfo/analyses/trojranckcd.html0
1 6XpAspy0  8[random]1 00 72Added by Troj/Delf-WH, a TROJAN! It will be found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/trojdelfwh.html0
1 8xpsystem0  8[random]1 00114Added by Troj/Krepper-M,  a TROJAN! It will be found in a subfolder of the Windows system folder named "services".58http://www.sophos.com/virusinfo/analyses/trojkrepperm.html0
1 4xset0  8[random]1 00 12Added by the14Troj/Bdoor-HT.0
1 4mxb20 12[RANDOM].exe1 00 31Added by the W32.Maniccum worm.73http://www.sarc.com/avcenter/venc/data/w32.maniccum.html#technicaldetails0
1 4klop0 11[random]exe1 00 48Added by the Troj/Dloader-WA downloading Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwa.html0
1 7TempCom0 16[randomname].com1 00 24Added by the TRAXG WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.traxg@mm.html0
130[Ephemeral 2.5] by TreeHugger,0 16[randomname].exe1 00 31Added by the W32/Lemoor-C worm.56http://www.sophos.com/virusinfo/analyses/w32lemoorc.html0
118HDAudio Driver 2.00 18[randomstring].exe1 00 35Added by the Troj/Teadoor-E trojan.58http://www.sophos.com/virusinfo/analyses/trojteadoore.html0
1 7Litebot0 24[Trojan executable name]2 00 35Added by the Troj/Litebot-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojlitebota.html0
1 7CSRSWIN0 17[trojan filename]2 00 32Added by the WINSHELL.50 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html0
1 5CSRSX0 17[trojan filename]2 00 34Added by the WINSHELL.50.B TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.b.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 8Internal0 17[trojan filename]2 00 43Added by the SMOTHER and  TRANSLAT TROJANS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smother.html0
1 3lar0 17[trojan filename]2 00 27Added by the ROXY.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxy.c.html0
112Ntech.patchs0 17[trojan filename]2 00 28Added by the LEMIR.G TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.g.html0
1 7Service0 17[trojan filename]2 00 29Added by the KAITEX.E TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html0
111Disk Master0 13[trojan name]2 00 44Added by the DISTER TROJAN! - a spam relayer76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dister.html0
1 9*WinLogon0 13[trojan path]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 9*WinLogon0 38[trojan path] ren time:[random number]2 00 26Added by the VUNDO TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html0
1 7MSSGisg0 14[unidentified]1 00126Added by the Troj/Ranck-BI TROJAN, it will allow an unauthorized attacker to route HTTP traffic through the infected computer.57http://www.sophos.com/virusinfo/analyses/trojranckbi.html0
1 8SySPower0 22[Unknown at this time]2 00 46Added by the Troj/SpyAgen-G keylogging Trojan.58http://www.sophos.com/virusinfo/analyses/trojspyageng.html0
126Network Devices Controller0 18[unknown filename]2 00 90Added by the Backdoor.Alnica backdoor.  Listens on port 6667 awaiting a remote connection.59http://www.sarc.com/avcenter/venc/data/backdoor.alnica.html0
1 5__ZF50 14[unknown name]2 00 46Added by the W32.Erkez.F@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.erkez.f@mm.html#technicaldetails0
142Activating the notepad common used library0  9[unknown]1 00 39Added by W32/Codbot-G, a WORM/backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotg.html0
1 7msnmsgy0  9[unknown]1 00 80Added by the Troj/Banker-EQ password-stealing trojan targetting Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankereq.html0
114Network Client0  9[Unknown]1 00 35Added by the Trojan.Boxed.C Trojan.75http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.c.html0
122Network Client Monitor0  9[unknown]1 00 35Added by the Trojan.Boxed.B Trojan.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxed.b.html#technicaldetails0
1 7PNP FIX0  9[unknown]1 00132Added by the W32/Rbot-AKQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakq.html0
110Search.vbs0  9[unknown]1 00  8Hijacker 01
110SFTRANSFER0  9[unknown]1 00 50Added by the Backdoor.Brakkeshell backdoor Trojan.81http://www.sarc.com/avcenter/venc/data/backdoor.brakkeshell.html#technicaldetails0
130SSDP Discovery Service Locator0  9[unknown]1 00 43Added by the Troj/Pndoor-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojpndoora.html0
1 9worknote10  9[unknown]1 00 29Added by the W32.Meetot worm.71http://www.sarc.com/avcenter/venc/data/w32.meetot.html#technicaldetails0
4 6VS.VSN0  9[unknown]1 00 86Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added44http://www.esafe.com/esafe/default.asp?cf=tl0
126Vaganza-XPloit-[User Name]0 15[User Name].exe2 00 32Added by the W32.Gavgent.A worm.74http://www.sarc.com/avcenter/venc/data/w32.gavgent.a.html#technicaldetails0
118Visual Element FX50 20[various file names]2 00 30ClearStream Accelerator adware73http://www.spyany.com/program/article_spw_rm_ClearStream_Accelerator.html0
1 5clock0 19[various filenames]2 00140LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe79http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.livechat.html0
116MicrosoftWindows0 19[various filenames]2 00 46MagicSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PGStub.exe0 19[various filenames]2 00 19Unidentified adware 01
110PrivateNet0 19[various filenames]2 00 34Premium rate adult content dialler 01
115SystemEmergency0 19[various filenames]2 00 46SmartSearch - a CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 5wingo0 19[various filenames]2 00 27Added by the BAGLE-AU WORM!56http://www.sophos.com/virusinfo/analyses/w32bagleau.html0
115CSRS Windows NT0 15[various names]2 00 43Added by the Backdoor.WinShell.50 backdoor.98http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winshell.50.html#technicaldetails0
1 9SNInstall0 15[various names]2 00 35Added by the Troj/Spyhoax-A trojan.58http://www.sophos.com/virusinfo/analyses/trojspyhoaxa.html0
131Vanquish Autoloader v0.1 beta100 15[various names]2 00 39Added by the Hacktool.Vanquish rootkit.78http://securityresponse.symantec.com/avcenter/venc/data/hacktool.vanquish.html0
111Winport.com0  9[various]1 00135Added by the Backdoor.Acropolis backdoor.  The name of the backdoor is Acropolis 1.0. It listens on ports 32791, 45673 for connections.62http://www.sarc.com/avcenter/venc/data/backdoor.acropolis.html0
1 7REGMSYS0 18[variousnames.exe]1 00138Added by the Troj/LowZone-AX Trojan. Some common filenames for this infection are active.exe, mqzx.exe, klanp.exe, urba.exe, and sope.exe.59http://www.sophos.com/virusinfo/analyses/trojlowzoneax.html0
110LiveUpdate0 24[Windows username]05.exe2 00 28Added by the LINEAGE TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lineage.html0
1 9AlevirOld0 15[worm filename]2 00 28Added by the OPASERV.G WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.G0
1 9BrasilOld0 15[worm filename]2 00 28Added by the OPASERV.P WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P0
1 6G001230 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 7KAVutil0 15[worm filename]2 00 27Added by the WINTOO.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.b.worm.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
1 8messnger0 15[worm filename]2 00 26Added by the DELODER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html0
126Microsoft Security Panager0 15[worm filename]2 00132Added by the W32/Rbot-ANL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanl.html0
1 9RavTimeXP0 15[worm filename]2 00 27Added by the WULLIK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 8RavTimXP0 15[worm filename]2 00  076http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html0
1 4rdvs0 15[worm filename]2 00 27Added by the  ULTIMAX WORM!90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ULTIMAX.B&amp;VSect=T0
1 9ScrSvrOld0 15[worm filename]2 00 26Added by the OPASERV WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html0
111Services0040 15[worm filename]2 00 26Added by the BUGBROS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbros@mm.html0
1 9SpeedBoss0 15[worm filename]2 00 29Added by the OPASERV.AD WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.a.d.worm.html0
1 9Supernova0 15[worm filename]2 00 38Added by the SURNOVA (or SUPOVA) WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SURNOVA.A0
1 7Win2Drv0 15[worm filename]2 00 25Added by the WINTOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.wintoo.worm.html0
1 8Srv32Old0 19[worm filename].PIF2 00 28Added by the OPASERV.J WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.j.worm.html0
122Microsoft Windows DHCP0  8___r.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
133Microsoft Synchronization Manager0 13___synmgr.exe1 00 40Added by the MASLAN.A or MASLAN.C WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html0
330Microsoft Broadband Networking0 13_18be6784.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
317AutpPilot Control0 11_294823.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
314active Printer0 13_644366bb.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
111_accwiz.exe0 11_accwiz.exe1 00 52Added by the Troj/Certif-N password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifn.html0
4 5AVPCC0 10_avpcc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5Swf320 11_backup.exe1 00 25Added by the SYMTEN WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.symten@mm.html0
115[Various Names]0  9_ctcp.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
123Bron-Spizaetus-5118REPM0 17_default32142.pif1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
110[not used]0 12_huytam_.exe1 00 52Added by the Ssearch.biz and a-search.biz hijackers. 01
110[not used]0 11_Kerne1.exe1 00 82Added by the Troj/Lineage-AN password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagean.html0
113MEAOI Service0 10_meaoi.exe1 00227Added by the W32/Tilebot-AM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. This infection also creates a Rootkit file in order to hide itself called %System%meaoi.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotam.html0
110_ntrdlhost0 14_ntrdlhost.exe1 00 53A downloader TROJAN, Troj/Dloader-JV, adds this file.59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
117_ntrrescueservice0 10_ntrrs.exe1 00 37Added by the  TROJ/DLOADER-JV TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderjv.html0
138(randomly chosen existing folder name)0 10_setup.exe1 00 27Added by the  W32/Antinny-L57http://www.sophos.com/virusinfo/analyses/w32antinnyl.html0
1 7sqlsrvd0 12_sqlexec.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
121MS SQL Server Moniter0 12_sqlsrvd.exe1 00144Possible new variant of W32.Spybot.NLX.  This infection has root kit capabilities so it is possible you have further files that can not be seen.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
111_System_Run0 13_svchost_.exe1 00 81Added by the Troj/Lineage-Z password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagez.html0
1 9_tdiserv_0 12_tdicli_.exe1 00 33Added by the  W32.TDISERV.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.tdiserv.a.html0
1 8windll320 10_WIN32.EXE1 00 31Added by the  LEGMIR.AQ TROJAN!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LEGMIR.AQ&VSect=T0
1 9_x-Finder0 13_x-Finder.exe1 00 61Disconnects and redials an ISP modem to an adult content site 01
1 8^`d}qZxu0 12~`d}qzxu3zYF1 00 34Added by the GAOBOT.GEN!POLY WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gen!poly.html0
1 9(default)0  6~~.exe1 00 47Added by the Troj/DownLdr-QR Trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdownldrqr.html0
1 8Regcheck0 11~CAB001.EXE1 00 48Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_CYBRSPY.13A0
3 7ZeroAds0  101 00107ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually36http://zeroads.com/flash/default.asp0
1 9Zonavirus0  101 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
1 6begins0  50.exe1 00 61Added by the W32/Mytob-HE mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobhe.html0
1 5solid0  50.exe1 00 49Added by the WORM_MYTOB.PP worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EPP&VSect=T0
411AVGUARD.EXE0 1200000069.EXE125StartUp menu\Current user0111Windows XP/2000/XP Guard Service 6.29.00.03, H+BEDV Datentechnik GmbH. Antivirus Service for Windows XP/2000/NT39http://www.absolutestartup.com/startup/1
3 8000StTHK0 12000StTHK.exe1 00160Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) 01
3 8000StTHK0 12000StTHK.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1170050726-007-i32-10 210050726-007-i32-1.exe1 00 29Added by the  Troj/Bancban-EC59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
3 900THotkey0 1300THotKey.exe1 00 87For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. 01
3 900THotkey0 1300THotkey.exe111HKEY_LM\Run0 50TOSHIBA THotkey 6, 0, 2, 0, TOSHIBA Corp.. THotkey39http://www.absolutestartup.com/startup/1
115vbs_auto_update0 120548656X.vbs1 00 28Added by the   VBS/Gormlez-A57http://www.sophos.com/virusinfo/analyses/vbsgormleza.html0
1 80mcamcap0 120mcamcap.exe1 00 40Added by the Troj/Cosiam-H proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamh.html0
114OpenGL Drivers0 110penGLD.exe1 00 47Added by the W32/Yimp-A Instant Messaging worm.54http://www.sophos.com/virusinfo/analyses/w32yimpa.html0
112Yahoo! Pager0  11111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 1@0  21%1 00 12Added by the21W32/Protorid-AD WORM!0
110Rundll32_80  51.dll1 00 38Added by the Adware.BrowserAid adware.61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
1 51.bat0  51.exe1 00 36Added by the Troj/Banload-LK Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloadlk.html0
1 51.exe0  51.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
1 8SysStart0  51.exe1 00 38Added by the Adware.ZenoSearch adware.61http://www.sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 9WinUpdate0 10100089.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0  910010.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9ASDPLUGIN0 12100171be.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 9ASDPLUGIN0 12100176br.exe1 00 69Added by a variant of the  ASDPLUG adult content premium rate dialer!58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 6load320  91111a.exe1 00 28Added by the DUMARU.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html0
1151111swapmgr.exe0 151111swapmgr.exe1 00 43Added by the Troj/Bdoor-IC backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdooric.html0
2 5Watch0 151200UBWATCH.EXE1 00  2?? 01
32112Ghosts Popup-Killer0 1112popup.exe1 00 2112Ghosts Popup-Killer36http://12ghosts.com/ghosts/popup.htm0
120windowsregkey update0 1716winupdate32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113180adsolution0 17180adsolution.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 5180ax0  9180ax.exe1 00 34180Solutions/N-Case adware variant42http://www.doxdesk.com/parasite/nCase.html0
1 8spyclean0 181ClickSpyClean.exe1 00126The application "1 Click Spy Clean" is using a database that was stolen from  SpybotS&D A Rogue anti-spyware program see  note171 Click Spy Clean0
122ni.uwfx5_0001_n57m21120  81D7C.tmp1 00 25This is WinFixer Malware. 01
112HELLBOT TEST0 121hellbot.exe1 00 38Added by the W32/Mytob-BC worm/trojan.56http://www.sophos.com/virusinfo/analyses/w32mytobbc.html0
1 41on10  81on1.exe1 00 21Adult content dialler 01
3 91st Clock0 181stClock.exe -tray225StartUp menu\Current user01111st Clock 3.0, Green Parrots Software. 1st Clock - add date, alarms, atomic time and more to your taskbar clock39http://www.absolutestartup.com/startup/1
1101t34rd.exe0 131t34rd.exe /k215HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
217One Touch Monitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
2 8ONETOU~20 101tou~2.exe1 00  0 01
215OneTouchMonitor0 101tou~2.exe1 00 88For Visioneer OneTouch scanners. System tray access to the control panel for the scanner 01
1 52.exe0  52.exe1 00123Added by the http://www.sophos.com/virusinfo/analyses/trojmultidrcf.html Trojan!  This file is found in the Windows folder.14Troj/Multidr-C0
11820050726-007-i32-10 2220050726-007-i32-1.exe1 00 57Added by the Troj/Bancban-EC information stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanec.html0
1102006Server0  82006.exe1 00 44Added by the Troj/Feutel-DA backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelda.html0
1 3DI20  627.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 82kadiras0 122kadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
3 92wSysTray0 142portalmon.exe1 00 92a target="_blank" href="http://www.2wire.com/home/index.html"2Wire Homeportal user interface 01
0 8gramdate0  92Stop.exe1 00  2?? 01
3 92Tray.exe0  92tray.exe111HKEY_CU\Run0 79ImageConverter Plus 6, 3, 6, 0, fCoder Group International. ImageConverter Plus39http://www.absolutestartup.com/startup/1
115[Various Names]0 10321102.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
124windows runtime proccess0 1232RUNdll.exe1 00 28Added by the  SDBOT.QW WORM!83http://ae.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.QW0
1 5winXP0  633.exe1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
115[Various Names]0  934763.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 437210  83721.bat111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
119Win32 USB2.0 Driver0  7386.exe1 00 27Added by the IRCBOT.D WORM!55http://sarc.com/avcenter/venc/data/pf/w32.ircbot.d.html0
4 83capplnk0 123capplnk.exe1 00 24US Robotics Modem driver 01
2 83cdminic0 123CDMINIC.EXE1 001033Com DMI (DynamicAccess uD/uesktop uM/uanagement uI/unterface) Agent associated with 3Com network cards 01
2123ComDMIAgent0 123CDMINIC.EXE1 00  0 01
0 83CM Link0 113cmcnkw.exe1 00  2?? 01
4 83c1807pd0 273cmlink.exe 3cpipe-3c1807pd2 00 603Com WinModem driver. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
4 73Cmlink0 123CmlinkW.exe1 00164For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information34http://808hi.com/56k/winmodems.asp0
1 73D Text0 113D Text.scr2 00 27Added by the  JERMY.A WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.jermy.a.html0
3193D!Turbo Experience0 123D!Turbo.exe122StartUp menu\All users0 53MSI3D Application 1, 0, 0, 1, . MSI3D MFC Application39http://www.absolutestartup.com/startup/1
1 83d_sound0 123d_sound.exe1 00115Added by the Troj/Riados-A Trojan that attempts a distributed denial of service (DDoS) attack against www.riaa.com.57http://www.sophos.com/virusinfo/analyses/trojriadosa.html0
3193Deep Control Panel0 123DeepCTL.EXE1 00115From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games34http://www.colorific.com/index.htm0
4103dfx Tools0 113dfxCmn.dll1 00132Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards 01
2173dfx Task Manager0 113dfxMan.exe1 00 87System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start - Programs 01
4123dfxv2ps.dll0 123dfxv2ps.dll1 00116Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards 01
3173DLabsHelperDemon0 123dldemon.exe1 00365Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled 01
3173DLabsHelperDemon0 213dldemon.exe nowakeup2 00  0 01
0303Dlabs Taskbar Display Manager0 103DLman.exe1 00 723DLabs graphics driver related.  System Tray access to display settings? 01
4 93ware 3DM0  73dm.exe1 00 63Monitors status of the disk array on 3ware IDE RAID controllers 01
4113DMouse.EXE0 113DMouse.EXE1 00 33Dritek System Inc. 3D Mouse drive 01
315Primax 3D Mouse0 123dmoused.exe1 00 56Enables the scroll button on the Primax 3-D Scroll mouse 01
3113DNADesktop0 173dnasys.exe -open211HKEY_LM\Run0 613DNA Desktop Controller 1, 0, 0, 1, . 3DNA Desktop Controller39http://www.absolutestartup.com/startup/1
3103qdctl.exe0 103qdctl.exe1 00194Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ 01
3 3pmc0  849XL.exe111HKEY_CU\Run0 34PMClient 3.01.0001, The Edge Tech.39http://www.absolutestartup.com/startup/1
2114cOqtqs.exe0 114cOqtqs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310WheelMouse0 104DMAIN.EXE1 00154Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide 01
1 9Messenger0  7514.exe1 00 37Added by the Trojan.Esteems.D Trojan.94http://securityresponse.symantec.com/avcenter/venc/data/trojan.esteems.d.html#technicaldetails0
1105-2-46-1120 145-2-46-112.exe1 00 55Adult content pop-up dialler. Removal instructions here292http://groups.google.com/gro0
1 5putil0  85845.exe1 00 84Added by the Backdoor.Zinx backdoor. This backdoor listens on ports 14728 and 24759.77http://securityresponse.symantec.com/avcenter/venc/data/pf/backdoor.zinx.html0
119Windows USB Service0  7666.exe1 00 12Added by the38W32/Mytob-AW WORM/IRC backdoor trojan!0
1 3pmc0  7764.exe1 00 21Adult content dialler 01
1 57VGAV0  97VGAV.exe1 00 81Part of the Adware.Winpup infection.  File is found in the Windows system folder. 01
115[various names]0  880d0.exe1 00115MediaMotor/Popuppers adware variant. Names spotted include 80d0, SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
11480xFire daemon0 1180xFire.exe1 00111Added by the W32/Tilebot-BK worm and IRC backdoor.  This also infects your computer with the rootkit rdriv.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotbk.html0
1 881pl96k80 1281pl96k8.exe111HKEY_LM\Run0 134, 0, 2, 3, .39http://www.absolutestartup.com/startup/1
1 7TempCom0  98746D.com1 00 43Added by the W32/Traxg-H mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32traxgh.html0
1 8887sfNY40 12887sfNY4.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 17896588AppInit.DLL1 00 94Added by the Troj/LegMir-BI Trojan.  This infection also creates the  %WinDir%896588.dll file.58http://www.sophos.com/virusinfo/analyses/trojlegmirbi.html0
413Initialize8x80 128x8_init.exe1 00 83Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay 01
1 8KAZAACuf0  191 00 40Added by the  KITRO.D (or ARGEN.A) WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.d.worm.html0
2 7Apwheel0  89019.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
4 89xadiras0 129xadiras.exe1 00 67Allied_Telesyn AT series router/modem related - apparently required37http://www.alliedtelesyn.co.uk/en-gb/0
216DXM6Patch_9811160  1A1 00108Microsoft(R) Windows NT(R) Operating System 4.71.1015.0, Microsoft Corporation. Win32 Cabinet Self-Extractor 01
1 1a0  5a.exe1 00110Commercials file that registers itself in the system registry and redirects IE to a certain commercial website 01
1 7shellos0  8A+++.exe1 00 42Added by the WIN32.VB.AV keylogger TROJAN! 01
1 3a1g0  7a1g.exe1 00 35Added by the Troj/Agent-ACR Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentacr.html0
1 5load=0  7a1g.exe1 00 25Added by the ATAK.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.b@mm.html0
3 7a&sup2;0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 9a-squared0 11a2guard.exe1 00  0 01
3 9a-squared0 11a2guard.exe1 00137a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature27http://www.emsisoft.com/en/0
3 2a²0 11a2guard.exe1 00  027http://www.emsisoft.com/en/0
3 7ADSL_A20 11A2Installed1 00 78Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. 01
433Aureal A3D Interactive Audio Init0 11A3dInit.exe1 00 80For Aureal based 3D soundcards. A3D sound features won't work with this disabled 01
3 7A4Proxy0 11A4Proxy.exe1 00 87Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites47http://www.findincontext.com/a4proxy/review.htm0
3 9WindowsFZ0 11A5281300.so111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9windowsfz0 11A5281300.so1 00 49Variant of the SmitFraud alias  FAKEALE-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakealec.html0
111popuppers650 11a64sddd.exe1 00 24Popuppers adware variant77http://securityresponse.symantec.com/avcenter/venc/data/adware.popuppers.html0
111popuppers650  8a65d.exe1 00162Popuppers delivers popup ads to your computer. The file is found in the Windows folder. It also adds media-motor.net and popuppers.com to your trusted sites list. 01
114windows update0  7aaa.exe1 00 91Added by the Troj/Singu-Y Trojan.  This infection also creates the file c:\windows\aaa.cfg.56http://www.sophos.com/virusinfo/analyses/trojsinguy.html0
2 8AAACLEAN0 12AAACLEAN.INF1 00  2?? 01
1 4Heps0  8aaea.exe1 00 67Unknown malware. Located in %userprofile%\Application Data\aaea.exe 01
3 3AAK0  7aak.exe1 00140Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"30http://www.anti-keylogger.net/0
1 8AANYVKCF0 12aanyvkcf.exe1 00105Added by the Adware.Safesearch.B  Adware. This infection redirects certain pages to ones that it desires.63http://www.sarc.com/avcenter/venc/data/adware.safesearch.b.html0
133Microsoft Synchronization Manager0  9aapie.exe1 00134Added by the W32/Sdbot-OZ worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoz.html0
1 4Noha0  8aasd.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116Microsoft Update0 10aaupdt.exe1 00 26Added by the RBOT-RQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrq.html0
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe1 00 29ABBYY FineReader OCR software45http://www.abbyy.com/finereader7/?param=286030
224FineReader7NewsReaderPro0 19AbbyyNewsReader.exe111HKEY_LM\Run0 65FineReader 7.0.0.620, ABBYY (BIT Software). ABBYY Community Agent39http://www.absolutestartup.com/startup/1
1 4FILE0 11abcdefg.exe1 00 46Added by the W32.Kelvir.DD MSN messenger worm.74http://www.sarc.com/avcenter/venc/data/w32.kelvir.dd.html#technicaldetails0
1 6System0 11abcdefg.exe1 00 31Added by the W32/Harwig-B worm.56http://www.sophos.com/virusinfo/analyses/w32harwigb.html0
1 8BT0000350 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000360 13abcdefg23.exe1 00  054http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000370 13abcdefg23.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8abcdefgh0 12abcdefgh.exe1 00 68Malware - detected by  Panda antivirus as the DOWNLOADER.EPJ TROJAN!51http://www.pandasoftware.com/products/titanium2005/0
115[Various Names]0 10ABCXYZ.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
2 6abiteq0 10abiteq.exe1 00 96Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds. 01
115Service Drivers0  7abl.exe1 00133Added by the W32/Sdbot-YX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyx.html0
216Album Fast Start0 10ABMTSR.EXE1 00 50Scanner software, not required for scanner to work 01
1 4ABox0  8ABox.exe1 00 74Added by the Troj/Abox-A Trojan!  The file is found in the Windows folder. 01
112Abrada win320 14abradaload.dll1 00 52Added by the Troj/Dermon-G password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojdermong.html0
3 8ABREGMON0 12ABregmon.exe111HKEY_LM\Run0 54Registry Monitor 1, 0, 0, 1, ArcaBit. Registry Monitor39http://www.absolutestartup.com/startup/1
115[Various Names]0  9abrek.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
118active bit station0  7abs.exe1 00 32Added by the  W32.MYTOB.BZ WORM!63http://www.symantec.com/avcenter/venc/data/w32.mytob.bz@mm.html0
318PCBackup Scheduler0 15ABScheduler.exe111HKEY_LM\Run0 83Alohabob Job Scheduling Agent 6, 0, 0, 0, Eisenworld. Alohabob Job Scheduling Agent39http://www.absolutestartup.com/startup/1
1 4ABsr0  8absr.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
2 3abu0  7abu.exe111HKEY_LM\Run0 33abu Application 1, 0, 0, 1, . abu39http://www.absolutestartup.com/startup/1
314AbyssWebServer0 11abyssws.exe1 00 16Abyss web server29http://abyss.sourceforge.net/0
3 6CCWC7a0  6ac.exe1 00 64Moleculesoft Cache, Cookie & Windows Cleaner Ver. 7 - auto clean39http://www.moleculesoft.se/index2b.html0
1 4Osus0  8acao.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
216acbtnmgr_x63.exe0 16AcBtnMgr_X63.exe122StartUp menu\All users0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
326Lexmark X73 Button Manager0 16AcBtnMgr_X73.exe111HKEY_LM\Run0 86Jetsoft Development Company AcBtnMgr 1, 0, 0, 1, Jetsoft Development Company. AcBtnMgr39http://www.absolutestartup.com/startup/1
412AcBtnMgr_Xxx0 16AcBtnMgr_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Manager0 16AcBtnMgr_Xxx.exe1 00  0 01
3 3acc0  7acc.exe1 00102Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"53http://www.voicecallcentral.com/#advanced_call_center0
0 5AOLCC0 11ACCAgnt.exe1 00 74AOL ISP software related, file located in a "AOL Computer Check-Up" folder 01
310Accelerate0 14accelerate.exe1 00170Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection55http://www.webroot.com/wb/products/accelerate/index.php0
310Accelerate0 17accelerate.exe /S2 00 304.0.1, Webroot Software, Inc.. 01
313accessmanager0 13AccessMgr.exe1 00230Part of SmartPipes  SecureSite software - "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"40http://www.smartpipes.com/SecureSite.htm0
120Windows Task Manager0 23ACCOUNT_DETAILS.DOC.exe1 00 28Added by the QUATERS.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.quaters.a@mm.html0
3 7AcctMgr0 11AcctMgr.exe1 00246Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities—all from the safety of your own PC44http://www.symantec.com/sabu/sysworks/basic/0
3 7AcctMgr0 20AcctMgr.exe /startup211HKEY_LM\Run0 85Norton Password Manager 2004.1.406, Symantec Corporation. Password Manager Controller39http://www.absolutestartup.com/startup/1
111accwizz.exe0 11accwizz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
111MeuPrograma0 11accwizz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 8accwizzz0 12accwizzz.exe1 00  076http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
112accwizzz.exe0 12accwizzz.exe1 00 47Added by the W32.Ruland.A@mm mass-mailing worm.76http://www.sarc.com/avcenter/venc/data/w32.ruland.a@mm.html#technicaldetails0
1 9system xp0 15acdsee demo.exe2 00 26Added by the SALGA.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.salga.a@mm.html0
0 8Ace bows0 12Ace bows.exe2 00  2?? 01
3 8acergoto0 12AcerGoto.exe1 00179Acer Computer "Goto Drive"  Cold Swap Driver -  a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer. 01
417AspireTimeMachine0 11acertmb.exe1 00189System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry 01
1 5necix0 13aceyukujy.exe1 00 89Added by W32/Sdbot-UE, a WORM/IRC backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotue.html0
3 8aclntusr0 12AClntUsr.exe1 00 42Altiris  AClient Service Windows Tray Icon42http://www.cdg-group.com/go.exe?prodid=2990
312AmazingClock0 10AClock.exe111HKEY_CU\Run0 65Amazing clock 1.2.beta, Kukushkin A. S.. Amazing clock executable39http://www.absolutestartup.com/startup/1
110AclService0 10AclService1 00 84C:\Windows\System32\aclservice.exe, and C:\Windows\Downloaded Program Files\acl.inf. 01
326Lexmark X73 Button Monitor0 17ACMonitor_X73.exe111HKEY_LM\Run0 46ACMonitor 1, 0, 0, 0, Silitek Corp.. ACMonitor39http://www.absolutestartup.com/startup/1
413ACMonitor_Xxx0 17ACMonitor_Xxx.exe1 00133Associated with the Lexmark Xxx (where &quot;xx&quot; is the model) all-in-one printer/scanner/copier. Required for correct operation 01
426Lexmark Xxx Button Monitor0 17ACMonitor_Xxx.exe1 00123Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation 01
310ACMService0 14ACMService.exe1 00109Added by the Spyware.ACM surveillance software.  Uninstall this software if it was not installed by yourself.72http://securityresponse.symantec.com/avcenter/venc/data/spyware.acm.html0
0 9aauclient0 14ACNUpdater.exe1 00 53Appears to be related to software from  Accenture.com56http://www.accenture.com/xd/xd.asp?it=enweb&xd=index.xml0
313Acombo3dmouse0 12Acombo3d.exe1 00 71Mouse driver - required if you use non-standard Windows driver features 01
1 6Aconti0 10aconti.exe1 00 21Adult content dialler 01
3 8acoustic0 12acoustic.exe1 00112Control panel program for Philips  Acoustic Edge soundcard. Not required unless changed settings aren't retained198http://www.consume0
31042 AC Plug0 20acplug.exe -tray -on225StartUp menu\Current user0 752, 0, 4, 29,  iOpus Software GmbH. 42 Always Connected Plug (AC-Plug)  V2.039http://www.absolutestartup.com/startup/1
114Adobe Reader320 12Acrord32.exe1 00 48Added by the W32/Rbot-BLC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotblc.html0
221Acrobat Assistant 7.00 12Acrotray.exe111HKEY_LM\Run0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2004121400, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
219Assistant d'Acrobat0 12acrotray.exe122StartUp menu\All users0101AcroTray - Adobe Acrobat Distiller helper application. 6.0.1.2003102300, Adobe Systems Inc.. AcroTray39http://www.absolutestartup.com/startup/1
317Acrobat Assistant0 12ACROTRAY.EXE1 00190Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation 01
135adobe acrobat distiller application0 12acrotray.exe1 00 34Added by the  W32.RANDEX.DFJ WORM!62http://www.symantec.com/avcenter/venc/data/w32.randex.dfj.html0
329Atheros Configuration Service0  7acs.exe1 00 64Possibly part of the Atheros 802.11b/g WiFi connectivity driver. 01
413AolAcsDaemon10  8Acsd.exe1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
118AlfaCleanerService0 12ACServer.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
327autocad startup accelerator0 13acstart16.exe1 00 91Preloads some libraries that are used by  AutoCAD in order to make the software load faster67http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=51272130
327AutoCAD Startup Accelerator0 13acstart16.exe122StartUp menu\All users0 61AutoCAD 16.1.63.0, Autodesk, Inc. AutoCAD Startup Accelerator39http://www.absolutestartup.com/startup/1
1 5acsuc0  9acsuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119DyFuCA Active Alert0 12actalert.exe1 00 32Adult content dialler - see here57http://www.sophos.com/virusinfo/analyses/dialdyfucaa.html0
127microsoft boot system cfg320 12actboost.exe1 00 32Added by the  W32.Bropia.R WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.r.html0
125Windows boot system cfg320 12actboost.exe1 00 38Added by W32/Forbot-G, a network WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotgl.html0
3 8activity0  9actik.exe1 00 90ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!67http://www.symantec.com/avcenter/venc/data/spyware.activitykey.html0
311ActionAgent0 15actionagent.exe1 00202A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client. 01
115[Various Names]0 13ActionScr.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
120kernel system daemon0 13ACTIVAT0R.exe1 00 28Added by the RANDEX.AW WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aw.html0
210Activation0 14Activation.exe1 00 23Part of Microsoft Money 01
216MoneyStartUp10.00 14Activation.exe1 00 53Part of MS Money 2002. Available via Start - Programs 01
312online cdrom0 15Active acid.exe2 00  2?? 01
1 7ATITech0 10Active.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
122MS Decryption Software0 10active.exe1 00 27MediaTickets adware variant51http://www.spywareguide.com/product_show.php?id=8130
1 8ACTIVEDS0 12ACTIVEDS.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
210ActiveEyes0 14ActiveEyes.exe1 00 30ActiveEyes from TFI Technology53http://www.tfi-technology.com/products.htm#ActiveEyes0
310ActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
317HPGamesActiveMenu0 14ActiveMenu.exe1 00254WildTangent games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
323hplaptopgamesactivemenu0 14ActiveMenu.exe1 00260Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case 01
310ActivePlus0 14activeplus.exe1 00 68Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)35http://hot.activebuddy.com/catalog/0
313Active shield0 16Activeshield.exe1 00177Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"34http://www.securitystronghold.com/0
1 6Roam040 11ActiveX.exe1 00 34Added by the Troj/Roamer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojroamera.html0
3 8ActMaker0 12ActMak25.exe1 00196ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer34http://www.789987.com/products.htm0
311ACTNSTA.EXE0 11ACTNSTA.EXE1 00 68Believed to be a system tray utility for an Accton ethernet adapter.40http://www.accton.com/homepage/index.htm0
3 3ACU0  7acu.exe1 00 66ACU 2.4.0.71, Atheros Communications, Inc.. Atheros Client Utility 01
3 3ACU0  7ACU.exe1 00 45Atheros wireless Client Utility For HP Compaq38http://www.nus.edu.sg/winzone/atheros/0
3 7acu_qsb0  7ACU.exe1 00 45Atheros wireless Client Utility For HP Compaq38http://www.nus.edu.sg/winzone/atheros/0
3 3ACU0 14ACU.exe -nogui2 00 67ACU 4.1.0.132, Atheros Communications, Inc.. Atheros Client Utility 01
314Ad Blocker Pro0 18Ad Blocker Pro.exe2 00 32Ad Away popup and banner remover 01
310AD2KClient0 14AD2KClient.exe1 00190Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
318Iomega Active Disk0 14AD2KClient.exe111HKEY_LM\Run0 53AD2KClient 1, 0, 0, 2, Iomega Corporation. AD2KClient39http://www.absolutestartup.com/startup/1
214Adaware Bootup0 12ad-aware.exe1 00  040http://www.lavasoft.de/software/adaware/0
1 8Ad-aware0 12Ad-aware.exe1 00162Ad-aware from Lavasoft. Checks your PC for &quot;Spyware&quot; which reports back your internet activities to &quot;base&quot;. Available via Start -&gt; Programs40http://www.lavasoft.de/software/adaware/0
114Adaware lptt010 11adaware.exe1 00224Variant of the  RapidBlaster parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not the valid Lavasoft Adaware49http://www.doxdesk.com/parasite/RapidBlaster.html0
114Adaware ml097e0 11adaware.exe1 00186Variant of the  RapidBlaster parasite (in a &quot;Aimaol&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin lptt010 11adaware.exe1 00174Variant of the  RapidBlaster parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113foobin ml097e0 11adaware.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
117Lavasoft Ad-Aware0 12Ad-Aware.exe1 00 93Added by the RBOT-SO WORM! Note - this is not the popular Ad-aware spware/adware removal tool55http://www.sophos.com/virusinfo/analyses/w32rbotso.html0
2 8Ad-Aware0 15Ad-Aware.exe +c2 00  0 01
111Browser Pal0 10adblck.exe1 00 31BrowserAid/BrowserPal foistware47http://www.doxdesk.com/parasite/BrowserAid.html0
3 9AdBlocker0 13AdBlocker.exe111HKEY_LM\Run0 583B Ad Blocker Pro 1.00, 3B Software Inc. 3B Ad Blocker Pro39http://www.absolutestartup.com/startup/1
124Micro$oft Windowz Update0 13ADBlockXp.exe1 00 49Added by the W32/Sdbot-AJR worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotajr.html0
2 6XemiCo0  7ADC.EXE1 00 98XemiComputers a target="_blank" href="http://www.xemico.com/adc/index.html"Active Desktop Calendar 01
323Active Desktop Calendar0  7ADC.exe111HKEY_CU\Run0103Active Desktop Calendar Application 4, 8, 0, 0, XemiComputers ltd.. Active Desktop Calendar Application39http://www.absolutestartup.com/startup/1
1 8AddClass0 12AddClass.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 8AdDelete0 12AdDelete.exe1 00 27Banner advertisment blocker 01
111AdDestroyer0 15AdDestroyer.exe1 00308Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code 01
1 110  9addit.exe1 00130Added by the W32/Sdbot-RI worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotri.html0
0 8addproxy0 12addproxy.exe1 00 26Related to Adobe Photoshop 01
2 9audiodeck0  9ADeck.exe1 00127ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items. 01
3 9AudioDeck0 11ADeck.exe 1211HKEY_LM\Run0 64ADeck Application 5, 9, 0, 6, VIA Technologies, Inc.. Audio Deck39http://www.absolutestartup.com/startup/1
113ad-eliminator0 17ad-eliminator.exe1 00 92Spyware remover of dubious repute - see this  list of non-recommended anti parasite software38of dubious repute - see this  <a href=0
3 3ADG0  7ADG.exe1 00 28SoundBlaster Audigy related? 01
2 7ADGJdet0 11ADGJDet.exe1 00 78Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection 01
213Jet Detection0 11ADGJDet.exe1 00  0 01
213Jet Detection0 11ADGJDet.exe111HKEY_LM\Run0 57HdPhDetector Application 1, 0, 2, 0, . Creative JetDetect39http://www.absolutestartup.com/startup/1
4 6Adiras0 10Adiras.exe1 00 22ADSL USB modem related 01
3 8AdKiller0 21AdKiller.exe /StartUp211HKEY_LM\Run0 89AdKiller Daemon 1.00.0015, Infocrackes Software 2000, Inc.. The Best Free PopUp Ad Killer39http://www.absolutestartup.com/startup/1
131Popup and Advertisement Killers0 13adkillers.exe1 00 48Added by the W32/Rbot-DDH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddh.html0
1 7version0 10adl_dh.exe1 00 25DealHelper adware related60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
319NewsStand.Scheduler0 12ADLSched.exe111HKEY_CU\Run0 76ADLSched 2.8.2.0, NewsStand, Inc.. NewsStand Reader Media Download Scheduler39http://www.absolutestartup.com/startup/1
1 7svchost0 11ADMAGIC.EXE1 00124Added by the SMIBAG WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.smibag.worm.html0
120Admanager Controller0 12AdManCtl.exe1 00134This is a WindUpdates variant.  You can uninstall it from Add/Remove Programs.  It is found in C:\Program Files\Admanager Controller\. 01
115Admilli Service0 15AdmilliServ.exe1 00 26Windupdates adware variant81http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx0
1 6Remote0 15adminClient.exe1 00 79Added by the Backdoor.Gapin backdoor. This infections listens on TCP port 1039.58http://www.sarc.com/avcenter/venc/data/backdoor.gapin.html0
113Administrator0 17Administrator.exe1 00 44Added by the Troj/GrayBrd-B Trojan backdoor.58http://www.sophos.com/virusinfo/analyses/trojgraybrdb.html0
118ADM Library Loader0 12admlib32.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 5AWMON0 14Ad-Monitor.exe1 00 21F-Secure_Anti-Spyware38http://www.f-secure.com/products/fsas/0
311admtray.exe0 11admtray.exe1 00 33Related to  Acer Inc. Destop tray23http://global.acer.com/0
310Ad Muncher0 11ADMUNCH.EXE1 00184Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications25http://www.admuncher.com/0
319Go!Zilla Ad Muncher0 15AdMunch.exe /bt211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Adobe Gamma Loader0 22Adobe Gamma Loader.exe2 00231Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine 01
1 5Adobe0  9Adobe.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
4 6dlmMgr0 24AdobeDownloadManager.exe1 00260This is Adobe's download manager that allows for resuming of partially complete downloads from their site.  If you want the program to continue downloading you need to keep this entry.  When it has completed downloading it will remove itself from the registry. 01
416Adobe LM Service0 14Adobelmsvc.exe1 00306This is Adobe's license management service that is used to make sure you are not using a pirated copy of their software.  It does this by examining your hardware on your computer and asking you to reregister if this changes.  This can not be disabled as it will reenable when you use one of their products. 01
1 8adobemgr0 12adobemgr.exe1 00 38Added by the  Trojan.Adclicker TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html0
119adobe photoshop 7.00 18AdobePhotoshop.exe1 00122Added by a variant of the  W32/SDBOT WORM! - NOTE: Do NOT confuse with the  Adobe photo editing software of the same name!43http://vil.nai.com/vil/content/v_100454.htm0
1 6AdobeA0 10adobes.exe1 00 29Added by the FLOOD.BA TROJAN!43http://vil.nai.com/vil/content/v_100373.htm0
2 9updateMgr0 33AdobeUpdateManager.exe AcRdS7_0_0211HKEY_CU\Run0 74Adobe Update Manager 3.0, Adobe Systems Incorporated. Adobe Update Manager39http://www.absolutestartup.com/startup/1
015Ad Online Guide0 17adonlineguide.exe1 00  2?? 01
1 3adp0  7adp.exe1 00 70Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc 01
111ATM Control0  8adpn.exe1 00 24Added by the MMS.A WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MMS.A&amp;VSect=T0
1 4aapp0  6adprot1 00 24AdBlaster adware variant 01
1 6adprot0 10adprot.exe1 00  0 01
4 8adpu160m0 12adpu160m.sys1 00 65Added by Nero Burning Rom program. Needed to properly burn files. 01
1 7updater0 15adservernow.exe1 00 18AdServerNow adware79http://securityresponse.symantec.com/avcenter/venc/data/adware.adservernow.html0
3 9ADService0 13ADService.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
3 7AdsGone0 11adsgone.exe1 00  0 01
3 7AdsGone0 11Adsgone.exe1 00 24AdsGone - pop-up stopper23http://www.adsgone.com/0
1 7SyncMon0 14adslcomdos.exe1 00 78Added by the a href=http://www.sophos.com/virusinfo/analyses/trojclunkya.html"30Troj/Clunky-A backdoor trojan.0
313ADSLConnector0 23ADSLConnector.exe /auto225StartUp menu\Current user0 70Conector Speed UOL 1, 0, 1, 0, Universo Online S/A. Conector Speed UOL39http://www.absolutestartup.com/startup/1
4 4ADSS0  8ADSS.exe1 00225ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied22http://www.johnru.com/0
1 9adstartup0 13Adstartup.exe1 00 22Adlogix adware variant51http://www.spywareguide.com/product_show.php?id=7910
116AdStatus Service0 14AdStatServ.exe1 00 22Unknown adware/malware 01
216Subtract the Ads0  9AdSub.exe1 00 62Removes adverts from web pages. Although useful - not required 01
310AdSubtract0  9AdSub.exe1 00 51AdSubtract 3.0 3.0, IinterMute inc.. AdSubtract 3.0 01
310AdSubtract0  9adsub.exe1 00147AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start - Programs26http://www.adsubtract.com/0
110adtech20050 14adtech2005.exe1 00 62Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus. 01
110adtech20060 14adtech2006.exe1 00 53Identified by Kapersky as Trojan-Clicker.Win32.VB.kc. 01
115adtools service0 11AdTools.exe1 00 26Windupdates adware variant27http://www.windupdates.com/0
213ADQuickAccess0 10Adtray.exe1 00112After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95 01
110Adult_Chat0 14Adult_Chat.exe1 00 21Adult content dialler 01
111Adult_Chat10 15Adult_Chat1.exe1 00  0 01
1 6AdultX0 10AdultX.exe1 00 34Adult content dialler and hijacker 01
3 9ADUserMon0 13ADUserMon.exe1 00175Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk42http://www.iomega-activedisk.com/index.jsp0
1 7aduxlqj0 11aduxlqj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9[unknown]0  9ADVAP.EXE1 00127Added by the W32/SdBot-W worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32sdbotw.html0
1 6Advapi0 10Advapi.exe1 00 30Added by the NETDEVIL.12 WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_NETDEVIL.120
1 8advapi320 18advapi32.exe -auto211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
220Advanced Tools Check0 10ADVCHK.EXE1 00141Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget 01
2 6ADVCHK0 10ADVCHK.EXE1 00  0 01
220Advanced Tools Check0 10ADVCHK.EXE111HKEY_LM\Run0 97Norton AntiVirus 8.00.61, Symantec Corporation. Norton AntiVirus Advanced Tools Integrity Checker39http://www.absolutestartup.com/startup/1
120advanced tool checks0 11advchks.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8advmon320 12advmon32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
124[random 12 digit number]0 12advpack1.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
126advanced protection system0 11advpsys.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3adw0  7adw.exe1 00 74Added by the Troj/AdClick-BK Trojan!  File is found in the Windows folder.59http://www.sophos.com/virusinfo/analyses/trojadclickbk.html0
2 5load=0  9adw30.exe1 00102After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95 01
312Adware Agent0 16adware agent.exe2 00 26Adware Agent popup blocker58http://www.topshareware.com/Adware-Agent-download-4866.htm0
311adwarealert0 15AdwareAlert.Exe1 00118Spyware remover  of dubious repute  -  see the  SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites39of dubious repute  -  see the  <a href=0
311AdwareAlert0 21AdwareAlert.Exe -boot211HKEY_LM\Run0 47AdwareAlert 3.06.0002, AdwareAlert. AdwareAlert39http://www.absolutestartup.com/startup/1
112AdwareDelete0 16adwaredelete.exe1 00 61Rogue antispyware application that is installed with malware. 01
334AdwareFilter Background Protection0 16adwarefilter.exe122StartUp menu\All users0 50Adware Filter 2, 3, 8, 0, PCSafe.com. AdwareFilter39http://www.absolutestartup.com/startup/1
210Adware Spy0 13AdwareSpy.exe1 00 86Bogus adware remover, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
118Adwarz Spy Remover0 10ADWARZ.EXE1 00 49Added by the W32/Spybot-EV worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32spybotev.html0
3 8Ad-watch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
3 5AWMON0 12Ad-Watch.exe1 00  040http://www.lavasoft.de/software/adaware/0
316Lavasoft Adwatch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
1 5AWMON0 12Ad-Watch.exe1 00 59Ad-Aware SE 3.2, Lavasoft Sweden. Ad-Watch System Protector 01
116Lavasoft Adwatch0 12Ad-watch.exe1 00147Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system40http://www.lavasoft.de/software/adaware/0
1 5AWMON0 12Ad-Watch.exe111HKEY_LM\Run0 59Ad-Aware SE 3.2, Lavasoft Sweden. Ad-Watch System Protector39http://www.absolutestartup.com/startup/1
1 4aebq0  8aebq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312Aeiwlsta.exe0 12Aeiwlsta.exe1 00 42IBM High Rate Wireless LAN Adapter driver. 01
210SharkEject0 11AEJCT32.exe1 00136Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required 01
2 8AELaunch0 12AELaunch.exe1 00 68Audio Applications Launcher for the Philips  Acoustic Edge soundcard182http://www.consum0
320active email monitor0  9aem25.exe1 00153Active_Email_Monitor checks multiple accounts for email,  serves as a SPAM filter and can also protect you from harmful items that can be sent via email.31http://www.vicman.net/emailmon/0
1 9AERVICESN0 13AERVICESN.exe1 00 32Added by the W32/Randon-AO worm.57http://www.sophos.com/virusinfo/analyses/w32randonao.html0
213aexagentlogon0 20AeXAgentActivate.exe1 00105Altiris Agent transmits information about your machine for the purpose of asset management and deployment22http://www.altiris.com0
123microsoftz turn control0  8aexl.exe1 00 29Added by the  SDBOT.BCO WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BCO&VSect=P0
3 8NSHelper0 22aexnsinstallhelper.exe1 00 91Altiris Express Notification Server Install helper - monitors integrity of the installation 01
3 9AeXSWDUsr0 13AeXSWDUsr.exe1 00 43Altiris Express NS Client Manager software.23http://www.altiris.com/0
1 5aeydt0  9aeydt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Adobe Filter Platform0 19afilterplatform.exe1 00 26Added by the RBOT-OP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotop.html0
1 6afmymk0 10afmymk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5Agent0  9Agent.exe1 00170Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start - Programs24http://www.cyberlink.com0
2 9LookNMeet0  9Agent.exe1 00 24LooknMeet dating service47http://217.22.55.178/rdl/lnm_v4.3/nl/index.html0
116Backdoor.NuAgent0  9agent.exe1 00 43Added by the Troj/Agent-DP backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojagentdp.html0
1 8agentsvr0 12agentsvr.exe1 00239Malware, detected by  Kaspersky antivirus as AdWare.Monker.a - NOTE:  do NOT confuse with the Microsoft Agent Server application of the same name as described  here - the legitimate file will always be located in the WindowsMsagent folder.36http://www.kaspersky.com/personalpro0
110[not used]0 14Agentsvr32.exe1 00104Added by the Troj/Dropper-BA dropper Trojan.br /br /Uses CLSID: bE7CCDB6E-AE6D-11cf-96B8-444553540000/b.59http://www.sophos.com/virusinfo/analyses/trojdropperba.html0
1 9RavUptets0 11agetlke.exe1 00 35Added by the Troj/QQPass-AK Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassak.html0
1 9RavUpteni0 14agetlktsyr.exe1 00 35Added by the Troj/QQPass-CJ Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpasscj.html0
1 8RavUptkt0 12agetlktz.exe1 00 35Added by the Troj/QQPass-AJ Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassaj.html0
1 7RavUpfs0 12agetltfs.exe1 00 35Added by the Troj/QQPass-AL Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassal.html0
3 8AgfaCLnk0 12AgfaCLnk.exe1 00162For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive 01
1 3agp0  9agp32.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
2 6acpart0 12agpart11.exe1 00 34Program for finding trucks on-line 01
219Creative AGP Wizard0 10agpwiz.exe1 00 33Part of Creative's BlasterControl 01
313QuickPassword0 12agquickp.exe1 00 69Smart card-based authentication and digital signature client software 01
313Forget Me Not0 12AGRemind.exe1 00 57Calendar reminder part of American Greetings® CreataCard® 7#FF00000
3 8AGRSMMSG0 12AGRSMMSG.exe111HKEY_LM\Run0109Agere SoftModem Messaging Applet 2.1.25 2.1.25 02/14/2003 11:58:58, Agere Systems. SoftModem Messaging Applet39http://www.absolutestartup.com/startup/1
211AGSatellite0 15AGSatellite.exe1 00107Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start - Programs 01
1 8AGSeyApp0 12AGSeyApp.exe1 00 32Added by the  GoldenEye SPYWARE!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.goldeneye.html0
1 6agypdk0 10agypdk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7Aha154x0 11aha154x.sys1 00 51Adaptec SCSI driver installed by Microsoft Windows. 01
3 4ahfp0  8ahfp.exe1 00313Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
3 7ahfprog0  8ahfp.exe1 00313Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"22http://www.softbe.com/0
115control handler0 11ahjinst.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
3 5AHNSD0  9AhnSD.exe1 00 89AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis48http://home.ahnlab.com/english/product/01_1.html0
2 5AHNUE0  9AHNUE.exe1 00  2?? 01
1 4ahnx0  8ahnx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7AHQInit0 11AHQInit.exe1 00 64AHQInit Application 1, 0, 0, 0, Creative Technology Ltd. AHQInit 01
2 7AHQInit0 11ahqinit.exe1 00147Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required 8#AudioHQ0
2 6AutoEA0 10Ahqrun.exe1 00189For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ 01
2 7AudioHQ0  9AHQTB.EXE1 00 57AudioHQ 1.4.0, Creative Technology Ltd.. Creative AudioHQ 01
2 7AudioHQ0  9Ahqtb.exe1 00133For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -&gt; Programs 01
3 8AudioHQU0 10AHQTBU.EXE111HKEY_LM\Run0 58AudioHQ 1.13.0, Creative Technology Ltd.. Creative AudioHQ39http://www.absolutestartup.com/startup/1
110ahui32.exe0 10ahui32.exe1 00 52Added by the Troj/Certif-M password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifm.html0
1 7aiasxwa0 11aiasxwa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7aic78u20 11aic78u2.sys1 00 58Added by Microsoft for the Adaptec SCSI hardware profiles. 01
4 7aic78xx0 11aic78xx.sys1 00 34Added by Microsoft for SCSI drives 01
4 5load=0 12AICLIENT.EXE1 00141Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system32http://www.tangram.com/index.htm0
338Another Internet Explorer Popup Killer0  9aiepk.exe1 00 40Another IE Popup Killer - pop-up stopper56http://www.fadsoft.com/Another%20IE%20Popup%20Killer.htm0
3 5aiepk0 10aiepk2.exe1 00 40Another IE Popup Killer - pop-up stopper56http://www.fadsoft.com/Another%20IE%20Popup%20Killer.htm0
1 3aIg0  7aIg.exe1 00 33Added by the Troj/Proxy-H trojan.56http://www.sophos.com/virusinfo/analyses/trojproxyh.html0
1 8msvchost0  7aig.exe1 00 35Added by the Troj/Aimbot-BC Trojan.58http://www.sophos.com/virusinfo/analyses/trojaimbotbc.html0
1 5Lsass0  9aight.exe1 00 36Identified as Trojan.Proxy.Agent.FB. 01
1 8aikkcrej0 12aikkcrej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112AIM reminder0 16AIM reminder.exe2 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
2 3AIM0  7aim.exe1 00142AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start - Programs 01
131Advanced Interactive Multimedia0  7aim.exe1 00 44Identified as trojan.downloader.(small).xxx. 01
1 3Aim0  7aim.exe1 00135Added by the W32/Sdbot-BFX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotbfx.html0
115aim quick start0  7Aim.exe1 00 50Added as result of a  W32/Forbot-BB worm infection57http://www.sophos.com/virusinfo/analyses/w32forbotbb.html0
121aol instant messanger0  7aim.exe1 00 26Added by the  W32/Sdbot-YT56http://www.sophos.com/virusinfo/analyses/w32sdbotyt.html0
2 3AIM0 21aim.exe -cnetwait.odl211HKEY_CU\Run0 75AOL Instant Messenger 5.9.3690, America Online, Inc.. AOL Instant Messenger39http://www.absolutestartup.com/startup/1
3 3aim0  8AIM+.exe1 00 81AIM_plus a free add-on to AOL's Instant Messenger for Windows from Big-O Software30http://www.big-o-software.com/0
127AOL Instant Messenger 7.2130 11aim9283.exe1 00133Added by the W32/Sdbot-ZF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotzf.html0
113AIM95 Startup0  9aim95.exe1 00 30Added by the  AGOBOT.AEE WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEE0
120Configuration Loader0  9aim95.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
113aimaol lptt010 10aimaol.exe1 00176Variant of the  RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113aimaol ml097e0 10aimaol.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
1 8aimb.exe0  8aimb.exe1 00129Added by the Spyware.IMSurfSentinel surveillance program.  If you did not install this on your machine then you should remove it.66http://www.sarc.com/avcenter/venc/data/spyware.imsurfsentinel.html0
1 6wkssvc0 13AIMClient.exe1 00 50Added by the W32/Tilebot-DP worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdp.html0
2 4Star0  8aime.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
313AgenteADSL_150 27AimExDll.exe AimGestA.dll 8211HKEY_LM\Run0 71Aplicación AimExDLL 1, 5, 2, 2, Telefónica I+D. Aplicación MFC AimExDLL39http://www.absolutestartup.com/startup/1
211AimingClick0 15AimingClick.exe1 00 79AimingClick from AimingTech. Web searching tool. Available via Start - Programs46http://www.aimingtech.com/aimingclick/home.htm0
110Aim Plugin0 13aimplugin.exe1 00 47Added by the W32/Guap-F instant messenger worm.54http://www.sophos.com/virusinfo/analyses/w32guapf.html0
124Aol Configuration Loader0 10aimsng.exe1 00 12Added by the38W32/Sdbot-XE WORM/IRC backdoor trojan!0
212AIMWDInstall0 16AIMWDInstall.exe1 00240Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
1 6aipndj0 10aipndj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
422D-Link Air USB Utility0 10AirCFG.exe1 00 35D-Link wireless PCI adapter related 01
418D-Link Air Utility0 10AirCFG.exe1 00 35D-Link wireless PCI adapter related 01
418D-Link Air Utility0 10AirCFG.exe1 00 72Wireless LAN Monitor 3, 1, 5, 30626, D-Link. D-Link Wireless LAN Monitor 01
1 7aircity0 11aircity.exe1 00 19Unidentified adware 01
1 8ethernet0 10airftp.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
416d-link airplus g0 11AirGCFG.exe1 00 37D-Link Airplus Wireless Router driver 01
416D-Link AirPlus G0 11AirGCFG.exe1 00 72Wireless LAN Monitor 3, 3, 1, 50329, D-Link. D-Link Wireless LAN Monitor 01
338D-Link AirPlus G Configuration Utility0 11AIRPLUS.exe122StartUp menu\All users0 57D-Link AirPlus G 1, 0, 0, 0, D-Link. WLAN Adapter Utility39http://www.absolutestartup.com/startup/1
414D-Link AirPlus0 11AirPlus.exe1 00 20WLAN Adapter Utility 01
321Media Manager Indexer0 11AIRSVCU.EXE1 00284Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database. For more information see here79http://www.cug.edu.cn/fwzn/wlzx/wlfw/vid/USINGVID/0-7897/0-7897-0762-4/ch09.htm0
3 6Ajanda0 10Ajanda.EXE111HKEY_LM\Run0 33Ajandam 2.00.0001, Akýllý Ajanda.39http://www.absolutestartup.com/startup/1
1 7ajjcgym0 11ajjcgym.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Advertising Killer0 11Akiller.exe1 00 24AKiller - pop-up stopper64http://www.buypin.com/menu.php?group=1&page=akiller&lang=english0
3 7AKiller0 11akiller.exe1 00 40BuyPin Advertising Killer - popup killer40http://sourceforge.net/projects/akiller/0
317Ardamax Keylogger0  7akl.exe1 00113Added by the Spyware.Ardakey.B keylogger. This program should be uninstalled if it was not installed by yourself.61http://www.sarc.com/avcenter/venc/data/spyware.ardakey.b.html0
133Microsoft Synchronization Manager0  6al.exe1 00 32Added by the OPTXPRO.132 TROJAN!93http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_OPTXPRO.1320
3 7ala.exe0  7ala.exe1 00117Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer33http://www.softheap.com/lock.html0
1 5alaog0  9alaog.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313Alarm Manager0 13Alarm.app.exe1 00 93Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop 01
312AlarmWatcher0 16AlarmWatcher.exe1 00 88Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. 01
3 9LaunchApp0 11Alaunch.exe1 00 35Acer Launch tool utility on laptops23http://global.acer.com/0
012alcfdmonitor0 12ALCFDRTM.EXE1 00 92RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? 01
010alcfdrtm160 14ALCFDRTM16.com1 00 92RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup? 01
1 6Alchem0 10Alchem.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 6Alcmtr0 10ALCMTR.EXE1 00109Realtek AC97 Audio - Event Monitor 1.6.0.2, Realtek Semiconductor Corp.. Realtek Azalia Audio - Event Monitor 01
1 6alcmtr0 10ALCMTR.EXE1 00213Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers 01
3 7Alcohol0 11Alcohol.exe1 00 56Alcohol 120% - CD/DVD emulation/writing/copying software41http://www.alcohol-software.com/index.php0
315Alcohol Autorun0 11Alcohol.exe1 00 56Alcohol 120% - CD/DVD emulation/writing/copying software41http://www.alcohol-software.com/index.php0
2 7AlcWzrd0 11ALCWZRD.EXE1 00181RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one 01
2 7AlcWzrd0 11ALCWZRD.EXE111HKEY_LM\Run0 73ALCWZRD 1.1.0.19, RealTek Semicoductor Corp.. RealTek AlcWzrd Application39http://www.absolutestartup.com/startup/1
311AlcxMonitor0 12ALCXMNTR.EXE111HKEY_LM\Run0 93Realtek Audio - Event Monitor 1.5, Realtek Semiconductor Corp.. Realtek Audio - Event Monitor39http://www.absolutestartup.com/startup/1
111AlcxMonitor0 12Alcxmntr.exe1 00208Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers 01
312PC Alert III0  9alert.exe1 00119MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock 01
1 6Alevir0 10Alevir.exe1 00 55Added by the OPASERV.A or OPASERV.F or OPASERV.G WORMS!57http://www.sophos.com/virusinfo/analyses/w32opaserva.html0
2 5Alexa0  9Alexa.exe1 00219Alexa Toolbar &quot;is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing&quot;. Available via Start -&gt; Programs65http://download.alexa.com/alexa65/startpage.html?p=Dest_W_g_40_L10
111AlfaCleaner0 15AlfaCleaner.exe1 00113Desktop hijacking, aggressive/deceptive advertising Rogue Anti-Spyware program. For more information  Click_Here.52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
317ALFY Accellerator0 12AlfyAC~1.exe1 00  2?? 01
333Application Layer Gateway Service0  7alg.exe1 00211Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.  This can be disabled if you are not using Internet Connection Sharing or the built-in Windows firewall. 01
110AppGateway0  7alg.exe1 00 48Added by the W32/Rbot-BCB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcb.html0
133Application Layer Gateway Manager0  7alg.exe1 00 50Added by the W32/Tilebot-EU worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboteu.html0
139Windows System Service Framework (WSSF)0  7alg.exe1 00152Added by the Troj/Rootkit-AA worm and IRC backdoor. When started, this infection connects to a remote IRC server where it waits for commands to execute.59http://www.sophos.com/virusinfo/analyses/trojrootkitaa.html0
118Networking Service0  8alg2.exe1 00 48Added by the W32/Rbot-BDT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbdt.html0
124Microsoft ALG32 Protocol0  9alg32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 9SystUphes0 12algesetp.exe1 00 35Added by the Troj/QQPass-AM Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassam.html0
133Application Layer Gateway Service0  8algs.exe1 00 32Added by the W32.Linkbot.M worm.74http://www.sarc.com/avcenter/venc/data/w32.linkbot.m.html#technicaldetails0
132Application Layer Gateway System0 10algsys.exe1 00 48Added by the W32/Rbot-DDF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddf.html0
1 4ALGU0  8ALGU.EXE1 00 39Added by the Troj/CWS-I Trojan dropper.54http://www.sophos.com/virusinfo/analyses/trojcwsi.html0
1 7bandook0  7ali.exe1 00 35Added by the  TROJ/EXEMAS-B TROJAN!57http://www.sophos.com/virusinfo/analyses/trojexemasb.html0
225Alias SketchBook Snapshot0 12ALIASS~2.EXE1 00 43Screen-capture utility for Alias Sketchbook 01
319SketchBook Snapshot0 19AliasSketchSnap.exe122StartUp menu\All users0 68Alias SketchBook Pro 1.0.3, Alias Systems. Alias SketchBook Snapshot39http://www.absolutestartup.com/startup/1
115[Various Names]0 11AliceSD.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
133Microsoft Synchronization Manager0  9alien.exe1 00133Added by the W32/Sdbot-MV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmv.html0
4 6AliIde0 10aliide.sys1 00 54ALi mini IDE Driver provided by Acer Laboratories Inc. 01
4 9ALiSndMgr0 12ALiSndMg.exe1 00 21ALi AC97 Sound driver 01
1 8BootsCfg0 15All Users.vbs %2 00 47Added by the VBS.Spiltron@mm mass-mailing worm.93http://securityresponse.symantec.com/avcenter/venc/data/vbs.spiltron@mm.html#technicaldetails0
2 9allercalc0 13AllerCalc.exe1 00128AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually.38http://www.allersoft.com/allercalc.htm0
3 7allSnap0 11allSnap.exe1 00140allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop48http://members.rogers.com/ivanheckman/index.html0
213AllTracksGone0 17alltracksgone.exe1 00471AllTracksGone lets you clear your tracks.  It deletes files stored on your computer.  For example, the web pages you've visited are stored in your URL History.  Images you've seen on your computer are stored in a cache file.  There are many other files that AllTracksGone can "clean".   From one simple interface, you can have AllTracksGone clear your computer of unnecessary files on a regular basis. Normally located in C:\Program Files\AllTracksGone\alltracksgone.exe.28http://www.alltracksgone.com0
021AOL Instant Messenger0  7AlM.EXE1 00 99That is an L between the A and M, the start up location is wrong for AIM. What does this relate to? 01
319AcerNotebookManager0 13almxptray.exe1 00 82System Tray access on some Acer Notebooks to give faster access to system settings 01
319AcerNotebookManager0 13almxptray.exe111HKEY_LM\Run0 122.0.6, Acer.39http://www.absolutestartup.com/startup/1
3 8Alogserv0 12Alogserv.exe1 00372From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up 01
3 6alpass0 10ALPass.exe1 00 23ALPass password manager44http://www.altools.net/Default.aspx?tabid=620
120alogrithm link queue0  7alq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
4 7Alerter0 10alrsvc.dll1 00125This service is used to notify selected computers and users of alerts from programs.  This service is started by svchost.exe. 01
0 6ALServ0 10ALServ.exe1 00 34Altec Lansing AMS speaker related. 01
3 5AISys0  9alsys.exe1 00128Added by the Spyware.ActivityLog surveillance software.  This program should be uninstalled if it was not installed by yourself.63http://www.sarc.com/avcenter/venc/data/spyware.activitylog.html0
112alexatoolbar0  7alt.exe1 00 51Reported as Hijacker.Delf.eb by ewido anti-malware. 01
314AltoMB_service0 13AltoMBsrv.exe1 00125Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management28http://www.altosoftware.com/0
111altpayments0 15AltPayments.exe1 00 45Reported by  Symantec as Adware.WeirdOnTheWeb81http://securityresponse.symantec.com/avcenter/venc/data/adware.weirdontheweb.html0
120notification utility0 12altpayV2.exe1 00 51Reported by  Ewido_Security_Suite as Adware.WeirWeb24http://www.ewido.net/en/0
216ASUS Live Update0  7ALU.exe1 00 49ALU Application 1, 0, 0, 1, . ALU MFC Application 01
216asus live update0  7ALU.exe1 00 50ASUS Live Update utility - reportedly not required 01
3 8ALUAlert0 13ALUNotify.exe1 00116Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis 01
316AlwaysOnTopMaker0 20AlwaysOnTopMaker.exe1 00120Always On Top Maker - utilty to enable an application to always be displayed &quot;on top&quot; of others on the desktop43http://www.fadsoft.com/AlwaysOnTopMaker.htm0
217Action Manager 320  8AM32.exe1 00 142, 60, 0, 0, . 01
217Action Manager 320  8am32.exe1 00136Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -&gt; Programs 01
310CA-AMAgent0 11amagent.exe1 00355Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting47http://www3.ca.com/Solutions/Product.asp?ID=1940
111AmazingTens0 15AmazingTens.exe1 00 34Premium rate adult content dialler 01
314intelapmclient0 12amclient.exe1 00 45LANDesk  Management_Suite software component.37http://www.landesk.com/Products/LDMS/0
1 4Aaou0  8amee.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
410[not used]0 10aminit.dll1 00 60Used by the Altiris® Application Metering Solution software.52http://www.altiris.com/products/applicationmetering/0
4 4Amon0  8AMON.EXE1 00 45Monitoring part of Eset's NOD32 virus-scanner34http://www.nod32.com/home/home.htm0
4 8Amonitor0  8amon.exe1 00 22Tiny Personal Firewall44http://www.tinysoftware.com/home/tiny2?la=EN0
310WheelMouse0 12AMOUMAIN.EXE1 00 99A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features46http://www.a4tech.com/a4techenglish/index.html0
310WheelMouse0 12Amoumain.exe111HKEY_LM\Run0 67A4Tech iWheelWorks Mouse Driver 7.46.0.0, A4Tech Co.,Ltd.. Amoumain39http://www.absolutestartup.com/startup/1
122accessmedia p2p loader0 10amp2pl.exe1 00 51My AccessMedia toolbar related,  stealth installed! 01
4 6amsint0 10amsint.sys1 00 42AMD SCSI/NET Controller Added by Microsoft 01
3 4amsn0  8amsn.exe1 00 41aMSN P2P client - can be started manually55http://amsn.sourceforge.net/modules.php?name=About_Amsn0
3 4AMSN0  8amsn.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
117lnternet Explorer0 12AMSNDMGR.EXE1 00 90Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I"84http://http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html0
113Clock_Manager0 10amsngr.exe1 00 79Added by the A href="http://www.sophos.com/virusinfo/analyses/trojsdbotxm.html"39Troj/Sdbot-XM WORM/IRC backdoor trojan!0
115winsock2 driver0 11AMSNMGR.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
113WinDynManager0 11amsnmsg.exe1 00121Added by the W32/Sdbot-IA worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotia.html0
111msn service0 13amsnmsgrs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 5amuvd0  9amuvd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5amxph0  9amxph.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4amyi0  8amyi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113Bar Ding lolt0 10Analiz.exe1 00 26Added by the RBOT-RP WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrp.html0
212Utopia Angel0  9Angel.exe1 00 37Calculator for the online Utopia game31http://games.swirve.com/utopia/0
1 7ISEXEng0 11angelex.exe1 00173This file is associated with adware. It is known to download and install other spware and adware on to your computer. This service should definitely be stopped and disabled. 01
1 8animalss0 12animalss.exe1 00 49Added by the W32/Agobot-VE worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotve.html0
242Animated Weather Satellite and Radar v2.1a0 38Animated Satellite and Radar v2.1a.exe225StartUp menu\Current user0 45DesktopX Widget 1, 0, 0, 1, . DesktopX Widget39http://www.absolutestartup.com/startup/1
1 4Xuab0 11anlmdox.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
013AnnotateCheck0 12AnnCheck.exe1 00 40Genius Wizard Pen Tablet driver related. 01
213Announcements0 12Annclist.exe1 00163MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
231Microsoft Announcement Listener0 12Annclist.exe1 00  0 01
2 7Anntext0 11Anntext.exe1 00 39Caere Pagekeeper text annotation server 01
324anonymizer_spywarekiller0 19AnonAntiSpyware.exe1 00 36Anonymizer Spyware Killer; see  here40http://www.anonymizer.com/spywarekiller/0
327Trace ZapperAnonymousServer0 12AnonSurf.exe111HKEY_LM\Run0 88Trace Zapper Anonymous Surfer 3, 0, 0, 2, TraceZapper.com. Trace Zapper Anonymous Surfer39http://www.absolutestartup.com/startup/1
327anonymizer total net shield0 11AnonTns.exe1 00 28Anonymizer  Total_Net_Shield117http://www0
111Will I Ever0 10anqbse.exe1 00 12Added by the38W32/Sdbot-TK WORM/IRC backdoor trojan!0
1 5avqra0 10anqmfn.exe1 00153Added by the Troj/Sdbot-BV backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotbv.html0
2151-Click Answers0 11answers.exe122StartUp menu\All users0 67Answers 1.0 (build 84), GuruNet Corporation. 1-Click Answers Client39http://www.absolutestartup.com/startup/1
1 9HideStyle0 21Ante Browse Trust.exe2 00123IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:\Program Files 01
1 5virus0  8Anti.exe1 00 35Added by the  WIN32.SEENBOT.O WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=421850
1 9Yahoo20000  8Anti.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9anti_troj0 13anti_troj.exe1 00 36Added by the Troj/BagleDl-AH Trojan.59http://www.sophos.com/virusinfo/analyses/trojbagledlah.html0
117auto__antiav__key0 14antiav_exe.exe1 00 98Added by the Troj/BagleDl-AA Trojan.  This infection also creates the file %System%antiav_dll.dll.59http://www.sophos.com/virusinfo/analyses/trojbagledlaa.html0
4 9AntiCrash0 13AntiCrash.exe1 00 92Programs that stays resident in memory and attempts to stop your applications from crashing. 01
411!!!AntiHook0 12AntiHook.exe1 00 52Installed by the AntiHook malware protection system.42http://www.infoprocess.com.au/AntiHook.php0
320Anti-keylogger check0 11antikey.exe1 00 79Anti-keylogger - protects against keylogger programs monitoring your keystrokes31http://www.anti-keyloggers.com/0
318Anti-keylogger 6.00 27Anti-keylogger.exe /autorun211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
320AntiWindowsMessenger0 13AntiMsMsg.exe1 00111Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory49http://fileforum.betanews.com/detail/1069500643/10
3 9AntiPopUp0 13AntiPopUp.exe1 00 33AntiPopUp for IE - pop-up stopper38http://www.webknacks.com/antipopup.htm0
112AntiSpam Pro0 15AntiSpamPro.exe1 00 39Added by a variant of the SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 5ppass0 11Antispy.exe1 00162AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"59http://www.antivirus-program.com/antivirus_program/antispy/0
111microsoft640  9antiv.exe1 00 24Added by the SOBER WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html0
1 3Zi50 20AntiVirus Update.exe2 00 46Added by the W32.Erkez.G@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.erkez.g@mm.html#technicaldetails0
320Anti-Spyware Blocker0 14Anti-Virus.exe122StartUp menu\All users0 42AntiVirus 1, 0, 0, 1, AntiVirus. AntiVirus39http://www.absolutestartup.com/startup/1
120anti-spyware blocker0 14Anti-Virus.exe1 00191Anti-Spyware Blocker by  Your-Soft , bogus "Spyware remover" - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "anti-spyware blocker"25http://www.your-soft.com/0
116AntiVirus Update0 13AntiVirus.exe1 00143Added by the W32/Rbot-HY trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothy.html0
113AntiVirus.exe0 13AntiVirus.exe1 00143Added by the Troj/Banker-CAA banking Trojan.  If you are infected with this Trojan it is advised that you change your online banking passwords.59http://www.sophos.com/virusinfo/analyses/trojbankercaa.html0
111antivirus320 13antivirus.exe1 00173html" target=_blankSPYBOT.KAI networm worm.  This worm infects other computer through file sharing networks and connects to an IRC server where it waits for remote commands. 01
2 9Eac_rnvdl0 21ANTIVIRUS_INSTALL.EXE1 00  2?? 01
111antivirus320 15antivirus32.exe1 00 39Added by the W32.Opanki.P network worm.73http://www.sarc.com/avcenter/venc/data/w32.opanki.p.html#technicaldetails0
127Windows Anti-Virus Built 320 15AntiVirus32.exe1 00 27Added by the SDBOT-BG WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotbg.html0
113antivirusgold0 17AntivirusGold.exe1 00 73Malware masquerading as an antivirus - also installs the  Winnook TROJAN!69http://www.bleepingcomputer.com/startups/intel_system_tool-10422.html0
4 5AnVir0  9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
418AnVir Task Manager0  9AnVir.exe1 00102AnVir Task Manager - protects computer against viruses and manages running processes and startup files29http://anvir.com/taskmanager/0
3 8anvshell0 12anvshell.exe1 00194System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel - Display Properties - Advanced as well as the System Tray shortcuts toolbar 01
3 8anvshell0 12anvshell.exe111HKEY_LM\Run0 81ASUS nVidia Series Shell 1.00.00, AsusTeK Computer Inc.. ASUS nVidia Series Shell39http://www.absolutestartup.com/startup/1
113NvCplDaemon320 14anvshell32.exe1 00 31Added by the Troj/VB-XU trojan.54http://www.sophos.com/virusinfo/analyses/trojvbxu.html0
3 6AnyDVD0 10AnyDVD.exe1 00193AnyDVD is a driver, which descrambles DVD-Movies automatically in the background. This DVD appears unprotected and region code free for all applications and the Windows operating system as well37http://www.slysoft.com/en/anydvd.html0
1 5aoacn0  9aoacn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 4ugon0 12aockstrs.exe1 00  2?? 01
2 4Lcer0  8aoco.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5aogsd0  9aogsd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121AOL Instant Messengar0  7aol.exe1 00 12Added by the39W32/Agobot-FN worm/IRC backdoor trojan.0
214AOL Fast Start0 10AOL.EXE -b2 00154This allows AOL to load in the background when your computer starts.  This make the program launch quicker when you want to use it, but uses up resources. 01
214AOL Fast Start0 10AOL.EXE -b211HKEY_CU\Run0 61America Online 9.02.000, America Online, Inc.. America Online39http://www.absolutestartup.com/startup/1
124Microsoft AOL32 Protocol0  9aol32.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
413AolAcsDaemon10 11AOLACSD.EXE1 00188AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually 01
117AOL 9.0 Optimized0 13AOLCLIENT.EXE1 00 82Added by the Backdoor.Spyboter.A Trojan!  File found in the Windows system folder.66http://www.sarc.com/avcenter/venc/data/pf/backdoor.spyboter.a.html0
2 9AOLDialer0 11AOLDial.exe1 00 69AOL ISP software dialer - can be activated through a desktop shortcut 01
2 9AOLDialer0 11AOLDial.exe111HKEY_LM\Run0 81AOL Connectivity Service 3.0.0.1, America Online. AOL Connectivity Service Dialer39http://www.absolutestartup.com/startup/1
2 6AolFix0 10AolFix.exe1 00211Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL&nbsp; to run correctly. Not seen much any more and should only run once 01
125Aol Instant Messenger Fix0 10aolfix.exe1 00134Added by the W32/Sdbot-ABJ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotabj.html0
011HostManager0 18AOLHostManager.exe1 00 41In a Program FilesCommon FilesAOL folder. 01
311HostManager0 18AOLHostManager.exe111HKEY_LM\Run0 75AOL Service Libraries 1.0.0.6, America Online, Inc.. AOLHostManager Service39http://www.absolutestartup.com/startup/1
121aol instant messenger0 10aolmsg.exe1 00 29Added by  W32.Kelvir.AL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.al.html0
113AOL Messenger0 12aolmsngr.exe1 00 27Added by the SDBOT-JF WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotjf.html0
118aol services hosts0 20aolserviceshosts.exe1 00 40Added by an unidentified WORM or TROJAN! 01
111AolSoftware0 15aolsoftware.exe1 00 50Added by the W32/Tilebot-CL worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcl.html0
322AOL Spyware Protection0 19AOLSP Scheduler.exe2 00 32AOL's spyware protection program 01
322AOL Spyware Protection0 19AOLSP Scheduler.exe211HKEY_LM\Run0 46AOLSP Scheduler 1, 0, 0, 78, . AOLSP Scheduler39http://www.absolutestartup.com/startup/1
119AOLSPYWAREREMOVER320 23AOLSPYWARECLEANER32.EXE1 00 49Added by the W32/Spybot-HJ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32spybothj.html0
228America Online *.* Tray Icon0 11aoltray.exe1 00126Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -&gt; Programs 01
228America Online 9.0 Tray Icon0 18aoltray.exe -check222StartUp menu\All users0 60America Online 9.00.001, America Online, Inc.. AOL Tray Icon39http://www.absolutestartup.com/startup/1
420AOL TopSpeed Monitor0 12aoltsmon.exe1 00183This program is used by AOL's web acceleration technology which supposedly helps to make web browsing faster.  This is most important for those users who still access AOL via dial-up. 01
3 8ccWasher0 13aolwasher.exe1 00200Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL 01
1 6Aornum0 10aornum.exe1 00107Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware79http://www.iwon.com/home/prizes/pm3_overview/0,21311,,00.html?PG=home?SEC=fnstf0
1 8aosrfmkr0 12aosrfmkr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7AO Tray0 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
2 6AOTray0 10AOTray.Exe1 00102System Tray application for AOpen soundcards. Can be run manually via Start - Settings - Control Panel 01
1 8aoyssrll0 12aoyssrll.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ap9h4qmo0 12ap9h4qmo.exe111HKEY_LM\Run0 134, 0, 0, 4, .39http://www.absolutestartup.com/startup/1
4 6Apache0 10apache.exe1 00 93This is the Apache Web Server.  If this is running on your machine, you should know about it.21http://www.apache.org0
322Monitor Apache Servers0 17ApacheMonitor.exe1 00125Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start - Programs 01
4 8apc_tray0 12apc_tray.exe1 00124Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure 01
1 6apd1230 10APD123.exe1 00 47Added by the Troj/Dloadr-JT downloading Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrjt.html0
222adobe photo downloader0 12apdproxy.exe1 00 89From  Adobe_Photoshop_Album not to be terminated unless suspected to be causing problems.21http://www.adobe.com/0
1 5API320  9api32.exe1 00 29Added by the IRCBOT-B TROJAN!57http://www.sophos.com/virusinfo/analyses/trojircbotb.html0
1 6APIMon0 11apimonx.exe1 00 40Added by the TIBSER.A downloader TROJAN! 01
110apisvc.exe0 10apisvc.exe1 00 42Added by a variant of the  Lamebot TROJAN!43http://vil.nai.com/vil/content/v_116121.htm0
124Windows API Control Task0 12apitsk32.exe1 00153Added by the W32.Mytob.HI@mm worm. When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.76http://www.sarc.com/avcenter/venc/data/w32.mytob.hi@mm.html#technicaldetails0
3 3apl0  7APL.exe1 00 20Sage_Software's_ACT!51http://itdomino.act.com/act.nsf/docid/20041291011280
0 8Apmsrv9x0 12APMSRV9X.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 9AlpsPoint0 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
3 6Apoint0 10Apoint.exe1 00261Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work 01
3 6Apoint0 10Apoint.exe111HKEY_LM\Run0 91Alps Pointing-device Driver 6.0.2.180, Alps Electric Co., Ltd.. Alps Pointing-device Driver39http://www.absolutestartup.com/startup/1
1 5Prein0 38APP****.tmp [* = random char or digit]2 00 19Unidentified adware 01
120[executed file name]0  7App.exe1 00 25Added by the WAXPOW WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.waxpow.worm.html0
1 5Prein0  9app4F.tmp111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114ApPache System0 11ApPache.exe1 00 49An RBot WORM/IRC backdoor variant adds this file.55http://www.sophos.com/virusinfo/analyses/w32rbotyp.html0
113micro process0 11appconf.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7appconn0 11appconn.exe1 00 25Added by the CARGAO WORM!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.cargao.html0
115security center0 14AppControl.exe1 00 23Added by the  SDBOT.CFT86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CFT&VSect=T0
311AppExtender0 12AppExtCB.exe1 00100Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received67http://www.confimax.com/?PHPSESSID=aefc68296846f048b5b7ae96e48d854f0
113Configuration0 11apphost.exe1 00 38Added by W32/Sdbot-VP, a network WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotvp.html0
1 9appis.exe0  9appis.exe1 00 29Added by the AGENT-BC TROJAN!68http://pestpatrol.com/PestInfo/t/trojandownloader_win32_agent_bc.asp0
221Shortcut to AppleDock0 13AppleDock.exe122StartUp menu\All users0 30Y'z Dock 0, 8, 3, 0, Y'z@Home.39http://www.absolutestartup.com/startup/1
138{64ba30a2-811a-4597-b0af-d551128be340}0 11appmagr.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{64ba30a2-811a-4597-b0af-d551128be340}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
115[Various Names]0 19AppMasterCenter.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 7AppMgmt0 11appmgmt.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
3 7AppPlus0 11AppPlus.exe1 00249AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"29http://www.appplusonline.com/0
3 9atspooler0 13AppsTraka.exe1 00 88AppsTraka keystroke logger/monitoring program - remove unless you installed it yourself!68http://www.symantec.com/avcenter/venc/data/spyware.desktopscout.html0
1 5appuq0  9appuq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123AutoLoaderAproposClient0 11aprload.exe1 00 37Added by the Spyware.Apropos spyware.59http://www.sarc.com/avcenter/venc/data/spyware.apropos.html0
123Autoloaderaproposclient0 25Apropos_Client_Loader.exe1 00 19AproposMedia adware45http://doxdesk.com/parasite/AproposMedia.html0
014ENSApServer2_00 12APSERVER.EXE1 00 48Intel AnyPoint Wireless II Home Network related. 01
3 8AEZBProc0 11aptezbp.exe1 00203IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions 01
4 5Apvxd0 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 8Apvxdwin0 12APVXDWIN.EXE1 00 71Part of Panda Anti-Virus. Required to enable permanent virus protection29http://www.pandasoftware.com/0
4 8APVXDWIN0 15APVXDWIN.EXE /s211HKEY_LM\Run0 73Panda Antivirus Aplication 4.12.3, Panda Software International. ApVxdWin39http://www.absolutestartup.com/startup/1
4 7Apwheel0 11Apwheel.exe1 00 32Wheel support for an Alps mouse  01
1 6apycxt0 10apycxt.exe1 00 21Unidentified malware! 01
116aq3helperstartup0 12AQ3HEL~1.EXE1 00 76ScreenScenes "Aquatica Water Worlds"  screensaver.  Comes with  GAIN spyware21Aquatica Water Worlds0
1 7aqadcup0 11aqadcup.exe1 00 22Backdoor.Agent.bg worm71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
111aqadcup.exe0 11aqadcup.exe1 00 27Added by the AGENT.BG WORM!71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
1 4aqhm0  8aqhm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7epixowu0 13aqiyutyvo.exe1 00128Added by the W32/Sdbot-UG worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotug.html0
1 6aqkqmd0 10aqkqmd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Ubg0  7Aql.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7aqmxhqv0 11aqmxhqv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Aqujyjax0 12aqujyjax.exe1 00 12Added by the117W32/Sdbot-0
1 7Archive0 11archive.exe1 00 29Added by the Troj-Dloader-GH.59http://www.sophos.com/virusinfo/analyses/trojdloadergh.html0
323shortcut to email saver0 12archiver.exe125StartUp menu\Current user0 85Outlook Express Email Saver 5.01.0055, MazePath Software. Outlook Express Archive Pro39http://www.absolutestartup.com/startup/1
2 4ares0  8ares.exe1 00246Ares is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
2 4ares0 11Ares.exe -h2 00 50Ares for windows 1.9, Ares Development Group. Ares 01
2 8areslite0 12AresLite.exe1 00259Ares Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"39http://www.aresgalaxy.org/download.html0
1 3Bmq0  7Ari.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
123Network Control Manager0  9aries.sys1 00 34Added by the Sony/XCP DRM Rootkit.54http://www.bleepingcomputer.com/forums/topic34904.html0
1 7Aritima0 11aritima.exe1 00 25Added by the ARITIM WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.aritim.html0
219Access Ramp Monitor0 11armon32.exe1 00433Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again 01
220AccessRamp Monitor010 12ARMon32a.exe1 00681From a visitor &quot;Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service.&quot; 01
2 9armor2net0 13Armor2net.exe1 00190Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is considered a rogue anti-spyware app, not recommended see  here52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
118Shedule Connection0 11arpo412.exe1 00101Added by the W32/PPdoor-R worm.  This worms spreads via network shares protected with weak passwords.56http://www.sophos.com/virusinfo/analyses/w32ppdoorr.html0
110MS-Connect0  7arr.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
1 9MS-RunKey0  7arr.exe1 00 27MS-Connect dialler/hijacker 01
124windows security service0  9arrdt.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Win320 11arsetup.exe1 00 36Added by the WIN32.SPAZBOX.A TROJAN! 01
115Windows Monitor0 11arsetup.exe1 00  0 01
3 6ArsSGO0 10ArsSGO.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 6Artera0 12arteraui.exe1 00132Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance27http://www.arteraturbo.com/0
112AdRoarUpdate0 12ARUpdate.exe1 00 21AdRoar adware updater74http://securityresponse.symantec.com/avcenter/venc/data/adware.adroar.html0
215AccessRampLAN010 12ARUpld32.exe1 00683Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 01
1 4arvx0  8arvx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5aryli0  9aryli.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311activespeed0  6AS.exe1 00 41Ascentive  ActiveSpeed Internet Optimizer98http://www.barelyaverage.com/portfolio/html_emails/ascentive/activespeed_biplane/biplane_anim.html0
311ActiveSpeed0  9AS.exe -b2 00 49ActiveSpeed 3.01.0392, Ascentive LLC. ActiveSpeed 01
011gear511.exe0 12AS00_Gear5111 00245Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. is it at all required? 01
4 3asc0  7asc.sys1 00 73AdvanSys SCSI Controller Driver created by Advanced System Products, Inc. 01
4 8asc3350p0 12asc3350p.sys1 00 45Added by Microsoft, AdvanSys SCSI Card Driver 01
4 7asc35500 11asc3550.sys1 00 39SCSI host adapter provided by Microsoft 01
116Microsoft Update0  9ascdl.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
120Configurations Asclt0  9asclt.exe1 00133Added by the W32/Sdbot-MX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmx.html0
1 9REMOVE ME0  9asclt.exe1 00135Added by the W32/Randex-FC worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32randexfc.html0
128Windows Configuration Loader0  9asclt.exe1 00134Added by the W32/Sdbot-OA worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotoa.html0
116LoadPowerProfile0 10ASDAPI.EXE1 00130Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cabro.html0
213ASE Scheduler0 17ASE Scheduler.exe2 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
233aluria\&#039;s spyware eliminator0  7ASE.exe1 00176Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see  here and  here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
228aluria\'s spyware eliminator0  7ASE.exe1 00176Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see  here and  here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
312allseeingeye0  7ase.exe1 00238All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions."34http://www.fortego.com/en/ase.html0
3 8RunAlert0 12AService.exe1 00199a target="_blank" href="http://www.msi.com.tw/program/products/pro_index.php"MSI MOtherboard PC Alert III - MSI motherboard monitoring software. Only required if you &quot;overclock&quot; your system 01
315Spyware Scanner0 14AseScanner.exe1 00174Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here98http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/0
124(random 12 digit number)0 12asferror.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 6msnmsg0  9asgag.exe1 00 57Adware trojan - probably  CoolWebSearch parasite related.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
133Microsoft Synchronization Manager0 10asgard.exe1 00 27Added by the SDBOT.PH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.PH0
4 8ashAvast0 12ashAvast.exe1 00 24Part of  Avast antivirus21http://www.avast.com/0
4 6avast!0 11ashDisp.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
4 6avast!0 11ashDisp.exe111HKEY_LM\Run0 59avast! Antivirus 4, 6, 0, 0, . avast! service GUI component39http://www.absolutestartup.com/startup/1
1 5ASHLT0  9Ashlt.exe1 00 35Adware - leads back to an ad server 01
4 8ashMaiSv0 12ashmaisv.exe1 00 51Part of Avast! anti-virus software - E-mail scanner35http://www.alwil.com/en/default.asp0
4 6Avast!0 11ashserv.exe1 00 26Avast! anti-virus software35http://www.alwil.com/en/default.asp0
418avast! Web Scanner0 12Ashwebsv.exe1 00 16Avast! antivirus42http://www.avast.com/eng/avast_4_home.html0
122windows task scheduler0 11asijdie.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 5load=0 11asistat.exe1 00 45Status monitor for an NEC SuperScript printer 01
3 3ASK0  7ASK.dll1 00126Added by the Spyware.StealthKeylog surveillance software.  If this program was not installed by yourself you should remove it.65http://www.sarc.com/avcenter/venc/data/spyware.stealthkeylog.html0
1 3asl0  9Aslru.exe1 00 53Added by the Troj/Bancos-CU password-stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbancoscu.html0
324Absolute StartUp monitor0  9ASMon.exe1 00 56Absolute Startup - startup monitor from F-Group Software42http://www.fgroupsoft.com/Absolutestartup/0
324Absolute StartUp monitor0  9ASMon.exe111HKEY_LM\Run0 79Absolute Startup Monitor 4, 1, 0, 1, F-Group Software. Absolute StartUp monitor39http://www.absolutestartup.com/startup/1
113ASNFTP daemon0 11AsnFtpd.exe1 00134Added by the W32/Tilebot-AX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotax.html0
211Vortex Tray0 12asp4setp.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12asp4setp.exe1 00  0 01
2 8asp4tray0 12asp4tray.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12asp4tray.exe1 00124System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -&gt; Settings -&gt; Control Panel 01
110nvsv32.exe0 11asr_fnt.exe1 00 30Added by the  WOOTBOT.GE WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GE&VSect=P0
2 8assdll320 12assdll32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
218ExciteAssistantEXE0 13ASSISTANT.EXE1 00160With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open 01
110[not used]0 12assistse.exe1 00 33Added by the Troj/Bravo-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojbravoc.html0
1 8assistse0 12ASSISTSE.EXE1 00 33CnsMin (Chinese_Keywords) related47http://www.pestpatrol.com/PestInfo/C/CnsMin.asp0
1 8assistse0 12assistse.exe111HKEY_LM\Run0 52yahoo AssistSetting 1, 0, 0, 3, yahoo. AssistSetting39http://www.absolutestartup.com/startup/1
110[not used]0 14assistseex.exe1 00 35Added by the Troj/LegMir-BW Trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirbw.html0
110Associates0 14Associates.exe1 00 85Added by the Troj/Lineage-BT information stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagebt.html0
1 3AST0  3AST1 00 48Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS! 01
1 3ast0  7AST.exe1 00 20AutoStarter parasite44http://doxdesk.com/parasite/AutoStartup.html0
1 6AStart0  6AStart1 00 26Added by the VB.AH TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530683220
3 6ASTART0 10astart.exe1 00149ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
316ASUS TweakEnable0 10astart.exe1 00130Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings 01
4 7Avast320 12Astart32.exe1 00 34Part of Avast! anti-virus software35http://www.alwil.com/en/default.asp0
2 6asTray0 10Astray.exe1 00113Voyetra Audio Station - part of Voyetra's  Ultimate MP3 &amp; CD Manager. MP3 and digital music jukebox/organizer42http://www.voyetra.com/site/products/ump3/0
2 5Astro0  9Astro.exe1 00 48Checks for updates to Quicken on a system reboot 01
314Quick Controls0 16Astrotoolbar.exe1 00 49Gateway Astro Screen and Sound Controls tray icon 01
1 4asus0  8asus.exe1 00337Added by the W32/Rbot-OC trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers. This infections logs your keystrokes to a file in your %System% folder called msreg.dll.55http://www.sophos.com/virusinfo/analyses/w32rbotoc.html0
124Asus Motherboard Utility0  8asus.exe1 00 50Added by the W32/Tilebot-ET worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotet.html0
210ASUS Probe0 12AsusProb.exe1 00100ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area 01
111asvhost.exe0 11asvhost.exe1 00 36Added by the  Troj/Icedoor-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojicedoora.html0
211AutoSpell 50 12ASWATC32.EXE1 00 25AutoSpell - spell checker28http://www.spellchecker.com/0
2 5ASWDP0  9ASWDP.exe1 00141MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market51http://www.stevejacksonre.com/mls_pulse_sign_up.htm0
1 5ASWnk0  9aswnk.exe1 00 21Adult content dialler 01
310ActiveTime0 12AT.exe -m -b211HKEY_CU\Run0 36ActiveTime 4.00.0037, Ascentive LLC.39http://www.absolutestartup.com/startup/1
1 8atapidrv0 12atapidrv.exe1 00122Added by the W32/Spybot-SL worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32agobotsl.html0
1 5ATAPl0  9ATAPl.EXE1 00 23Added by W32/Agobot-RH.57http://www.sophos.com/virusinfo/analyses/w32agobotrh.html0
214Atari Launcher0 14Atari icon.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
324The Easy Bee&#039;s Hive0 12ATCEgSvr.exe1 00183The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence 01
319The Easy Bee's Hive0 12ATCEgSvr.exe1 00183The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence 01
312MicroDialler0 14atdialler1.exe1 00115Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered65https://www.freeserve.com/time/anytimereg/migration/?redirect=int0
1 7igamatu0 11atecaca.exe1 00 28Added by the  IRCBOT.R WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.R&VSect=P0
3 5Athan0  9Athan.exe1 00112Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world61http://www.islamasoft.co.uk/products/athan/athansoftware.html0
212@Hoc Toolbar0  9AtHoc.exe1 00 86One-click activated browsing toolbar used by various web-sites. See here for more info62http://siliconvalley.internet.com/news/article.php/3531_4799510
223Switchboard.com Toolbar0  9AtHoc.exe1 00 75Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com27http://www.switchboard.com/0
3 6AtiCwd0 12Ati2cwad.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 12Ati2cwad.exe1 00  0 01
3 8Ati2cwxx0 12Ati2cwxx.exe1 00134For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it  01
3 8atipolab0 12ati2evae.exe1 00 92ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks 01
3 8ATIPOLAB0 12ati2evxx.exe1 00204ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
3 7ATIPOLL0 12ati2evxx.exe1 00204ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces  on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources 01
2 8Ati2mdxx0 12Ati2mdxx.exe1 00 64For ATI video cards. System Tray access to display mode changing 01
313ATIModeChange0 12Ati2mdxx.exe1 00 89System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager 01
313ATIModeChange0 12Ati2mdxx.exe111HKEY_LM\Run0 70ATI 2D Component 4.13.3, ATI Technologies, Inc.. ATI 2D Mode component39http://www.absolutestartup.com/startup/1
3 6AtiPTA0 12Ati2ptxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA0 12Ati2ptxx.exe1 00  0 01
3 8atiptaxx0 12Ati2ptxx.exe1 00253Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -&gt; Settings -&gt; Control Panel -&gt; Display. Some users may need it if they have optimised their settings 01
3 8ATISmart0 12ati2s9ag.exe1 00160ATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings 9SMARTGART0
4 9ATI Smart0 12ati2sgag.exe1 00273This Windows service is used at system boot up to check for system compatability and stability issues for ATI video cards. Also responsible for setting the AGP settings the video card will use.  Unless this is causing a problem we recommend you leave this set as automatic. 01
116ATI VIDEO REGKEY0 11ati2vid.exe1 00 27Added by the SDBOT.UR WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.UR0
1 7rxres320 11ati2vid.exe1 00143Added by the W32/Rbot-FL trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotfl.html0
118Motherboard Config0 11Ati2xxx.exe1 00133Added by the W32/Rbot-AIK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaik.html0
112aticpaxx.exe0 12aticpaxx.exe1 00102A WORM/backdoor Trojan, W32/Rbot-XP will add this, and open the PC to attack by way of an IRC channel.55http://www.sophos.com/virusinfo/analyses/w32rbotxp.html0
3 6AtiCwd0 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 10AtiCwd.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 6AtiCwd0 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
3 8AtiCwd320 12AtiCwd32.exe1 00147This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card 01
113AtiDisplayDrv0 12atidrvxx.exe1 00 66Added by the W32/Rbot-VZ Worm! Found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotvz.html0
216ATI DeviceDetect0 11ATIDtct.EXE1 00 91Utility meant for future use of the ATI TV WONDER™ USB 2.0 video driver and can be disabled 01
223ATI GART Set-up Utility0 11Atigart.exe1 00169Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed 01
2 6AtiKey0 12AtiKey32.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8atipatxx0 12atipatxx.exe1 00 12Added by the21Troj/Small-ED TROJAN!0
117Ati Control Panel0 12atiphexx.EXE1 00144Added by the W32/Rbot-BR trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotbr.html0
1 9aticpanel0 12atiphexx.exe1 00 46Added as result of a  AGOBOT.IL worm infection78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.IL0
3 6AtiPTA0 12Atiptaxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 8AtiPTAAA0 12Atiptaxx.exe1 00  0 01
3 8atiptaxx0 12Atiptaxx.exe1 00241Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start - Settings - Control Panel - Display. Some users may need it if they have optimised their settings 01
3 6ATIPTA0 12atiptaxx.exe111HKEY_LM\Run0 85ATI Desktop Component 6.14.10.4029, ATI Technologies, Inc.. ATI Desktop Control Panel39http://www.absolutestartup.com/startup/1
1 8atiptext0 12atiptext.exe1 00 12Added by the39Troj/Cosiam-A, a proxy TROJAN/backdoor.0
0 6AtiKey0 12atiptkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8epovohot0 10atiqik.exe1 00128Added by the W32/Sdbot-UV worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuv.html0
3 8AtiQiPcl0 12AtiQiPcl.exe1 00119Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's 01
1 6System0  9Atira.exe1 00 26Added by the KOTIRA VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.kotira.html0
114ati rage3d pro0 16AtiRage4dPro.exe1 00 33Added by the  W32/AGOBOT-OG WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotog.html0
418ATI Remote Control0  9ATIRW.exe1 00132Driver for the ATI REMOTE WONDER™ RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it44http://www.ati.com/products/home-office.html0
213ATI Scheduler0 12Atisched.exe1 00305Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -&gt; Programs -&gt; Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see 01
213ATI Scheduler0 12ATISched.EXE111HKEY_CU\Run0 64ATI Multimedia Center 9.02, ATI Technologies Inc.. ATI Scheduler39http://www.absolutestartup.com/startup/1
229ATI Task Application (Atikey)0 11Atitask.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
1 8anything0 10ATITAX.exe1 00121Added by the W32/Forbot-DP worm.  This infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotdp.html0
220ATI Task Application0 11Atitkad.exe1 00149System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start - Settings - Control Panel - Display 01
3 7atitray0 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
312AtiTrayTools0 11atitray.exe1 00 66ATI Tray Tools - allows quick access to ATI graphics card settings 01
124[random 12 digit number]0 12atitvo32.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 9atiupdate0 14ATIUPDATE5.EXE1 00 30Added by the DEBESKI.A TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DEBESKI.A0
1 8atiupdpl0 12atiupdpl.exe1 00 36Added by the  TROJ_SMALL.AOS TROJAN!107http://ae0
110ATIUpdater0 12atiupdxx.exe1 00125Added by the W32/Rbot-ABX. This infection connects to an IRC server on startup where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotabx.html0
1 8ativopen0 12ativopen.exe1 00 34Premium rate adult content dialler 01
3 6ATIX100 10atix10.exe1 00 46ATI Remote Wonder - PC wireless remote control44http://www.ati.com/products/pc/remotewonder/0
3 9Regx10EXE0 10atix10.exe1 00 46ATI Remote Wonder - PC wireless remote control44http://www.ati.com/products/pc/remotewonder/0
115[Various Names]0 14atl_helper.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110atlcontrol0 15atlcontrole.exe1 00 38Added by the Adware.Atlcontrol adware.61http://www.sarc.com/avcenter/venc/data/adware.atlcontrol.html0
115[Various Names]0 15ATLIEHELPER.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
219microAttuneDownload0 12atmdlusr.exe1 00 64USR (US Robotics) modem auto updater. May be a sub-set of Attune 01
110AveoAttune0 12atmdlusr.exe1 00 48Spyware - part of an automated helpdesk software 01
1 7eventss0 10atmpvc.dll1 00 45Identified as Trojan-Downloader.Win32.Delf.lh 01
321Miramar Systems, Inc.0  9atmsg.exe1 00 34Miramar PC/Mac networking software 01
2 7ATnotes0 11atnotes.exe1 00 99Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start - Programs 01
312Atomic Clock0 11AtomClk.exe111HKEY_LM\Run0 68Atomic Clock 8, 0, 0, 0, Provenio Software Corporation. Atomic Clock39http://www.absolutestartup.com/startup/1
310Atomic.exe0 10Atomic.exe1 00 79Atomic Clock Sync - synchronizes your computer's time with the NIST time server44http://www.worldtimeserver.com/atomic-clock/0
2 7Atomica0 11atomica.exe1 00195Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key23http://www.atomica.com/0
111Atomic-x27C0 15AtomicpartC.exe1 00 33c:\windows\system32\mastoer32.dll 01
310AtomicTime0 14ATOMICTIME.EXE1 00 71AtomicTime - utility that synchronizes your PC clock to an atomic clock30http://schmail.com/atomictime/0
110Atomic-x270 14Atomic-x27.exe1 00 33c:\windows\system32\mastoer32.dll 01
3 6Atrack0 10atrack.exe1 00426New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert 01
3 5Atray0  9Atray.exe1 00106Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons32http://www.divcomsoft.com/atray/0
115Distributed TLS0 11attribu.exe1 00134Added by the W32/Sdbot-OE worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotoe.html0
118AttuneClientEngine0 13attune_ce.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
120AttuneContentUpdater0 13attune_cu.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
115AttuneDiscovery0 13attune_di.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
113AttuneSystray0 13attune_st.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
1 7Attunel0 11Attunel.exe1 00 67Spyware - part of an automated helpdesk software called Aveo Attune 01
225Atualizador - Puxa Rápido0 12Atualiza.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6aTuner0 10atuner.exe1 00 52aTuner - tweak tool for GeForce based graphics cards41http://www.3dcenter.de/atuner/index_e.php0
117Microsoft Windows0  4atup1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
317Anti-Trojan-Watch0 11ATWatch.exe1 00 35Anti-Trojan Watch - trojan detector 01
3 8AT-Watch0 11ATWatch.exe1 00  0 01
315asustweakenable0 10ATweak.exe1 00 78Asus Tweaking Utility - for fine tuning the settings of your ASUS display card 01
428Aiptek Graphics Tablet (USB)0 11atwtusb.exe1 00 46USB interface for Aiptek Graphics Tablet (USB) 01
4 7atwtusb0 11atwtusb.exe1 00  0 01
1 6au.exe0  6au.exe1 00 27Added by the BEAGLE.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html0
2 8AUXXTRAY0 12au30setp.exe1 00116System Tray application for Aureal Vortex based soundcards. Can be run manually via Start - Settings - Control Panel 01
210VortexTray0 12au30setp.exe1 00  0 01
1 4auaf0  8auaf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8AU Agent0 11AUagent.exe1 00177Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon46http://www.zilab.com/Products/Au/index_2.shtml0
4 7AUCBPNP0 11aucbnpn.exe1 00140Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot140http://www.ad0
1 8Aucompat0 12Aucompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
3 7audcntr0 11audcntr.exe113Win.ini\[Run]0 131, 0, 0, 4, .39http://www.absolutestartup.com/startup/1
1 7audcntr0 11audcntr.exe1 00 32Added by the  WIN32.GEMA TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=405740
225Telefonverbindungsmonitor0 15audevicemgr.exe122StartUp menu\All users0 93Phone Connection Monitor , Teleca Software Solutions AB. Phone Connection Monitor application39http://www.absolutestartup.com/startup/1
1 9Audiocntl0 13audiocntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 9AudioDeck0 19AudioDeck.exe  -min222StartUp menu\All users0 55AudioDeck???? 1, 0, 0, 1, . AudioDeck Microsoft ???????39http://www.absolutestartup.com/startup/1
1 8audiodrv0 12audiodrv.exe1 00 31Added by the  CRYPTER-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 8audioinf0 12audioinf.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7Printer0 12auditchk.exe1 00 48Added by the W32/Rbot-BPE worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbpe.html0
1 8nodriver0 11AUEKXRZ.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
1 6AUNPS20 10AUNPS2.DLL1 00 38AlwaysUpdatedNews.com parasite related 01
111Auto Update0  7AUP.exe1 00 42Added by an unididentified WORM or TROJAN! 01
110MS Updates0  8aupd.exe1 00 22Spyware web downloader 01
111AutoUpdater0 11aupdate.exe1 00 33Aupdate, Tinybar variant. Spyware44http://www.doxdesk.com/parasite/TinyBar.html0
112Auto Updater0 12aupdater.exe1 00134Added by the Troj/Sdbot-LH worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotlh.html0
410[not used]0 13AUserInit.exe1 00225Added by Curtains for Windows.  Removing this file bWILL/b cause your computer to have problems starting.  You should contact Authentium for the proper removal procedure.  Unknown as to what function it plays in this program.47http://www.authentium.com/products/curtains.htm0
1 9ASDPLUGIN0 11Austria.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 5ausvc0  9ausvc.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
314curtainssyssvc0 10AuthSL.exe1 00228Security Manager - part of a ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private. 01
316authconsolestart0 13AuthStart.exe1 00  0 01
1 5authz0  9authz.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
127autoloaderenvoloautoupdater0 22auto_update_loader.exe1 00 34Envolo/AproposMedia adware updater65http://www.securemost.com/articles/trou_3_remove_aproposmedia.htm0
316erunt autobackup0 12AUTOBACK.EXE1 00190ERUNT backup utility - when added to the user's startup folder automatically backs up the registry  each time the system boots, resulting in numerous backups that can be restored if desired.50http://www.larshederer.homepage.t-online.de/erunt/0
316ERUNT AutoBackup0 84AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
310AutoBackup0 14AutoBackup.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7Autobar0 11autobar.exe1 00 80Connect buttons on the keyboard for internet direct access, etc. on HP computers 01
310ConfigSafe0 11AUTOCHK.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
3 7autoclk0 11autoclk.exe111HKEY_LM\Run0 57autoclk Application 1, 0, 0, 1, . autoclk MFC Application39http://www.absolutestartup.com/startup/1
1 7autoclk0 11autoclk.exe1 00 28Identified as Troj.AutoClick 01
311AutoConnect0 15AutoConnect.exe111HKEY_CU\Run0 47AutoConnect 1.0.0.0, http://autoconnect.prv.pl.39http://www.absolutestartup.com/startup/1
323XTNDConnect PC - 3CmPlm0 11Autodet.exe1 00 88Component of EasySync Pro. Synchronisation between Palm PDAs&nbsp; and Microsoft Outlook15#EasySync%20Pro0
124[random 12 digit number]0 12autodisc.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
119Windows Data Server0 12autodisc.exe1 00 28Added by the SPYBOT-CB WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcb.html0
138{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}0 14autodisc32.dll1 00164A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}/b.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
2 7regedit0 11autoexe.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7AUTOEXE0 11AUTOEXE.exe1 00 12Added by the143W32/Semapi-A.0
1 6chkdsk0 12autoexec.bat1 00 24Added by the ANPES WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.anpes@mm.html0
1 3run0 12Autoexec.com1 00 31ml" target=_blankHOLCAS.A WORM! 01
1 5lsass0 12autoexec.exe1 00 49Added by the W32/Sdbot-AFN worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotafn.html0
317Extranet AutoDial0 11AutoExt.exe1 00 53Nortel Networks Contivity Extranet Switching Software 01
232Drag&#039;n&#039;Drop_Autolaunch0 14Autolaunch.exe1 00 39Iomega HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
222Drag'n'Drop_Autolaunch0 14Autolaunch.exe1 00 39Iomega HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
222Drag'n'Drop_Autolaunch0 14Autolaunch.exe1 00 74Iomega HotBurn 1.0, Iomega Corporation. Iomega HotBurn Auto Launch Program 01
220dragndrop_autolaunch0 14Autolaunch.exe1 00 39Iomega_HotBurn - CD-RW burning software47http://www.iomega.com/hotburn/hotburn_main.html0
221AutoMate Task Service0 12automate.exe1 00129Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start - Programs22http://www.unisyn.com/0
116Microsoft Update0 13automgr32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 9AutoMixer0 11AutoMix.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
1 9adstartup0 12automove.exe1 00 22Adlogix adware variant51http://www.spywareguide.com/product_show.php?id=7910
121Win32 Ms Auto Updater0 13AutomsUPD.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9Autopdate0 13Autopdate.exe1 00134Added by the W32/Rbot-AGL worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagl.html0
1 7regrunm0 15autoprotect.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 9MaxtorReg0 11AUTOREG.EXE1 00166Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of37http://www.netsizzle.net/sysagent.asp0
111TANG_INA_MO0 11AutoRun.bat1 00 46Added by the W32.Filukin.A@ mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.filukin.a@mm.html#technicaldetails0
212QBCD autorun0 11autorun.exe1 00 14Quick Books CD 01
1 7windump0 14autosearch.dll1 00 43Added by the Adware.YellowPages search bar.62http://www.sarc.com/avcenter/venc/data/adware.yellowpages.html0
3 9AutoSizer0 13AUTOSIZER.EXE1 00 76AutoSizer - utility that automatically maximizes windows when they're opened36http://www.southbaypc.com/AutoSizer/0
2 9autospell0 12autospel.exe1 00 39AutoSpell - spell checker (version 6.*)28http://www.spellchecker.com/0
221HP JetSpeed Autostart0 13AUTOSTART.EXE1 00 61Autostart executable for the old multiplayer game HP Jetspeed 01
312Tweak-XP Pro0 13autostart.exe111HKEY_CU\Run0 90Tweak-XP Pro 3.00, Totalidea Software, Germany, New Zealand. CPL Launcher for Tweak-XP Pro39http://www.absolutestartup.com/startup/1
210Auto T Bar0 12autotbar.exe1 00140If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled 01
2 8autotbar0 12autotbar.exe1 00  0 01
2 8AutoTKit0 12AUTOTKIT.EXE1 00142On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled 01
1 7autoupd0 11autoupd.exe1 00 84Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name 01
312ATTRedUpdate0 14AutoUpdate.exe1 00242Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates 01
311AutoUpdater0 14AutoUpdate.exe1 00 22PeopleonPage foistware48http://www.pchell.com/support/peopleonpage.shtml0
225Mobilt modem Update Agent0 18autoupdate_srv.exe122StartUp menu\All users0 47Alice Connect 1.40, Alice Systems AB. AUP Agent39http://www.absolutestartup.com/startup/1
112autoupdatev20 16autoupdatev2.exe1 00 44Added by the Troj/Dropper-BM dropper Trojan.59http://www.sophos.com/virusinfo/analyses/trojdropperbm.html0
1 7aux.exe0  7aux.exe1 00 25Added by the ZINS TROJAN!61http://www.symantec.com/avcenter/venc/data/backdoor.zins.html0
114auxAudioDevice0  9aux32.exe1 00 23Added by the AIZU WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.aizu.html0
1 9Antivirus0  6av.exe1 00 63Added by the SINKIN TROJAN! Resets IE start page to realphx.com74http://securityresponse.symantec.com/avcenter/venc/data/trojan.sinkin.html0
122icrosof Avps32 Control0  8av32.pif1 00132Added by the W32/Rbot-AVC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavc.html0
123AVP update interface A60  8avA6.sys1 00 33Added by the Troj/Hanlo-B Trojan.56http://www.sophos.com/virusinfo/analyses/trojhanlob.html0
120sunjavasched updater0  9avamx.exe1 00 32Added by the  W32/RBOT-ABJ WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotabj.html0
1 6MSInfo0 10AVBgle.exe1 00 27Added by the NETSKY.O WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.o@mm.html0
312AvconsoleEXE0 12Avconsol.exe1 00151From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it 01
442TrustPortAntivirusDriverNotificationHelper0 10avdnax.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
420TrendMicro Antivirus0 12Aveagent.exe1 00 13Virus scanner 01
3 6TeleSA0 10AVerSA.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 4avft0  8avft.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
410AVG7_AMSVR0 12Avgamsvr.exe1 00 21AVG antivirus related23http://www.grisoft.com/0
412avgamsvr.exe0 12Avgamsvr.exe1 00 21AVG antivirus related23http://www.grisoft.com/0
4 7AVG7_CC0 19avgcc.exe  /STARTUP2 00 68AVG Anti-Virus System 7.1.0.355, GRISOFT, s.r.o.. AVG Control Center 01
4 7AVG7_CC0  9AVGCC.exe1 00119AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates23http://www.grisoft.com/0
4 7AVG7_CC0 18avgcc.exe /STARTUP211HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.318, GRISOFT, s.r.o.. AVG Control Center39http://www.absolutestartup.com/startup/1
4 6AVG_CC0 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 7avgcc320 11avgcc32.exe1 00105AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates23http://www.grisoft.com/0
4 7AVGCtrl0 11AVGCTRL.EXE1 00144Background task of the a target="_blank" href="http://www.hbedv.com/"AntiVir antivirus program which scans files transparently in the background 01
4 7AVG_EMC0 10AVGEMC.exe1 00  023http://www.grisoft.com/0
4 8AVG7_EMC0 10AVGEMC.exe1 00 79AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses23http://www.grisoft.com/0
4 8AVG7_EMC0 10avgemc.exe111HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.320, GRISOFT, s.r.o.. AVG E-Mail Scanner39http://www.absolutestartup.com/startup/1
4 8AVG7_EMC0 10avgemc.exe111HKEY_LM\Run0 68AVG Anti-Virus System 7.0.0.320, GRISOFT, s.r.o.. AVG E-Mail Scanner39http://www.absolutestartup.com/startup/1
411avgmsvr.exe0 11avgmsvr.exe1 00 26AVG Anti-Virus 7.0 related23http://www.grisoft.com/0
4 7avgctrl0  9AVGNT.EXE1 00  021http://www.hbedv.com/0
4 7avguard0  9AVGNT.EXE1 00 99Background task of the  AntiVir antivirus program which scans files transparently in the background25http://antivir-pe.com/en/0
4 7AVGCtrl0 14AVGNT.EXE /min211HKEY_LM\Run0100AntiVir Guard Control Program 6.30.00.01, H+BEDV Datentechnik GmbH. AntiVir Guard/XP Control Program39http://www.absolutestartup.com/startup/1
414AVG_RegCleaner0 12AVGREGCL.exe1 00111AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems23http://www.grisoft.com/0
412Avgserv9.exe0 12Avgserv9.exe1 00 35AVG antivirus background monitoring23http://www.grisoft.com/0
124Special Firewall Service0 11avguard.exe1 00 27Added by the NETSKY.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.g@mm.html0
419AVG7 Update Service0 12avgupsvc.exe1 00 75Used by the AVG 7 Antivirus program to keep your definitions up to do date. 01
4 8AVG7_Run0  8avgw.exe1 00 26AVG Anti-Virus 7.0 related23http://www.grisoft.com/0
4 8AVG7_Run0 17avgw.exe /RUNONCE2 00 57AVG Anti-Virus System 7.1.0.351, GRISOFT, s.r.o.. AVG 7.0 01
1 8avicap320 12avicap32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
124[random 12 digit number]0 12avifile5.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 6Avimgt0 10Avimgt.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Avimgt320 12Avimgt32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
4 6avinit0 12AVINIT9X.EXE1 00 25Command antivirus related47http://www.authentium.com/products/avmatrix.htm0
112VirusCheckII0 11AVIRCHK.EXE1 00 27Added by the DASMIN TROJAN!62http://www.esecurityplanet.com/alerts/article.php/1031_15721610
1 6avirex0 10avirex.exe1 00 47Added by the Troj/Dloader-NR trojan downloader.59http://www.sophos.com/virusinfo/analyses/trojdloadernr.html0
2 6AVKBar0 10AVKBar.exe111HKEY_CU\Run0 431, 0, 0, 5 http://www.gdata.pl, 1, 0, 0, 4.39http://www.absolutestartup.com/startup/1
4 6avkbar0 10AVKBar.exe1 00 30GData  AntiVirusKit Anti-virus45http://www.gdata.de/trade/productview/488/16/0
316AVK Mail Checker0 10AVKPOP.EXE111HKEY_LM\Run0 55AVK 3, 0, 2, 0, G DATA Software AG. AVK POP3/IMAP Proxy39http://www.absolutestartup.com/startup/1
416avk mail checker0 10AVKPop.exe1 00 36eXtendia AVK AntiVirus email checker66http://www.boomerangsoftware.com/Products/AntiVirus/AVKProInfo.htm0
315eScan Scheduler0 11avkserv.exe1 00 25eScan antivirus scheduler45http://www.mspl.net/antivirus/escan/escan.asp0
413eScan Monitor0 13AVKWCTL9X.EXE1 00 15eScan antivirus45http://www.mspl.net/antivirus/escan/escan.asp0
4 8AvMaiSrv0 12Avmaisrv.exe1 00 51Part of Avast! anti-virus software - E-mail scanner35http://www.alwil.com/en/default.asp0
311AVMBLUEOBEX0 34AvmObex.exe -pushclient -ftpclient211HKEY_LM\Run0 201.0.8.0, AVM Berlin.39http://www.absolutestartup.com/startup/1
1 3avc0  9avmon.exe1 00 32Added by an unidentified TROJAN! 01
1 4avnt0  8avnt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 4TlcR0  7avp.exe1 00  2?? 01
1 6hagent0  7avp.exe1 00 49Added by the "Herman Agent" remote access TROJAN! 01
1 7Desktop0 30avpcc.dll,Restore ControlPanel2 00 46Added by the Troj/StartPa-ES startpage Trojan. 01
4 5avpcc0  9avpcc.exe1 00 25Kaspersky Labs anti-virus25http://www.kaspersky.com/0
1 6avpe320 10avpe32.dll1 00 22Win32/Haxdoor Variant. 01
115TCPIP2 Kernel320 10avpe64.sys1 00 37Added by the Troj/Haxdoor-AP rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorap.html0
116Win32 Usb Driver0  8AvpG.exe1 00 33Added by the  W32/FORBOT-BX WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbx.html0
1 4MyAV0 12avpguard.exe1 00 27Added by the NETSKY.J WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.j@mm.html0
4 4avpm0  8avpm.exe1 00 19Kaspersky antivirus 01
115[Various Names]0 13avpmondll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313eScan Monitor0 12AVPMWrap.EXE111HKEY_LM\Run0 61eScan for Windows 2.6, MicroWorld Technologies Inc.. AVPMWrap39http://www.absolutestartup.com/startup/1
1 4Avpr0  8avpr.exe1 00 28Added by the MYDOOM.AF WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.af@mm.html0
1 9HtProtect0 13AVprotect.exe1 00 27Added by the NETSKY.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.l@mm.html0
1119xHtProtect0 15AVprotect9x.exe1 00 27Added by the NETSKY.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.m@mm.html0
1 6avpu320 10avpu32.dll1 00 91Added by the Troj/Haxdoor-ED Trojan. The rootkit logs the keypress in the file klogini.dll.59http://www.sophos.com/virusinfo/analyses/trojhaxdoored.html0
114TCPIP Kernel320 10avpu32.sys1 00 84Added by the Troj/Haxdoor-ED. The rootkit logs the keypress in the file klogini.dll.59http://www.sophos.com/virusinfo/analyses/trojhaxdoored.html0
113TCPIP2 Kernel0 10avpu64.sys1 00 36Added by the Troj/Haxdoor-AM Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdooram.html0
122icrosoftf Avpx Control0  8avpx.exe1 00132Added by the W32/Rbot-AYN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotayn.html0
1 6avpx320 10avpx32.dll1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
1 8AVPX TCP0 10AVPX32.SYS1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
110AVPX64 TCP0 10AVPX64.SYS1 00116Added by the Troj/Haxdoor-Y backdoor trojan.  This infection uses rootkit technology to hide itself from being seen.58http://www.sophos.com/virusinfo/analyses/trojhaxdoory.html0
317vzremotecommander0 12AvRmtCtr.exe1 00169Related to Sony's VAIO Zone Remote Commander. A non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. 01
111Wlan Driver0 10avscan.exe1 00 29Added by the WOOTBOT.DH WORM!109http://de0
4 9AVSCHED320 13AVSched32.exe1 00 30AntiVir anti-virus from H+BDEV21http://www.hbedv.com/0
4 9AVSCHED320 18AVSCHED32.EXE /min2 00 57AVSched32 6.32.00.00, H+BEDV Datentechnik GmbH. AVSched32 01
111avserve.exe0 11avserve.exe1 00 25Added by the SASSER WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html0
112avserve2.exe0 12avserve2.exe1 00 40Added by the SASSER.B or SASSER.C WORMS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html0
112avserve3.exe0 12avserve3.exe1 00 27Added by the SASSER.G WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html0
422McAfeeVirusScanService0 12Avsynmgr.exe1 00196From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application 01
1 9MSMcAfeee0 15Avsynmgr32e.exe1 00 27Added by the FRAMAR TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.framar.html0
1 9MSMcAfeeh0 15Avsynmgr32h.exe1 00 27Added by the FRANGO TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.frango.html0
1 9MSMcAfeeS0 15Avsynmgr32S.exe1 00 39Added by the VOLAC or VOLAC.DR TROJANS!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.html0
2 6Avtray0 10Avtray.exe1 00 27Command Antivirus tray icon53http://www.command.co.uk/html/products/csav/index.cfm0
1 5Swf320 12AVupdate.exe1 00 25Added by the MERKUR WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.merkur.e@mm.html0
129AVupdate service interface X20 13avupdate2.sys1 00 44Added by the Troj/Hanlo-A downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojhanloa.html0
410AntiVir XP0  9AVwin.exe1 00 17AntiVir antivirus23http://www.free-av.com/0
3 8AVWLPSTA0 12AVWLPSTA.exe1 00352PRISM Status Tray Applet. This is a Prism wireless network applet designed to scan for wireless access points and connect to them.  It is often furnished with notebook computers featuring built-in wireless networking.  It is a very handy tool, and functionally superior in many ways to XP's equivalent interface, though much less attractive to the eye. 01
3 8AVWUpd320 12AVWUPD32.EXE1 00 48AntiVir updater. Useful, but can be run manually21http://www.hbedv.com/0
4 6avxlni0 11avxinit.exe1 00 53Anti-virus part of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
413BullGuardInit0 11AVXINIT.EXE1 00 28Part of  Bullguard antivirus25http://www.bullguard.com/0
316BullGuard Update0 11avxlive.exe1 00 88Part of  Bullguard antivirus. Leave enabled unless you manually update virus definitions25http://www.bullguard.com/0
4 7Avxlive0 11avxlive.exe1 00 34Bullguard or BitDefender antivirus25http://www.bullguard.com/0
415bitdefenderlive0 11avxlive.exe1 00 50Main program of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
1 4Surs0  8awab.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
3 6AWatch0 10Awatch.exe1 00119Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products. 01
1 6AWatch0 10Awatch.exe1 00 45ADSLWatch 3.05.09.2001, AVM Berlin. ADSLWatch 01
1 6Awatch0 10Awatch.exe1 00 32Fritz!_DSL ISP software related.73http://www.avm.de/de/Service/AVM_Service_Portale/FRITZCard_DSL/index.php30
1 5aweyj0  9aweyj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8awhost320 12awhost32.exe1 00267Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended72http://enterprisesecurity.symantec.com/products/products.cfm?productID=20
115[Various Names]0 11awinrar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6awuoea0 10awuoea.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
012awusgsta.exe0 12AWUSGSTA.exe1 00 69Reportedly related to a USB Wifi Adapter - is it required at startup? 01
1 5awvvv0  8awvvv.dl1 00 35Added by the Troj/ConHook-H Trojan.58http://www.sophos.com/virusinfo/analyses/trojconhookh.html0
3 9awxdtools0 28awxDTools.dll,awxRegisterDll1 00168AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools. (i.e.: *.cue, *.iso, *.ccd ...)34http://www.hbreitner.de/awxdtools/0
1 7sdktemp0 12axdcfasb.exe1 00 49Added by the W32/Sdbot-AGI worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagi.html0
114MSUpdateDevKit0  8axfd.exe1 00266Added by the W32/Sdbot-ZD.     When started this infection connects to an IRC server where it waits for remote commands, trying to download and run files from the internet, steal CD game keys, participate in denial-of-service (DoS) attacks and delete network shares.56http://www.sophos.com/virusinfo/analyses/w32sdbotzd.html0
1 5axuqe0  9axuqe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8axuygwvh0 12axuygwvh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ayclljh0 11ayclljh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ayrigo0 10ayrigo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213Desktop Plant0 12AZARE10S.PLT1 00102Vritual plant from here - this version is an Azalea, there are others so the filename may be different40http://www.desksoft.com/DesktopPlant.htm0
4 7azmodem0  9azexe.exe1 00 24Aztech_Labs modem driver22http://www.aztech.com/0
1 5b.exe0  5b.exe1 00 44Added by the W32/Sdbot-XK WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32sdbotxk.html0
110[not used]0  8b0ff.exe1 00 51Added by the W32/Protorid-AF worm and IRC backdoor.59http://www.sophos.com/virusinfo/analyses/w32protoridaf.html0
114System Service0 11b4db0yz.exe1 00 48Added by the W32/Rbot-CLO worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotclo.html0
3 2b90  6B9.exe1 00304FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. &quot;Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run&quot;84http://www.firetrust.com/products/benign/?PHPSESSID=b60bb4b6eb22115639c465d6f606b7880
214Babylon Client0 11Babylon.exe1 00214a href=http://www.babylon.com/"  rel="nofollow" target="_blank"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on" 01
218Babylon Translator0 11Babylon.exe1 00166&quot;Babylon-Pro is a powerful information tool that instantly provides relevant information, translations &amp; conversions for any word or value you click on&quot;23http://www.babylon.com/0
218Babylon Translator0 11Babylon.exe1 00 56Babylon 4.0.5.13, Babylon Ltd.. Babylon Information Tool 01
214Babylon Client0 22Babylon.exe -AutoStart211HKEY_LM\Run0 63Babylon Client 5.0.0.78, Babylon Ltd.. Babylon Information Tool39http://www.absolutestartup.com/startup/1
1 8Services0 25back32.exe ...service.exe2 00130Added by an unidentified VIRUS, WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe 01
115[Various Names]0  9backd.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5runbd0 12backdrop.exe1 00 75MyBackDrop - is or bundles a  GoGotools adware variant. See  privacy_policy26http://www.mybackdrop.com/0
019CPQ BackWeb Monitor0 12BackMon2.exe1 00 57Installed by certain Compaq computers. Is this necessary" 01
115[various names]0 12backorif.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
229Timed Backups Manager Startup0 12BACKTIME.EXE1 00 29Backup Plus - backup software26http://www.backupplus.net/0
416Data Deposit Box0 10backup.exe1 00 74Required for the online backup services from the Data Deposit Box service.30http://www.datadepositbox.com/0
114Backup Service0 10backup.svc1 00 19Unidentified adware 01
012BackupNotify0 16backupnotify.exe1 00 27HP Digital Imaging related. 01
312BackupNotify0 16backupnotify.exe111HKEY_CU\Run0 181.0.1268.24163,  .39http://www.absolutestartup.com/startup/1
1 9MSbackups0 11backups.exe1 00 40Added by the Troj/Banload-TL downloader.59http://www.sophos.com/virusinfo/analyses/trojbanloadtl.html0
122system backup services0 13backups32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
214Data LifeGuard0 12BACKWE~1.EXE1 00 75Data LifeGuard diagnostic tools for Western Digital's series of hard drives 01
2 9ActivSurf0 16backweb*****.exe1 00105Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates 01
222Kodak Software Updater0 16backweb*****.exe1 00 52Software updater for Kodak Easyshare digital cameras65http://www.kodak.com/global/en/digital/easyShare/indexFlash.jhtml0
215Updates from HP0 16backweb*****.exe1 00100Automatically detects an internet connection and downloads any available updates - * is random digit 01
2 7BackWeb0 11backweb.exe1 00221Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start - Programs 01
1 9hp center0 18BACKWEB-137903.exe1 00402Based upon HP's own description from here - "With the My abbr title=Hewlett-PackardHP/abbr Center, consumers have access directly from the desktop to Internet sites featuring special offers for abbr title=Hewlett-PackardHP/abbr customers ranging from personal finance and shopping to digital imaging and music" I have classified this as adware. The number may change - if yours is different let me know52http://www.hp.com/hpinfo/newsroom/press/12oct01a.htm0
215Updates from HP0 27BackWeb-137903.exe -startup222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
2 3LDM0 19backweb-8876480.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
226Logitech Desktop Messenger0 19backweb-8876480.exe1 00  0 01
2 3LDM0 19BackWeb-8876480.exe111HKEY_CU\Run0 71Logitech Desktop Messenger 1.4.50, Logitech. Logitech Desktop Messenger39http://www.absolutestartup.com/startup/1
2 8Backwork0 12Backwork.exe1 00 24Backwork trojan detector47http://www.framework.nl/backwork/eng/index.html0
3 7BACPI100 12bacpi10a.exe1 00196Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray 01
2 8bacstray0 12BacsTray.exe1 00 76BacsTray Application 6, 13, 0, 0, Broadcom Corporation. BacsTray Application 01
2 8BacsTray0 12BacsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
1 7BADDATE0 11BADDATE.EXE1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
111badgers.exe0 11badgers.exe1 00 32Added by the W32/Badgrad-B worm.57http://www.sophos.com/virusinfo/analyses/w32badgradb.html0
113badgers_s.exe0 13badgers_s.exe1 00 32Added by the W32/Badgrad-A worm.57http://www.sophos.com/virusinfo/analyses/w32badgrada.html0
225Quicken Scheduled Updates0 10bagent.exe1 00 37Quicken background downloading module 01
128Microsoft Personal Firewalls0  8bakw.exe1 00 26Added by the RBOT-KS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotks.html0
132Windows Service Pack Auto Update0 10ballin.exe1 00 40Added by an unidentified WORM or TROJAN! 01
411HorngTech4D0 11bally4d.exe1 00 25HorngTech 4D mouse driver 01
1 9WIN32SNDS0  8banc.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6Spees30 30Banda!, Podre!! and speedy.pif2 00 32Added by the W32/Opaserv-V worm.57http://www.sophos.com/virusinfo/analyses/w32opaservv.html0
221Bandwidth Monitor Pro0 25Bandwidth Monitor Pro.exe2 00113Bandwidth Monitor Pro is a utility that monitors and keeps track of the bandwidth usage of your network adapters.27www.bandwidthmonitorpro.com0
1 9banmanpro0 13banmanpro.exe1 00 36Added by the Troj/Clicker-BL Trojan.59http://www.sophos.com/virusinfo/analyses/trojclickerbl.html0
318Banpopup by Pratik0 12Banpopup.exe1 00 23Banpopup - popup killer36http://www33.brinkster.com/banpopup/0
1 7fuklbar0  7bar.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 3wow0  7bar.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 8bargains0 16bargainbuddy.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
1 8Bargains0 12bargains.exe1 00  0 01
1 8bargains0 12bargains.exe1 00  059http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
1 8BullsEye0 12bargains.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
116BullsEye Network0 12bargains.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
115[Various Names]0 10barint.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8BarTheme0 13bartent32.exe1 00133Added by the W32/Agobot-UG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotug.html0
2 9bascstray0 13BascsTray.exe1 00141Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems 01
112WinSetBrowse0 19BasicUpdate.dll.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
025POS-Partnerbatchprocessor0  9BATCH.EXE1 00148VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start - Programs or a manually created shortcut? 01
325POS-Partnerbatchprocessor0  9BATCH.EXE1 00148VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start - Programs or a manually created shortcut? 01
3 5BATCH0  9batch.exe111HKEY_LM\Run0103Batch File Creation Utility 1.01.0002, Chris' Software. Batch File Creation Util. www.chrissoftware.com39http://www.absolutestartup.com/startup/1
2 9BMMMONWND0 32BatInfEx.dll,BMMAutonomicMonitor111HKEY_LM\Run0117Système d'exploitation Microsoft® Windows® 5.1.2600.0, Microsoft Corporation. Exécuter une DLL en tant qu'application39http://www.absolutestartup.com/startup/1
124[random 12 digit number]0 12batmeter.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
313Battery Scope0 10batmgr.exe1 00 47Monitors battery levels on a notebook/laptop PC 01
1 6BatSrv0 12batserv2.exe1 00104Added by the WORM_LOCKSKY.T mass-mailing worm.  This infetion also creates the file C:\Windows\SYSC.EXE.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FLOCKSKY%2ET&VSect=T0
315Battery Doubler0 19Battery Doubler.exe2 00159Battery Doubler can double your battery's autonomy with little to no concessions. Install Battery Doubler, unplug AC power and experience total laptop freedom!52http://www.dachshundsoftware.com/bdoubler/index.html0
310BatteryBar0 14batterybar.exe1 00 85BatteryBar - displays battery usage, and the current percentage of battery power left45http://www.nistech.com/BatteryBar/Default.htm0
310Power_Gear0 15BatteryLife.exe1 00 63Power management for all Asus notebook. Useful but not critical 01
310Power_Gear0 17BatteryLife.exe 12 00 62BatteryLife 1043, 3, 6, 15, ASUSTeK Computer Inc.. BatteryLife 01
121Critical Update Check0 13battlenet.exe1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
1 8BatzBack0 12BatzBack.scr1 00 26Added by the BACKZAT WORM!64http://www.symantec.com/avcenter/venc/data/w32.backzat.worm.html0
3 5BAUSB0  9BAUSB.exe1 00 34Boston Acoustics Audio, USB driver 01
1 7bawindo0 11bawindo.exe1 00 42Added by the BEAGLE.AR or BEAGLE.AU WORMS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ar@mm.html0
3 7Bayswap0 11bayswap.exe1 00161Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices 01
139Generic Host Process for Win32 Services0  9bazzi.exe1 00197Added by the W32/Ahker-E WORM, from an email attachment. First added to the Startup folder as BADO.EXE and MICHO.EXE, it copies itself to bazzi.exe.  Uses P2P to spread, and modifies the HOST file.55http://www.sophos.com/virusinfo/analyses/w32ahkere.html0
121Microsoft AntiSpyware0  9Bazzi.exe1 00 43Added by the W32/Ahker-J mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32ahkerj.html0
113win32 service0  9bazzi.exe1 00 27Added by the  AHKER.E WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKER.E&VSect=T0
3 9BBCTicker0 13BBCTicker.exe125StartUp menu\Current user0 38BBC Ticker 1, 0, 1, 7, BBC. BBC Ticker39http://www.absolutestartup.com/startup/1
113d3dupdate.exe0 11bbeagle.exe1 00 27Added by the BEAGLE.A WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html0
123Bron-Spizaetus-cfgmktoq0 16bbm-qotkmgfc.exe1 00 32Added by the W32/Brontok-M worm.57http://www.sophos.com/virusinfo/analyses/w32brontokm.html0
123Bron-Spizaetus-cfgmmnru0 16bbm-urnmmgfc.exe1 00 32Added by the W32/Brontok-N worm.57http://www.sophos.com/virusinfo/analyses/w32brontokn.html0
1 3Boo0  7Bbn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5bbnrk0  9bbnrk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Kernel0  8bboy.exe1 00 25Added by the MUMU.B WORM!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MUMU.B0
1 9gdagdgajs0  9bbsbw.exe1 00132Added by the W32/Sdbot-QXworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotqx.html0
2 9bbSysTray0 13bbSysTray.exe1 00159Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions" 01
3 4bbui0  8bbui.exe1 00 86AOL DSL status monitor displaying a red/green icon indicating if you have a connection 01
216Broadband Wizard0  9bbwiz.exe1 00152Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start - Programs31http://www.broadbandwizard.net/0
3 3bca0  7bca.exe1 00 58BeClean Agent - registry, history, temp files, etc cleaner 01
1 150 11BCColor.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
3 8BCDetect0 12bcdetect.exe1 00184Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see 01
1 7bcfjwqw0 11bcfjwqw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 110  9BCHal.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
1 130 10BCInfo.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
4 8BCMDMMSG0 12bcmdmmsg.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
328broadcom wireless manager ui0 12bcmntray.exe1 00159Related to  Broadcom_Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems.24http://www.broadcom.com/0
1 140  9BCMon.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
4 8BCMSMMSG0 12BCMSMMSG.exe1 00 75BCM voicemodem driver. Required for dial-up if you have one of these modems 01
4 8BCMSMMSG0 12BCMSMMSG.exe111HKEY_LM\Run0100BCM Modem Messaging Applet  3.5.25 08/27/2003 20:04:35, Broadcom Corporation. Modem Messaging Applet39http://www.absolutestartup.com/startup/1
3 8bcmwltry0 12bcmwltry.exe1 00 50Broadcom Corporation Wireless Network Tray Applet. 01
2 4BCNT0  8bcnt.exe1 00 40AWS Weatherbug related. What does it do?39http://www.weatherbug.com/aws/index.asp0
1 4BCPC0  8bcpc.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 6bcpc_c0 10bcpc_c.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 2200 10BCPref.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
1 4Breg0  8bcre.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
111LoadDBackUp0 10BcTool.exe1 00 23Added by the GIBE WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html0
3 7BCTweak0 11bctweak.exe1 00171BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings 01
1 6bcuuyw0 10bcuuyw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Bcvsrv320 12bcvsrv32.exe1 00 48Added by the GAOBOT.BQJ or  W32/Agobot-RY worms.75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html0
2 8BCWipeTM0 12bcwipetm.exe1 00186BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed22http://www.jetico.com/0
130Spplication Layer Gateway Serv0  7BDC.exe1 00 45Added by the Troj/GrayBrd-AV backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdav.html0
1 3b3d0 20BDEsecureinstall.exe1 00348B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -&gt; Settings -&gt; Control Panel -&gt; Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\\Windows\\System. (3) Disable and ideally delete it from the registry. (4) Remove the &quot;BDE&quot; directory and all its contents43http://www.kazaa.com/en/privacy/bundles.htm0
422BitDefender Live! Init0 10bdinit.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
1 7bdkrhqm0 11bdkrhqm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 6BDMCon0 10Bdmcon.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
4 6BDMCon0 10bdmcon.exe111HKEY_LM\Run0 69BitDefender 8 8.1.0.0, SOFTWIN S.R.L.. BitDefender Management Console39http://www.absolutestartup.com/startup/1
411BDNewsAgent0 12bdnagent.exe1 00 31BitDefender antivirus - updater27http://www.bitdefender.com/0
4 7BDOESRV0 11bdoesrv.exe1 00 36Bitdefender 8 antivirus and firewall55http://www.bitdefender.com/bd/site/products.php?p_id=250
110[not used]0 10Bdsf32.scr1 00 28Added by Backdoor.RemoteSOB.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.remotesob.html0
423BitDefender Scan Server0  8bdss.exe1 00 21BitDefender antivirus46http://www.bitdefender.com/press/ref100203.php0
413BDSwitchAgent0 12bdswitch.exe1 00 36Bitdefender 8 antivirus and firewall55http://www.bitdefender.com/bd/site/products.php?p_id=250
1 8bdvumpdx0 12bdvumpdx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6bdwoye0 10bdwoye.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Bunx0 10beagle.exe1 00 53Added by the  W32/Lebreat-E worm and backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/w32lebreate.html0
2 9BearShare0 13bearshare.exe1 00 75BearShare file sharing client. Versions known to include spyware - see here25http://www.bearshare.com/0
2 9BearShare0 20BearShare.exe /pause211HKEY_LM\Run0 44BearShare 4.7.2, Free Peers, Inc.. BearShare39http://www.absolutestartup.com/startup/1
322beatnik internet clock0 11BeatNik.exe1 00140BeatNik_Internet_Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with the atomic clock.23http://www.somedec.com/0
114beegees update0 11beegees.exe1 00 27Added by the  W32/Sdbot-ADK57http://www.sophos.com/virusinfo/analyses/w32sdbotadk.html0
2 4BEEI0  8beei.exe1 00  2?? 01
3 8befaster0 13befaster3.exe1 00 46BeFaster internet connection optimization tool26http://www.ekremdeniz.com/0
2 4BEHL0  8BEHL.exe1 00  2?? 01
2 5BEHLO0  9BEHLO.exe1 00  0 01
2 8BELORVBI0 12BELORVBI.exe1 00  2?? 01
310Belsta.exe0 10Belsta.exe1 00171Configuration tool for Belkin wireless network cards. Required to change the card’s configuration. Is it required for correct operation once the confuiguration is changed? 01
1 4Belt0  8Belt.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
119Benadril Alert Tool0 17benadrilalert.exe1 00102Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril 01
319BackupExecScheduler0  9besch.exe1 00 32Veritas "Back Up My PC" software 01
319BestCrypt Auto Open0 22BestCrypt.exe AutoOpen222StartUp menu\All users0 65BestCrypt Application 7.11, Jetico, Inc.. BestCrypt Control Panel39http://www.absolutestartup.com/startup/1
215BestPopUpKiller0 19BestPopupKiller.exe1 00179Popup killer of dubious repute by SwankSoft.com. For more info about the company, do a search for 'SwankSoft' on this web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
215BestPopUpKiller0 28BestPopupKiller.exe /startup211HKEY_CU\Run0 66Best Popup Killer 2005.08.0019, TrustSoft, Inc.. Best Popup Killer39http://www.absolutestartup.com/startup/1
1 5BeSys0  9BEsys.exe1 00 33Added by the Adware.BeSys adware.56http://www.sarc.com/avcenter/venc/data/adware.besys.html0
117[different names]0  8Beta.EXE1 00142Added by the W32/SdBot-FQ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotfq.html0
114WINDOWS SYSTEM0  8beta.exe1 00133Added by the W32/Mytob-BE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobbe.html0
316BullsEye Tracker0 11BeTrack.exe1 00 41Bullseye - intelligent research assistant53http://www.intelliseek.com/prod/bullseye/bullseye.htm0
113System Config0  7BF3.EXE1 00134Added by the W32/Spybot-DT worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32spybotdt.html0
4 5load=0 10Bfrecv.exe1 00 20Bitware modem driver 01
1 7bftehux0 11bftehux.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7bfyykaw0 11bfyykaw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6BGInfo0 10Bginfo.exe1 00174BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more55http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml0
1 4bgjx0  8bgjx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
411BGNewsAgent0 12bgnewsag.exe1 00 27BullGuard antivirus updater25http://www.bullguard.com/0
2 7bgsmsnd0 11bgsmsnd.exe1 00 53Printer driver to generate PDF files from any program 01
318BackgroundSwitcher0 12bgswitch.exe1 00329Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available here19Desktop Slide Show.0
422Browser Hijack Blaster0 13bhblaster.exe1 00109Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings45http://www.wilderssecurity.com/bhblaster.html0
1 3Bsj0  7Bhe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6bhengd0 10bhengd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Eoj0  7Bhi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6BHOCop0 10BHOCop.exe1 00105ZDNet's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware70http://www.zdnet.com/products/stories/reviews/0,4161,2760348-9,00.html0
312BHODemon 2.00 12BHODemon.exe1 00386BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand 01
115[various names]0 11bhoserv.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
116Browser Help Svc0  8BHSV.EXE1 00132Added by the W32/Rbot-AVQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavq.html0
316bi1helperstartup0 12BI1HEL~1.EXE1 00 26Beach_Islands Screensaver.65http://www.screenscenes.com/product.html?screensaver=BeachIslands0
1 4LTM20  9bible.exe1 00 31Added by the LITMUS.203 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LITMUS.2030
110[not used]0 10BIDBFn.exe1 00 30c:\windows\system32\Systen.dll 01
124[random 12 digit number]0 12bidispl2.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
1 4bies0  8bies.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
133This is a virus, please delete it0 15bigbadvirus.exe1 00 27Added by the RANDEX.F WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.f.html0
2 6BigFix0 22BigFix.exe  /atstartup2 00 57BigFix 1, 7, 6, 0, BigFix Inc.. BigFix Client Application 01
3 6BigFix0 22BigFix.exe  /atstartup222StartUp menu\All users0 57BigFix 1, 7, 6, 0, BigFix Inc.. BigFix Client Application39http://www.absolutestartup.com/startup/1
2 6bigfix0 10BIGFIX.EXE1 00352BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog40http://www.bigfix.com/website/index.html0
1 5biknn0  9biknn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210Billminder0 22BILLMIND.EXE  -startup2 00 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder 01
210Billminder0 12Billmind.exe1 00 90Can be setup in Quicken to remind user of due payments. Available via Start -&gt; Programs 01
210Billminder0 12billmind.exe1 00 66Quicken 98 for Windows 007.000.000.000, Intuit. Quicken Billminder 01
210Billminder0 12BILLMIND.EXE1 00 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder 01
314Billminder.lnk0 21billmind.exe -startup211HKEY_LM\Run0 66Quicken 99 for Windows 008.000.000.000, Intuit. Quicken Billminder39http://www.absolutestartup.com/startup/1
1 8dashplus0 21bind software bib.exe2 00200IE Toolbar for Lop.com.  If the exe is running in your process list, end it, and delete the directory it is residing in.  This directory is most likely in your user profile application data directory. 01
3 8shareaza0 11bindata.exe1 00 27Shareaza P2P client related24http://www.shareaza.com/0
1 8bingdian0 12Bingdian.vbs1 00 24Added by the BINGD WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bingd@mm.html0
115[Various Names]0 10bingo9.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5BIOS10  9BIOS1.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 4Bios0 10Bios32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
115Terminal Update0 12biosefui.exe1 00 43Added by the Troj/PPdoor-O backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojppdooro.html0
116BIOS Net Service0 12BIOSserv.exe1 00 48Added by the W32/Rbot-BFL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfl.html0
2 7BIOVCIP0 11BIOVCIP.exe1 00  2?? 01
218title play bash up0 13Bird Live.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Blr0  7Bis.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
119Microsoft Explorer20 12bitchbot.exe1 00153Added by the Troj/Sdbot-EJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotej.html0
2 8bitcomet0 12BitComet.exe1 00 63BitComet P2P client - can be launched from Start Menu  Programs33http://www.bitcomet.com/index.htm0
2 8BitComet0 12BitComet.exe111HKEY_CU\Run0 64BitComet 0.59., www.BitComet.com. BitComet - a BitTorrent Client39http://www.absolutestartup.com/startup/1
323BitDefender_P2P_Startup0 27BitDefender_P2P_Startup.exe1 00164Bitdefender anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually52http://www.bitdefender.com/html/bd_msn_messenger.php0
121bitdefender antivirus0 16BITDEFENDERX.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
128Microsoft Windows DLLHandler0 12bitpaint.exe1 00 28Added by the SDBOT.AHG WORM!108http://uk0
1 7bjnrajk0 11bjnrajk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
217Easy-PrintToolBox0 12BJPSMAIN.EXE1 00 85A utility to launch the applications that are bundled with a Canon bubblejet printer. 01
317Easy-PrintToolBox0 19BJPSMAIN.EXE /logon211HKEY_LM\Run0 45BJPSMAIN.EXE 1, 1, 0, 0, CANON INC.. BJPSMAIN39http://www.absolutestartup.com/startup/1
1 5bkdak0  9bkdak.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8bkncbmvi0 12bkncbmvi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 8BlackICE0 10blackd.exe1 00167Internet Security System's BlackIce Firewall.  Disabling this service will make the firewall not function.  Should be found in C:\Program Files\ISS\BlackICE\blackd.exe49http://blackice.iss.net/product_pc_protection.php0
410LoadBlackD0 10blackd.exe1 00183This is the &quot;intrusion detection system&quot; of the BlackICE PC Protection (was Defender) firewall which loads independently of the &quot;user interface&quot; (BlackICE Utility)49http://blackice.iss.net/product_pc_protection.php0
222BlackICE PC Protection0 12blackice.exe1 00410Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the &quot;Startup&quot; menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD49http://blackice.iss.net/product_pc_protection.php0
216BlackIce Utility0 12blackice.exe1 00  049http://blackice.iss.net/product_pc_protection.php0
3 5blads0  9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
3 8BlockAds0  9blads.exe1 00127A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks45http://www.totalidea.com/frameset-tweakxp.htm0
3 8BlockAds0  9blads.exe111HKEY_CU\Run0 76Ad Blocker of Tweak-XP 1.17.0001, Totalidea Software. Ad Blocker of Tweak-XP39http://www.absolutestartup.com/startup/1
2 6Blanch0 10Blanch.exe125StartUp menu\Current user0 59blanch 1, 0, 0, 0, One Guy Coding. Button Launch for Win 3239http://www.absolutestartup.com/startup/1
0 7BuildBU0 11bldbubg.exe1 00  0 01
2 7bldbubg0 11bldbubg.exe1 00 25Found on a Dell machine?? 01
2 7BuildBU0 11bldbubg.exe1 00  0 01
110win32 test0 12bleatest.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
122BLMessagingIntegration0 12blengine.exe1 00 17BuddyLinks adware72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1010070
1 4Bles0  8bles.exe1 00 32Added by a TROJAN, Troj/Blesh-A.56http://www.sophos.com/virusinfo/analyses/trojblesha.html0
215ESPN BottomLine0  9bline.exe1 00388ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down." 01
115[various names]0  9bling.exe1 00 26Added by the RBOT-NI WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotni.html0
3 6blinkx0 10blinkx.exe1 00 39Blinkx_Desktop "Smart Folders" software34http://www.blinkx.com/overview.php0
210blinkxgate0 18blinkx.exe -gate30211HKEY_CU\Run0 41Blinkx 3, 0, 3, 0, Blinkx Limited. Blinkx39http://www.absolutestartup.com/startup/1
154t9d0qh$vùõš/²‘ÆßfC:\Program Files\ISTsvc\istsvc.exe0 10blkbos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112blockchecker0 17Block-checker.exe1 00 19BlockChecker adware67http://www.symantec.com/avcenter/venc/data/adware.blockchecker.html0
310Ad Blocker0 11blocker.exe1 00 77Ad Blocker - blocks popups, and also removes banners, image ads and flash ads20http://www.cdkm.com/0
310Ad Blocker0 11blocker.exe111HKEY_LM\Run0 29Ad Blocker 1.2.0.0, cdkm.com.39http://www.absolutestartup.com/startup/1
212BlockTracker0 16BlockTracker.exe1 00 91If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file 01
3 9blsloader0 13blsloader.exe1 00 29BellSouth ISP  Internet_Tools56https://www.fastaccess.com/content/consumer/features.jsp0
2 5spc_w0  9blspc.exe1 00 22NetZero Search related 01
1 4blss0  8blss.exe1 00 27Added by the BLARUL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.blarul.html0
2 7BLSTAPP0 11blstapp.exe1 00 59Puts access to Creative's BlasterControl in the System Tray 01
3 7BlstApp0 11BLSTAPP.EXE111HKEY_LM\Run0 76BlasterControl 3 3.00.1, Creative Technology Ltd. BlasterControl Application39http://www.absolutestartup.com/startup/1
1 120 12BlstCtrl.dll123HKEY_LM\RunServicesOnce0100Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Microsoft(C) Register Server39http://www.absolutestartup.com/startup/1
2 8blubster0 12Blubster.exe1 00 20Related to  Blubster24http://www.blubster.com/0
313AVMBlueClient0 13bluefritz.exe111HKEY_LM\Run0 40avm BlueFRITZ 1, 0, 0, 1, avm. BlueFRITZ39http://www.absolutestartup.com/startup/1
210BlueSoleil0 14BlueSoleil.exe122StartUp menu\All users0 61BlueSoleil 1, 4, 0, 1, IVT Corporation. Bluetooth Application39http://www.absolutestartup.com/startup/1
1 4BMan0  9BMan1.exe1 00 39Abcsearch.com/DealHelper adware variant 01
1 4bmkd0  8bmkd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215BookmarkCentral0 14BMLauncher.exe1 00123Bookmark Express - &quot;offers a more flexible way to manage Web site bookmarks, regardless of which browser you use&quot;31http://www.bookmarkexpress.com/0
3 7BMMLREF0 11BMMLREF.EXE1 00 40Battery Manager for IBM ThinkPad laptops 01
1 8Casdvqwa0 11bmqnzkg.exe1 00 28Added by the RANDEX.BE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.be.html0
2 5Buzme0  8Bmui.exe1 00199Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem38http://www.buzme.com/buzme/default.asp0
2 8BMupdate0 12BMupdate.exe1 00155Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install 01
1 3BMZ0  7bmz.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
1 4bnbk0  8bnbk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111Failed Test0 10BNDSDX.EXE1 00133Added by the W32/Sdbot-JS worm.  When started this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotjs.html0
1 6Bndt320 10Bndt32.exe1 00 24Added by the LACON WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lacon@mm.html0
115[Various Names]0  8bnui.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
316bo1helperstartup0 12BO1HEL~1.EXE1 00115ScreenScenes  Butterfly_Oasis screensaver.  The freeware version comes with  GAIN branded ads (pop-ups and others).67http://www.screenscenes.com/product.html?screensaver=ButterflyOasis0
316BO1HelperStartUp0 25BO1HEL~1.EXE /partner BO12 00  0 01
316bo1helperstartup0 13Bo1helper.exe1 00240ScreenScenes  Butterfly_Oasis screen saver. The freeware version comes with  GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...67http://www.screenscenes.com/product.html?screensaver=ButterflyOasis0
4 6BOC4120 10BOC412.exe1 00 54Version 4.12 of NSClean's BOClean anti-trojan software35http://www.nsclean.com/boclean.html0
1 6RegBar0 16bocaitoolbar.dll1 00 68Added by the Adware.BocaiToolbar search hijacker and popup delivery.63http://www.sarc.com/avcenter/venc/data/adware.bocaitoolbar.html0
416BOCleanautostart0 11Boclean.exe1 00 38NSClean's BOClean anti-trojan software35http://www.nsclean.com/boclean.html0
322Caddais BackupOnDemand0 10BODMon.exe1 00200Caddais BackupOnDemand - &quot;runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location&quot;43http://www.caddais.com/BackupOnDemand.shtml0
1 8bofratlc0 12bofratlc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 11Bogobot.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313BOINC Manager0 15boincmgr.exe /s225StartUp menu\Current user0 87BOINC Manager 4.25, Space Sciences Laboratory, U.C. Berkeley. BOINC Manager for Windows39http://www.absolutestartup.com/startup/1
1 6bokqrl0 10bokqrl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Rase0  8boln.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
3 8bombshel0 10BOMB32.EXE1 00163Part of McAfee Nuts &amp; Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems 01
118windowssql service0  9boner.exe1 00 29Added by the  SDBOT.XRM WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.XR0
1 3boo0  7boo.exe1 00 77Adware downloader - detected by  Kaspersky antivirus as Trojan.Win32.Favadd.o36http://www.kaspersky.com/personalpro0
321Atalho para boostkit20 13boostkit2.exe125StartUp menu\Current user0 46BoostKit 2.1, Software Benefits Inc.. BoostKit39http://www.absolutestartup.com/startup/1
1 4boot0  8boot.exe1 00 25Added by the ELEM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html0
119MS-DOS Boot Service0 10Boot32.pif1 00132Added by the W32/Rbot-AMF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamf.html0
1 6KeBoot0 10Boot32.sys1 00153Added by the HaxDoor.B rootkit/backdoor Trojan.  This service is installed as a system driver and is part of the rootkit functionality of this infection.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.b.html0
1 9ccExecute0 12bootcfg1.exe1 00 31Added by the W32/Nemsi-B virus.55http://www.sophos.com/virusinfo/analyses/w32nemsib.html0
113Internat Conf0 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example  here48http://boards.cexx.org/viewtopic.php?p=2464#24640
1 6sysPnP0 12bootconf.exe1 00 74Homepage hijacker, redirecting to coolwwwsearch.com; see for example  here48http://boards.cexx.org/viewtopic.php?p=2464#24640
1 8bootctrl0 12bootctrl.exe1 00 40Added by an unidentified WORM or TROJAN! 01
3 4xbtl0 11bootldr.exe1 00116Added by the Spyware.WSLogger surveillance software.  If you did not install this software it should be uninstalled.60http://www.sarc.com/avcenter/venc/data/spyware.wslogger.html0
110BootLoader0 14BootLoader.exe1 00 29Added by the WATERWORKS WORM!67http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html0
110BootLoader0 18BootLoader.exe.vbs1 00 29Added by the WATERWORKS WORM!67http://www.symantec.com/avcenter/venc/data/vbs.waterworks.worm.html0
112Boot Manager0 11bootmng.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
110bootpd.exe0 10bootpd.exe1 00200Identified by Kapersky as Trojan.Win32.StartPage.vk.  This infections hijacks popular search engines to another site and hijacks your start page to Premium Search which is a locally stored .html file. 01
114Microsoft Word0 14BootSector.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
421BootSkin Startup Jobs0 12BootSkin.exe1 00106Stardock BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens.42http://www.stardock.com/products/bootskin/0
321BootSkin Startup Jobs0 25bootskin.exe /StartupJobs211HKEY_LM\Run0 41BootSkin 1, 0, 6, 0, . Stardock BootSkin!39http://www.absolutestartup.com/startup/1
310BootStatus0 12BOOTST~1.EXE1 00178Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day.  Once you exit it, it has no more effect on resources 01
124[random 12 digit number]0 12bootvid4.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
3 8BootWarn0 12BootWarn.exe1 00838From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from “Start \ Programs \ Norton AntiVirus”. If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab – it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"60http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm0
3 8BootWarn0 15BootWarn.exe /a211HKEY_LM\Run0 76Norton AntiVirus 11.0.9, Symantec Corporation. Norton AntiVirus Boot Warning39http://www.absolutestartup.com/startup/1
122[random pair of words]0 12bopotsvr.exe1 00 88Added by the Troj/Shed-A.  This infection lowers the security settings on your computer.55http://www.sophos.com/virusinfo/analyses/trojsheda.html0
115[Various Names]0 12borlandg.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 6Boston0 10Boston.exe1 00 49Part of the Boston Acoustics USB speaker systems. 01
133Microsoft Synchronization Manager0  7bot.exe1 00 27Added by the SDBOT.IH WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.IH0
124Microsoft Update Machine0  7bot.exe1 00143Added by the W32/Rbot-EI trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotei.html0
113winsockdriver0  7bot.exe1 00 49Added by the W32/Warpigs-D worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32warpigsd.html0
116Microsoft Update0 10Botnet.exe1 00 28Added by the  RBOT.AFL WORM!107http://de0
120Configuration Loader0  9botss.exe1 00144Added by the W32/Sdbot-XS network worm.  When started this infection connects to a remote IRC server where it waits for commands to be executed.56http://www.sophos.com/virusinfo/analyses/w32sdbotxs.html0
114WINDOWS SYSTEM0 10botzor.exe1 00 50Added by the W32/Zotob-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32zotoba.html0
118Bouncer RunStartup0 11bouncer.exe1 00374VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
115[Various Names]0 12BoundRec.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
313VolumeCounter0 12BoVolume.exe111HKEY_LM\Run0 131, 0, 0, 0, .39http://www.absolutestartup.com/startup/1
217Windows Protectot0 10boxide.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
117windows protectot0 10boxide.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 3RVP0  7bpc.exe1 00 67Spyware included with the latest version of Grokster. Also see here89http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=4585;start=00
1 8bpcv2_re0 16bpc2_re_inst.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
212BigPondCable0 11bpcable.exe1 00 62Telstra Bigpond Cable login software - can be started manually 01
311bpcpost.exe0 11bpcpost.exe1 00204MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it 01
1 5bpcv20  9BPCv2.exe1 00 18BroadcastPC adware48http://www.doxdesk.com/parasite/BroadcastPC.html0
424NetBackup Client Service0 11bpinetd.exe1 00 28The Netbackup backup client.53http://www.veritas.com/Products/www?c=product&refId=20
3 3bpk0  7bpk.exe1 00 131, 4, 7, 0, . 01
3 3BPK0  7bpk.exe1 00189Blazing Tools  Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove36http://www.blazingtools.com/bpk.html0
1 6bpkmxe0 10bpkmxe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
142Major Microsoft Windows Driver Boot loader0  9bpool.exe1 00 12Added by the38W32/Mytob-AL WORM/IRC backdoor trojan!0
115ContinueInstall0 14bpsinstall.exe1 00 19BrowserAid parasite47http://www.doxdesk.com/parasite/BrowserAid.html0
1 3bpt0  7bpt.exe1 00 18BroadcastPC adware48http://www.doxdesk.com/parasite/BroadcastPC.html0
2 6bcpc_c0  9bpt_c.exe115HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
1 4Breg0  9bptre.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
212Backpack UDF0 12bpudfmon.exe1 00175Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk20http://www.nero.com/0
315BigPond Toolbar0 12bpumTray.exe1 00202Telstra BigPond Toolbar - &quot;Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier&quot;42http://www.bigpond.com/helpcentre/toolbar/0
315BigPond Toolbar0 12bpumTray.exe111HKEY_LM\Run0 51BigPond Toolbar Version 1.50, Telstra. Toolbar Icon39http://www.absolutestartup.com/startup/1
1 4bqld0  8bqld.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
215BurnQuick Queue0 10BQTray.exe1 00179System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
310BQTray.exe0 10BQTray.exe1 00180System Tray access to  BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually25http://www.burnquick.com/0
1 7bqvtkds0 11bqvtkds.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 10br0ken.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114WINDOWS SYSTEM0 11br32srv.exe1 00 48Added by the W32/Mytob-GL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobgl.html0
118Tok-Cirrhatus-19590 12br4941on.exe1 00 32Added by the W32/Brontok-N worm.57http://www.sophos.com/virusinfo/analyses/w32brontokn.html0
118Tok-Cirrhatus-27840 12br6591on.exe1 00 32Added by the W32/Brontok-I worm.57http://www.sophos.com/virusinfo/analyses/w32brontoki.html0
1 6Brasil0 10Brasil.exe1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
1 6Brasil0 10BRASIL.PIF1 00 28Added by the OPASERV.E WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.E0
111BraveSentry0 15BraveSentry.exe1 00 60Added by the ADW_SPYSHERIFF.B rogue antispyware application.99http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FSPYSHERIFF%2EB&VSect=Td0
216ControlCenter2.00 12brctrcen.exe1 00 70Brother scanner 'Control Center' application - can be started manually 01
216ControlCenter2.00 21brctrcen.exe /autorun2 00 84ControlCenter2.0 2, 0, 8, 0, Brother Industries, Ltd.. ControlCenter2.0 Main Program 01
314Break_Reminder0 18BREAK REMINDER.exe2 00 94Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here34http://www.cheqsoft.com/break.html0
110WinUpdateB0 11breatle.exe1 00 31Added by the W32.Bratle.A worm.73http://www.sarc.com/avcenter/venc/data/w32.bratle.a.html#technicaldetails0
1 4Breg0  8breg.exe1 00101Added by the Adware.BroadcastPC.B adware/spyware.  File is found in %ProgramFiles%\Common Files\Java\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 9whitechix0 11brightx.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
415Brindys BriTray0 11BRITRAY.EXE1 00433Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH &amp; BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons &amp; menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired23http://www.brindys.com/0
313xBrotherMeCom0 11BrMeCom.exe1 00 37Related to Brother MFC-9200c printer. 01
214Status Monitor0 12BrMfcWnd.exe1 00 56Brother scanner status monitor - can be started manually 01
214Status Monitor0 38BrMfcWnd.exe Brother DCP-110C /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother FAX-2440C /STARTUP2 00  0 01
214Status Monitor0 38BrMfcWnd.exe Brother MFC-210C /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-3240C /STARTUP2 00  0 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-420CN /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 40BrMfcWnd.exe Brother MFC-5840CN /STARTUP2 00 74Status Monitor 1, 2, 0, 7, Brother Industries, Ltd.. Status Monitor (Main) 01
214Status Monitor0 39BrMfcWnd.exe Brother MFC-620CN /STARTUP2 00 74Status Monitor 1, 0, 5, 4, Brother Industries, Ltd.. Status Monitor (Main) 01
3 8brmfrmpa0 12BrmfRmPA.exe1 00105Brother resource manager - needed for a Brother MFC printer/copier/scanner and PC to properly communicate 01
050Brother Popup Suspend service for Resource manager0 12Brmfrmps.exe1 00 80Related to the Brother printer software. Is this necessary to run automatically? 01
115[Various Names]0 11Brong32.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114Bron-Spizaetus0 12bronstab.exe1 00 50Added by the W32/Korbo-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32korboa.html0
1 9StartMenu0 10browse.exe1 00 43Added by the Troj/Drowsy-C backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojdrowsyc.html0
1 8browsela0 12browsela.dll1 00 45A variant of the Trojan/Dldr.Delf.aeo Trojan. 01
124[random 12 digit number]0 12browser8.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
111browser aid0 14browseraid.exe1 00 31BrowserAid/BrowserPal foistware47http://www.doxdesk.com/parasite/BrowserAid.html0
316Browser Sentinel0 19BrowserSentinel.exe1 00161Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page. See here56http://www.unhsolutions.net/Browser-Sentinel/index.shtml0
1 7Browser0 11browsvr.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
2 9setdefprt0 12BrStDvPt.exe1 00 90Used to set a Brother MFC printer/copier/scanner as the default printer after installation 01
2 9SetDefPrt0 12BrStDvPt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
412BrSplService0 12brsvc01a.exe1 00150This file is an integral part of the Brother printer driver.  Disabling this service will disable communication between your computer and the printer. 01
112Fuck-The-IRC0  9brttm.exe1 00 76Added by the Troj/Wallop-A TROJAN/backdoor, and found in the Windows folder.57http://www.sophos.com/virusinfo/analyses/trojwallopa.html0
111BookedSpace0 14bs2.dll,DllRun1 00 41Adware, related to the  Remanent parasite45http://www.doxdesk.com/parasite/Remanent.html0
118Microsoft Services0  9bsc32.exe1 00 29Added by the  BDOOR-AW TROJAN57http://www.sophos.com/virusinfo/analyses/trojbdooraw.html0
212B&#039;sCLiP0 10BSCLIP.exe1 00 80CD recording utility that comes with a lot of CDR/CDRW drives and isn't required 01
2 6BsCLiP0 10BSCLIP.exe1 00  0 01
2 7B'sCLiP0 10BSCLIP.exe1 00 80CD recording utility that comes with a lot of CDR/CDRW drives and isn't required 01
1 5sysbo0 11bsdue32.exe1 00134Added by the W32/Sdbot-UR trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotur.html0
3 9BellSouth0 27BsnAppCenter.exe /Scheduler211HKEY_LM\Run0 80Application Center 3, 1, 3049, 0, BellSouth. BellSouth Application Center Module39http://www.absolutestartup.com/startup/1
112Bsoft lppt010  9Bsoft.exe1 00195New variant of the  RapidBlaster parasite (in a &quot;BelmontSoft&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
3 9bs player0 12bsplayer.exe1 00 81BSplayer -  A video player used to play avi, mpg, wmv and other multimedia files.24http://www.bsplayer.org/0
114BS Mediaplayer0 10bsplyr.exe1 00248Added by the W32/Rbot-OU trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotou.html0
1 9WindowsFY0  7bsw.exe1 00133Identified as Trojan.Win32.Agent.ct. When run this file extracts a bmp file to the c:\ folder and sets it as your desktop background. 01
0 6BBDial0 16BT Broadband.exe2 00 21Part of BT Broandband 01
1 3vb60  8BT32.EXE1 00 12Added by the19W32/Wurmark-D WORM!0
328Bluetooth Connection Manager0 18BTCM.exe /minimize222StartUp menu\All users0 69Bluetooth Connection Manager 1.2.0, 3Com Corporation. BTCM Executable39http://www.absolutestartup.com/startup/1
218motive smartbridge0 18BTHelpNotifier.exe1 00205System tray icon for the Virtual Assistant from  BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start - Programs - not required27http://www.bt.com/index.jsp0
218Motive SmartBridge0 18BTHelpNotifier.exe111HKEY_LM\Run0 94Motive System 5.8.13.asst_classic.smartbridge, Motive Communications, Inc.. Motive SmartBridge39http://www.absolutestartup.com/startup/1
127Microsoft Bluetooth Support0 11bthsupp.exe1 00131Added by the W32/Btbot-A worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32btbota.html0
0 6btinst0 10btinst.exe1 00 50Associated with an Anycom bluetooth wireless card. 01
1 4btmi0  8btmi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
317btmodemprotection0 21BTModemProtection.lnk1 00 55BT Privacy Online modem protection software,  see  here33http://www.btmodemprotection.com/0
310LoadBtnHnd0 10BtnHnd.exe1 00186Fujitsu Lifebook computers have some buttons on the case - they can be programmed to execute specified programs (like hotkeys).  The buttons can also be used as a combination lock input. 01
1 5btqhq0  9btqhq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9msimn.exe0  7btr.exe1 00 43Added by the W32/Bater-A mass mailing worm.55http://www.sophos.com/virusinfo/analyses/w32batera.html0
112f73cdc8ee94e0 12btsendto.exe1 00 46Associated with mysearchnow.com/searchbar.html 01
012btsetbootkey0 16BTSetBootKey.exe1 00 34Related to a USB Bluetooth adaptor 01
3 7BtStart0 11btstart.exe1 00 60Broadcorp (formerly WIDCOMM) Bluetooth Connectivity Software41http://www.widcomm.com/Partners/index.asp0
313Button Server0 12bttnserv.exe1 00220Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required 01
3 6bttray0 10bttray.exe1 00347System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device 01
3 6BTTray0 10BTTray.exe122StartUp menu\All users0 91Bluetooth Software 1.4.2 Build 10 1.4.2 Build 10, WIDCOMM, Inc.. Bluetooth Tray Application39http://www.absolutestartup.com/startup/1
3 6BTTray0 10BTTray.exe122StartUp menu\All users0 84WIDCOMM Bluetooth Software 1.2.2.4 1.2.2.4, WIDCOMM Inc.. Bluetooth Tray Application39http://www.absolutestartup.com/startup/1
1 9BTuihgter0 13BTuihgter.exe1 00 36Added by the Troj/Banloa-AAA Trojan.59http://www.sophos.com/virusinfo/analyses/trojbanloaaaa.html0
4 8BTUSRBDG0 12BtUsrBdg.exe1 00 60Used with a Mitsumi USB Bluetooth adaptor (and maybe others)33http://www.mitsumi.de/index4.html0
4 9BTUSRBDGF0 12BtUsrBdg.exe1 00 41Used with a Mitsumi USB Bluetooth adaptor33http://www.mitsumi.de/index4.html0
1 3BTV0  7btv.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 4BtvC0 12btvclean.exe1 00 87Added by the Adware.BroadcastPC.B adware/spyware.  File is found in %ProgramFiles%\BTV\64http://www.sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
417Bluetooth Service0 11btwdins.exe1 00 74Bluetooth driver/software used by many vendors and computer manufacturers. 01
1 6btyuyn0 10btyuyn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 9Buddyizer0 13Buddyizer.exe1 00112Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network 8#AIMster0
125System Buffer Application0 12buffer32.exe1 00 85Added by W32/Sdbot-UD, a WORM/backdoor TROJAN and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotud.html0
318bugwatcher service0 14bugwatcher.exe1 00304Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures26http://www.bugtoaster.com/0
1 4bulk0  8bulk.exe1 00 50Added by the W32/Agobot-ACR worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32agobotacr.html0
414BullguardoptIn0 16bulldownload.exe1 00 28Part of  Bullguard antivirus25http://www.bullguard.com/0
313BullGuard 5.00 13BullGuard.exe111HKEY_CU\Run0 53BullGuard 5.02 5.0.2.0, BullGuard Software. BullGuard39http://www.absolutestartup.com/startup/1
4 2bg0 13bullguard.exe1 00 95Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster25http://www.bullguard.com/0
1 4rscn0 29bum&lt;random numbers&gt;.exe2 00 36Added by the Troj/DownLdr-LA Trojan.59http://www.sophos.com/virusinfo/analyses/trojdownldrla.html0
1 9SAHBundle0 10bundle.exe1 00 33ShopAtHomeSelect parasite related 7#FF00000
114VBundleOuterDL0 15BundleOuter.EXE1 00380VirtualBouncer 2.0 - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
115System settings0 12burndl32.exe1 00134Added by the W32/Sdbot-ZO worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzo.html0
211Scan Wizard0 10button.exe1 00102Associated with ScanWizard as supplied with Microtek scanners - see also  Scanner Detector or SDetect.19#Scanner%20Detector0
2 9ButtonKey0 13ButtonKey.exe1 00219CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut45http://www.scanace.com/en/product/product.php0
3 9Buzof.exe0  9buzof.exe1 00170Buzof from Basta Computing &quot;enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes&quot;34http://www.basta.com/ProdBuzof.htm0
1 9RNBc Test0 11bvldv32.exe1 00133Added by the W32/Rbot-AJF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajf.html0
1 7SysScan0  7bvt.exe1 00 30Added by the AUTOUPDER TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html0
1 6bwcaur0 10bwcaur.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116XupiterCfgLoader0 15BWCfgLoader.exe1 00120Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here44http://www.doxdesk.com/parasite/Xupiter.html0
3 8LWBMOUSE0 12BWheel35.exe111HKEY_LM\Run0 368.0.0.0, . Mouse Control Application39http://www.absolutestartup.com/startup/1
1 8bwopljka0 12bwopljka.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221BitWare Print Monitor0 12bwprnmon.exe1 00 29FaxServe network fax software54http://www.accpac.com/products/communication/faxserve/0
218Service Connection0 10bwtray.exe1 00 32For Compaq PC's. Part of Backweb 01
1 6bwxddv0 10bwxddv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7bxfhmlb0 11bxfhmlb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8oeplugin0 14bxOEPlugin.exe1 00177noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text.33http://www.baxbex.com/nohtml.html0
1 7bxproxy0 11bxproxy.exe1 00 42Identified as a variant of DLOADER.Trojan. 01
316Boost XP Service0 13bxservice.exe1 00 48Boost XP from Systweak - WinXP tweaking utility 43http://www.systweak.com/boostxp/boostxp.htm0
316boost xp service0 13bxservice.exe111HKEY_CU\Run0 50BXP Service 1, 2, 7, 2, Systweak. Boost XP Service39http://www.absolutestartup.com/startup/1
1 5bxxs50  9bxxs5.dll1 00 20BookedSpace parasite44http://doxdesk.com/parasite/BookedSpace.html0
1 4bytq0  8bytq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7byxkryf0 11byxkryf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5httpd0  9c_pan.exe1 00 40Added by a variant of the DELF-A TROJAN! 01
138{29F97553-FBD6-33D1-BFC1-47A024D1875C}0  7c2c.dll1 00156Paradox.nfo, file_id.diz.  It also installs these files in the Windows system folder: c2c.dat.br /br /Uses CLSID: b{29F97553-FBD6-33D1-BFC1-47A024D1875C}/b. 01
0 6c32cs20 10c32cs2.exe1 00 91Part of the Cyber Sentinel Internet filtering software. Does anyone know if what this does?46http://www.securitysoft.com/new601/cs_home.htm0
4 7C4EBReg0 14c4ebreg.exe /q211HKEY_LM\Run0 534.82, IBM Global Services. IBM Standard Asset Manager39http://www.absolutestartup.com/startup/1
316Zone Labs Client0  6ca.exe111HKEY_LM\Run0 57EZ Firewall 4.5.554.000, Computer Associates. EZ Firewall39http://www.absolutestartup.com/startup/1
411ez firewall0  6ca.exe1 00 34eTrust  EZ_Armor Internet Security48http://www3.ca.com/Solutions/Product.asp?ID=32430
1 7JVM0.120  8caac.exe1 00 47Identified as Trojan-Downloader.Win32.Agent.jc. 01
121Microsoft Cab Manager0  7cab.exe1 00 77Added by the Troj/Delf-JJ Trojan!  File is found in the root of the C: drive.56http://www.sophos.com/virusinfo/analyses/trojdelfjj.html0
1 6Cabchk0 10Cabchk.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 8Cabchk320 12Cabchk32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
111CABCInstall0 15CABCInstall.exe1 00 30CABC content delivery software45http://www.cabc.com/product/product_main.html0
110[not used]0  9Cable.exe1 00 33Added by the W32/Cablenet-A worm.58http://www.sophos.com/virusinfo/analyses/w32cableneta.html0
2 6delcab0  8cabs</a>1 00  6??font 01
124[random 12 digit number]0 12cabview1.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
320Computer Alarm Clock0  7cac.exe111HKEY_LM\Run0 512.0.0.0, Think Art Computing.. Computer Alarm Clock39http://www.absolutestartup.com/startup/1
2 8Cacheman0 12Cacheman.exe1 00103Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up25http://www.outertech.com/0
3 8Cacheman0 12Cacheman.exe111HKEY_CU\Run0 40Cacheman 5, Outer Technologies. Cacheman39http://www.absolutestartup.com/startup/1
410CachemanXP0 14CachemanXP.exe1 00178CachemanXP is a system service designed to improve the performance of your computer by optimizing several caches, auto-recovering RAM and fine tuning a number of system settings.62http://www.outertech.com/index.php?_charisma_page=product&id=70
4 8CacheMgr0 12CacheMgr.exe1 00 30Sophos Antivirus Remote Update35http://www.sophos.com/products/sav/0
210CACStarter0 12cacstart.exe1 00 37Cash A Check - check writing software 01
3 4CADS0  8cads.exe1 00 42Cyber Sentinel internet filtering software46http://www.securitysoft.com/new601/cs_home.htm0
221ABBYY Community Agent0 10CAGENT.EXE1 00243Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the&nbsp;5.0 version of the software 01
2 6CAgent0 10CAgent.exe1 00100Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents27http://www.fine-reader.com/0
213CahootWebcard0 17CahootWebcard.exe1 00291The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details. Run manually when needed 01
1 8cailegus0 12cailegus.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4Dir10  4caKe1 00 23Added by the CAKE WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
1 6DlDir10  4caKe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cake.html0
1 6CALC320 10CALC32.EXE1 00133Added by the W32/Spybot-EC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotec.html0
233Photo Express Calendar Checker SE0 12CalCheck.exe1 00 95Calendar Checker Application 1, 0, 0, 1, Ulead Systems, Inc.. Photo Express -- Calendar Checker 01
233Photo Express Calendar Checker SE0 12CALCHECK.EXE1 00253If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly 01
232Ulead Photo Express x.0 Calendar0 12calcheck.exe1 00279Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually. See here for disabling instructions33http://www.ulead.com/pe/runme.htm0
343Ulead Photo Express 4.0 SE Calendar Checker0 12CalCheck.exe122StartUp menu\All users0 95Calendar Checker Application 1, 0, 0, 1, Ulead Systems, Inc.. Photo Express -- Calendar Checker39http://www.absolutestartup.com/startup/1
222Calendar 200X Reminder0 12calendar.exe1 00 76Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc34http://www.jgraff.addr.com/cal.htm0
323Logo Calibration Loader0 21CalibrationLoader.exe122StartUp menu\All users0122CalibrationLoader 5.1 5, 0, 2, 168, LOGO Kommunikations- und Drucktechnik GmbH & Co. KG. CalibrationLoader 5.1 Application39http://www.absolutestartup.com/startup/1
1 4calk0  8calk.exe1 00 74The Troj/StartPa-FH TROJAN adds this to modify Internet Explorer settings.59http://www.sophos.com/virusinfo/analyses/trojstartpafh.html0
314CAPI - Monitor0 12CALLTRAY.exe122StartUp menu\All users0172ISDN CAPI call monitor                          1.10                            , EllSoft Software Development & Design                                  . CAPI call monitor39http://www.absolutestartup.com/startup/1
221Cal Reminder Shortcut0 10calrem.exe1 00 75Produces a pop-up reminder of events scheduled using the MS Office Calendar 01
2 8CamCheck0 12CamCheck.exe1 00 29NuCam camera software related34http://www.nucam.com.tw/index1.htm0
215Camera Detector0 12CAMDET~*.EXE1 00  073http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
215Camera Detector0 13Camdetect.exe1 00138ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically73http://www.acdsystems.com/english/products/acdsee/overview?LAN=englishX700
3 6cameno0 10Cameno.exe1 00 78Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above32http://www.spadeapps.com/cameno/0
2 7Camfrog0 22Camfrog Video Chat.exe211HKEY_CU\Run0 59Camfrog Launcher 1, 0, 0, 1, Camshare LLC. Camfrog Launcher39http://www.absolutestartup.com/startup/1
1 9L02qRgGtO0 12camiscon.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
220Creative WebCam Tray0 11CamTray.exe1 00 89Creative Cam Detector 3.60, Creative Technology Ltd. Creative Camera Launcher Application 01
220Creative WebCam Tray0 11Camtray.exe1 00 54Creative WebCam tray control - can be started manually 01
220Creative WebCam Tray0 11CAMTRAY.EXE111HKEY_LM\Run0 92Video Blaster WebCam Go 2.1, Creative Technology Ltd. WebCam Go Control launcher application39http://www.absolutestartup.com/startup/1
2 6Canada0 10Canada.exe1 00 53Known to be a dialler - but is it maliscous or clean? 01
1 9ASDPLUGIN0 10canada.exe1 00 21Malware adult dialer. 01
1 8Eac_Cnry0 10canary.exe1 00 28Added by the  CANARY TROJAN!56http://www.sophos.com/virusinfo/analyses/trojcanary.html0
2 6Canary0 14canary-std.exe1 00 68Canary monitoring program. Keylogger, monitors all computer activity 01
111CanerServer0  9caner.exe1 00 45Added by the Troj/Hupigon-ES backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigones.html0
0 6cap3on0 11CAP3ONN.EXE1 00 59Canon driver,  purpose unknown - is it required in startup? 01
220Capture Express 20000 10capexp.exe1 00 40Capture Express - screen capture utility30http://www.captureexpress.com/0
2 6Capfax0 10capfax.exe1 00223a  rel="nofollow" target="_blank" href="http://shop.bvrp.com/english/asp/default.asp?UserPrefLanguage=1&UserPrefCountry=3&UserPrefCurrency=4&UserPrefCurrentCompany=18&UserPrefUseVicom=1&id_product=86"PhoneTools fax software 01
2 6CapFax0 10CapFax.EXE111HKEY_LM\Run0 63Winfax - WinPhone 5.00, BVRP Software. Surveillance Capture Fax39http://www.absolutestartup.com/startup/1
3 6caping0 10CAPing.exe1 00 30Citibank Citianywhere software 01
242Canon PC1200 iC D600 iR1200G Status Window0 12CAPM1LAK.EXE1 00 26Canon P1200 printer status 01
4 5Capon0  9Capon.exe1 00 20Canon printer driver 01
4 5capon0 10Caponn.exe1 00 20Canon printer driver 01
2 4CApp0  8capp.exe111HKEY_LM\Run0 57capp Ó¦ÓóÌÐò 1, 1, 1, 9, . capp Microsoft »ý´¡ÀàÓ¦ÓóÌÐò39http://www.absolutestartup.com/startup/1
011Captainhook0 15CaptainHook.exe1 00 26Part of the Novell Client. 01
1 7capture0 11capture.exe1 00 44Added by the Troj/Theef-B keylogging Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheefb.html0
310CaptureWiz0 14CaptureWiz.exe125StartUp menu\Current user0 541.0.0.0, PixelMetrics. CaptureWiz Pro application file39http://www.absolutestartup.com/startup/1
310CardMinder0 16CardLauncher.exe111HKEY_LM\Run0 71CardMinderApplication 2, 0, 30, 2, PFU Limited.. CardMinder Application39http://www.absolutestartup.com/startup/1
1 6Care200 10Care20.exe1 00 15TopMoxie adware49http://www.pestpatrol.com/PestInfo/t/topmoxie.asp0
3 8care2gtu0 12Care2GTU.exe1 00289Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it keep it 01
311CARPservice0 12carpserv.exe1 00126Associated with  Zoltrix modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example23http://www.zoltrix.com/0
311CARPService0 12carpserv.exe111HKEY_LM\Run0 62SoftK56 Modem Driver 6.02.05, Conexant Systems, Inc.. carpserv39http://www.absolutestartup.com/startup/1
110CARPserver0 14CARPserver.exe1 00 30Added by the BANKER-AN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeran.html0
113ConfiggLoader0 11cart322.exe1 00 28Added by the GAOBOT.DJ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dj.html0
1 6cartao0 10cartao.exe1 00 69Added by the  Troj/Banker-AY TROJAN, which will also use cartao2.exe.58http://www.sophos.com/virusinfo/analyses/trojbankeray.html0
1 8cas2stub0 12cas2stub.exe1 00 21CasinoClient Adaware!59http://sarc.com/avcenter/venc/data/adware.casinoclient.html0
3 7CasAgnt0 11CasAgnt.exe1 00 80Program by Extended Systems which allows you to sync your Casio PDA with your PC 01
3 9Casc'ADSL0 12CascADSL.exe111HKEY_LM\Run0141CascADSL 0.99 build 3329 release, El Cascador !!! / Hit Where It Hurts PROD.. Outil ADSL de reconnexion automatique et de statistiques trafic39http://www.absolutestartup.com/startup/1
110CAS Client0 13casclient.exe1 00 33Added by the Adware.CasinoClient.63http://www.sarc.com/avcenter/venc/data/adware.casinoclient.html0
112SettingValue0  8casd.exe1 00132Added by the W32/Sdbot-PGworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotpg.html0
110caseyvideo0 14CaseyVideo.exe1 00 27Malware causing p0rn popups 01
110caseyvideo0 29caseyvideo[*].exe [* = digit]2 00  0 01
1 8CashBack0 12cashback.exe1 00109Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch 01
229Cashsurfers Cashbar Navigator0 11Cashbar.Exe1 00159Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals" 01
110cashfiesta0 14Cashfiesta.exe1 00 32CASHFIESTA.A pay-per-surf adware86http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_CASHFIESTA.A0
111Caspian-x270 15Caspian-x27.exe1 00 32Added by the W32/Katomik-B worm.57http://www.sophos.com/virusinfo/analyses/w32katomikb.html0
1 9cassandra0 13cassandra.exe1 00 85Melkosoft_Cassandra adware - also detected as a variant of the  WIN32.KREPPER TROJAN!48http://www.doxdesk.com/parasite/SuperSpider.html0
1 9winservit0  9cassl.exe1 00114This is an Rbot variant. This infection connects to an IRC server where it will await commands from a remote user. 01
1 7CasStub0 11casstub.exe1 00 32Added by the Troj/Cass-A trojan.55http://www.sophos.com/virusinfo/analyses/trojcassa.html0
1 9Diskstart0  7cat.exe1 00 18MS-Connect dialler 01
229Quick Heal On-Line Protection0 10CATEYE.EXE111HKEY_LM\Run0 55CATEYE Application 1, 0, 0, 1, . CATEYE MFC Application39http://www.absolutestartup.com/startup/1
429Quick Heal On-Line Protection0 10Cateye.exe1 00 26Quick Heal - virus scanner33http://www.quickheal.com/qh95.htm0
124(random 12 digit number)0 12catsrvps.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
412ComPlusSetup0 12catsrvut.dll1 00 22Part of Microsoft Com+ 01
119Norton Live Updater0 12Cavapsvc.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
4 6cavrid0 10CAVRID.exe1 00 21eTrust™  EZ_Antivirus156http://home.ca0
4 6CAVRID0 10CAVRID.exe111HKEY_LM\Run0128Computer Associates Antivirus  Version 11.0.6.7, Computer Associates International, Inc.. CA Antivirus Realtime Infection Report39http://www.absolutestartup.com/startup/1
4 4CAVS0  8CAVS.exe1 00 31Cheyenne (now eTrust) antivirus14http://ca.com/0
3 7VetTray0 11CAVTray.exe1 00125Computer Associates Antivirus Version 11.0.8.1, Computer Associates International, Inc.. CA Antivirus System Tray Application 01
4 8caavtray0 11CAVTray.exe1 00 21eTrust™  EZ_Antivirus156http://home.ca0
4 8CaAvTray0 11CAVTray.exe111HKEY_LM\Run0125Computer Associates Antivirus Version 11.0.6.7, Computer Associates International, Inc.. CA Antivirus System Tray Application39http://www.absolutestartup.com/startup/1
3 6caxchg0 10caxchg.exe1 00 32Used by a USB Flash card reader. 01
1 8CAZNOVAS0 12CAZNOVAS.exe1 00 26Added by the CAZNO TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cazno.html0
1 9CBACK.EXE0  9CBACK.EXE1 00 44Added by the Troj/Penta-A downloader trojan.56http://www.sophos.com/virusinfo/analyses/trojpentaa.html0
1 3Gvf0  7Cbd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6system0  8cber.exe1 00 32Added by an unidentified TROJAN! 01
1 6ICQMsn0  9cbfks.exe1 00135Added by the Troj/Ranck-AH proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckah.html0
4 7cbidf2k0 11cbidf2k.sys1 00 66CardBus/PCMCIA IDE Miniport Driver Added by Microsoft Corportation 01
1 4cbjj0  8cbjj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4cbph0  8cbph.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
211CallBumping0 10cbpopw.exe1 00  2?? 01
138Microsoft System Restore Configuration0  9CBRSS.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
3 7CBWAttn0 11CBWAttn.exe1 00 77Required for  Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
3 7CBWUser0 11CBWDial.exe1 00 99Associated with  Bitware that integrates fax, voice, pager, and data communications on your desktop53http://www.accpac.com/products/communication/bitware/0
3 7CBWHost0 11CBWHost.exe1 00 77Required for  Bitware to answer incoming faxes, can cause sleep mode problems53http://www.accpac.com/products/communication/bitware/0
115SQConfigChecker0  6cc.exe1 00145Xupiter SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants44http://www.doxdesk.com/parasite/Xupiter.html0
3 5ccApp0  9ccApp.exe111HKEY_LM\Run0 88Client and Host Security Platform 103.0.3.8, Symantec Corporation. Symantec User Session39http://www.absolutestartup.com/startup/1
1 9ccApp.exe0  9ccApp.exe1 00143Added by the W32/Rbot-HJ trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbothj.html0
119Norton Auto-Protect0  9ccApp.exe1 00170Added by the  W32.Ahker.D  WORM! **Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid  Norton_AV_2003 file with the same filename75http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.d@mm.html0
1 8Symantec0  9ccapp.exe1 00 41Added by the W32/Lebreat-A backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32lebreata.html0
4 5ccApp0  9ccApp.exe1 00  0 01
4 5ccApp0  9ccApp.exe1 00 92Part of  Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this37http://www.symantec.com/nav/nav_9xnt/0
120Antivirus Protection0 10CCapp1.exe1 00 48Added by the W32/Rbot-BMG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbmg.html0
111ServicesLog0 11ccapp32.exe1 00132Added by the W32/Rbot-AMX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamx.html0
129Symantec Configuration Loader0 11ccApp32.exe1 00 38Added by a variant of the GAOBOT WORM!83http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.hllw.gaobot.gen.html0
110HP Desktop0 11ccappms.exe1 00 12Added by the38W32/Sdbot-TG WORM/IRC backdoor trojan!0
1 6ccApps0 10ccApps.exe1 00 33Added by the W32/Kangaroo-B worm.58http://www.sophos.com/virusinfo/analyses/w32kangaroob.html0
1 6SymRun0 10ccApps.exe1 00132Added by the Troj/Kagen-A Trojan. The Trojan also creates and then opens the file kangen.doc which contains a message in Indonesian.56http://www.sophos.com/virusinfo/analyses/trojkagena.html0
112blah service0 12CCAPPS32.EXE1 00 27Added by the  RBOT.TV WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.TV&VSect=P0
420CCDoctorLogonTesting0 12ccdoctor.exe1 00369Checks your system to make sure it's configured properly for running Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product52http://www.rational.com/products/clearcase/index.jsp0
4 7ccenter0 11CCenter.exe1 00 13RAV AntiVirus28http://www.ravantivirus.com/0
4 8CcEvtMgr0 12ccEvtMgr.exe1 00219Part of  Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this37http://www.symantec.com/nav/nav_9xnt/0
116nortonsantivirus0 13ccEvtMngr.exe1 00 29Added by the HZDOOR-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojhzdoora.html0
112sunjavasched0 13ccEvtMngr.exe1 00 26Added by the  W32/Sdbot-YP56http://www.sophos.com/virusinfo/analyses/w32sdbotyp.html0
112ccEvtMrg.exe0 12ccEvtMrg.exe1 00 27Added by the  RBOT.GZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GZ&VSect=T0
1 7ccfrbwl0 11ccfrbwl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ccHelp0 10ccHelp.hta1 00 14Searchq adware54http://sarc.com/avcenter/venc/data/adware.searchq.html0
1 3Kpf0  7Ccl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8ccleaner0 18ccleaner.exe /AUTO211HKEY_CU\Run0 33CCleaner 1.19.0105, CCleaner.com.39http://www.absolutestartup.com/startup/1
214CorrectConnect0 12CConnect.exe1 00 89Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available 01
3 7ccProxy0 11CCPROXY.EXE1 00206Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage 01
436Symantec Password Validation Service0 12ccPwdSvc.exe1 00 84Used by Symantec products 2003/2004 possibly to allow certain users Internet access. 01
4 8CcPxySvc0 12CCPXYSVC.exe1 00145Part of Norton's  AntiVirus 2003,  Internet Security and  Firewall products. E-mail proxy service - required for E-mail scanning and the firewall37http://www.symantec.com/nav/nav_9xnt/0
118real statics agent0 10ccreal.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
4 8ccRegVfy0 12ccRegVfy.exe1 00 89Common Client 1.0.10.006, Symantec Corporation. Common Client Registry Integrity Verifier 01
4 8CcRegVfy0 12ccRegVfy.exe1 00203Part of  Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"37http://www.symantec.com/nav/nav_9xnt/0
4 8ccSetMgr0 12ccSetMgr.exe1 00 48Part of Norton AntiVirus 2004.  What does it do? 01
120Configuration Loader0 10ccSort.exe1 00 28Added by the AGOBOT.SR WORM!84http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_AGOBOT.SR0
126Sygate Personals Firewalls0  9ccsrn.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110WINTASKMGR0  9ccsrs.exe1 00 36a Mytob WORM variant adds this file.55http://www.sophos.com/virusinfo/analyses/w32mytobn.html0
112Norton Start0 11ccStart.exe1 00134Added by the W32/Sdbot-OX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotox.html0
110ccsvit.exe0 10ccsvit.exe1 00 36Added by the Troj/StartPa-HP Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpahp.html0
1 8nortonav0 11CCUPD32.EXE1 00 40Added by an unidentified WORM or TROJAN! 01
1 8ccUpdate0 12ccUpdate.exe1 00 28Added by the AGOBOT.YS WORM!99http://es.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.YS&VSect=T0
113Norton Update0 12ccUpdate.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
313CD Eject Tool0 17CD Eject Tool.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
111CashToolbar0 11CD_Load.exe1 00 32CashToolbar Downloader-MY adware43http://vil.nai.com/vil/content/v_126801.htm0
1 6Cydoor0 11CD_Load.exe1 00  0 01
1 6CyDoor0 11CD_Load.exe1 00 90Adware. Check here for information about Cy-Door and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
112CydoorUpdate0 11CD_Load.exe1 00  030http://www.cexx.org/cydoor.htm0
1 3cd10  7cd1.exe1 00 34Premium rate adult content dialler 01
119Auto CD-ROM Startup0 12cdaccess.exe1 00 12Added by the38W32/Rbot-AAU WORM/IRC backdoor trojan!0
118Microsoft software0 12cdaccess.exe1 00 27Added by the RBOT.ABK WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABK0
315WildTangent CDA0 33cdaEngine0400.dll",cdaEngineMain"111HKEY_LM\Run0 91Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
215WildTangent CDA0 17cdaEngine0500.dll111HKEY_LM\Run0 90WildTangent Game Loader 5.0.0.190, WildTangent, Inc.. WildTangent Automatic Update Manager39http://www.absolutestartup.com/startup/1
2 8CDANTSRV0 12CDANTSRV.exe1 00234C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually 01
1 5Cdsys0  8cdcd.sys1 00 34Added by the Troj/Agent-IA Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentia.html0
1 8Cdcompat0 12Cdcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 7cddrv320 11cddrv32.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
312Hot CD Eject0 11cdeject.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Cool Desk0  9cdesk.exe1 00239Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you25http://www.shelltoys.com/0
2 5bjcfd0  7cdf.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
213CDInterceptor0  7cdi.exe1 00 48CD indexer for measuring the speed of CD players 01
112gi17288234470  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
111gi2910297020  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
111gi6811606390  9cdlib.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
110MS-Connect0  7cdm.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
314CD Organizer 40  7cdo.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 9SystemTra0 10CDPlay.EXE1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
312XCP CD Proxy0 15CDProxyServ.exe1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
116cdrom controller0 14cdromcntrl.exe1 00 35Added by the  TROJ/BATTRY-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojbattrya.html0
1 3cds0  7cds.exe1 00 45Added by the Backdoor.Spymon backdoor Trojan.76http://www.sarc.com/avcenter/venc/data/backdoor.spymon.html#technicaldetails0
310CDSlow 2.10 10cdslow.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
217cd storage master0 14cdstorager.exe1 00131CD_Storage_Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection.26http://www.cdstorager.com/0
224KeyStone Version Control0 15cdtpUpdater.exe111HKEY_LM\Run0 44cdtpUpdater 1.00, KeyStone Learning Systems.39http://www.absolutestartup.com/startup/1
2 6CDTray0 10CDTray.exe1 00 53On HP PCs, this is the small CD icon next to the time 01
1 6Update0 13CDUpdater.exe1 00 45Carpe Diem adult premium rate dialler related 01
3 7cadenza0 10CdzSvc.exe1 00 98Cadenza  mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices67http://www.sofotex.com/Cadenza-mNotes-Pocket-PC-download_L8061.html0
3 6CeEKEY0 10CeEKey.exe1 00269It is for Toshiba laptops and enables the use of some of the special Fn keyboard keys, such as speaker on/off, hybernate, powermanagement, etc. If not running, those keys do not function. But the utility may be manually started at any time from Start Menu/Toshiba/E-Key 01
3 6CeEKEY0 10CeEKey.exe111HKEY_LM\Run0 75EKey Application 2, 1, 0, 7, COMPAL ELECTRONIC INC.. TOSHIBA HotKey Utility39http://www.absolutestartup.com/startup/1
2 4Ceic0  8Ceic.exe1 00  2?? 01
1 7ceimwfp0 11ceimwfp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 10Celine.scr1 00 43Added by the Troj/Celine-A backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojcelinea.html0
1 9CEventMgr0  8Cell.exe1 00 45Added by the Troj/Bifrose-AK backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifroseak.html0
314control center0 10Center.exe1 00 26Related to  Asus WLAN Card20http://www.asus.com/0
324ASUS WLAN Control Center0 10Center.exe125StartUp menu\Current user0 91Wireless LAN Card Utilities 1.0.0.0, ASUSTeK COMPUTER INC.. ASUS Control Center Application39http://www.absolutestartup.com/startup/1
3 8CeEPOWER0 12cepmtray.exe1 00249Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times 01
3 8CeEPOWER0 12CePMTray.exe111HKEY_LM\Run0 78CeTray Application 1, 1, 0, 12, COMPAL ELECTRONIC INC.. CeTray MFC Application39http://www.absolutestartup.com/startup/1
126Advanced Internet Protocol0  8cerf.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
313SetecCertUtil0 12Certutil.exe1 00196Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV 01
2 3CFD0  7CFD.exe1 00154BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs25http://www.broadjump.com/0
2 5BJCFD0  7CFD.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
240Corel Colleagues &amp;Contacts Reminders0 10cffrem.exe1 00131Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office43http://www.corel.com/printoffice_v1/ccc.htm0
236Corel Colleagues &Contacts Reminders0 10cffrem.exe1 00135Corel Colleagues &amp; Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office43http://www.corel.com/printoffice_v1/ccc.htm0
235Corel Family &amp;Friends reminders0 10CFFREM.EXE1 00108Corel Family & Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic67http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm0
231Corel Family &Friends reminders0 10CFFREM.EXE1 00112Corel Family &amp; Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic67http://www.corel.com/products/graphicsandpublishing/phmagic/CFF.htm0
1 3cfg0  7cfg.exe1 00 41Added by the W32/Bdoor-ZAR backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32bdoorzar.html0
1 8cfgboost0 11cfgboot.exe1 00 40Added by an unidentified WORM or TROJAN! 01
117Microsoft Runtime0 12CfgDll32.exe1 00 28Added by the RANDEX.BD WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bd.html0
4 8cfgintpr0 12cfgintpr.exe1 00 61Configuration Interpreter - part of Tiny Personal Firewall V444http://www.tinysoftware.com/home/tiny2?la=EN0
112cfgmgr51.dll0  8cfgmgr511 00106A bookedspace malware variant.  It is started with this command: RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun 01
1 8cfgmgr510 12cfgmgr51.dll1 00106A bookedspace malware variant.  It is started with this command: RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun 01
2 8cfgmgr510 19cfgmgr51.dll,DllRun111HKEY_LM\Run0 91Microsoft® Windows® Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
113Wins32 Online0 11cfgpwnz.exe1 00 37Added by W32/Rbot-WN, a network WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotwn.html0
314Printer Update0 10CFGREG.EXE1 00101Maybe a registration reminder or automatically updates drivers or application software for a printer? 01
310ConfigSafe0 11CFGSAFE.EXE1 00198ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice47http://www.imaginelan.com/configsafe/index.html0
2 5load=0 12cfgsys32.exe1 00  2?? 01
2 6cfgwiz0 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
2 9IS CfgWiz0 10cfgwiz.exe1 00 45Norton Internet Security configuration wizard 01
210NAV CfgWiz0 10cfgwiz.exe1 00126Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it 01
224NAV Configuration Wizard0 10cfgwiz.exe1 00  0 01
218Norton SystemWorks0 10cfgwiz.exe1 00117Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it 01
2 9IS CfgWiz0 87cfgwiz.exe "/GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"2 00 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component 01
210NAV CfgWiz0 39CfgWiz.exe "/GUID NAV /CMDLINE "REBOOT"211HKEY_LM\Run0 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component39http://www.absolutestartup.com/startup/1
2 9IS CfgWiz0 39cfgwiz.exe "/GUID NIS /CMDLINE "REBOOT"2 00 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component 01
218Norton SystemWorks0 68cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz2 00  0 01
318Norton SystemWorks0 68cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz211HKEY_CU\Run0 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component39http://www.absolutestartup.com/startup/1
210NAV CfgWiz0 84CfgWiz.exe /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE REBOOT2 00 81Symantec Shared Components 6.0, Symantec Corporation. Symantec Internal Component 01
2 9IS CfgWiz0 86cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"2 00 81Symantec Shared Components 5.0, Symantec Corporation. Symantec Internal Component 01
218Norton SystemWorks0 55CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}2 00 81Symantec Shared Components 4.0, Symantec Corporation. Symantec Internal Component 01
210NAV CfgWiz0 13Cfgwiz.exe /R2 00 83Norton AntiVirus 9.00.67, Symantec Corporation. Norton AntiVirus Information Wizard 01
120Configuration Wizard0 12Cfgwiz32.exe1 00127Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HCKTCK.2K.C0
316TMA distribution0 10cfinst.exe1 00143Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients 01
1 7cflkcsv0 11cflkcsv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9CTMON.EXE0  9cfmon.exe1 00 34Added by the Troj/Clckr-AN Trojan.57http://www.sophos.com/virusinfo/analyses/trojclckran.html0
121Sound Sservice Driver0  9cfmon.exe1 00 26Added by a CodBot variant. 01
0 7cFosDNT0 11cFosDNT.exe1 00 30cFos DSL Modem driver related.31http://www.cfos.de/index2_e.htm0
014cFosInst_Check0 12cfosinst.exe1 00  031http://www.cfos.de/index2_e.htm0
3 9cfosspeed0 13cFosSpeed.exe1 00 13cFos_Software31http://www.cfos.de/index2_e.htm0
435warning: do not remove it! (system)0 10cfpsys.exe1 00 88Folder_Password_Protect A program that lets you set a password on folders of your choice31http://www.protect-folders.com/0
211CFSServ.exe0 11CFSServ.exe1 00109CFSServ.exe is a Toshiba Laptop utility that allows you to easily change computer settings in a quick manner. 01
311CFSServ.exe0 21CFSServ.exe -NoClient211HKEY_LM\Run0 91ConfigFree(TM) 5, 0, 0, 0, TOSHIBA. ConfigFree(TM) Search for Wireless Devices Version 5.0039http://www.absolutestartup.com/startup/1
1 5mscfs0  9cfsys.dll1 00106Added by the Trojan.Ourxin adware Trojan.  This infection will display popups on the compromised computer.74http://www.sarc.com/avcenter/venc/data/trojan.ourxin.html#technicaldetails0
1 6ctfmon0 10cftmon.exe1 00 12Added by the34Troj/Delbot-B TROJAN/IRC backdoor!0
113SFtrb Service0 11cftrb32.exe1 00 26Added by the SOBIG.D WORM!62http://www.symantec.com/avcenter/venc/data/w32.sobig.d@mm.html0
1 7SysTray0 12cfustums.dll1 00102Added by the Troj/Small-XG dropper Trojan.br /br /Uses CLSID: bd01c70ce-f7f1-4718-89d0-0285a4a8d020/b.57http://www.sophos.com/virusinfo/analyses/trojsmallxg.html0
1 3cfy0  7cfy.exe1 00 43Surfenhance.com  SearchForIt adware variant79http://securityresponse.symantec.com/avcenter/venc/data/adware.searchforit.html0
1 4cgch0  8cgch.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cgdsva0 10cgdsva.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119CGI Firewall Script0 12CGIAGENT.EXE1 00107Added by the W32/Bropia-U P2P worm.  This infection also creates the file C:\Windows\System32\fatpammy.exe.56http://www.sophos.com/virusinfo/analyses/w32bropiau.html0
225Norton Crashguard Monitor0 10cgmenu.exe1 00100Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001 01
3 8CGServer0 12cgserver.exe1 00270Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs42http://www.eicon.com/worldwide/default.htm0
115Cgtask Services0 10cgtask.exe1 00 27Added by the LALA.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lala.b.html0
130microsoft windows files loader0 12cgy32win.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6Cgywin0 12cgywin32.exe1 00134Added by the W32/Rbot-AEI  worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaei.html0
3 9ChamClock0 13ChamClock.exe1 00 47Chameleon Clock - system tray clock replacement30http://www.softshape.com/cham/0
216ChangeResolution0 20ChangeResolution.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117PSD Tools Channel0 13ChannelUp.exe1 00 17BuddyLinks adware72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1010070
112COMSurrogate0  8char.exe1 00 34Added by the Troj/Erazer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojerazera.html0
1 7[value]0 13charmapnt.exe1 00 53Added by the Troj/Bancos-DR password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosdr.html0
314System startup0 12charmapx.exe1 00 43Only required if using an oriental language 01
126Mapa de caracteres para NT0 13charmmpxp.exe1 00 52Added by the Troj/Bancos-KG Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancoskg.html0
011Bingo Charm0 10charms.exe1 00 84Some kind of screen icon kind of like desk flag, but it gives you a choice of icons? 01
2 8Chatango0 12Chatango.exe1 00582Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately24http://www.chatango.com/0
2 8ChatWork0 12chatwork.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 8chcenter0 12chcenter.exe1 00 40HiJaak Professional 5.00, IMSI. chcenter 01
2 8Chcenter0 12chcenter.exe1 00 86IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"49http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
2 8Shcenter0 12chcenter.exe1 00  049http://www.imsisoft.com/prodinfo.asp?t=1&mcid=1000
1 8chckntfs0 12chckntfs.exe1 00 50Added by the W32/Tilebot-EF worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotef.html0
1 8chddrich0 12chddrich.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5che320 11che.ocx.vbs1 00 40Added by the WM97/Adenu-B prepend virus.56http://www.sophos.com/virusinfo/analyses/wm97adenub.html0
1 8GigaByte0 11Cheatle.exe1 00 27Added by the SHODI.B VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html0
316erecoveryservice0  9check.exe1 00157Acer Notebook related - Acer eRecovery allows the user to restore the operating system or backup the current system profile,  thus ensuring system integrity. 01
111mspaint.exe0 11check32.exe1 00 29Added by the AGENT.AH TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentah.html0
222checkcustomworksupdate0 17CheckCWupdate.exe1 00110Update checker,  part of  CustomWorks - "customize any embroidery designs to design your own unique creations"78http://www.designersgallerysoftware.com/products/product.asp?Product_ID=EDG-CW0
338WashAndGo - Cleanup of old Backupfiles0 11checker.exe1 00 29WashAndGo - temp file cleaner38http://www.abelssoft.com/washandgo.htm0
338WashAndGo - Cleanup of old Backupfiles0 18checker.exe /check2 00  0 01
310CheckIt 860 13CheckIt86.exe1 00 43Used to launch the CheckIt86 Popup blocker.69http://www.smithmicro.com/default.tpl?group=product_full&sku=C86WINEE0
122Registry Startup Check0 12checkreg.exe1 00 35Added by the Troj/RemLoad-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojremloada.html0
1 8WDNDrive0 11chgsprt.sys1 00 36Added by the Troj/Haxspy-A backdoor.57http://www.sophos.com/virusinfo/analyses/trojhaxspya.html0
138(3F143C3A-1457-6CCA-03A7-7AA23B61E40F)0  9child.dll1 00105Added by the Troj/Small-EX backdoor Trojan.br /br /Uses CLSID: b(3F143C3A-1457-6CCA-03A7-7AA23B61E40F)/b.57http://www.sophos.com/virusinfo/analyses/trojsmallex.html0
116OutPost FireWall0  9child.dll1 00105Added by the Troj/Small-ER backdoor Trojan.br /br /Uses CLSID: b(4F141CBA-1457-6CCA-03A7-7AA21B61EA0F)/b.57http://www.sophos.com/virusinfo/analyses/trojsmaller.html0
1 5eixfi0  9china.bat1 00 25Added by the WCUP.A WORM!74http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_WCUP.A0
110china11msn0 14CHINA11MSN.EXE1 00 31Added by the  W32.ENVID.O WORM!62http://www.symantec.com/avcenter/venc/data/w32.envid.o@mm.html0
2 8ChkAdmin0 12CHKADMIN.EXE1 00 79CHKADMIN Application 5.00 K1, Hewlett-Packard Company. CHKADMIN MFC Application 01
2 8CHKADMIN0 12CHKADMIN.EXE1 00129Compaq Network Management System. When running, it places an icon in the system tray titled &quot;Intelligent Manageability&quot; 01
114AdobeReaderPro0 11chkdisk.exe1 00 48Added by the W32/Rbot-BDV worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbdv.html0
110Disk check0 13chkdisk32.exe1 00 36Added by the Troj/DownLdr-IM Trojan.59http://www.sophos.com/virusinfo/analyses/trojdownldrim.html0
142Users service for disk management requests0 12CHKDSK32.EXE1 00 44Added by the Troj/Telemot-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtelemota.html0
142Disk management service for users requests0 12CHKDSK64.exe1 00 44Added by the Troj/Telemot-B backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtelemotb.html0
1 3chk0  8chke.dll1 00 48Added by the Troj/Geoload-A/a downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojgeoloada.html0
122Microsoft DLL Verifier0 11chkfile.exe1 00142Added by the W32/Rbot-AOC worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaoc.html0
211PE2CKFNT SE0 11ChkFont.exe1 00  0 01
211Pe2ckfnt SE0 11chkfont.exe1 00165Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu 01
2 7chkhbci0 11chkhbci.exe1 00 47Smart Card reader software for  Omnikey readers23http://www.omnikey.com/0
115LoadPowerScheme0 10chkreg.dll1 00  076http://securityresponse.symantec.com/avcenter/venc/data/dialer.ulubione.html0
113RegistryCheck0 10chkreg.dll1 00 50Added by the Dialer.Ulubione premium adult dialer.76http://securityresponse.symantec.com/avcenter/venc/data/dialer.ulubione.html0
311ChangeLines0 12chngline.exe1 00  2?? 01
310ChoiceMail0 14ChoiceMail.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5Choke0 16Choke.exe -blahh2 00 24Added by the CHOKE WORM!62http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html0
1 5Choke0 15Choke.exe-blahh1 00 24Added by the CHOKE WORM!62http://www.symantec.com/avcenter/venc/data/w32.choke.worm.html0
1 7chostsv0 11chostsv.exe1 00 30Added by the BANPAES.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.c.html0
138(429F4BB8-7BF7-4152-8011-3C6F9EB7E892)0  7chp.dll1 00109Added by the Troj/Spabot-E spam mailing Trojan.br /br /Uses CLSID: b(429F4BB8-7BF7-4152-8011-3C6F9EB7E892)/b.57http://www.sophos.com/virusinfo/analyses/trojspabote.html0
1 6Zacker0 13Christmas.exe1 00138Added by the W32/Maldal-C mass-mailing worm.  This infection displays a picture of Santa with the words "From the heart, Happy new year!".56http://www.sophos.com/virusinfo/analyses/w32maldalc.html0
315ChronitelInitTV0 12CHTVINIT.EXE1 00  2?? 01
110cihost.exe0 10cihost.exe1 00 26Added by the LINST TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
121Microsoft Data Helper0 10cihost.exe1 00 47Malware, possibly a variant of the LINST TROJAN73http://securityresponse.symantec.com/avcenter/venc/data/trojan.linst.html0
1 4ciip0  8ciip.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213CIJxP2PSERVER0 12CIJxP2PS.EXE1 00157Compaq printer utility which is required in order to make the printer work correctly - &quot;x&quot; depends upon the model, ie, for IJ300 x=3, for IJ700 x=7 01
1 6NTdhcp0 10CiKewl.exe1 00 42Added by the Troj/QQRob-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobn.html0
110[not used]0 24cinderawasih-4321427.exe1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
152Software\Microsoft\Windows\CurrentVersion\Runprocess0  9cipsn.exe1 00 86Added by the W32/Forbot-DM worm. This infection spreads using the LSASS vulnerability.57http://www.sophos.com/virusinfo/analyses/w32forbotdm.html0
119autovirusprotection0  9ciscv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
214CISrvr Program0 10CISRVR.EXE1 00 40Related to internet setup on Compaq PC's 01
1 5Cissi0  9Cissi.exe1 00 26Added by the CISSI.A WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.cissi.a@mm.html0
315FamilyKeyLogger0  9cisvc.exe1 00147Family Keylogger - is your best choice, if you want to know what other users on your machine are typing. Note! - this is not the cisvc.exe service.42http://www.spyarsenal.com/familykeylogger/0
3 7citiucs0 11CitiUCS.exe1 00 33Citibank  Virtual_Account_Numbers52http://www.citibank.com/us/cards/tour/cb/shp_van.htm0
2 7CitiVAN0 11CitiVAN.exe1 00140Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again24http://www.citibank.com/0
2 7CitiVAN0 28CitiVAN.exe /dontopenmycards2 00100Virtual Account Numbers 3, 7, 0, 0, 134, Orbiscom Ltd. All rights reserved.. Virtual Account Numbers 01
3 7CitiVAN0 28CitiVAN.exe /dontopenmycards211HKEY_LM\Run0100Virtual Account Numbers 3, 7, 0, 0, 134, Orbiscom Ltd. All rights reserved.. Virtual Account Numbers39http://www.absolutestartup.com/startup/1
122Windows Loader Service0  9civsc.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 4cixl0  8cixl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4CJET0  8CJet.exe1 00 45Added by the Adware.FFToolBar adware toolbar.60http://www.sarc.com/avcenter/venc/data/adware.fftoolbar.html0
1 5cjiss0  9cjiss.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7Cjstcom0 11Cjstcom.exe1 00 40Canon printer BJ status language monitor 01
228Canon Printer Monitor BJCxxx0 11Cjstlst.exe1 00 77Trayicon for Canon printer. xxx denotes model. Available via Start - Programs 01
221BJ Status Monitor 5xx0 11CJSTRxx.EXE1 00158Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer - Printers 01
225BJ Printer Status Monitor0 10Cjstsr.exe1 00 31Canon BJ printer status monitor 01
312SymKeepAlive0  7CKA.exe1 00 72Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive44http://www.symantec.com/sabu/sysworks/basic/0
312SymKeepAlive0  7CKA.exe111HKEY_CU\Run0 73Norton SystemWorks 2003.6.57, Symantec Corporation. Connection Keep Alive39http://www.absolutestartup.com/startup/1
1 4ckmv0  8ckmv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8startkey0  9CKOTS.exe1 00 45Added by the Troj/Bifrose-HM backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojbifrosehm.html0
1 7ckwvjhv0 11ckwvjhv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0 10clamav.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
4 7ClamWin0 12ClamTray.exe1 00 17ClamWin antivirus23http://www.clamwin.com/0
4 7ClamWin0 20ClamTray.exe --logon211HKEY_LM\Run0 47ClamWin Antivirus 0.83, alch. ClamWin Antivirus39http://www.absolutestartup.com/startup/1
1 8Registry0 21class0117[random].exe1 00 38Added by the Spyware.Blackbox spyware.60http://www.sarc.com/avcenter/venc/data/spyware.blackbox.html0
1 8clbcatex0 12clbcatix.dll1 00 44Identified as Trojan-Clicker.Win32.Agent.ct. 01
3 8clboot320 12CLBOOT32.EXE1 00 71PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed52http://www.vector-networks.com/pc-duo-remote-control0
322pc-duo system snapshot0 12CLBOOT32.EXE1 00 71PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed53http://www.vector-networks.com/pc-duo-remote-control/0
3 7CLCLSet0  8CLCL.exe1 00 30CLCL clipboard caching utility 01
113clean_service0 17clean_service.cmd1 00 29Added by the  W32.Refaz WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.refaz.html0
312CleanEasyImg0 12cleanall.exe1 00  2?? 01
316CleanDiskAutoRun0 13cleandisk.exe111HKEY_LM\Run0 61HS CleanDisk Pro 4.2.1, Yenicag Bilisim Ltd. HS CleanDisk Pro39http://www.absolutestartup.com/startup/1
311FoxeCleaner0 14Cleaner.exe /i2 00 60Foxie Registry Cleaner 1.0.0.1, Team Foxie. Registry Cleaner 01
312cleanregpath0 12CleanReg.exe1 00 37Apparently Annex A ADSL modem related 01
3 9CleanTemp0 12CLEANT~1.EXE1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
3 9CleanTemp0 13CLEANT~1.EXEB1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
3 9cleantemp0 26CLEANT~1.EXEBCleanTemp.exe1 00  044http://www.html2exe.com/mnu/dl/dl.shtml#free0
212CleanTempDir0 13CleanTemp.bat122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
3 9CleanTemp0 13CleanTemp.exe1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
314CleanupProgram0 11cleanup.exe1 00 44In a C:\Sony\sys folder - Sony Vaio related? 01
3 8CleanUp!0 27Cleanup.exe /WindowsRestart215HKEY_CU\RunOnce0112Windows CleanUp! 3.0, Steven R. Gould. Removes temporary files. Frees disk space and helps protect privacy!  :-)39http://www.absolutestartup.com/startup/1
3 7itweaku0  9Clear.exe1 00 19Related to  ItweakU36http://www.tucows.com/preview/1943470
110clfmon.exe0 10clfmon.exe1 00 35Added by the  TROJ/AGENT-BJ TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbj.html0
212ati catalyst0  7CLI.exe1 00235System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLE.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop 01
3 6ATICCC0 15cli.exe runtime2 00383ATI's CATALYST™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start - Programs - ATI Catalyst Control Center - Advanced - Restart Runtime 01
224ATI CATALYST System Tray0 18CLI.exe SystemTray2 00235System Tray access to ATI's CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop 01
324ATI CATALYST System Tray0 18CLI.exe SystemTray222StartUp menu\All users0 50ACE 1.0.1718.38664, ATI Technologies Inc.. CLI.EXE39http://www.absolutestartup.com/startup/1
3 6Vonage0 14click2call.exe1 00 43Vonage Voice over IP Internet phone service31http://www.vonage.com/index.php0
2 7ClickMe0 11ClickMe.exe1 00 22ClickM  "JOKE" program75http://www.trendmicro.com/vinfo/jokes/jokesDetails.asp?JNAME=JOKE_CLICKME.A0
3 8Clickoff0 12Clickoff.exe1 00 54Clickoff automatically dismisses annoying dialog boxes47http://www.johanneshuebner.com/en/clickoff.html0
217Click Radio Tuner0 12clickr~1.exe1 00 70ClickRadio - subscription service playing radio music via the internet35http://www.clickradio.com/home.html0
219Click Tray Calendar0 12ClickT~1.EXE1 00 81ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc55http://waseo.de/en/Freeware2/ClickTrayE/clicktraye.html0
316Express ClickYes0 12ClickYes.exe111HKEY_CU\Run0 39Express ClickYes 1.1, ContextMagic.com.39http://www.absolutestartup.com/startup/1
1 8CLICONFG0 12CLICONFG.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
0 9pagmstart0 10client.exe1 00 25Possibly related to this? 7#FF00000
2 9DigiGuide0 10client.exe1 00 43Client 7.0, GipsyMedia Limited. Client code 01
2 9DigiGuide0 10CLIENT.EXE1 00 21TV guide and reminder 01
314Client Default0 10Client.exe1 00176A href="http://www.samurize.com/modules/news/"  rel="nofollow" target="_blank"Samurize is a system monitoring and desktop enhancement engine for Microsoft Windows 2000/XP/2003. 01
1 7piaoyes0 10client.exe1 00 37Added by the Backdoor.Djump backdoor.58http://www.sarc.com/avcenter/venc/data/backdoor.djump.html0
214Client Default0 20Client.exe i=Default225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
2 9DigiGuide0 12client01.exe1 00 21TV guide and reminder 01
1 7WIN32DS0 15clienttimer.exe1 00  056http://www.sarc.com/avcenter/venc/data/adware.eziin.html0
1 6WIN32i0 15clienttimer.exe1 00 44Added by the Adware.Eziin homepage hijacker.56http://www.sarc.com/avcenter/venc/data/adware.eziin.html0
1 7win32io0 15clienttimer.exe1 00 22Added by  Eziin adware60http://www.symantec.com/avcenter/venc/data/adware.eziin.html0
2 9clipdiary0 13clipdiary.exe111HKEY_CU\Run0 61ClipDiary Application 1, 0, 0, 1, . ClipDiary MFC Application39http://www.absolutestartup.com/startup/1
3 9clipdiary0 13clipdiary.exe1 00 61ClipDiary Application 1, 1, 0, 0, . ClipDiary MFC Application 01
3 9ClipMate60 12ClipMate.exe1 00168Clipmate is a program that runs in your task bar and captures/saves any data you copy to the clipboard.  You can then retrieve this data at a later date using Clipmate.25http://www.thornsoft.com/0
3 9ClipMate60 12ClipMate.exe111HKEY_CU\Run0 72ClipMate Clipboard Extender 6.5, Thornsoft Development, Inc.. ClipMate 639http://www.absolutestartup.com/startup/1
210ClipMate5x0 12ClipMt5x.exe1 00128Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs44http://www.thornsoft.com/ProductOverview.asp0
2 9Clipmate60 12CLIPMT60.EXE1 00126Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start - Programs35http://www.thornsoft.com/new_60.htm0
2 9ClipMate60 12ClipMt63.exe1 00131Clipmate allows you to store clips of text that you can then assign to hotkeys that will paste that information back to a document.25http://www.thornsoft.com/0
210Clipomatic0 14Clipomatic.exe1 00169Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data36http://www.mlin.net/Clipomatic.shtml0
1 7ClipSrv0 12clipserv.exe1 00134Added by the W32/Sdbot-AAV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotaav.html0
1 7ClipSrv0 13clipservr.exe1 00133Added by the W32/Sdbot-AFE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafe.html0
216Clipbook Service0 11Clipsrv.exe1 00 86Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks 01
2 7Clipsrv0 11Clipsrv.exe1 00  0 01
111LocalSystem0 13clipsvr16.exe1 00 22Added by Backdoor.Femo57http://www.sarc.com/avcenter/venc/data/backdoor.femo.html0
111LocalSystem0 13clipsvr32.exe1 00 22Added by Backdoor.Femo57http://www.sarc.com/avcenter/venc/data/backdoor.femo.html0
2 8ClipTrak0 12ClipTrak.exe1 00 29ClipTrak - clipboard extender50http://www.pcmag.com/article2/0,4149,114185,00.asp0
211ClipTrakker0 15ClipTrakker.exe1 00 32Cliptrakker - clipboard extender27http://www.cliptrakker.com/0
211ClipTrakker0 28ClipTrakker.exe /starthidden2 00125ClipTrakker Application 1.2 Release Candidate 1, Silicon Prairie Software (www.ClipTrakker.com). ClipTrakker Main Application 01
318SMS Client Service0 12clisvc95.exe1 00488When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server) 01
313CLMFrontPanel0 12clmpanel.exe1 00163System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost 01
1 5clmss0  9clmss.exe1 00134Added by the W32/Tilebot-AO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotao.html0
133Content List Management Subsystem0  9clmss.exe1 00133Added by the W32/Spybot-EL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotel.html0
415[Various Names]0 11cloaker.exe1 00 90Used by HP and Compaq computers to hide the windows of programs passed as arguments to it. 01
315accessoriesplus0 13clockplus.exe1 00110Clock Plus,  part of  Accessories_Plus allows you to select from dozens of alternatives for the Windows clock.20,  part of  <a href=0
3 9ClockWise0 13CLOCKWISE.EXE1 00258ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync36http://www.rjsoftware.com/ClockWise/0
1 4wise0 13clockwise.exe1 00 42Added by the Troj/Lazar-A backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojlazara.html0
3 5ClocX0  9ClocX.exe1 00 78ClocX is analog clock application for Microsoft Windows 98/ME/NT/2000/XP/2003.19http://clocx.fi.cz/0
3 7CloneCD0 15CloneCDTray.exe1 00149System tray for CloneCD - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions36http://www.elby.org/CloneCD/english/0
311CloneCDTray0 15CloneCDTray.exe1 00  036http://www.elby.org/CloneCD/english/0
311CloneCDTray0 15CloneCDTray.exe111HKEY_LM\Run0 52CloneCD 4, 1, 0, 0, Elaborate Bytes AG. CloneCD Tray39http://www.absolutestartup.com/startup/1
311CloneCDTray0 18CloneCDTray.exe /s2 00 47CloneCD 5, 0, 0, 0, SlySoft, Inc.. CloneCD Tray 01
320CyberLat Ram Cleaner0 16CLRamCleaner.exe1 00206CyberLat RAM Cleaner is a program that Frees, Optimizes and Defrags your system's wasted memory (RAM). Some users swear by programs such as this but I suggest you read this article and make up your own mind35http://www.cyberlat.com/ramcleaner/0
320cyberlat ram cleaner0 16CLRamCleaner.exe111HKEY_LM\Run0 72CyberLat Ram Cleaner 2.x 2.01.0010, CyberLat. Increasing your PC's Speed39http://www.absolutestartup.com/startup/1
1 9MSVersion0 14clrschp038.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
114coolwebprogram0 10clrssn.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
112clock Loader0  7cls.exe1 00137Added by the W32/Sdbot-AFT worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaft.html0
116Windows System320 11clsas32.exe1 00132Added by the W32/Rbot-AZO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotazo.html0
123Windows System32 Driver0 12clsass32.exe1 00 49Added by the W32/Sdbot-AGG worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagg.html0
1 7cluijpl0 11cluijpl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
423Start RF Wireless Mouse0  8cm20.exe1 00 44Yuanxun Electronics RF wireless mouse driver 01
3 3cma0  7cma.exe1 00 77DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"29http://www.desksitemusic.com/0
3 3cma0  7cma.exe1 00 87DeskSite CMA siftware - &quot;retrieves new content from the DeskSite Data Center&quot;29http://www.desksitemusic.com/0
312Desksite CMA0  7cma.exe1 00  029http://www.desksitemusic.com/0
216CyberMedia Agent0 11CMAGENT.EXE1 00204Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled 01
111MachineTest0 12CMagesta.exe1 00134Added by the W32/Sdbot-NE worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotne.html0
111cesmain.dll0 19cmail.dll, Rundll322 00 52CnsMin &quot;Chinese Keywords&quot; hijacker related42http://217.115.153.73/parasite/CnsMin.html0
218Connection Manager0 12CManager.exe1 00229SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service 01
1 5CMAPP0 15cmappclient.exe1 00 33Added by the Trojan.Cmapp Trojan.73http://www.sarc.com/avcenter/venc/data/trojan.cmapp.html#technicaldetails0
118Dynamic Dns Binary0  9CMD16.EXE1 00113A R-Bot WORM variant functioning as a backdoor Trojan uses this file to terminate processes, among other actions.55http://www.sophos.com/virusinfo/analyses/w32rbotxm.html0
115Ass and titties0  9CMD32.EXE1 00135Added by the Troj/SdBot-GG worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgg.html0
1 3Cmd0  9cmd32.exe1 00 25Added by the TANKED WORM!57http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm0
120Configuration Loader0  9cmd32.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
112ControlPanel0 42cmd32.exe internat.dll,LoadKeyboardProfile2 00 47Added by the Troj/Dloader-JW downloader TROJAN.59http://www.sophos.com/virusinfo/analyses/trojdloaderjw.html0
116ControlPanel&gt;0 42cmd32.exe internat.dll,LoadKeyboardProfile2 00 47Added by the Troj/Dloader-JW downloader TROJAN.59http://www.sophos.com/virusinfo/analyses/trojdloaderjw.html0
112ControlPanel0 42cmd32.exe internat.dll,LoadKeyboardProfile211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cmdcon0 10cmdcon.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
121Windows Smrss Service0 11cmdpipe.exe1 00134Added by the W32/Tilebot-AE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotasm.html0
115cmdprompt32.pif0 15CmdPrompt32.pif1 00 33Added by the  W32.Assiral.B WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html0
1 6MyLife0 11CmdServ.exe1 00 26Added by the HOLAR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.A0
111MsgSvcMgr320 12cmdzxdll.exe1 00133Added by the W32/Rbot-AEK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaek.html0
1 3CME0  7cme.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
315Check Messenger0 12cmesseng.exe1 00 97Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account34http://www.qchex.com/messenger.asp0
3 6CMESys0 10CMESys.exe111HKEY_LM\Run0 55CME 7.1.0.6, GAIN Publishing. CME II Client Application39http://www.absolutestartup.com/startup/1
1 6CMESys0 10CMESys.exe1 00 55CME 7.3.0.0, GAIN Publishing. CME II Client Application 01
1 6CmeSYS0 10CMEsys.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
1 6CmeUPD0 10CMEupd.exe1 00 70Part of  Gator advertising spyware - see here for removal instructions46http://www.thiefware.com/info/data.gator.shtml0
0 8CMGrdian0 12CMGrdian.exe1 00 36One of the McAfee shared components. 01
2 8Guardian0 12CMGrdian.exe1 00211McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic 01
215McAfee Guardian0 12CMGRDIAN.EXE1 00  0 01
215McAfee Guardian0 16CMGrdian.exe /SU211HKEY_LM\Run0 84McAfee Windows Guardian 3.00.1051.0, Network Associates, Inc.. McAfee Guardian Agent39http://www.absolutestartup.com/startup/1
331IBM Wireless LAN Client Manager0  9CMIBM.EXE122StartUp menu\All users0 46cmibm Executable 1, 1, 58, 0, IBM Corporation.39http://www.absolutestartup.com/startup/1
310cmpciaudio0 12CMICNFG3.CPL1 00 63Registers the Control Panel applet for a C-Media PCI sound card 01
3 7ORiNOCO0  9Cmluc.exe1 00 56Client Manager software for an ORiNOCO wireless LAN card31http://www.orinocowireless.com/0
1 5cmman0  9CMMan.exe1 00124Added by the  Trojan.Cmapp TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.cmapp.html0
1 8cmmfuugt0 12cmmfuugt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
136Microsoft Connection Manager Monitor0  9cmmon.pif1 00132Added by the W32/Rbot-AKV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotakv.html0
110Cmmon32Sys0 11cmmon32.exe1 00 29Added by the SMALL.CL TROJAN! 01
2 4run=0  9cmmpu.exe1 00212MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI) 01
115[Various Names]0 10cmon14.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
124(random 12 digit number)0 12cmpbk321.exe1 00 33Adsrv.com/IeDriver adware variant58http://sarc.com/avcenter/venc/data/pf/adware.iedriver.html0
3 8CMPDPSRV0 12CMPDPSRV.EXE1 00237Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). &quot;Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more.&quot; Installed with some Compaq and Lexmark printers32http://www.viewahead.com/PDP.htm0
1 5cmrrs0  9cmrrs.exe1 00 36Added by the Troj/Dadobra-FO Trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobrafo.html0
1 5cmrss0  9cmrss.exe1 00 81Added by the A href="http://www.sophos.com/virusinfo/analyses/trojdloadermr.html"23Troj/Dloader-MR TROJAN!0
1 5cmrst0  9cmrst.exe1 00 38Added by the  PWSteal.Bancos.S TROJAN!64http://www.symantec.com/avcenter/venc/data/pwsteal.bancos.s.html0
1 5cmrst0  9cmrst.scr1 00 47Added by the Troj/Dloader-FP TROJAN/downloader!59http://www.sophos.com/virusinfo/analyses/trojdloaderfp.html0
125Microsoft System32 Update0  9cmsrg.exe1 00 26Added by the RBOT-GN WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgn.html0
116Microsoft Update0  8cmss.exe1 00132Added by the W32/Rbot-ATQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatq.html0
120Windows CMS Protocol0  8cmss.exe1 00 48Added by the W32/Rbot-BFT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbft.html0
113ATD Direct CD0  9cmssr.exe1 00 46Added by the Troj/Stinx-V IRC backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxv.html0
118Microsofts Updatez0 10cmsssr.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 8cmsystem0 12CMSystem.exe1 00 24CASClient adware variant109http://re0
1 6cmt1010 10cmt101.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
113Remote Themes0 12cmutfilt.exe1 00  0 01
114Update Browser0 12cmutfilt.exe1 00 59Unknown malware.  Possible trojan downloader and  backdoor. 01
1 8cmwmsnfy0 12cmwmsnfy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5cmx320  9cmx32.exe1 00 27Added by the GEMA.D TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=404930
119Windows System File0  8cmxp.exe1 00 29Added by the SPYBOT.KHO WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.kho.html0
1 6CNBABE0 10CNBABE.EXE1 00103Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing 01
1 8cnexazcv0 12cnexazcv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115UpdateComponent0 11CNF UPD.EXE2 00 30Added by the SPYBOT.GEN VIRUS! 01
1 8shambl3r0  7cnf.bat1 00 25Added by the REMABL WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.remabl.worm.html0
121Configuration Manager0 12CNFGLD32.EXE1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
121Configuration Manager0 11Cnfgldr.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
1 7Cnfrm320  9cnfrm.exe1 00 27Added by the MIMAIL.D WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.d@mm.html0
1 6Dluxjp0  9cnfrm.exe1 00 28Added by the DLUCA.D TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.d.html0
1 5Cn3230 11cnfrm33.exe1 00 27Added by the MIMAIL.G WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.g@mm.html0
115[Various Names]0 11cnftips.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5cnlkg0  9cnlkg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8cnoptoab0 12cnoptoab.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Mspatch890 10cnqmax.exe1 00 27Added by the RANDEX.P WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.p.html0
127Microsoft Intrenet Explorer0  8cnsg.pif1 00133Added by the W32/Rbot-ARO worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaro.html0
3 6CnsMin0 19CnsMin.dll,Rundll32111HKEY_LM\Run0 95Microsoft(R) Windows(R) Operating System 5.1.2600.0, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
124System Failure Statistic0 10cnstat.exe1 00 26Added by the RBOT-LF WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlf.html0
332Connection Watcher - NETanalyser0  9cnwcw.exe122StartUp menu\All users0 46Connection Watcher 2.00.0011, NETanalyser.com.39http://www.absolutestartup.com/startup/1
4 8CnxAdslL0 12CnxAdslL.exe1 00 37DLink, Zoom, or Conexant modem driver 01
213CnxDslTaskBar0 12CnxDslTb.exe1 00 78Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems 01
2 9WooCnxMon0 10CnxMon.exe1 00 69Wanadoo ISP software related - not required - here's how to bypass it54http://www.faqoe.com/index.php?bas=/connexionmanel.htm0
310ledpointer0 11CNYHKey.exe1 00 53Chicony Electronics Multimedia Keyboard Hotkey Driver 01
217Coast to Coast AM0 34Coast to Coast AM Media Center.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
315Cobian Backup 60  9CobBU.exe111HKEY_LM\Run0 57Cobian Backup 6.1, Luis Cobian. Cobian Backup Application39http://www.absolutestartup.com/startup/1
1 9Diskstart0  8Code.exe1 00 21Adult content dialler 01
1 9Hpscanner0 10codeme.exe1 00  055http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
1 7Myvirus0 10codeme.exe1 00 31Added by the W32/Patco-A  worm.55http://www.sophos.com/virusinfo/analyses/w32patcoa.html0
114System Service0 11coderxt.exe1 00132Added by the W32/Rbot-ALD worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotald.html0
1 4Divx0  9codll.exe1 00109Added by the Troj/Gravebot-A IRC backdoor.  This infection also creates the file C:\Windows\System32\sum.tgz.59http://www.sophos.com/virusinfo/analyses/trojgravebota.html0
120compd service drivrs0  8codq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8DBGA0EEG0 12Cokmgl32.dll1 00 93Added by the W32/Doxpar-F worm.br /br /Uses CLSID: b(48AC6462-563A-5DB4-6C73-5C2257016F8D)/b.56http://www.sophos.com/virusinfo/analyses/w32doxparf.html0
3 8siscolor0  9color.exe1 00206Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board 01
3 8coloreal0 12coloreal.exe1 00 85Makes colours sharper and brighter, but will only work with coloreal capable monitors 01
3 9WCOLOREAL0 12coloreal.exe1 00  0 01
3 9WCOLOREAL0 12coloreal.exe1 00  0 01
1 5CLSID0  7com.exe1 00 21Adult content dialler 01
1 4Com+0  8COM+.EXE1 00139Added by the  W32/Randon-O worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randono.html0
3 8ComAgent0 12ComAgent.exe1 00 45ComAgent - MDaemon's instant messaging client59http://www.altn.com/products/default.asp?product_id=MDaemon0
1 9combo.exe0  9combo.exe1 00105Unidentified mass-mailing spam malware.  When run this file, and combop.exe, send spam from your machine. 01
411MaxtorCombo0 15ComboButton.exe1 00140Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect) 01
110combop.exe0 10combop.exe1 00104Unidentified mass-mailing spam malware.  When run this file, and combo.exe, send spam from your machine. 01
1 6COMCFG0 10comcfg.exe1 00 30Added by the TOADCOM.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_TOADCOM.A0
1 6VB_run0 13comctl_32.exe1 00 36Dubious downloader from densmail.com 01
1 8comctl320 12comctl32.exe1 00 88Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am36http://www.kaspersky.com/personalpro0
1 8comctsvc0 12comctsvc.exe1 00 50Added by the W32/Tilebot-CM worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcm.html0
229NB Common Dialog Enhancements0 12COMDLGEX.EXE1 00106Part of McAfee Nuts &amp; Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs 01
1 6CC2KUI0  9comet.exe1 00192Comet Cursor - displays different mouse pointers dependent upon the site your visiting. Malware because it automatically installs. See here for more information and for the uninstall procedure43http://www.accs-net.com/smallfish/comet.htm0
112SSWPlauncher0 27comet.exe /app:SSWPlauncher2 00 28CometCursor by Comet Systems48http://www.doxdesk.com/parasite/CometCursor.html0
1 8mssysint0 10comime.exe1 00 45Added by the Troj/Netsnake-I backdoor trojan.59http://www.sophos.com/virusinfo/analyses/trojnetsnakei.html0
2 6COM-IP0  9COMIP.EXE1 00189COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212) 01
1 5Timer0  8comm.exe1 00 44Added by the Troj/Bdoor-IP  trojan backdoor.57http://www.sophos.com/virusinfo/analyses/trojbdoorip.html0
0 7Caption0  7Command112Startup item0  0 4Link0
1 7COMMAND0 11command.exe1 00 29Added by the QQPASS.E TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.e.html0
115Command Service0 11command.exe1 00164Identified as Adware.CommAd.A. This adware delivers popups to your computer. This infection also installs the file  asappsrv.dll into the same folder as command.exe 01
1 8Currency0 11Command.exe1 00 38Added by the Backdoor.Goster backdoor.59http://www.sarc.com/avcenter/venc/data/backdoor.goster.html0
110WinProfile0 11Command.exe1 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
110WinProfile0 11Command.exe1 00 26Added by the BUDDY TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BUDDY.E0
110Messenger60 11command.pif1 00 26Added by the INZAE.B WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html0
1 5candy0 13command32.exe1 00 26Added by the RBOT-LV WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotlv.html0
1 9command320 13command32.exe1 00 35Added by the Troj/LineaDl-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojlineadla.html0
111Win Command0 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk0
111Win Command0 13command32.exe1 00 28Added by the AGOBOT.XQ WORM!108http://uk0
210IomegaWare0 13COMMANDER.EXE1 00 99Used by Iomega drives. Details of its purpose can be found here. Available via Start -&gt; Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
316Browser Launcher0 12Commandr.exe1 00162Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys 01
317zBrowser Launcher0 12Commandr.exe1 00193For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them 01
2 7CommCtr0 11commctr.exe1 00169Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!. Available via Start - Programs62http://commcenter.net2phone.com/GLPPublish.asp?idpage=features0
311Comm Driver0 11commh32.exe1 00157G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
115printer spooler0 16commonaccess.exe1 00 51Added by the Troj/Delf-LB browser hijacking trojan.56http://www.sophos.com/virusinfo/analyses/trojdelflb.html0
213AOL Companion0 13companion.exe1 00212Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use 01
213AOL Companion0 16companion.exe /s222StartUp menu\All users0 41AOL Companion 1, 6, 2, 0, . AOL Companion39http://www.absolutestartup.com/startup/1
122Compaq Service Drivers0 10compaq.exe1 00133Added by the W32/Sdbot-AFU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafu.html0
120IPOT Service Drivers0 10compaq.exe1 00 45Added by a variant of the   FUROOTKIT TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1271310
221Compaq Message Server0 14COMPAQ-RBA.EXE1 00718Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start - Programs - Compaq Advisor - Advisor Settings under the "advanced" tab. Not required and can cause problems 01
138(874e009f-7e1e-42b5-86df-b9cde35ad753)0  9comph.dll1 00105Added by the Troj/Bdoor-QG backdoor Trojan.br /br /Uses CLSID: b(874e009f-7e1e-42b5-86df-b9cde35ad753)/b.57http://www.sophos.com/virusinfo/analyses/trojbdoorqg.html0
2 7Cleanup0 11compind.bat111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Compliant0 13compliant.exe1 00235Added by the W32/Rbot-LB trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection terminates certain processes and logs keystrokes to a file called syste.txt.55http://www.sophos.com/virusinfo/analyses/w32rbotlb.html0
126Microsoft Com Port Manager0 11COMPORT.EXE1 00152Added by the W32/Sdbot-AT backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotat.html0
122compaq service drivers0  9compq.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
125Compaq Service Drivers 320 11compq32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
122compaq service drivers0 10compqs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
123compaqs service drivers0 10compqs.exe1 00  043http://vil.nai.com/vil/content/v_100454.htm0
115Service Drivers0  9Compt.exe1 00 50Added by the W32/Rbot-ZJ WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzj.html0
119Geography TX 1.0 NT0 14CompuSpeed.vbs1 00195Added by the VBS/Newley-A. The worm attempts to setup an administrator account, and if uninstalled using Add/Remove programs will likely delete SVCHOST.EXE, which usually shuts the computer down.56http://www.sophos.com/virusinfo/analyses/vbsnewleya.html0
1 6comrep0 13comrepl32.exe1 00 48Added by the W32/Rbot-DNH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdnh.html0
2 9COMSMDEXE0 10comsmd.exe1 00 143Com tray icon 01
118Meeting Connection0 12comsutil.exe1 00 12Added by the21Troj/PPdoor-E TROJAN!0
1 5comxt0  9comxt.exe1 00 26Added by the COMXT TROJAN!60http://www.symantec.com/avcenter/venc/data/trojan.comxt.html0
114Zekio Startups0 10condll.exe1 00113W32/Agobot-AGD is an IRC backdoor Trojan and network worm.  This file is located in the Windows system directory.58http://www.sophos.com/virusinfo/analyses/w32agobotagd.html0
134Microsoft Firewall Settings Loader0 10conf32.exe1 00121Added by the W32/Sdbot-KM worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkm.html0
312cucore agent0 13ConfAgent.exe1 00 95First Virtual Communications, Inc., Now RADVISION Ltd  Click_to_Meet videoconferencing software48http://www.clicktomeet.com/eng/products/ctm4.htm0
120Configuration Loader0 12confgldr.exe1 00 26Added by the POLYBOT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html0
1 6AolCon0 10config.com1 00 25Added by the TAPLAK WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.taplak.html0
214ConfigServices0 10Config.exe1 00 36Part of initial setup on a Compaq PC 01
221Configuration Utility0 10Config.exe1 00  0 01
221Configuration Utility0 10CONFIG.EXE1 00 64Controls linksys wireless connection. Available from the Desktop 01
121Microsoft Config File0 10config.exe1 00 94Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls! 01
1 8Explorer0 11config_.com1 00 44Added by the W32/Floppy-D floppy drive worm.56http://www.sophos.com/virusinfo/analyses/w32floppyd.html0
112Config33.exe0 12Config33.exe1 00 28Added by the SDBOT.T TROJAN!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.T0
121Configuration Loading0 13configldr.exe1 00 28Added by the AGOBOT-EC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotec.html0
1 5cmd320 11configs.exe1 00 47Hijacker,  also detected as the  QURL-2 TROJAN!43http://vil.nai.com/vil/content/v_126408.htm0
1 8update320 11configs.exe1 00 47Hijacker,  also detected as the  QURL-2 TROJAN!43http://vil.nai.com/vil/content/v_126408.htm0
111configsetup0 17configsetup32.exe1 00135Added by the W32/Agobot-AFP worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.58http://www.sophos.com/virusinfo/analyses/w32agobotafp.html0
321Palm MultiUser Config0 14Configtool.exe1 00 47MultiUser configuration for a Palm PDA device?. 01
1 6cartao0 14conflicted.exe1 00 36Added by the Troj/Dadobra-DV trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobradv.html0
2 7Gearbox0 11confsvr.exe1 00210NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here41http://www.ntlworld.com/help/settings.htm0
2 6Conmgr0 10conmgr.exe1 00 28Starts Winfax pro at startup 01
310ConMgr.exe0 10conmgr.exe1 00172Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut&nbsp; 01
316Sametime Connect0 11Connect.exe1 00 53IBM Lotus Instant Messaging and Conferencing software57http://www.lotus.com/products/product3.nsf/wdocs/homepage0
316Sametime Connect0 11Connect.exe125StartUp menu\Current user0 88Sametime Connect 6, 5, 1, 0, Lotus Development Corporation. Sametime Connect Application39http://www.absolutestartup.com/startup/1
113Connect2Party0 17connect2party.exe1 00 21Adult content dialler 01
115System Services0 14connection.exe1 00 40Added by an unidentified WORM or TROJAN! 01
229SBC Yahoo! Connection Manager0 21ConnectionManager.exe1 00 69SBC Yahoo! Dial 2.0.1.3131, SBC Yahoo!. SBC Yahoo! Connection Manager 01
229sbc yahoo! connection manager0 21ConnectionManager.exe1 00305The cmanager.exe process is used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection. 01
326PCSuiteForNokia3650 Detect0 17ConnMngmntBox.exe122StartUp menu\All users0 62Symbian Connect 1, 0, 0, 1, Symbian Ltd.. ConnMngmntBox Module39http://www.absolutestartup.com/startup/1
1 8conscorr0 12conscorr.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 4Cons0 12consol32.exe1 00 89Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed 01
110icq center0 12consoles.exe1 00 39Added as a result of the  RANDIN VIRUS!71http://securityresponse.symantec.com/avcenter/venc/data/w32.randin.html0
1 8systrasx0 12CONSOLES.EXE1 00134Added by the W32/Sdbot-NW worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnw.html0
0 8Contacte0 12contacte.exe1 00 20Some kind of driver? 01
115Windows Control0 11Control.exe1 00218Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs! 01
416SandboxieControl0 11Control.exe1 00 46Installed by the Sandboxie  security software.25http://www.sandboxie.com/0
115[Various Names]0 13control64.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
310CookieWall0 10cookie.exe1 00147CookieWall from Analog X. Allows you to decide which internet sites can add &quot;cookies&quot; related to their sites for the next time you return59http://www.analogx.com/contents/download/network/cookie.htm0
310CookieWall0 10cookie.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
312Cookie Cop 20 13CookieCop.exe1 00159Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return50http://www.pcmag.com/article/0,2997,a=20844,00.asp0
3 9CookieJar0 13Cookiejar.exe1 00169Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add &quot;cookies&quot; related to their sites for the next time you return43http://www.jasons-toolbox.com/cookiejar.asp0
312CookiePatrol0 16CookiePatrol.exe1 00 71CookiePatrol - PestPatrol's cookie interceptor stopping spyware cookies39http://www.pestpatrol.com/CookiePatrol/0
124Microsoft System Checkup0  8Cool.exe1 00 25Added by the DONK.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.b.html0
1 8HELLBOT30 11coolbot.exe1 00 50Added by the W32/Mytob-S WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32mytobs.html0
3 8CoolKill0 12CoolKill.exe1 00 29Coolkill is a process killer.59http://www.prowebsitemanagement.com/cooltools/coolkill.html0
319CoolBeansSystemInfo0 18coolsysteminfo.exe111HKEY_LM\Run0 46Cool System Info 1.0.0.0, Cool Beans Software.39http://www.absolutestartup.com/startup/1
323copernic desktop search0 25CopernicDesktopSearch.exe1 00142Copernic  Desktop_Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures."61http://www.copernic.com/en/products/desktop-search/index.html0
323Copernic Desktop Search0 31CopernicDesktopSearch.exe /tray211HKEY_CU\Run0 98Copernic Desktop Search DESKTOPSEARCH 1.5 ENG, Copernic Technologies Inc.. Copernic Desktop Search39http://www.absolutestartup.com/startup/1
322CopernicPerUserTaskMgr0 26CopernicPerUserTaskMgr.exe1 00 66Automatic tasking feature of Copernic Pro multi-search engine tool 01
121compaq service drivrs0  8copq.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113WinShowUpdate0 50copy C:\WINDOWS\winshow.new C:\WINDOW\Swinshow.dll2 00 96Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version44http://www.doxdesk.com/parasite/Winshow.html0
312Copy handler0 16Copy Handler.exe2 00219Copy_Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes. 01
221Copy of StartupFaster0 21Copy of StartupFaster222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
311Resume Copy0 12copyfstq.exe1 00231Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function28http://ranvik.net/totalcopy/0
311Resume copy0 21copyfstq.exe /startup211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
122compaqs service driver0 13copypad32.exe1 00 23Added by the  SDBOT.CSO86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CSO&VSect=T0
0 2cp0 26CopyProtectionNotifier.exe1 00 88Related to  Emuzed Systems and Middleware.  Comes included with Windows XP Media Edition38http://www.emuzed.com/application.html0
310CoreCenter0 12CORECE~1.EXE1 00  0 01
310CoreCenter0 14CoreCenter.exe1 00126MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking 01
117CorelDraw Toolbox0 13CorelDraw.exe1 00107Sdbot WORM/IRC backdoor variant adds this, and will allow for a malicious attacker to exploit the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotvz.html0
1 7CoreSrv0 11coresrv.exe1 00 63Some IRC trojans/worms use this - see here for more information29http://lockdowncorp.com/bots/0
3 7CORESYS0 11coresys.exe1 00  2?? 01
111PC-Config320 10corona.exe1 00 28Added by the CORONEX.A WORM!57http://www.sophos.com/virusinfo/analyses/w32coronexa.html0
1 7cleanup0 13corpstats.exe1 00 44Added by the Troj/Ransom-A ransoming Trojan.57http://www.sophos.com/virusinfo/analyses/trojransoma.html0
115[Various Names]0 11corrida.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6cosine0 10cosine.exe1 00 26Added by the RBOT-SW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsw.html0
1 9couponica0 13couponica.exe1 00 17Adware - see here47http://vil.nai.com/vil/content/v_100077.htm#top0
3 7CP32NOT0 11CP32BTN.EXE1 00116For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons 01
313CPA9P2PSERVER0 12CPA9P2PS.exe1 00 42Found on a Compaq Presario but what is it? 01
219Verizon Control Pad0  8cpad.exe1 00100Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience56http://www.verizon.net/pands/dsl/benefits/controlpad.asp0
3 7CPATR100 11CPATR10.EXE1 00148Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast 01
310Cookie Pal0 12CPBrWtch.exe1 00 49Cookie Pal 1.7.0.0, Kookaburra Software. CPBrWtch 01
310Cookie Pal0 12CPBRWTCH.EXE1 00159Kookaburra Softwares Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return57http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
3 8CPBrWtch0 12CPBrWtch.exe1 00  057http://www.pcmag.com/article/0,2997,s=1626&a=12703,00.asp0
4 7CPD_EXE0  7CPD.EXE1 00 42Firewall bundled with McAfee VirusScan 6.* 01
415McAfee Firewall0  7CPD.EXE1 00 78Firewall bundled with McAfee VirusScan 6.*.&nbsp;Can also be listed as CPD_EXE 01
1 4cpds0  8cpds.exe1 00 33Added by the Troj/Ghudl-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojghudlc.html0
3 8LManager0 12CPLBCL53.EXE1 00150A system tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations. 01
2 8CplBTQ000 12CplBTQ00.EXE1 00117Dritek System Inc. CPATR10 01.17.2003 ( VC60 ) 1.210, Dritek System Inc.. Compal ATR10 Easy Button ( Multi-Language ) 01
2 8cplbtq000 12CplBTQ00.EXE1 00 20Related to  EZbutton43http://castlecops.com/startuplist-8891.html0
2 8cpldbl100 12CPLDBL10.exe1 00 39Related to the  EZbutton quick launcher45http://castlecops.com/s8891-EzButton_EXE.html0
310CPortPatch0 11cppatch.exe1 00107CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though? 01
322A1000 Settings Utility0 12cpqa1000.exe1 00164Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features 01
116Compaq Print Fax0 12cpqa1000.exe1 00 51Added by the W32/Sdbot-WL WORM/IRC backdoor trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwl.html0
4 7CPQAcDc0 11CPQAcDc.exe1 00 53Compaq PowerCon power management software for laptops 01
314Compaq Alerter0 12CPQAlert.exe1 00255Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information48fault, performance, and configuration management0
3 8CPQAlert0 12CPQAlert.exe1 00  070http://www.compaq.com/products/servers/management/cim-description.html0
213CPQBootPerfDB0 17CPQBootPerfDB.EXE1 00 39See the entry for Compaq Message Server 01
4 8CPQCalib0 12CPQCalib.exe1 00 53Compaq PowerCon power management software for laptops 01
2 8CPQDFWAG0 12CpqDfwAg.exe1 00 54For Compaq PC's. Runs Compaq diagnostics on every boot 01
210System DLF0 12cpqdiaga.exe1 00165Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start - Programs 01
210Compaq DMI0 10cpqdmi.exe1 00 50Compaq version of the Desktop Management Interface 01
310CPQEASYACC0 11cpqeadm.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
3 7cpqeaui0 11cpqeaui.exe1 00116For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys 01
321CompaqHW Comp Manager0 10cpqhcm.exe1 00 39Running on a Compaq laptop - any ideas? 01
3 6CPQAPP0 11CPQHKey.exe111HKEY_LM\Run0 68Chicony Wireless Driver 2, 2, 0, 0, Chicony. Chicony Wireless Driver39http://www.absolutestartup.com/startup/1
323CPQInet Runtime Service0 11CpqInet.exe1 00143For Compaq PC's. Allows AOL and Compuserve to use the  Easy Access buttons for the internet. Is not required if you don't use the ISP providers75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
211CPQINKAGENT0 12cpqinkag.exe1 00164That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed) 01
316Compaq PK Daemon0  9cpqkl.exe1 00 91For Compaq laptops for programming user configurable keys. Not required unless you use them 01
217digital dashboard0 12CPQMLDET.exe1 00 48For Compaq PC's. Loads Digital Dashboard options 01
3 5cpqns0 12cpqnpcss.exe1 00 58Related to Compaq.Net - not required if you don't use that 01
213CompaqSystray0 11cpqpscp.exe1 00 23Compaq System Tray icon 01
2 6Cpqset0 10cpqset.exe1 00  0 01
2 6Cpqset0 10Cpqset.exe1 00 53Default settings software in Hewlett Packard notebook 01
1 3cpr0  3cpr1 00 28Adroar.com adware downloader 01
125Norton Live Update Server0  9cpsdv.exe1 00 30Added by the AGOBOT.EW TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.EW0
114system drivers0 10cpsq32.exe1 00 23Added by the  SDBOT.AXH86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXH&VSect=T0
111CPU Watcher0 12cpu.dll,load1 00 29Added by the Troj/Dloader-LO.59http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html0
111CPU Watcher0 16cpu.dll,load</a>1 00 29Added by the Troj/Dloader-LO.59http://www.sophos.com/virusinfo/analyses/trojdloaderlo.html0
3 7CPUcool0 11Cpucool.exe1 00122Program to keep the processor cool when idle in "overclocked" systems. Also available via Start - Settings - Control Panel 01
124CPU microcode correction0 10cpudev.sys1 00 36Added by the Troj/Haxdoor-AO Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorao.html0
122Windows USB 2.0 Driver0 14cpufanctrl.exe1 00122Added by the W32/Rbot-CLP worm and IRC backdoor. This infection also creates the file C:\Windows\SoftWareProtector\424.pr.56http://www.sophos.com/virusinfo/analyses/w32rbotclp.html0
3 7CpuIdle0 11cpuidle.exe111HKEY_LM\Run0 32CpuIdle , Andreas Goetz. CpuIdle39http://www.absolutestartup.com/startup/1
111CPU Manager0 10cpumgr.exe1 00 27Added by the PANDEM.B WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.b.worm.html0
319IntelProcNumUtility0 13cpunumber.exe1 00284Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here58http://www.intel.com/support/processors/pentiumiii/psu.htm0
1 7Cpusave0 11Cpusave.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9Cpusave320 13Cpusave32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
118cpu windows status0 12cpustats.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111My Computer0 10cqcags.exe1 00 12Added by the38W32/Sdbot-TJ WORM/IRC backdoor trojan!0
113cqpmxujjl.exe0 13cqpmxujjl.exe1 00 36Added by the Troj/StartP-BAI Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpbai.html0
216cracked_windows10 20cracked_windows1.exe1 00 28Cracked Windows popup killer71http://www.angelfire.com/electronic/purplexed/files/crackedwindows.html0
1 8lameshit0  9crash.exe1 00 35Added by the Troj/LowZone-H trojan.58http://www.sophos.com/virusinfo/analyses/trojlowzoneh.html0
311$sys$crater0 10crater.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
114CRC Protection0  9crc32.exe1 00 34Added by the Troj/Agent-PO Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentpo.html0
123Crc32stats Dependencies0 14Crc32stats.exe1 00136Added by the W32.Mytob.GT@mm worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.gt@mm.html#technicaldetails0
129Client Server Control Process0  9crcss.exe1 00 43Added by the Troj/Agent-HR backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagenthr.html0
1 6PCprot0  9crcss.exe1 00 30Added by an unidentified WORM! 01
121Windows Media Updater0 10crease.exe1 00132Added by the W32/Rbot-ATI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotati.html0
116Create A Monster0 18createAMonster.exe1 00 80Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related54http://sarc.com/avcenter/venc/data/adware.look2me.html0
2 8CreateCD0 12Createcd.exe1 00 95Adaptec Easy CD Creator system tray application (pre version 5). Available via Start - Programs 01
210CreateCD500 14Createcd50.exe1 00 89Adaptec Easy CD Creator version 5 system tray application. Available via Start - Programs 01
110setFTPBack0 12createsw.exe1 00 30Added by the FTP_BMAIL TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.html0
112Creative.exe0 12Creative.exe1 00 25Added by the PROLIN WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.prolin.worm.html0
1 8MSUpdate0 18criticalUpdate.exe1 00 15Affilred adware58http://sarc.com/avcenter/venc/data/pf/adware.affilred.html0
121Microsoft USB2 Driver0  9crmss.exe1 00108Added by the W32/Rbot-VK worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotvk.html0
3 9crossmenu0  9CrossMenu1 00 69Toshiba CrossMenu Utility - allows the user to create their own menus 01
3 9CrossMenu0 13CrossMenu.exe111HKEY_LM\Run0 45CrossMenu 1, 0, 5, 0, TOSHIBA. CrossMenu Main39http://www.absolutestartup.com/startup/1
1 8crozwzaj0 12crozwzaj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3crs0  7crs.exe1 00143Added by the W32/Agobot-TJ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobottj.html0
121ASP.NET State Service0 10crsass.exe1 00 46Added by the Troj/Banload-M downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojbanloadm.html0
122Windows System Manager0  8CRSL.EXE1 00110Added by the WORM_SDBOT.MG worm.  This infection connects to an IRC server where it waits for remote commands.83http://uk.trendmicro-europe.com/smb/security_info/ve_detail.php?Vname=WORM_SDBOT.MG0
127Print Driver Helper Service0  9crsrr.exe1 00 29Added by the AGENT-BC TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentbc.html0
115[various names]0  9crsrs.exe1 00  057http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
110Auto updat0  9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
126Auto updat and other names0  9crsrs.exe1 00 28Added by the FORBOT-AK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotak.html0
134Controlled Resource System Service0  8crss.exe1 00 28Added by the AGOBOT.GH WORM!68http://www.liutilities.com/products/wintaskspro/processlibrary/crss/0
1 4CRSS0  8CRSS.exe1 00 32added by the W32/Agobot-RM WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotrm.html0
127Microsoft ActiveX Component0  8crss.exe1 00 45Added by the Troj/Small-CR trojan downloader.57http://www.sophos.com/virusinfo/analyses/trojsmallcr.html0
121System Config Manager0  8crss.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH0
121System Config Manager0  8crss.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GH0
120Win32 Network Driver0  8crss.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
125Windows Registry Security0  8crss.exe1 00 41Added by a variant of the IRC.BOT TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bot.html0
1102k6 updatz0  9crss3.exe1 00 48Added by the W32/Rbot-CPD worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcpd.html0
1 9[unknown]0 10crss32.exe1 00139Added by the  W32/Randon-X worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randonx.html0
1 9crssm.exe0  9crssm.exe1 00133Added by the W32/Rbot-AFH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotafh.html0
122Windows System Manager0  9crssm.exe1 00132Added by the W32/Rbot-AFH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotafh.html0
112CaptionMgr320  9crssr.exe1 00163Added by the Zar.A infection.  It attempts to spread itself through emails sent out with the subject "Tsunami Donation!".  The file is found in the Windows folder.43http://www.f-secure.com/v-descs/zar_a.shtml0
110MS taskbar0  9crssr.exe1 00132Added by the W32/Rbot-AGO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotago.html0
129sp2 firewall/internet updater0 10crssrs.exe1 00 28Added by the  RBOT.BJO WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJO&VSect=P0
118CRC Value Verifier0  9crsss.exe1 00 29Added by the  SPYBOT.UK WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.UK&VSect=P0
111MSControl280  9crsss.exe1 00133Added by the W32/Rbot-AQL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaql.html0
115start uploading0  9crsss.exe1 00108Added by the W32/Rbot-SZ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsz.html0
121Windows media service0  9crsss.exe1 00 27Added by the RBOT.ACY WORM!105http://es0
118CRC Value Verifier0 11crsss32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
118CRC Value Verifier0 11Crsss64.exe1 00 26Added by the RBOT-NY WORM!58http://www.sophos.com.au/virusinfo/analyses/w32rbotny.html0
1 8system320 10crsvvc.exe1 00 28Added by the  RBOT.BLY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BLY&VSect=P0
127microsoft internet explorer0 11crsys32.exe1 00 27Added by the  RBOT.UZ WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UZ&VSect=P0
124Microsoft Control Center0  8crtl.exe1 00 20Added by W32/Rbot-VX55http://www.sophos.com/virusinfo/analyses/w32rbotvx.html0
121Windows media service0  9crvss.exe1 00 27Added by the SDBOT.VP WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VP0
415Crypkey License0 12crypserv.exe1 00126Used by certain software as copy protection.  This should be left running otherwise the program that utilizes it may not work. 01
1 8cryptdlg0 12cryptdlg.exe1 00 32Added by an unidentified TROJAN! 01
313calendarscope0  6cs.exe1 00 31Calendarscope calendar software29http://www.calendarscope.com/0
326CopernicSummarizerWatchdog0 28CSAgent.exe /thisismandatory211HKEY_CU\Run0 87Copernic Summarizer SUMMARIZER 2.1 ENG, Copernic Technologies Inc.. Copernic Summarizer39http://www.absolutestartup.com/startup/1
118IPv6 Helper Driver0  9csass.exe1 00 28Added by the AGOBOT.TC WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TC0
121LanGuard Auto Updater0  9csass.exe1 00144Added by the W32/Rbot-DS trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotds.html0
117WSAConfiguration10  9csass.exe1 00 28Added by the AGOBOT.WH WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.WH0
2 3csc0  7csc.exe1 00  2?? 01
116Critical Service0  9cscrs.exe1 00 48Added by the W32/Rbot-BFY worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfy.html0
111CSCRS Value0  9cscrs.exe1 00  8Added by13W32/Rbot-AAA.0
122Microsoft Data Machine0 12csdata32.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111WinMX share0 10CSDVqs.exe1 00128Added by the W32/Sdbot-UU worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuu.html0
123Current Security Config0 11csecure.exe1 00132Added by the W32/Rbot-AMO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamo.html0
326fortis secure layer config0 11cseinst.exe1 00219Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information. 01
312CSINJECT.EXE0 12CSINJECT.EXE1 00211Part of Quarterdeck/Norton CleanSweep. For a full description see here. An excerpt - "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes."74http://service1.symantec.com/SUPPORT/cleansweep.nsf/docid/19990224132957280
2 6NCS_SS0 12Csinsm32.exe1 00 45Same as CleanSweep Smart Sweep-Internet Sweep 01
338CleanSweep Smart Sweep- Internet Sweep0 12Csinsm32.exe1 00 85Automatic logging of installs from Norton CleanSweep - available via Start - Programs 01
3 4MPEO0 12Csinsm32.exe1 00  0 01
337CleanSweep Smart Sweep-Internet Sweep0 12csinsmnt.exe122StartUp menu\All users0 78Norton CleanSweep 9.0, Symantec Corporation. Norton CleanSweep Install Monitor39http://www.absolutestartup.com/startup/1
1 5xware0 11cskware.exe1 00 58Malware downloader from xxsware.com, produces porn popups. 01
1 5cslsb0  9cslsb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115csm Win Updates0  7csm.exe1 00 50Added by the W32/Zotob-B worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32zotobb.html0
116new csnm manager0  8csmn.exe1 00 29Added by the  SDBOT.BZS WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BZS&VSect=P0
1 9ConSrvMgr0 11csmrsnv.exe1 00 42Added by the Troj/Stinx-J backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxj.html0
117cmsssystemprocess0  8csms.exe1 00 29Added by the  AGENT-Y TROJAN!56http://www.sophos.com/virusinfo/analyses/trojagenty.html0
117cmssSystemProcess0  9csmss.exe1 00 29Added by the AGENT-CO TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentco.html0
110spoolsvr320  9csmss.exe1 00 29Added by the AGENT-AU TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentau.html0
114VC5MediaPlayer0  9csmss.exe1 00 27Added by the DEDLER-B WORM!56http://www.sophos.com/virusinfo/analyses/w32dedlerb.html0
114VC5MediaPlayer0  9csmss.exe1 00 27Added by the DEDLER-B WORM!56http://www.sophos.com/virusinfo/analyses/w32dedlerb.html0
112WIN95DEFVIEW0  9csmss.exe1 00 35Added by the  TROJ/DEDLER-D TROJAN!57http://www.sophos.com/virusinfo/analyses/trojdedlerd.html0
110spoolsvr320 11csmss32.exe1 00 42Added by a variant of the AGENT-AU TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentau.html0
117ControlServiceMgr0  9csmsv.exe1 00 34Added by the Troj/Agent-XC Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentxc.html0
117ManageProtoclCtrl0  9csmsv.exe1 00 42Added by the Troj/Stinx-B backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxb.html0
1 4NDAv0  9CSNSS.EXE1 00  055http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
1 4SDAv0  9CSNSS.EXE1 00 56Added by the W32/Sumom-C instant messenger and P2P worm.55http://www.sophos.com/virusinfo/analyses/w32sumomc.html0
129Client Server Runtime Service0  7csr.exe1 00 49Added by the W32/Sdbot-AFM worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotafm.html0
126ClientServerRuntimeService0  9csrcc.exe1 00 35Added by the Trojan.Sufiage Trojan.77http://www.sarc.com/avcenter/venc/data/trojan.sufiage.c.html#technicaldetails0
115WindowsTaskStat0 10csrcmd.exe1 00111Added by the Troj/Brepbot-B backdoor Trojan. This infection also creates the files Temp466.bat and Temp755.bat.58http://www.sophos.com/virusinfo/analyses/trojbrepbotb.html0
123Windows Custom Services0  9CSRCS.EXE1 00133Added by the W32/Spybot-EI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32spybotei.html0
114TaskControlLog0 12csrdeu32.exe1 00136Added by the BKDR_BREPLIBOT.M worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FBREPLIBOT%2EM&VSect=T0
1 6Remndr0 11CsRemnd.exe1 00 22CasinoOnline foistware 01
112DriverModule0 11csrnvrt.exe1 00125Added by the Troj/Stinx-Q backdoor Trojan.  This infection also creates the files 557.bat and 989.bat in your Temp directory.56http://www.sophos.com/virusinfo/analyses/trojstinxq.html0
1 3csr0  9csrrs.exe1 00 48Added by the W32/Rbot-CKM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotckm.html0
118Service Controller0  9Csrrs.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
124Windows Taskmanager Data0 10csrrss.exe1 00 48Added by the W32/Rbot-BBH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbh.html0
129Client Server Runtime Process0  8csrs.exe1 00 32Added by the W32.Linkbot.M worm.74http://www.sarc.com/avcenter/venc/data/w32.linkbot.m.html#technicaldetails0
1 8Com+ Sys0  8csrs.exe1 00 28Added by the FORBOT-BT WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbt.html0
148microsoft client/server runtime server subsystem0  8csrs.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 7NetWork0  8csrs.exe1 00 28Added by the AGOBOT.JJ WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.JJ0
136windows client/server runtime server0  8csrs.exe1 00 27Added by the  RBOT.KD WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.KD0
117Windows Time Sync0  8csrs.exe1 00 50Added by the  W32/Tilebot-N backdoor and IRC worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotn.html0
122Windows Update Service0  8csrs.exe1 00 28Added by the AGOBOT-NI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotni.html0
1 4dark0  8csrs.scr1 00 54Added by the Troj/Bancban-GT password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbangt.html0
115System32-Driver0 10csrs32.exe1 00152Added by the W32/Sdbot-CP backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotcp.html0
1 5csrsc0  9csrsc.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 9csrse.exe0  9csrse.exe1 00 45Added by the Backdoor.Hesive Trojan backdoor.76http://www.sarc.com/avcenter/venc/data/backdoor.hesive.html#technicaldetails0
118Microsoft Registry0  9csrse.exe1 00 26Added by the RBOT-PC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpc.html0
114system process0  9CSRSR.exe1 00 33Added by the  W32/AGOBOT-SQ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotsq.html0
319winupdateprotection0  8csrss.ex1 00 94EmployeeWatch is a commercial spyware program designed to monitor user activity on a computer.82http://securityresponse.symantec.com/avcenter/venc/data/spyware.employeewatch.html0
2 8.svchost0  9CSRSS.EXE111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8atisound0  9csrss.exe1 00462Added by the  WinSpy surveillance software. Uninstall this software unless you put it there yourself - NOTE - this file is placed in a %System%\ComRoot folder,  and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/spyware.winspy.html0
3 5csrss0  9csrss.exe1 00112Added by the Spyware.Keylog surveillance software.  Uninstall this software if it was not installed by yourself.64http://www.sarc.com/avcenter/venc/data/spyware.beyondkeylog.html0
319WinUpdateProtection0  9csrss.exe1 00212ICE Remote Spy monitoring software, "secretly monitors everything your spouse, kids or employees do on the Internet and emails the data to you." Note - this file is installed in a C:\Windowsupdate\Ufp\Irs7 folder69http://www.kephyr.com/spywarescanner/library/iceremotespy/index.phtml0
1 8.svchost0  9csrss.exe1 00129Added by a new Rbot variant.  This infection when started connects to a remote IRC server where it waits for commands to execute. 01
1 9.TEXTCONV0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8.WMAudio0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
113_systemdriver0  9csrss.exe1 00226Added by the  ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling,  and which should NOT figure in Msconfig!64http://www.symantec.com/avcenter/venc/data/trojan.ascetic.b.html0
114_winsystem.sys0  9CSRSS.EXE1 00 93Added by the W32/Sober-K infection!  File will be found in the %WINDIR%\msagent\win32 folder.55http://www.sophos.com/virusinfo/analyses/w32soberk.html0
121AdRotator.Application0  9csrss.exe1 00167AdRotator adware. Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling79http://www.giantcompany.com/antispyware/research/spyware/spyware-AdRotator.aspx0
111Application0  9csrss.exe1 00 98Added by the W32.Beagle.EG@mm mass-mailing worm.  The emails that are sent are written in Russian.77http://www.sarc.com/avcenter/venc/data/w32.beagle.eg@mm.html#technicaldetails0
121ASP.NET State Service0  9csrss.exe1 00 47Added by the Troj/Dloader-QI downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderqi.html0
1 7BagleAV0  9csrss.exe1 00125Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!77http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ab@mm.html0
1 9BuildLabs0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 7ccpApps0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
114ClickTheButton0  9csrss.exe1 00134ClickTheButton Downloader-MY adware. Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_126801.htm0
123COM+ System Application0  9csrss.exe1 00 47Added by the W32.Banish.A@mm mass-mailing worm.93http://securityresponse.symantec.com/avcenter/venc/data/w32.banish.a@mm.html#technicaldetails0
134Console de Gerenciamento Microsoft0  9csrss.exe1 00 54Added by the Troj/Bancban-ET password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanet.html0
1 5csrss0  9csrss.exe1 00  0 01
1 5CSRSS0  9CSRSS.EXE1 00217Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling69http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/0
111csrsslevel40  9csrss.exe1 00389Unidentified malware - NOTE - this file is placed in a C:\Windows\SystemLevel4 folder,  and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!69http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/0
1 8Debugger0  9csrss.exe1 00142Added by the W32.Beagle.EA@mm mass-mailing worm. This infection should not be confused with the legitimate c:\windows\system32\csrss.exe file.77http://www.sarc.com/avcenter/venc/data/w32.beagle.ea@mm.html#technicaldetails0
1 6DIECOX0  9csrss.exe1 00139Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!43http://vil.nai.com/vil/content/v_100826.htm0
111FiendlyType0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
116FirewallActivies0  9csrss.exe1 00 36Added by the  Troj/Banker-AQ TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeraq.html0
111KernellApps0  9csrss.exe1 00129Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!59http://www.sophos.com/virusinfo/analyses/trojbancbanac.html0
110Key Logger0  9csrss.exe1 00125Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!63http://www.symantec.com/avcenter/venc/data/w32.buchon.a@mm.html0
1 9Krnlcheck0  9csrss.exe1 00 83Added by Backdoor.Botnachala.  This infection also adds entries to your HOSTS file.63http://www.sarc.com/avcenter/venc/data/backdoor.botnachala.html0
120Microsoft SourceSafe0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
123microsoft windows csrss0  9csrss.exe1 00348Added by the  W32/KALEL-A WORM! - NOTE - this file should NOT be confused with the legitimate Windows Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder,  and which moreover should NOT figure in Msconfig/Startup!55http://www.sophos.com/virusinfo/analyses/w32kalela.html0
127Microsoft Word Profissional0  9csrss.exe1 00198Added by the Troj/Bancban-DB password-stealing trojan.  This infection targets Brazilian banks, so if you are a user of these banks you should check your passwords and accounts for unusual activity.59http://www.sophos.com/virusinfo/analyses/trojbancbandb.html0
123Norton Protect Activies0  9csrss.exe1 00242Added by the Troj/Banker-CZ Internet banking trojan.  This infection has the ability to steal information and log keystrokes.  if you are infected with this program it is strongly advised that you change any online passwords that you may use.58http://www.sophos.com/virusinfo/analyses/trojbankercz.html0
1 5NTDLM0  9csrss.exe1 00122Added by the HALE TROJAN! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hale.html0
1 4Prog0  9csrss.exe1 00124Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
110RegDone Ex0  9csrss.exe1 00  073http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.html0
1 8RegWrite0  9csrss.exe1 00127Added by the SOKACAPS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sokacaps.html0
111Run TaskMrg0  9csrss.exe1 00128Added by the LDPINCH-W TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!58http://www.sophos.com/virusinfo/analyses/trojldpinchw.html0
1 8rundll320  9csrss.exe1 00124Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 6Runner0  9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
114SernellApp.pcx0  9csrss.exe1 00 89Added by the Troj/Bancban-BJ  trojan.  Located in  Windows system folder\D5133\csrss.exe.59http://www.sophos.com/virusinfo/analyses/trojbancbanbj.html0
1 9Shockwave0  9csrss.exe1 00122Added by the SNDOG WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/w32.sndog@mm.html0
113State Service0  9csrss.exe1 00 36Added by the Troj/Dadobra-CP trojan.59http://www.sophos.com/virusinfo/analyses/trojdadobracp.html0
1 6System0  9csrss.exe1 00 39Added by the  PWSteal.Ldpinch.E TROJAN!65http://www.symantec.com/avcenter/venc/data/pwsteal.ldpinch.e.html0
114System Process0  9csrss.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
112systemdriver0  9csrss.exe1 00226Added by the  ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem  csrss.exe process, which provides text window support, shutdown, and hard-error handling,  and which should NOT figure in Msconfig!64http://www.symantec.com/avcenter/venc/data/trojan.ascetic.b.html0
112SYSTEMSars320  9csrss.exe1 00123Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/w32.ahlem.a@mm.html0
1 7TaskMrg0  9csrss.exe1 00 35Added by the Troj/LdPinch-W trojan.58http://www.sophos.com/virusinfo/analyses/trojldpinchw.html0
1 6Update0  9csrss.exe1 00  0 01
112windows 20040  9CSRSS.exe1 00 53Added as result of a  Troj/Banker-DY trojan infection58http://www.sophos.com/virusinfo/analyses/trojbankerdy.html0
125Windows Client Service 320  9csrss.exe1 00132Added by the W32/Rbot-ALB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalb.html0
120Windows Explorer SP20  9csrss.exe1 00 73Added by the Troj/Banker-DM password-stealing trojan for Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankerdm.html0
115Windows Spooler0  9csrss.exe1 00234Added by the W32/Tilebot-AL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This should not be confused with the legitimate csrss.exe file found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32tilebotal.html0
117Windows Time Sync0  9csrss.exe1 00 49Added by the W32/Tilebot-W worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32tilebotw.html0
114Windows Update0  9csrss.exe1 00 35Added by the Troj/Banker-IA Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankeria.html0
121Windowsupdate Service0  9csrss.exe1 00102W32/Baba-E WORM creates this file, not to be mistaken for the legitimate Windows file documented here.54http://www.sophos.com/virusinfo/analyses/w32babae.html0
113winsystem.sys0  9CSRSS.EXE1 00  055http://www.sophos.com/virusinfo/analyses/w32soberk.html0
1 8WinXP-980  9CSRSS.exe1 00 83Added by the Troj/Banker-AZ  password-stealing trojan that targets Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbankeraz.html0
1 6argq320 12csrss_32.exe1 00 48Added by the W32/Rbot-CPM worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcpm.html0
1 2270 11csrss32.exe1 00 35Added by the Troj/Slsorve-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojslsorved.html0
126Microsoft CSRSS32 Protocol0 11csrss32.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
124Microsoft Update Service0 11csrss32.exe1 00 28Added by the AGOBOT-HC WORM!57http://www.sophos.com/virusinfo/analyses/w32agobothc.html0
116System Log Event0 11csrss32.exe1 00 28Added by the AGOBOT-JI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotji.html0
116System Log Event0 11csrss32.exe1 00 28Added by the AGOBOT-JI WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotji.html0
127Microsoft CSRSS386 Protocol0 12csrss386.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
148microsoft client/server runtime server subsystem0 10csrssa.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
129Client Server Runtime Process0 10csrsss.exe1 00 27Added by the SDBOT-LD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotld.html0
112CSRSS Loader0 10csrsss.exe1 00 28Added by the AGOBOT.TX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TX0
1 6CSRSSU0 10CSRSSU.EXE1 00169CoolWebSearch parasite related - hijacking to Slawsearch.com. You are advised to ask for help in our HijackThis forum to remove it. Located in the Windows system folder.53http://www.spywareinfo.com/~merijn/cwschronicles.html0
122Microsoft DLL Verifier0 10csrssv.exe1 00132Added by the W32/Rbot-ATK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatk.html0
1 6csrssw0 10CSRSSW.EXE1 00 32Added by the  TROJ/CWS-F TROJAN!54http://www.sophos.com/virusinfo/analyses/trojcwsf.html0
116wsaconfiguration0 11csrsvcs.exe1 00 29Added by the  AGOBOT.VI WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VI&VSect=P0
1 9System1320 10Csrtss.exe1 00197Added by the Troj/LanFilt-I.  This infection connects to an IRC server where it waits for remote commands to execute, it can also log keystrokes, download or upload files and act as a proxy server.58http://www.sophos.com/virusinfo/analyses/trojlanfilti.html0
116ProtocolEventTsk0 10csrwjd.exe1 00 42Added by the Troj/Stinx-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxn.html0
115SystemProcEvent0 10csrwnd.exe1 00 42Added by the Troj/Stinx-O backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxo.html0
311CSS_Central0 12CSS_1631.EXE1 00232CSS Communication Agent (95 Host) from Command Software Systems &quot;CSS Central™ provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console.&quot;50http://www.commandcom.com/enterprise/csscntrl.html0
1 5cssrs0  9cssrs.exe1 00 29Added by the  Troj/Bancban-DW59http://www.sophos.com/virusinfo/analyses/trojbancbandw.html0
115Display Drivers0  9cssrs.exe1 00 28Added by the AGOBOT.FX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 5WinFX0  9cssrs.exe1 00  078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FX0
1 7MSN ang0 10cssrss.exe1 00 28Added by the FORBOT-CE WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotce.html0
1 4csss0  8Csss.exe1 00 27Added by the BALICK TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/w32.balick.trojan.html0
310css server0 13CSSServer.exe1 00107Added by the  ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself.68http://www.symantec.com/avcenter/venc/data/spyware.comspysyssvr.html0
3 5SysW80  8csta.exe1 00 45Clean Space - privacy and perfomance enhancer35http://www.teosoft.com/en/index.htm0
311ChineseStar0  9cstar.exe1 00 33Chinese language support software 01
110nvsv32.exe0  8cstr.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
114WindowsDiskLog0  9cstsm.exe1 00 42Added by the Troj/Stinx-C backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxc.html0
223CleanSweep Useage Watch0 12CSUSEM32.EXE1 00151Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time 01
1 8CSV10P700 13CSv10P070.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P700 12CSV7P070.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P260 11CSV7P26.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
1 7CSV7P910 11CSV7P91.exe1 00 26ClearSearch adware related44http://doxdesk.com/parasite/ClearSearch.html0
110[not used]0  8csvc.com1 00100Added by the Backdoor.Beasty backdoor.br /br /Uses CLSID: b{AP042907-B967-10D8-9CBD-2672810A369E}/b.76http://www.sarc.com/avcenter/venc/data/backdoor.beasty.html#technicaldetails0
3 6csvdea0 10csvdea.exe1 00129Added by the Spyware.SpyArsenalLog surveillance software. This program should be uninstalled if it was not installed by yourself.65http://www.sarc.com/avcenter/venc/data/spyware.spyarsenallog.html0
111netservices0  9csxrs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
119System time updator0 12CSysTime.exe1 00 27Added by the RANDEX.S WORM!73http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.s.html0
0 9checktime0  6ct.exe1 00 56Found in the HPSelectFrontend directory on a HP machine. 01
0 9checktime0  6ct.exe1 00 56Found in the HPSelectFrontend directory on a HP machine. 01
4 2ct0  6ct.exe1 00112ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it 01
2 8CTAvTray0 12CTAvTray.EXE1 00 69CTAvtray 1, 0, 0, 2, Creative Technology Ltd.. EAX Animation Playback 01
2 8CTAVTray0 12CTAvTray.exe1 00144For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ 01
114ClickTheButton0  7CTB.EXE1 00 35ClickTheButton Downloader-MY adware43http://vil.nai.com/vil/content/v_126801.htm0
310CTCMonitor0 14CTCMonitor.exe1 00 54converting directly from MS Office, it is not required 01
223Creative MediaSource Go0 11CTCMSGo.exe1 00 89Creative  MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats40http://www.soundblaster.com/mediasource/0
223Creative MediaSource Go0 16CTCMSGo.exe /SCB211HKEY_CU\Run0 83Creative MediaSource Go! 2.0.0.0, Creative Technology Ltd. Creative MediaSource Go!39http://www.absolutestartup.com/startup/1
2 8CTDVDDet0 12CTDetect.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
317Creative Detector0 15CTDetect.exe /R211HKEY_CU\Run0 93Creative MediaSource Detector 2.2.0.0, Creative Technology Ltd. Creative MediaSource Detector39http://www.absolutestartup.com/startup/1
2 8CTDVDDet0 12CTDVDDet.exe1 00261Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again 01
3 8CTDVDDet0 12CTDVDDet.EXE111HKEY_LM\Run0 51CTDVDDET 1.0.2.0, Creative Technology Ltd. CTDVDDET39http://www.absolutestartup.com/startup/1
2 9CTStartup0 12CTEaxSpl.exe1 00 90Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard 01
2 9CTStartup0 17CTEaxSpl.EXE /run2 00 61CTEaxSpl 1, 1, 0, 1, Creative Technology Ltd.. Startup Splash 01
3 9CTStartup0 17CTEaxSpl.EXE /run211HKEY_LM\Run0 61CTEaxSpl 1, 1, 0, 4, Creative Technology Ltd.. Startup Splash39http://www.absolutestartup.com/startup/1
114ctflog manager0 10ctflog.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
110CTFM0N.exe0 10CTFM0N.exe1 00 49Added by the Trojan.StartPage.P browser hijacker.79http://www.sarc.com/avcenter/venc/data/trojan.startpage.p.html#technicaldetails0
3 6ctfmon0 10ctfmon.exe1 00329CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here62http://support.microsoft.com/default.aspx?scid=kb;en-us;2825990
310ctfmon.exe0 10ctfmon.exe111HKEY_CU\Run0 85Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. CTF Loader39http://www.absolutestartup.com/startup/1
1 6CTFMon0 10ctfmon.exe1 00  0 01
1 6ctfmon0 10ctfmon.exe1 00153Added by the Troj/SDBot-06 backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbot06.html0
110ctfmon.exe0 10ctfmon.exe1 00 59Added by the PWSteal.Raidys password-stealing trojan horse.75http://www.sarc.com/avcenter/venc/data/pwsteal.raidys.html#technicaldetails0
1 9ctfmon16c0 13ctfmon16c.exe1 00 43Added by the W32/Sharp-C mass-mailing worm.55http://www.sophos.com/virusinfo/analyses/w32sharpc.html0
110Ctfmon.exe0 12ctfmon32.exe1 00 60CoolWebSearch parasite related - hijacking to Slawsearch.com53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8ctfmon320 12CTFMON32.EXE1 00 73CoolWebSearch parasite related - also detected as the  TROJ/CWS-E TROJAN!53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8CTFMONSS0 12CTFMONSS.EXE1 00137Added by the Troj/CWS-F hijacker.  This infection will also install a Browser Helper Object with the filename WTLBASS32.DLL or SEHLP.DLL.54http://www.sophos.com/virusinfo/analyses/trojcwsf.html0
1 3MSN0 12ctfmoons.exe1 00 28Added by the SPYBOT.HI WORM!91http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SPYBOT.HI0
120Win Updator Services0 10ctfnom.exe1 00 44Added by a variant of the  W32/WOOTBOT WORM!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOOTBOT.GEN0
1 5cthbp0  9cthbp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6cthelp0 10cthelp.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
3 8CTHELPER0 12CTHELPER.EXE1 00737CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it 01
311WINDVDpatch0 12CTHELPER.EXE1 00  0 01
3 8CTHelper0 12CTHELPER.EXE111HKEY_LM\Run0 78CtHelper Application 1, 2, 0, 2, Creative Technology Ltd. CtHelper Application39http://www.absolutestartup.com/startup/1
311WINDVDPatch0 12CTHELPER.EXE111HKEY_LM\Run0 78CtHelper Application 1, 0, 0, 2, Creative Technology Ltd. CtHelper Application39http://www.absolutestartup.com/startup/1
1 8CTHelper0 12cthelper.exe1 00 69Added by a WORM, W32/Rbot-XB, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotxb.html0
1 6CTin100 10CTin10.exe1 00 29Added by the BANCOS.E TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html0
217Creative Launcher0 14CTLauncher.exe1 00155For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start - Programs 01
2 7TaskBar0 11CTLTask.exe1 00242Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article41http://support.microsoft.com/?kbid=3219690
2 8TaskTray0 11CTLTray.exe1 00 73Creative TaskTray 1.00.00.24, Creative Technology Ltd.. Creative TaskTray 01
2 8Tasktray0 11CTLTray.exe1 00327Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon.  Also allows you to launch the Taskbar via right-click - Show Taskbar. The tasktray can be accessed via Start - Programs - Creative - Sound Blaster Audigy - Taskbar 01
313CreativeMixer0 11CTMIX32.EXE1 00207Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon 01
310cmsettings0  8ctmn.exe1 00 30Part of NetNanny  Chat_Monitor51http://www.pcmag.com/article2/0,1759,1265307,00.asp0
314NOMAD Detector0 11ctmnrun.exe1 00270Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected 01
3 7ctnmrun0 11ctnmrun.exe1 00270Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected 01
314nomad detector0 11ctnmrun.exe1 00  0 01
314NOMAD Detector0 11CTNMRun.exe111HKEY_CU\Run0 65NOMAD Detector 3.15.3.0, Creative Technology Ltd.. NOMAD Detector39http://www.absolutestartup.com/startup/1
220CreativeDiscNotifier0 12CTNOTIFY.EXE1 00145For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start - Settings - Control Panel 01
213Disc Detector0 12CtNotify.exe1 00 64For Creative sound cards. Detects when you insert a CD, DVD, etc 01
115[Various Names]0 12CToolBar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 8CTPDPSRV0 12CTPDPSRV.EXE1 00 65Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder). 01
310pdp Server0 13ctpdpsrvr.exe1 00173Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network 01
2 8CTRegRun0 12CTRegRun.exe1 00 98For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative 01
2 8CTRegRun0 12CTRegRun.EXE111HKEY_LM\Run0102Creative On-line Registration System 1.0.0.1, Creative Technology Ltd . Registration Scheduler Program39http://www.absolutestartup.com/startup/1
3 7CtrlVol0 11CtrlVol.exe1 00 48Acer's on screen volume control using the Fn key 01
211Speed racer0 11CTSRReg.exe1 00 34Software for a Creative sound card 01
113Event Locator0  8ctst.exe1 00 45Added as a service by the W32/Forbot-DJ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotdj.html0
119CT Control Settings0 11CTSVCCD.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
233Creative Service for CDROM Access0 12Ctsvccda.exe1 00204Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start - Programs 01
3 8CTsysVol0 12CTSYSVOL.exe1 00 35Creative sound card volume controls 01
3 8CTSysVol0 12CTSysVol.exe1 00 70Creative Volume Control 1.0.0.0, Creative Technology Ltd. CTSysVol.exe 01
3 8CTSysVol0 15CTSysVol.exe /r211HKEY_LM\Run0 70Creative Volume Control 1.0.0.0, Creative Technology Ltd. CTSysVol.exe39http://www.absolutestartup.com/startup/1
2 8cttdpsrv0 12cttdpsrv.exe1 00  2?? 01
1 8CTUpdate0 12ctupdclt.exe1 00 12Added by the105W32/Rbot-0
410cuagentExe0 11Cuagent.exe1 00 25Command Antivirus related53http://www.command.co.uk/html/products/csav/index.cfm0
1 5cufya0  9cufya.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8culaavbq0 12culaavbq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3cuo0  7cuo.exe1 00 28Added by the BUGBEAR.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A0
2 8CursorXP0 12CursorXP.exe1 00 56CursorXP from Stardock - tool for creating mouse cursors42http://www.stardock.com/products/cursorxp/0
2 8CursorXP0 15CursorXP.exe -s2 00  0 01
432Client Update Service for Novell0 10cusrvc.exe1 00156Part of the Novell Client for Windows and is used to keep the client up to date.  It has a service name of cusrvc and is found in the Windows system folder. 01
2 6CuteMX0 10CuteMX.EXE1 00 20File sharing utility 01
312CuteReminder0 16CuteReminder.exe111HKEY_CU\Run0 54CuteReminder 2.0.0.0, CuteReminder Labs.. CuteReminder39http://www.absolutestartup.com/startup/1
1 6cuwqpj0 10cuwqpj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6XPSoft0 11CVDAsDW.exe1 00 27Added by the SDBOT-SY WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotsy.html0
1 4cvhv0  8cvhv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113cvmonitor.exe0 13cvmonitor.exe1 00 27Added by the SDBOT.BV WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BV0
4 5CVPND0  9cvpnd.exe1 00 84Sub-system used by Cisco VPN client for making a connection to a remote IPSec server 01
122Windows media services0 10cvrsss.exe1 00 26Added by the RBOT-MW WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmw.html0
114Startup Update0 11Cvshost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
111MSN Manager0  8cvss.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
114Bron-Spizaetus0  7CVT.exe1 00 48Added by the W32.Rontokbro@mm mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.rontokbro@mm.html#technicaldetails0
110SystemGent0  7CVT.exe1 00 32Added by the W32/Brontok-H worm.57http://www.sophos.com/virusinfo/analyses/w32brontokh.html0
3 6CWatch0  6cw.exe1 00 32ChatWatch - chat monitoring tool53http://www.zemericks.com/products/chatwatch/index.asp0
3 2cw0  7cw4.exe1 00  9See  Here70http://www.zemericks.com/news/newsletters/february_2005_newsletter.asp0
324client access api daemon0 12cwbappcd.exe1 00 36IBM iSeries Client Access, see  here52http://www-1.ibm.com/servers/eserver/iseries/access/0
227Client Access Check Version0 12cwbckver.exe1 00323Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to.&nbsp;Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbckver0 12cwbckver.exe1 00318Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
227Client Access Check Version0 18cwbckver.exe LOGIN211HKEY_LM\Run0102IBM(R) AS/400(R) Client Access Express for Windows(R) V5R1M0, IBM Corporation. Service Level Detection39http://www.absolutestartup.com/startup/1
225Client Access Help Update0 12cwbinhlp.exe1 00271Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbinhlp0 12cwbinhlp.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
221Client Access Service0 12cwbsvstr.exe1 00 76IBM(R) iSeries (TM) Access for Windows V5R3M0, IBM Corporation. cwbsvstr.exe 01
221Client Access Service0 12CwbSvStr.Exe1 00405Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources52http://www-1.ibm.com/servers/eserver/iseries/access/0
2 8cwbsvstr0 12cwbsvstr.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
321client access taskbar0 12cwbuitsk.exe1 00 44IBM iSeries Client Access taskbar, see  here52http://www-1.ibm.com/servers/eserver/iseries/access/0
029Client Access Express Welcome0 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
0 8cwbwlwiz0 12cwbwlwiz.exe1 00  052http://www-1.ibm.com/servers/eserver/iseries/access/0
329Client Access Express Welcome0 12cwbwlwiz.exe1 00166Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers.52http://www-1.ibm.com/servers/eserver/iseries/access/0
312Cwcdschk.exe0 12Cwcdschk.exe1 00 21IBM Thinkpad related? 01
3 8cwcptray0 12cwcptray.exe1 00 57Related to ContentWatch Parental Control Internet Filter.28http://www.contentwatch.com/0
324Crystal 3D Audio Control0 12CWD3DSND.EXE1 00 30Crystal 3D Audio sound driver. 01
213Coolwallpaper0 12cwm_tray.exe1 00103Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers45http://coolwallpaper.com/download/index2.html0
321CoolWallpaperSoftware0 12cwm_tray.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321Command WorkStation 40  9CWS 4.exe222StartUp menu\All users0 76CWS 4 Application 4.1, Electronics for Imaging, Inc. . CWS 4 MFC Application39http://www.absolutestartup.com/startup/1
212bOò
ùð\×y-¯Ì0 10cwueem.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8cwupdate0 12cwupdate.exe1 00115ContentProtect, from A href="http://www.contentwatch.com/products/contentprotect.php"ContentWatch - internet filter 01
1 6zstart0 12cxdxregt.exe1 00 27ZenoSearch adware component54http://vil.mcafeesecurity.com/vil/content/v_133714.htm0
110Zstart.lnk0 12cxdxregt.exe1 00 38Added by the Adware.ZenoSearch adware.61http://www.sarc.com/avcenter/venc/data/adware.zenosearch.html0
1 7KV_HOST0  8cxjx.exe1 00 72Added by the Troj/LegMir-BB Trojan with password-stealing functionality.58http://www.sophos.com/virusinfo/analyses/trojlegmirbb.html0
117*microsoft update0  8cxma.exe1 00 35Added by the  W32.HLLW.STMU TROJAN!70http://www.kephyr.com/spywarescanner/library/w32.hllw.stmu/index.phtml0
1 5cxorj0  9cxorj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123autoloaderaproposclient0 17cxtpls_loader.exe1 00 19AproposMedia adware45http://doxdesk.com/parasite/AproposMedia.html0
1 4cxuh0  8cxuh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 3C2K0  9CYB2K.EXE1 00176CYBERsitter 2000 or 2001 -  anti-porn filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser 01
2 5Cyber0 12cyberchk.exe1 00 59you to clean your drive after "x" amount of time has passed 01
1 9CyberWolf0 13CyberWolf.exe1 00 41Added by the  KICKIN.A (or CYDOG.C) WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html0
1 4cyef0  8cyef.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117Dos Prompt Loader0 10cygwin.exe1 00 79Added by W32/Sdbot-VV, A WORM/backdoor, and found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvv.html0
2 8CyphTray0 12CyphTray.exe1 00 30Cypherus - encryption software24http://www.cypherus.com/0
114WindowsSysBoot0  9cytob.exe1 00134Added by the W32/Tilebot-AY worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotay.html0
1 5cyvud0  9cyvud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4run=0 11cyxid98.exe1 00 20Unidentified malware 01
1 9ASDPLUGIN0  9czech.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
1 7drocher0  5d.exe1 00 21Adult content dialler 01
1 6System0  5d.exe1 00148Added by the W32.Mytob.KU@mm worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ku@mm.html#technicaldetails0
113[random name]0 12d?xplore.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
212D066UUtility0 12D066UUTY.EXE1 00104TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software 01
1 7systemr0 11d11host.exe1 00 43Added by the Troj/VB-GX downloading trojan.54http://www.sophos.com/virusinfo/analyses/trojvbgx.html0
3 2D40  6D4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
310Dimension40  6d4.exe1 00106Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down45http://www.thinkman.com/dimension4/index.html0
1 7WinMine0  9D4NG3.vbs1 00 28Added by the BISCUIT.A WORM!77http://securityresponse.symantec.com/avcenter/venc/data/vbs.biscuit.a@mm.html0
211DACONFIGEXE0 12daconfig.exe1 00 523Com NIC Diagnostics. Available via Start - Programs 01
4 6DadApp0 10dadapp.exe1 00253DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked - direct from Dell 01
234Corel Desktop Application Director0  8dadx.exe1 00153The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start - Programs 01
317DAEMON Tools-10330 22daemon.exe  -lang 10332 00 60DAEMON Tools 3.47.0.0, DAEMON'S HOME. Virtual DAEMON Manager 01
3 6Daemon0 10Daemon.exe1 00 83Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive36http://www.daemon-tools.net/main.htm0
317DAEMON Tools-10330 10Daemon.exe1 00  036http://www.daemon-tools.net/main.htm0
313TrackpointSrv0 10daemon.exe1 00116Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work 01
1 6Daemon0 24daemon.exe c daemon2.exe2 00107The WORM W32/Esalone-A will add the file,  corrupt WINZIP and WINRAR archives, and also create other files.57http://www.sophos.com/virusinfo/analyses/w32esalonea.html0
317DAEMON Tools-10330 21daemon.exe -lang 1033211HKEY_LM\Run0 60DAEMON Tools 3.47.0.0, DAEMON'S HOME. Virtual DAEMON Manager39http://www.absolutestartup.com/startup/1
2 6Daemon0 12DAEMON32.EXE1 00146Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start - Programs 01
112Micro Update0 10DAILIN.EXE1 00143Added by the W32/Rbot-ER trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboter.html0
410[not used]0 10DAinit.dll1 00 54Used by Desktop Authority desktop management software.53http://www.scriptlogic.com/products/desktopauthority/0
112daiXPdXm.exe0 12daiXPdXm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
210Dell Alert0  9DAMon.exe1 00 75Dell Alert utility, that's supposed to make interaction with Support easier 01
2 3Dap0  7DAP.exe1 00 70Download Accelerator Plus from SpeedBit - download manager/accelerator34http://www.speedbit.com/DAPDL.asp?0
229Download Accelerator Plus 5.00  7DAP.exe1 00192Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is &quot;adware&quot; based24http://www.speedbit.com/0
219DownloadAccelerator0  7DAP.EXE1 00182Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start - Programs. Note that the free version is "adware" based 01
319DownloadAccelerator0 16DAP.EXE /STARTUP211HKEY_LM\Run0 79Download Accelerator Plus  7, 4, 0, 1, Speedbit Ltd.. Download Accelerator Plus39http://www.absolutestartup.com/startup/1
119DownloadAccelerator0 16DAP.EXE /STARTUP2 00 78Download Accelerator Plus 7, 4, 0, 2, Speedbit Ltd.. Download Accelerator Plus 01
1 5load=0 10dapdll.exe1 00 25Added by the ATAK.E WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.e@mm.html0
318Codename Dashboard0 13dashboard.exe1 00266Codename: Dashboard - &quot;an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time&quot;46http://www.downlinx.com/proghtml/415/41557.htm0
0 6dashie0 18dashIE.exe systray2 00 67Could be related to &quot;Dash Power Shopping&quot; tool bar in IE? 01
438Compuware Distributed Analyzer Service0 11DASVCNT.exe1 00 49Added as part of the Compuware DevPartner Studio.55http://www.compuware.com/products/devpartner/studio.htm0
3 9DataLayer0 13DataLayer.exe1 00229Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on 01
3 9DataLayer0 13DataLayer.exe1 00 67Nokia PC Suite 6, 0, Nokia Mobile Phones Ltd.. DataLayer 2.0 Module 01
112Data Layer 20 13datalayer.exe1 00 48Added by the W32/Rbot-BNF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbnf.html0
324Optus Cable Data Monitor0 15datamonitor.exe1 00 96Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits" 01
119Driver Data Monitor0 11datasys.exe1 00 48Added by the W32/Rbot-BBN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbn.html0
1 8Datcheck0 12datcheck.exe1 00 29Added by the KEYPANIC TROJAN!63http://www.symantec.com/avcenter/venc/data/keypanic.trojan.html0
1 8BootsCfg0 14Date.POP.vbs %2 00 31Added by the  VBS.KUULLIO WORM!62http://www.symantec.com/avcenter/venc/data/vbs.kuullio@mm.html0
113DateMakerIntl0 17DateMakerIntl.exe1 00 34Premium rate adult content dialler 01
112Date Manager0 15datemanager.exe1 00 87Date Manager - calender program. Spyware/adware based provided by The Gator Corporation28http://www.date-manager.com/0
217Desktop Architect0 10DATRAY.EXE1 00 94Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc55http://download.com.com/3000-2326-5630015.html?tag=list0
217Desktop Architect0 13datray.exe -S2 00 64Desktop Architect 2, 1, 1, 0, Ken Foster. Desktop Architect Tray 01
1 5daudi0  9daudi.exe1 00 29Malware,  as yet unidentified 01
1 8DAupdate0 12DAupdate.exe1 00 17NavEnhance adware 01
118Perfomance Monitor0 12davcsync.exe1 00 30Added by the W32/Lamud-A worm.55http://www.sophos.com/virusinfo/analyses/w32lamuda.html0
011DAW9532.exe0 11DAW9532.EXE1 00111Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. 01
213Daily Planner0 11dayplan.exe1 00141Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them36http://www.kmcsonline.com/index.html0
3 8DayToday0 12DAYTODAY.EXE1 00 71DayToday from RoboMagic Software Corp. Displays the date on the taskbar43http://www.locutuscodeware.com/daytoday.htm0
1 4wizz0 11dazzler.exe1 00 59Reported by Kaspersky Anti-Virus as Win32.Dialer.is TROJAN! 01
126Win Validation Application0 13DBExecCom.exe1 00 32Added by the W32/VBSilly-A worm.57http://www.sophos.com/virusinfo/analyses/w32vbsillya.html0
1 8debugger0  9dbg32.exe1 00 28Added by  W32/Mytob-FW WORM!56http://www.sophos.com/virusinfo/analyses/w32mytobfw.html0
123microsoft debug service0 10dbgbgr.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
124Microsoft System Checkup0 12dbnetlib.exe1 00 25Added by the DONK.L WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.l.html0
2 6dbserv0 10dbserv.exe1 00 83Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled 01
321Gravis Appawareloader0 12dbserver.exe1 00155Looks like it's associated with  Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them22http://www.gravis.com/0
2 6dbtmon0 10dbtmon.exe1 00145Dell button monitor for 9XX series printer most commonly associated with 922. Can safely be turned off does not hamper printer operations. Can be 01
314Dialer Control0  6dc.exe1 00 68Dialer-Control. Detects and protects from premium rate p0rn diallers29http://www.dialer-control.de/0
1 2BD0  6dc.exe1 00 35Added by the Troj/Rasdoor-B Trojan.58http://www.sophos.com/virusinfo/analyses/trojrasdoorb.html0
115[Various Names]0 12DCC_send.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110dcomdriver0 11DCCOM32.EXE1 00 48Added by the W32/Nymph.gen@MM mass-mailing worm.42http://vil.nai.com/vil/content/v_99180.htm0
320DAZEL Delivery Agent0 12DcDaemon.exe1 00 62Control and send documents, etc, to any destination - see here58http://www.clickly.com/ISSVDO4Z/EN/user/proddet.html?P=8880
111DCE Manager0 10dcemgr.exe1 00 26Added by the TUMAG TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tumag.html0
1 7AdPopup0 11dcf5678.exe1 00 34Added by the Troj/Agent-FZ Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfz.html0
3 7DCfssvc0 11dcfssvc.exe1 00302Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example 01
3 7dcfssve0 11dcfssvc.exe1 00304Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example 01
118DcomHelper Service0 11dcmhelp.exe1 00 49Added by the W32/Sdbot-AJA worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaja.html0
138(2C1CD3D7-86AC-4068-93BC-A02304BB8C34)0 11dcom_16.dll1 00106Added by the Troj/Agent-BIW backdoor Trojan.br /br /Uses CLSID: b(2C1CD3D7-86AC-4068-93BC-A02304BB8C34)/b.58http://www.sophos.com/virusinfo/analyses/trojagentbiw.html0
111dcomcfg.exe0 11dcomcfg.exe1 00 44Added by the Troj/Zlob-IK downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojzlobik.html0
110[not used]0 12dcompcss.exe1 00 35Added by the Troj/PPdoor-AQ Trojan.58http://www.sophos.com/virusinfo/analyses/trojppdooraq.html0
114WINDOWS SYSTEM0 12dcomuser.exe1 00132Added by the W32/Mytob-BJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobbj.html0
1 6System0  9dcomx.exe1 00 28Added by the CIREBOT TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cirebot.html0
1 6dcrgmj0 10dcrgmj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118Monitor SynManager0 10dcvwed.exe1 00134Added by the W32/Sdbot-NL worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnl.html0
1 8dcznetv20 12dcznetv2.exe1 00133Added by the W32/Tilebot-O worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tileboto.html0
117Microsoft Winsock0 12dczwin32.exe1 00 48Added by the W32/Rbot-BFW worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbfw.html0
116Microsoft Config0 11dczznet.exe1 00231Added by the W32/Rbot-ARL worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.  This infection will also install the rootkit rdriv.sys in the Windows System folder.56http://www.sophos.com/virusinfo/analyses/w32rbotarl.html0
313Dialer Detect0  6dd.exe1 00147DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it43http://www.dialerdetect.nl/english/main.htm0
1 8D System0  6dd.exe1 00 48Added by the W32/Mytob-FN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobfn.html0
213DDCActiveMenu0 17DDCActiveMenu.exe1 00235Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
213DDCActiveMenu0 23DDCActiveMenu.exe -boot2 00 80WildTangent DDCActiveMenu Module , WildTangent. WildTangent DDCActiveMenu Module 01
312DD2KPECLIENT0 12DDClient.exe1 00126Added by the Spyware.DesktopD surveillance software. If you did not install this program, you should uninstall it immediately.60http://www.sarc.com/avcenter/venc/data/spyware.desktopd.html0
310DD2SERVICE0 12DDClient.exe1 00126Added by the Spyware.DesktopD surveillance software. If you did not install this program, you should uninstall it immediately.60http://www.sarc.com/avcenter/venc/data/spyware.desktopd.html0
2 4DDCM0 10DDCMan.exe1 00435Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case" target="_blank"privacy policy used to state that they also collect and share individuals information but this is no longer the case38http://www.wildtangent.com/default.asp0
2 6DDCMan0 10DDCMan.exe1 00  038http://www.wildtangent.com/default.asp0
2 4DDCM0 22DDCMan.exe -Background2 00 70WildTangent Channel Manager , WildTangent. WildTangent Channel Manager 01
115Windows Service0  8dddd.exe1 00101Identified by Kaspersky Labs as PornWare.Dialer.Salc, also known to come with the Bube family trojans64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=415180
1 7ddeproc0 11ddeproc.exe1 00 83Associated with Webcelerator - spyware. Read eAcceleration's privacy statement here37http://www.eacceleration.com/privacy/0
1 6DDEsvr0 10ddesvr.exe1 00133Added by the W32/Agobot-QI worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotqi.html0
114Winsvr manager0 10DDEsvr.exe1 00 67Added by the W32/Tirbot-B WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32tirbotb.html0
1 7DirectX0 12ddhelp32.exe1 00 81Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.3180
1 8DDialler0 12DDialler.exe1 00 21Adult content dialler 01
311CCD Manager0  7DDS.EXE1 00 63Project Labs Century CD manager for their CD/DVD storage device27http://www.centurycdna.com/0
223DynDNS-Updater Traytool0 11ddutray.exe1 00102DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually38http://www.dyndns.org/services/dyndns/0
1 7de32gen0 11de32gen.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
2 7DeadAIM0 29DeadAIM.ocm,ExportedCheckODLs111HKEY_LM\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
113virtual cdrom0 10deamon.exe1 00 27Added by the  RBOT.VP WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.VP&VSect=P0
1 6debugg0 10debugg.dll1 00 47Added by the HaxDoor.B rootkit/backdoor Trojan.79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.b.html0
112DebugMonitor0 16debugmonitor.exe1 00 71A MyDoom WORM variant adds this file, exploiting P2P and email clients.57http://www.sophos.com/virusinfo/analyses/w32mydoombh.html0
1 5Debug0 12DebugW32.exe1 00122Added by the GUBED TROJAN Note - this is not the legitimate csrss.exe process which should NOT appear in Msconfig/Startup!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html0
1 4run=0  9dec25.exe1 00 25Added by the ATAK.F WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.f@mm.html0
1 9what ever0  9decom.exe1 00108Added by the W32/Rbot-SC worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotsc.html0
1 3Gmh0  7Dee.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7deeenes0 11DeeEnEs.exe1 00 70DeeEnEs - automatically  updates a dynamic IP address when it changes.48http://www.palacio-cristal.com/products/DeeEnEs/0
312NAV DefAlert0 12DefAlert.exe1 00162Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis 01
115[Various Names]0 12defect08.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
113BODefenderDrv0 15DefenderDrv.sys1 00 45Added by the Troj/GrayBrd-BF backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbf.html0
124Automatic Defrag Manager0 10defrag.exe1 00132Added by the W32/Rbot-AKE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotake.html0
118windows dll loader0 15defragfat32.exe1 00 32Added by the  W32/SDBOT-SS WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotss.html0
118Windows DLL Loader0 18defragfat32abc.exe1 00108Added by the W32/Rbot-RG worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrg.html0
118Windows DLL Loader0 17defragfat32pi.exe1 00 26Added by the RBOT-QQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqq.html0
118Windows DLL Loader0 16defragfat32z.exe1 00 28Added by the LINKBOT.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.a.html0
118Windows DLL Loader0 15DEFRAGFAT34.EXE1 00 44Added by the W32/Poebot-B WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotb.html0
118Windows DLL Loader0 15defragfat39.exe1 00 27Added by the POEBOT-C WORM!56http://www.sophos.com/virusinfo/analyses/w32poebotc.html0
118Windows DLL Loader0 14defragfatx.exe1 00134Added by the W32/Poebot-F trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32poebotf.html0
118Windows DLL Loader0 14defragfatz.exe1 00 28Added by the LINKBOT.H WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.h.html0
118Windows DLL Loader0 15defragfatz.exe.1 00 12Added by the31W32/Poebot-D WORM/IRC backdoor!0
113defragm_check0 14defragment.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7WebScan0 14DEFSCANGUI.EXE1 00150Stop-Sign from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware in itself - see their privacy statement here25http://www.stop-sign.com/0
3 8defwatch0 12defwatch.exe1 00191Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis 01
3 9slow play0 13DEFY DASH.exe211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
112spywareguard0 17deinst_qfe001.exe1 00126Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application as described  here45http://castlecops.com/s3481-SpywareGuard.html0
125windows internet protocol0 17deinst_qfe001.exe1 00 45Added by a variant of the Win32.Small TROJAN! 01
122windows update checker0 17deinst_qfe002.exe1 00  0 01
3 5Delay0 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
3 8Delayrun0 12delayrun.exe1 00 91On HP PCs this program is used to help prevent conflicts or timing issues on fast computers 01
211DELDIR0.EXE0 11DELDIR0.EXE115HKEY_LM\RunOnce0 58one-dev DelDir 1, 0, 0, 1, Network Associates Inc.. DelDir39http://www.absolutestartup.com/startup/1
321GhostSurfDelSatellite0 19DeleteSatellite.exe1 00 35SpyCatcher spyware remover related.58http://www.tenebril.com/products/ghostsurf/spycatcher.html0
2 7Execute0 14delfolders.exe1 00  2?? 01
3 7DellDMI0 11delldmi.exe1 00379Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards? 7#FF00000
3 8DELLMMKB0 12DELLMMKB.EXE1 00 93Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys 01
3 9DellTouch0 12DELLMMKB.EXE1 00  0 01
2 6DellSC0 10dellsc.exe1 00 80Dell Solution Center - web-based troubleshooting tools and educational offerings 01
132windows service pack auto update0 10del-me.exe1 00 49Adware,  also detected as the Lowzones.BH TROJAN! 01
1 7delmsbb0 11delmsbb.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
1 7delsaap0 11delsaap.exe1 00 12nCase adware42http://www.doxdesk.com/parasite/nCase.html0
0 8delstart0 12delstart.exe1 00 83Reportedly part of BT ISP software - what does it do and is it required in startup? 01
0 6DelTmp0 11DelTemp.exe1 00142Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete? 01
2 8DeltTray0 11deltray.exe1 00195System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -&gt; Programs or Start -&gt; Settings -&gt; Control Panel51http://www.midiman.net/products/m-audio/delta44.php0
0 6delcab0 20deltreew.exe C:\cabs2 00  6??font 01
111demm386.exe0 11DEMM386.EXE1 00143Added by the W32/Rbot-EO trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboteo.html0
0 5demon0  9demon.exe1 00 45Part of the French Wanadoo ADSL extense pack. 01
1 8Especial0 10Deneca.bat1 00 44Added by the WM97/Acened-A word macro virus.57http://www.sophos.com/virusinfo/analyses/wm97aceneda.html0
113WINDOWS DENEM0 10deneme.exe1 00132Added by the W32/Mytob-CR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcr.html0
114WINDOWS DENEME0 10deneme.exe1 00132Added by the W32/Mytob-CR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobcr.html0
115[various names]0 10dePloy.exe1 00 90TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see  here44http://www.doxdesk.com/parasite/WareOut.html0
1 6Desire0 11desires.exe1 00 21Adult content dialler 01
325HydarVisionDesktopManager0 10desk95.exe1 00253ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs39http://support.microsoft.com/?id=8109370
325HydraVisionDesktopManager0 10desk98.exe1 00167ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup 01
114DeskAd Service0 14DeskAdServ.exe1 00 26Windupdates adware variant81http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx0
2 9DeskColor0 13DESKCOLOR.EXE1 00 65Provides transparent icon text backgrounds and coloured icon text 01
2 8Deskflag0 12Deskflag.exe1 00 43DeskFlag - animated USA flag on the desktop24http://www.deskflag.com/0
3 8DeskHide0 12deskhide.exe125StartUp menu\Current user0 27DeskHide 1.00, wh0t access.39http://www.absolutestartup.com/startup/1
118DeskMateAutoUpdate0 22DeskMateAutoUpdate.exe1 00 88DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related53http://www.pestpatrol.com/PestInfo/b/bargainbuddy.asp0
21000dsksvr000 13desksaver.exe1 00 35Related to  Advanced_Desktop_Shield40http://www.softstack.com/deskshield.html0
216DiscoverDeskshop0 12Deskshop.exe1 00 62Discover Deskshop - single use &quot;virtual&quot; credit card43http://www.dealchecker.com/doc.cfm?OID=10910
222AquaSoft PhotoKalender0 62DESKTO~1.EXE -p|Photokalender.ads -t|3 Monate unregelmäßig.pwt211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7desktop0 11desktop.exe1 00 27Added by the SDBOT.MD WORM!46http://www.f-secure.com/v-descs/sdbot_md.shtml0
114Desktop Search0 11desktop.exe1 00 33iSearch "Desktop Search" hijacker 01
311desktop.ini0 11desktop.ini125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
411lto manager0 21DesktopLtoManager.exe1 00 84Related to  Global_Positioning_System (GPS) found on HP iPAQ hw6500 unit and others.28http://www.globallocate.com/0
210desktopmgr0 14desktopmgr.exe1 00132Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the &quot;Blackberry&quot;39http://www.rim.net/products/index.shtml0
223Copernic Desktop Search0 17DesktopSearch.exe1 00140Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"61http://www.copernic.com/en/products/desktop-search/index.html0
016desk-top-service0 20desk-top-service.exe1 00  2?? 01
322Motorola Desktop Suite0 16DesktopSuite.exe122StartUp menu\All users0 88Symbian Connect QI 1, 0, 0, 1, Symbian Ltd.. Symbian Connect QI Reference User Interface39http://www.absolutestartup.com/startup/1
2 3DW40 18DesktopWeather.exe1 00 46The Weather Channel's desktop weather program. 01
3 3DW40 18DesktopWeather.exe111HKEY_CU\Run0 49Desktop Weather 4 4.24.0.0, TWCi. DesktopWeather439http://www.absolutestartup.com/startup/1
3 8DesktopX0 12DESKTOPX.EXE1 00 96A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking 01
2 6deskup0 10deskup.exe1 00 42Adds Iomega Zip drive icons to the desktop 01
2 6Deskup0 20deskup.exe /IMGSTART211HKEY_LM\Run0 45Iomega refresh 4, 0, 1, 0, Iomega. deskup.exe39http://www.absolutestartup.com/startup/1
115[Various Names]0 11Dest068.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 9destroy110 13destroy11.exe1 00 44Added by the Troj/Delf-KO keylogging trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfko.html0
110destroyb110 14destroyb11.exe1 00 26Added by the  Troj/Delf-KO56http://www.sophos.com/virusinfo/analyses/trojdelfko.html0
2 8Detector0 12Detector.exe1 00 36Test Application 1, 0, 0, 1, . Image 01
2 8Detector0 12detector.exe1 00263USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software 01
214MGA_CD_Install0  7Deutsch1 00  0 01
129Microsoft Windows Workstation0 11devcode.exe1 00 48Added by the W32/Rbot-AWL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotawl.html0
129Microsoft Windows Workstation0 13devcode32.exe1 00 48Added by the W32/Rbot-BBT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbt.html0
111Dev Gnu Cpp0 10devcpp.exe1 00108Added by the W32/Rbot-RU worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotru.html0
315Device Detector0 13DevDetect.exe1 00 78Watches for external digital imaging products being connected from ACD Systems43http://www.acdsystems.com/English/index.htm0
315Device Detector0 22DevDetect.exe -autorun2 00  0 01
315Camera Detector0 22DevDetect.exe -autorun211HKEY_LM\Run0 62Device Detector 1, 3, 2, 1, ACD Systems, Ltd.. Device Detector39http://www.absolutestartup.com/startup/1
217Device Detector 20 12DevDtct2.exe1 00294Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources. 01
217Digital Dashboard0 11devgulp.exe1 00 48For Compaq PC's. Loads Digital Dashboard options 01
1 5Cmpnt0 12Devices2.exe1 00 43Added by the Troj/Tompai-D backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojtompaid.html0
128Configuration Loader Service0 10devl32.exe1 00 31Added by the W32/Sdbot-XY worm.56http://www.sophos.com/virusinfo/analyses/w32sdbotxy.html0
116Windows Archiver0 10devldr.exe1 00 46Added by the W32/Prex-J worm and IRC backdoor.54http://www.sophos.com/virusinfo/analyses/w32prexj.html0
3 8devldr160 12devldr16.exe1 00369Associated with some Creative Labs sound cards.  Provides audio support for DOS applications.  Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start - Settings - Control Panel - System - Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices 01
312devldr16.exe0 12devldr16.exe1 00369Associated with some Creative Labs sound cards.  Provides audio support for DOS applications.  Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start - Settings - Control Panel - System - Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices 01
111Divx4 codec0 12devldr32.exe1 00 96Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file76http://www.liutilities.com/products/wintaskspro/processlibrary/devldr32/F4120
0 6Devlog0 10devlog.exe1 00115Apparently mainboard/chipset related, by a French company called AS Media -  what exactly is it, and is it required 01
111Dev Manager0 12devspecs.exe1 00107An Rbot variant.  This infection connects to an IRC server where it will await commands from a remote user. 01
1 5xdxqa0  8dewa.exe1 00 12Added by the140W32/Sdbot-YB.0
110autorepair0  8dexs.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
120Configuration Loader0  8dezi.exe1 00134Added by the W32/Sdbot-OB worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotob.html0
132Managing FAT and NTFS partitions0 13dfrgfat16.exe1 00 48Added by the W32/Codbot-N worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32codbotn.html0
134Defragmentation Management Handler0 13dfrgfat32.exe1 00 41Added by the W32/Codbot-AB backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32codbotab.html0
111wininet.dll0 11dfrgsrv.exe1 00 46Added by the Troj/DwnLdr-FS downloader Trojan.58http://www.sophos.com/virusinfo/analyses/trojdwnldrfs.html0
123Distributed File System0  9Dfsvc.exe1 00 38Added by the MYFIP.A or MYFIP.K WORMS!72http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.a.html0
316Hermes Messenger0 12DGDRHE~1.EXE1 00 65A LAN messenger alternative to WinPopUp - Digital Dreams Software27http://www.dgdr.com/hermes/0
3 4DGJM0  8DGJM.exe1 00  2?? 01
130Microsoft Security Pansasagers0 13dgkztsqgn.exe1 00 48Added by the W32/Rbot-BBJ worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbj.html0
1 8dgtstart0 12dgtstart.exe1 00 21DigitalNames.g adware62http://www.viruslist.com/en/viruses/encyclopedia?virusid=808850
2 6dguard0 10dguard.exe1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
1 5dgzqn0  9dgzqn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115DealHelperBrwsr0 11dhbrwsr.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
3 7FatPipe0  4DHCP1 00115Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users 01
131Symantec Client Security Loader0  8DHCP.DLL1 00116Added by the Troj/DllLoad-B trojan dll loader. DHCP.DLL is a file that tells the service what malicious DLL to load.58http://www.sophos.com/virusinfo/analyses/trojdllloadb.html0
1 8WinSec320  8dhcp.sys1 00 44Added by the Troj/Rawdoor-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojrawdoora.html0
121Microsoft STS Service0 10DHCP32.exe1 00136Added by the W32/Sdbot-UK worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuk.html0
4 8dhcpagnt0 12dhcpagnt.exe1 00 79Intel DSL modem driver - leave enabled or you'll have to re-install the drivers 01
111DHCP Client0 14dhcpclient.exe1 00133Added by the W32/Codbot-AG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32codbotag.html0
1 6dhixmg0 10dhixmg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6DHNUXB0 10DHNUXB.exe1 00  2?? 01
1 6atomix0  7dho.exe1 00 43Added by the W32.Hotmatom MSN Hotmail worm.73http://www.sarc.com/avcenter/venc/data/w32.hotmatom.html#technicaldetails0
116DealHelperUpdate0 10DHUpdt.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
1 5file10 13Dia Claro.htm2 00 29Added by the  Troj/Dloader-OR59http://www.sophos.com/virusinfo/analyses/trojdloaderor.html0
310DiagAP81690 14DiagAP8169 /hw211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9(default)0 11diagcfg.exe1 00 36Added by the Backdoor.GWGirl trojan.59http://www.sarc.com/avcenter/venc/data/backdoor.gwgirl.html0
2 7diagent0 11diagent.exe1 00127System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -&gt; Programs 01
2 7DIAGENT0 19DIAGENT.EXE startup211HKEY_LM\Run0 87Creative Diagnostics Agent 1.00.10, Creative Technology Ltd. Creative Diagnostics Agent39http://www.absolutestartup.com/startup/1
110Diagnostic0 14diagnostic.exe1 00 42Added by the Troj/Alpha-C backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojalphac.html0
1 9installer0  8dial.exe1 00 75Malware - detected by  Kaspersky antivirus as trojan-dropper.win32.agent.mm36http://www.kaspersky.com/personalpro0
110User23.exe0  8DIAL.exe1 00 56This is a trojan trying to disguise itself as User32.dll 01
1 6regrun0 10dialer.exe1 00 97Adware downloader - also detected as a variant of the  TROJ_LOWZONES.BW or  TROJ_AGENT.RD TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_LOWZONES.BW0
316antidialer.co.uk0 18Dialer_Watcher.exe1 00 85Dialer_Watcher is an application that allows you to detect  Dialers on your computer.24http://antidialer.co.uk/0
115[Various Names]0 13dialer423.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6itunes0  9dials.exe1 00109Detected as Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus. Note: A Url is not available at this time. 01
122windows dialup service0 10dialup.exe1 00 30Added by the  AGOBOT.AAH WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AAH&VSect=P0
011diamondview0 15Diamondview.exe1 00115Manulife Financial Insurance program. Note: This file is legitimate. It is not known if it needs to run at startup. 01
1 5Livre0 10Dibane.bat1 00 26Added by the BANEDI VIRUS!72http://securityresponse.symantec.com/avcenter/venc/data/w97m.banedi.html0
1 9rundll***0 23die.exe [path] mdll.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 25die.exe [path] secure.bat2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 25die.exe [path] secure.exe2 00  076http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
1 9rundll***0 22die.exe [path] ttg.exe2 00 61Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 94676http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sumtax.html0
3 5DietK0  9DietK.exe1 00156DietK - add-on for Kazaa Media Desktop; "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"21http://www.dietk.com/0
3 8DigiCell0 12DigiCell.exe1 00420MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center" 01
3 7digisrv0 11DigiSrv.exe1 00 49Related to camera software from  Digital_Dreams._44http://www.digitaldreamco.com/en/index.shtml0
112DigitalNames0 21DigitalNamesStart.exe1 00 28DigitalNames spyware variant81http://securityresponse.symantec.com/avcenter/venc/data/spyware.digitalnames.html0
1 5DigiD0 16DigitalSound.exe1 00 17Adware downloader 01
211DIGServices0 15DIGServices.exe1 00 58Created by Disney but licensed to ESPN for watching videos 01
2 9DIGStream0 13digstream.exe1 00222DIGStream Cache Manager - part of ESPN Motion and  Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically39http://espn.go.com/motion/download.html0
1 8Gtfgxojw0 11Dihpcyj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113iConfigLoader0 11DIIhost.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
136Microsoft Internal AntiVirus Systems0 11dIlhost.exe1 00133Added by the W32/Rbot-AEV worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaev.html0
3 9Dimension0 13Dimension.exe1 00220Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol 01
1 5Dino30  9dino3.exe1 00138Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result 01
1 5dinst0  9dinst.exe1 00 98GrandStreet parasite variant - detected by Kaspersky antivirus as Trojan-Downloader.Win32.Intexp.d48http://www.doxdesk.com/parasite/GrandStreet.html0
1 7Printer0 10dipset.exe1 00 38Added by a variant of the FBSR TROJAN!46http://vil.nai.com/vil/content/Print119618.htm0
112direct3d.exe0 12direct3d.exe1 00 52Added by the Troj/Certif-F password-stealing trojan.57http://www.sophos.com/virusinfo/analyses/trojcertiff.html0
111Windows SP40 12directCC.exe1 00121Added by the W32/Rbot-ACX worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotacx.html0
216Adaptec DirectCD0 12Directcd.exe1 00351DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start - Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
215AdaptecDirectCD0 12Directcd.exe1 00351DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start - Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 01
2 8DirectCD0 12DirectCD.exe1 00  0 01
121Printer direct access0 13directout.sys1 00 36Added by the TSPY_GOLDUN.EG rootkit.97http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FGOLDUN%2EEG&VSect=Td0
1 8directpt0 12directpt.dll1 00 44Added by the Troj/Haxdoor-AX rootkit Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorax.html0
111directs.exe0 11directs.exe1 00 64Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.o@mm.html0
1 8directut0 12directut.dll1 00 35Added by the Troj/Goldun-BX Trojan.58http://www.sophos.com/virusinfo/analyses/trojgoldunbx.html0
310DIRECTVDSL0 14Directvdsl.exe1 00 66Starts DirectTV DSL modem at boot up. Can also be started manually 01
1 7DirectX0 11DirectX.exe1 00 37Added by the BLAXE or  LOGPOLE WORMS!75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.blaxe.html0
1 7directx0 11Directx.exe1 00 28Added by the SDBOT.D TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.d.html0
115DirectX Service0 11directx.exe1 00 49Added by the Troj/Crybot-B worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/trojcrybotb.html0
1 7directx0 13directx32.exe1 00 29Added by the  AGOBOT.CG WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CG0
110directx 320 13directx32.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
116WindowsXP Module0 13DirectX3D.exe1 00 42Malware, reportedly a keylogger - see here51http://www.anti-spy.info/process/directx3d.exe.html0
1 9DirectX640 14DirectXset.exe1 00 28Added by the BROWNEY.A WORM!43http://vil.nai.com/vil/content/v_100098.htm0
3 6Dirkey0 10Dirkey.exe1 00287Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders&nbsp;31http://www.protonfx.com/dirkey/0
1 4rn4d0 10dirote.exe1 00 34Added by the BKDR_MAROON.A TROJAN!107http://nl0
2 8discoveg0 12discoveg.exe1 00  2?? 01
312Disk_Monitor0 16Disk_Monitor.exe1 00225Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader 01
126Windows (random character)0 13diskcheck.exe1 00 28Added by the SINGU.B TROJAN!64http://www.symantec.com/avcenter/venc/data/backdoor.singu.b.html0
1 7diskinf0 11diskinf.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
311DISKMON.EXE0 11DISKMON.EXE1 00280DiskMon is a small (55k zip file) that monitors hard disk activity.  It's most useful because it puts a little light on your system tray that tells you when your hard disk is reading or writing, saving you having to bend down to look at the light on the front of your system unit. 01
1 7diskchk0 13diskmon32.exe1 00 48Added by the W32/Rbot-BBI worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbbi.html0
2 7Disknag0 11disknag.exe1 00 65Dell program that reminds you to make your&nbsp; backup diskettes 01
310DiskPiePro0 17DiskPiePro.exe /m211HKEY_CU\Run0 54DiskPiePro 1.0.0.0, Ziff Davis Media, Inc. DiskPie Pro39http://www.absolutestartup.com/startup/1
115[Various Names]0 12diskserv.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
112Disk Manager0 11diskver.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
129i am not ranky. i am etunnel!0 10disney.exe1 00 40Added by an unidentified WORM or TROJAN! 01
414APC UPS Status0 11Display.exe1 00 43APC PowerChute Personal Edition status icon67http://www.apcc.com/products/family/index.cfm?id=129&web_displayed=0
3 6disspy0 10disspy.exe1 00 45Disspy spyware detection and removal software44http://www.h-desk.com/new/Features.13.0.html0
224Distiller Assistant 3.010 12DISTASST.EXE1 00 90From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start - Programs 01
3 3Dit0  7Dit.exe1 00  0 01
3 3Dit0  7dit.exe1 00127Drive Icon and Label Utility - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found 01
210DiTask.exe0 10DiTask.exe1 00195Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -&gt; Programs42http://www.eicon.com/worldwide/default.htm0
311Divamon.exe0 11Divamon.exe1 00 57Associated with an Eicon Networks Diva ISDN or ADSL modem42http://www.eicon.com/worldwide/default.htm0
112DivX Updater0  8DivX.Exe1 00 43Added by the NALDEM TROJAN or MASTAK VIRUS!74http://securityresponse.symantec.com/avcenter/venc/data/trojan.naldem.html0
1 4divx0 11divxenc.exe1 00 29Added to the  Spbot.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.spbot.b.html0
1 7mdetect0 15divxencoder.exe1 00 46Added by the Troj/Sqdload-A downloader trojan.58http://www.sophos.com/virusinfo/analyses/trojsqdloada.html0
111DivX Player0 14DivXPlayer.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
0 8djsnetcn0 12DJSNetCN.exe1 00 72Symantec Licensing Detect Internet Connection,  part of Norton antivirus 01
3 8DJSNetCN0 12DJSNETCN.exe119HKEY_LM\RunServices0 79Symantec Shared Components 5.0, Symantec Corporation. Symantec Shared Component39http://www.absolutestartup.com/startup/1
114djtopr1150.exe0 14djtopr1150.exe1 00 50Unknown malware. Located in %temp%\djtopr1150.exe" 01
1 7djvvjvy0 11djvvjvy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7dKernel0 11dkernel.exe1 00 30Added by the W32/Decoy-A worm.55http://www.sophos.com/virusinfo/analyses/w32decoya.html0
216DiskeeperSystray0 10DkIcon.exe1 00 60DisKeeper defragmentation software - can be started manually42http://www.executive.com/defrag/defrag.asp0
1 4dkjb0  8dkjb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 9DkService0 13DkService.exe1 00200From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually. 01
1 6DKTime0 10dktime.exe1 00 26Added by the LUNII TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html0
113Dkware lptt010 10dkware.exe1 00180Variant of the  RapidBlaster parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
113Dkware ml097e0 10dkware.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
138(D1589445-4C2D-4827-6486-8C9674D8B206)0 11dkxcj32.dll1 00100Added by the W32/Korgo-Z network worm.br /br /Uses CLSID: b(D1589445-4C2D-4827-6486-8C9674D8B206)/b.55http://www.sophos.com/virusinfo/analyses/w32korgoz.html0
1 7dkzzixm0 11dkzzixm.exe1 00  2?? 01
2 7DlaTray0 11Dlatray.exe1 00404System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones" 01
2 6HP_dla0 11dlatray.exe1 00106On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD 01
221Dell AIO Printer A***0 12dlbabmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
0 8dlbcserv0 12dlbcserv.exe1 00 31Related to a Dell Photo Printer 01
021dell aio printer a9600 12dlbfbmgr.exe1 00 36Dell A960 All-In-One Printer related 01
221Dell AIO Printer A***0 12dlbfbmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
021dell aio printer a9200 12dlbkbmgr.exe1 00 45Button manager for the Dell AIO Printer A920? 01
221Dell AIO Printer A***0 12dlbkbmgr.exe1 00 68Dell AIO Printer A*** related (*** = model). Not Required at Startup 01
226dell photo aio printer 9220 12dlbtbmgr.exe1 00 67Adds an icon to the system tray for a Dell printer solution center. 01
026dell photo aio printer 9620 11dlbxmon.exe1 00 40DellPhoto AIO Printer 962 Device Monitor 01
1 5dlder0  9dlder.exe1 00249Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see here). Reported in the past as a virus12explorer.exe0
311DLForcerExe0 15DLForcerEXE.exe1 00  2?? 01
219Digital Line Detect0  7DLG.exe1 00 72BVRP Software TestLine 1, 0, 0, 1, BVRP Software. Digital Line Detection 01
219Digital Line Detect0  7DLG.exe1 00201Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems 01
319Digital Line Detect0  7DLG.exe122StartUp menu\All users0 72BVRP Software TestLine 1, 0, 0, 1, BVRP Software. Digital Line Detection39http://www.absolutestartup.com/startup/1
2 3DLG0 11DLGCHBW.exe1 00175Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates 01
238Data LifeGuard LifeLine Lite installer0  9DLGLI.EXE1 00 29Backweb installer - see  here29http://www.cexx.org/dlgli.htm0
315DLHelperEXE.exe0 15DLHelperEXE.exe125StartUp menu\Current user0 45DLHelper Module 6, 0, 0, 3, . DLHelper Module39http://www.absolutestartup.com/startup/1
1 6dlhost0  6dlhost1 00 35Added by the Troj/ExpHook-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojexphooka.html0
319windows system tray0 10dlhost.exe1 00 55Related to  IamBigBrother Internet monitoring software.52http://www.internetsafetysoftware.com/iambigbrother/0
111DynamicHost0 10dlhost.exe1 00 50Added by the W32/Tilebot-BO worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotbo.html0
117Microsoft Windows0 11dlIhost.exe1 00108Added by the W32/Rbot-QC worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotqc.html0
212NetworkSetup0  9dlink.exe1 00 23D-Link System Tray icon44http://www.dlink.com/tech/faq/dlink-icon.htm0
124Dll executer_AutoStarter0 28Dll executer_AutoStarter.exe2 00 28Added by the W32/VB-SP worm.53http://www.sophos.com/virusinfo/analyses/w32vbsp.html0
1 7Systask0  7dll.dll1 00 88Added by the PWSteal.Ldpinch.B password-stealing Trojan.br /br /Uses CLSID: b[Random]/b.95http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ldpinch.b.html#technicaldetails0
1 5CLSID0  7dll.exe1 00 21Adult content dialler 01
111System32Dll0 12DLL32SYS.EXE1 00 28Added by the SPYBOT-CZ WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotcz.html0
116Dll6d AutoLoader0 12DLL6DSYS.EXE1 00142Added by the W32/Sdbot-HX worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbothx.html0
1 9[unknown]0 12DLL9DSYS.EXE1 00142Added by the W32/Sdbot-HZ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbothz.html0
111DllCacherv20 14dllcachev2.exe1 00 27Added by the LATEDA TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lateda.html0
2 9Live Menu0 12Dllcmd32.exe1 00110eFax Send button for eFax Messenger Plus. Available via Start - Programs Disabling instructions available here34http://www.efax.com/help/index.asp0
110[not used]0 11dllcnfg.exe1 00 46Added by the Backdoor.Samkams backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.samkams.html#technicaldetails0
110MSN Update0 10DLLCON.EXE1 00144Added by the W32/Rbot-EA trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotea.html0
1 6dlldmt0 10dlldmt.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
1 7dllhelp0 11dllhelp.exe1 00 34Added by the STARTPAGE.DQ hijacker53http://www.hacksoft.com.pe/virus/w32_startpage_dq.htm0
119Win32 Configuration0 11dllhelp.exe1 00 27Added by the SDBOT.UL WORM!90http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.UL0
1 7dllhelp0 10dllhlp.exe1 00 34Added by the Downloader-HI TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1231550
1 5DLL320 11dllhost.dll1 00 53%WinDir%LoveLetter.doc.exe (copy of the worm EXE)br / 01
1 7DllHost0 11dllhost.exe1 00 36Added by the BKDR_PROSTI.A backdoor.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FPROSTI%2EAA&VSect=T0
1 7WinMngn0 11dllhost.exe1 00181Added by the Troj/Sivion-A TROJAN by appearing to be an anti-virus program. Additional files are installed to the Program Files to enable unauthorised access by way of IRC channels.57http://www.sophos.com/virusinfo/analyses/trojsiviona.html0
420Gilat SOM Enumerator0 11dllhost.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
113index service0 13dllhost32.exe1 00 29Added by the  AGOBOT.CH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CH&VSect=P0
116windows dll host0 13dllhost32.exe1 00 40Added by an unidentified WORM or TROJAN! 01
114Windows Update0 13dllhostup.exe1 00 36Added by the Troj/Bancban-NB Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbannb.html0
113dllhostxp.exe0 13dllhostxp.exe1 00 38Browser hijacker and adware downloader 01
1 4upme0 10dllman.exe1 00  075http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.f@mm.html0
1 4upme0 10dllman.exe1 00 26Added by the MUGLY.F WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.f@mm.html0
122Windows Online Updater0 10dllman.exe1 00 26Added by the RBOT-TE WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotte.html0
1 5Dlite0 14dllmanager.exe1 00 29Added by the WOOTBOT.DN WORM!90http://es.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_WOOTBOT.DN0
136Windows Plug and Play Service 32 BIT0 14dllmanager.exe1 00 48Added by the W32/Rbot-CGK worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcgk.html0
144microsoft windows dll services configuration0 16dllmanager32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 5DLL320 12dllmem32.exe1 00 26Added by the KWBOT.E WORM!64http://www.symantec.com/avcenter/venc/data/w32.kwbot.e.worm.html0
121Microsoft DLL Manager0 10dllmgr.exe1 00121Added by the W32/Sdbot-KJ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkj.html0
125Windows 64bit DLL Manager0 12dllmgr64.exe1 00 50Added by the W32/Tilebot-CP worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcp.html0
111dll manager0 13dllmngr32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
121Microsoft DLL Manager0 10dllmnr.exe1 00152Added by the W32/Sdbot-DM backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdm.html0
129microsoft dll printer manager0  9dllpt.exe1 00 29Added by the  SDBOT.BIH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BIH&VSect=P0
1 6dllreg0 10dllreg.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 3run0 10DLLREG.EXE1 00124Added by the W32/Dumaru.w Trojan! Acts as a keylogger and sends out the stolen information to a predetermined email address.43http://vil.nai.com/vil/content/v_100977.htm0
118microsoft dllset320 12dllset32.exe1 00 27Added by the  RBOT.OZ WORM!87http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.OZ0
1 7regscan0 12DLLSRV32.EXE1 00 30Added by the  AGOBOT.AEW WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AEW&VSect=T0
112DLLService320 12dllsvc32.exe1 00 28Added by the AGOBOT.VX WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VX0
114[unknown name]0 13DLLSYSBIN.EXE1 00121Added by the W32/Sdbot-IZ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotiz.html0
1 6Dial220  7dlm.exe1 00 21Adult content dialler 01
1 6Dial330  7dlm.exe1 00 21Adult content dialler 01
317dlink system tray0 11dlnetst.exe1 00 66Related to  D-Link DGE-530T PCI card for servers and workstations.38http://www.dlink.com/products/?pid=2840
112li-speed****0  9dlres.exe1 00 34Adult web-dialler - **** is random 01
1 7dlsp2mx0 11dlsp2mx.exe1 00 36Added by the Dial/MPB-B porn dialer.54http://www.sophos.com/virusinfo/analyses/dialmpbb.html0
2 3DLT0  7dlt.exe1 00  2?? 01
136Distributed Link Tracking Extensions0 11dltksvc.exe1 00 30Added by the W32.Myfip.K worm.89http://securityresponse.symantec.com/avcenter/venc/data/w32.myfip.k.html#technicaldetails0
1 5dluca0  9dluca.exe1 00 28Added by the DLUCA.C TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/downloader.dluca.c.html0
1 6dluxde0 10dluxde.exe1 00 49All-In-One-Telcom (adult content dialler) variant 01
1 6DM mgr0 10dm_mgr.exe1 00 27Added by the JITTAR TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jittar.html0
111Auto Update0  7dma.exe1 00132Added by the W32/Rbot-AVO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotavo.html0
443Logical Disk Manager Administrative Service0 11dmadmin.exe1 00 71This Windows service manages hard disk and volume functions in Windows. 01
1 3dmc0  7dmc.exe1 00 49Added by Trojan-Downloader.Win32.Dluca.bv TROJAN! 01
1 9dmcoj.exe0  9dmcoj.exe1 00 34Added by the Troj/RuinDl-K Trojan.57http://www.sophos.com/virusinfo/analyses/trojruindlk.html0
1 6Crusty0  9dmcpl.exe1 00 24Added by the RUSTY WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html0
138(9F81D88C-C298-9935-C5D1-40AA4DB91155)0 10dmdlgs.exe1 00106Added by the Troj/Zlob-JF downloader Trojan.br /br /Uses CLSID: b(9F81D88C-C298-9935-C5D1-40AA4DB91155)/b.56http://www.sophos.com/virusinfo/analyses/trojzlobjf.html0
225InControl Desktop Manager0 10DMHKEY.EXE1 00140For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start - Programs 01
1 9J04sRjc5h0  9dmifs.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
2 6DMILDR0 10dmildr.exe1 00411Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -&gt; Programs&nbsp;68http://docs.us.dell.com/docs/software/smcliins/cli60/en/ug/intro.htm0
2 5DMISL0  9DMISL.EXE1 00213DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information59http://support.intel.com/support/tokenexpress/pro/11601.htm0
2 8DMISLAPP0 12DMISLAPP.exe1 00213DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information59http://support.intel.com/support/tokenexpress/pro/11601.htm0
1 8dmlcwryk0 12dmlcwryk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
331Document Manager Upload Monitor0  9DMMon.exe125StartUp menu\Current user0 64IBM WebSphere PDM File Monitor 1, 0, 0, 1, IBM. PDM File Monitor39http://www.absolutestartup.com/startup/1
1 9DSService0  9dmrss.exe1 00 36Added by the AGOBOT-XX network Worm!57http://www.sophos.com/virusinfo/analyses/w32agobotxx.html0
1 9DM_server0 12dmserver.exe1 00 19Comet Cursor adware48http://www.doxdesk.com/parasite/CometCursor.html0
1 8dmserver0  9dmsrv.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
1 7Dmsvc320 11Dmsvc32.exe1 00 29Added by the AGOBOT.ABU WORM!100http://es0
138microsoft internet, varying file names0 11dmsvc32.exe1 00 49Added as result of a  W32/Sdbot-AZ worm infection56http://www.sophos.com/virusinfo/analyses/w32sdbotaz.html0
121windows driver update0 11dmsvc32.exe1 00 49Added as result of a  W32/Sdbot-GP worm infection56http://www.sophos.com/virusinfo/analyses/w32sdbotgp.html0
1 6dmtdll0 10dmtdll.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
311DMXLauncher0 15DMXLauncher.exe1 00  0 01
311dmxlauncher0 15DMXLauncher.exe1 00139Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files. 01
1 4Dnar0  8Dnar.exe1 00 91Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see here89http://www.spywareinfo.com/yabbse/index.php?board=10;action=display;threadid=1137;start=00
3 6dancer0  9DncLE.exe1 00 57Part of Microsoft Plus! Digital Media Edition - see  here62http://www.microsoft.com/windows/plus/dme_more/moreupdates.asp0
322distributed.net client0  9DNETC.EXE1 00205Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses23http://distributed.net/0
120Windows Update Files0  9dnetc.exe1 00 93Added by an unidentified VIRUS, WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update 01
1 9[unknown]0 11DNETLIB.EXE1 00142Added by the W32/Sdbot-HA worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotha.html0
1 6dnorvd0 10dnorvd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
012DNS2GoClient0 16dns2goclient.exe1 00171DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address.28http://dns2go.deerfield.com/0
1 7winhelp0  9dns32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
110dnscleaner0 14dnscleaner.exe1 00 30CoolWebSearch parasite related53http://www.spywareinfo.com/~merijn/cwschronicles.html0
113DNSCacheBoost0 11dnsping.exe1 00165Added by the Troj/DNSBust-A trojan.  This infection modifies your dns servers that your computer uses in order to redirect popular sites to an address of its choice.58http://www.sophos.com/virusinfo/analyses/trojdnsbusta.html0
111DNS Service0 15dnsresolver.exe1 00 26Added by the RBOT-PQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotpq.html0
127Domain Name Resolve Service0 15dnsresolver.exe1 00 48Added by the W32/Rbot-BYB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbyb.html0
112Dns Resolver0 12dnsrslve.exe1 00 29Added by W32/Rbot-WS, a WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotws.html0
1 7SiS Dns0 10dnssvc.exe1 00 36Added by the Troj/Dloader-UE Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderue.html0
1 8ntupdate0  9dnsvc.exe1 00 27Added by the SDBOT-TC WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbottc.html0
110Dns Server0  9dnswn.exe1 00106An Rbot variant. This infection connects to an IRC server where it will await commands from a remote user.32http://www.malwareblog.com/?p=990
325DameWare NT Utilities 2.60 11DNTUS26.EXE1 00219Dameware NT Utilities program that allows remote access and control of a computer.  This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed.38http://www.dameware.com/products/dntu/0
1 5dntyv0  9dntyv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5DNXVC0  9dnxvc.exe1 00  2?? 01
1 3doc0  7doc.exe1 00257Added by the  W32/Agobot-PJ trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.  This infection will add entries to your HOSTS file, so the hosts file should be restored after cleaning this infection.57http://www.sophos.com/virusinfo/analyses/w32agobotpj.html0
3 6BayMgr0 11DockApp.exe1 00156Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices&nbsp; 01
1 6DocTor0 10Doctor.exe1 00 26Added by the DOTOR.A WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOTOR.A0
119microsoft upmachine0  9doezs.exe1 00 28Added by the  RBOT.BCT WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BCT&VSect=P0
1 3Hah0  7Doi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5Doing0  9doing.exe1 00  2?? 01
1 8doit.exe0  8doit.exe1 00134Added by the W32/Forbot-EK WORM!  This file is found in the Windows system folder.  May also create a Windows service called doit.exe.57http://www.sophos.com/virusinfo/analyses/w32forbotek.html0
316Don&#039;t Panic0 19dontpanicdemodp.exe1 0015630-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."40http://www.panicware.com/product_dp.html0
311Don't Panic0 19dontpanicdemodp.exe1 0015630-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."40http://www.panicware.com/product_dp.html0
3 5dopus0  9dopus.exe1 00 43Directory Opus - a file manager from GPSoft31http://gpsoft.com.au/Intro.html0
1 6wersds0 10doriot.exe1 00 27Added by the JECT.C TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/download.ject.c.html0
1 8wpds.exe0 10doriot.exe1 00 29Added by the SMALL-KY TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsmallky.html0
113WIN32 DDOSSER0  7dos.exe1 00 12Added by the97W32/Rbot-YY to the Windows system folder,it has a backdoor functionality exploiting IRC channels.0
113Window Loader0  9Dos32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 3dos0  9dos64.exe1 00 24Adware downloader trojan 01
110Auto Start0  9dosin.exe1 00142Added by the W32/SdBot-GO worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotgo.html0
113Micro Process0 13dosprmwin.exe1 00144Added by the W32/Rbot-BC trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotbc.html0
120Configuration Loader0 12dosrun32.exe1 00 28Added by the GAOBOT.AO WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
111Windows DOS0  8dosw.exe1 00 38Added by the W32/Salay-A network worm.55http://www.sophos.com/virusinfo/analyses/w32salaya.html0
1 4dous0  8dous.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Down2Home0 13Down2Home.exe1 00137Down2Home allows you to monitor your Internet connections traffic and provides statistics on the amount of data transferred and received. 01
218Digital River eBot0 12downlo~1.exe1 00271Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here164http://groups.g0
114DealHelperDown0 12download.exe1 00 17DealHelper adware60http://sarc.com/avcenter/venc/data/pf/adware.dealhelper.html0
112Eac Download0 12download.exe1 00 83Associated with Webcelerator - spyware. Read eAcceleration's privacy statement here13#Webcelerator0
113Download Plus0 16DownloadPlus.exe1 00 44DownloadPlus parasite - opens pop-up adverts49http://www.doxdesk.com/parasite/DownloadPlus.html0
2 4eBot0 18DownloadWizard.exe1 00265eBot from Digital River - &quot;helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'.&quot; Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -&gt; Programs30http://www.ebot.com/index.html0
215Download Wonder0 18DownloadWonder.exe1 00100Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features21http://www.forty.com/0
1 6Downxz0 10Downxz.bat1 00 26Added by the MYDOOM.W WORM76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
1 3Dsi0 13dp-******.exe1 00 66Added by an unidentified adware where ****** are random characters 01
1 5dpaei0  9dpaei.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6DPAgnt0 10DPAgnt.exe1 00 34digitalPersona fingerprint scanner30http://www.digitalpersona.com/0
4 6Dpcnav0 10dpcnav.exe1 00 65DirecWay from DirectTV satellite based high-speed internet access71http://www.professionalsatellite.com/html/direcway_dw4000_features.html0
2 8DPConfig0 12DPConfig.exe1 00127Compuware DevPartner Studio Configuration Utility, a tool for software developers - system tray access to configure the utility 01
1 8dpcproxy0 12dpcproxy.exe1 00 30Added by the GOLDENP-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojgoldenpa.html0
3 8Dpcstart0 12dpcstart.exe1 00105Startup program for Direcway 2-way satellite internet service. Loads DirecWay's Navigator, tray icon, etc 01
421DPCProxyLoadOnStartup0 12dpcstart.exe1 00 65DirecWay from DirectTV satellite based high-speed internet access71http://www.professionalsatellite.com/html/direcway_dw4000_features.html0
1 723ni3tQ0 10dpctml.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3dsi0 10dp-him.exe1 00 37Added by the  Troj/Multidr-AH TROJAN!59http://www.sophos.com/virusinfo/analyses/trojmultidrah.html0
1 3dpi0  7dpi.exe1 00 42Delfin Media Viewer or "Promulgate" adware51http://www.spywareguide.com/product_show.php?id=7270
3 4NDPS0 10DPMW32.EXE1 00137Novell Distributed Printer Services - part of Novell's Netware Client and  Groupwise products. Not required if you don't use this feature39http://www.novell.com/products/netware/0
110[not used]0 12dpnetmsg.exe1 00730Added by the Troj/PPdoor-Q backdoor Trojan.  This infection may also make the files C:\Windows\System32\dpnetmsg.exe, C:\Windows\System32\iueninet.dll, C:\Windows\System32\fsmgntfs.dll, C:\Windows\System32\ntmapast.dll, C:\Windows\System32\ir50psrv.exe, C:\Windows\System32\kbd1uery.dll, C:\Windows\System32\lfyockaa.dll, C:\Windows\System32\a15svcs.exe, C:\Windows\System32\dpnmdlib.exe, C:\Windows\System32\c_28usic.dll, C:\Windows\System32\atiysnpn.dll, C:\Windows\System32\treemqoa.dll, C:\Windows\System32\arptutdn.dll, C:\Windows\System32\eulapart.dll, C:\Windows\System32\smlo8thk.exe, C:\Windows\System32\odbcfwci.ime, C:\Windows\System32\hgakheg.dll, C:\Windows\System32\jkwbhew.dll, and C:\Windows\System32\testtest.exe.57http://www.sophos.com/virusinfo/analyses/trojppdoorq.html0
1 8dpnsvr320 12dpnsvr32.exe1 00 53Added by the Troj/AOLPass-B password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojaolpassb.html0
331Don&#039;t Panic Pop-Up Stopper0  9dpps2.exe1 00320Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group47http://www.panicware.com/product_companion.html0
3 5dpps20  9dpps2.exe1 00  047http://www.panicware.com/product_companion.html0
314Pop-Up Stopper0  9dpps2.exe1 00320Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group45http://www.popupstopper.net/product_dpps.html0
1 3dps0  7dps.exe1 00135scumware-remover.org  foistware, bogus adware/spyware remover,  is in fact itself a browser hijacker, redirecting to smartestsearch.com 01
4 6dpti2o0 10dpti2o.sys1 00 49DPT SmartRAID miniport driver added by Microsoft. 01
1 7ffeqfqs0 10dqddss.exe1 00130Added by the W32/Sdbot-SG worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotsg.html0
120DivX MediaPlayer 7.00 11Dr.DivX.exe1 00 30Added by the ALADINZ.G TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.g.html0
1 4DR_S0  8DR_S.exe1 00 16AdShooter adware56http://sarc.com/avcenter/venc/data/adware.adshooter.html0
326Speedtouch USB Diagnostics0 12Dragdiag.exe1 00307For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an 'at-a-glance' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line) 01
326SpeedTouch USB Diagnostics0 18Dragdiag.exe /icon211HKEY_LM\Run0 67Alcatel Speedtouch USB Diagnostics 1.3.4, Alcatel Bell. Diagnostics39http://www.absolutestartup.com/startup/1
3 8DragDrop0 12DragDrop.exe1 00  2?? 01
318Drag'n Drop CD+DVD0 21DragDrop.exe /StartUp211HKEY_LM\Run0 45Drag'n Drop CD+DVD 3.00, . Drag'n Drop CD+DVD39http://www.absolutestartup.com/startup/1
1 6draw320 10draw32.dll1 00137Part of the Troj/Haxdoor-AE rootkit.  This is installed as a system driver service so will not be seen in the services.msc control panel.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorae.html0
1 6drct160 10drct16.dll1 00160Added by the Troj/Haxdoor-CN rootkit infection. This file is installed as system driver and is used to hide processes, files, and registry keys from being seen.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorcn.html0
1 3RUN0 10DRDOOM.EXE1 00156Added by the W32/Semapi-A. This mass-mailing worm may display a message: "Unable to locate 'semapi.dll' reinstalling this application may fix this problem."56http://www.sophos.com/virusinfo/analyses/w32semapia.html0
2 8DrgToDsc0 12DrgToDsc.exe1 00239Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly 01
215RoxioDragToDisc0 12DrgToDsc.exe1 00  0 01
215RoxioDragToDisc0 12DrgToDsc.exe111HKEY_LM\Run0 65Drag-to-Disc 7.5.0.47 , Sonic Solutions. Drag To Disc Application39http://www.absolutestartup.com/startup/1
3 6KE98010 12DriBat32.exe1 00 69KE-9801 multimedia keyboard - required if you use the multimedia keys30http://www.reset.bg/ke9801.htm0
3 9dried.exe0  9dried.exe1 00  2?? 01
112Driver Cache0 16Driver Cache.exe2 00 45Added by the Troj/Feutel-S keylogging Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutels.html0
110systeminfo0 10DRIVER.EXE1 00139Added by the  W32/Randon-Y worm.  This infection, when started, connects to an IRC server using a provided MIRC client to receive commands.56http://www.sophos.com/virusinfo/analyses/w32randony.html0
115[various names]0 12driver32.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
115[Various Names]0 12driver64.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
3 7Drivers0 11Drivers.bat111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111MicrosoftKs0 11Drivers.bat1 00 86Added by the Troj/Shutdown-F trojan.  This trojan attempts to shut down your computer.59http://www.sophos.com/virusinfo/analyses/trojshutdownf.html0
211DriveSelect0 15driveselect.exe1 00144DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start - Programs 01
112Winxp update0 10Drivxp.exe1 00 49Added by the W32/Sdbot-AIP worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaip.html0
116wsaconfiguration0  9drrss.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
112drsmartloadb0 16drsmartloadb.exe1 00 36Added by the Troj/Drsmartl-D Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartld.html0
2 9STManager0  8drst.exe1 00334Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here49http://flr.free.fr/spip/article.php?id_article=560
2 9STManager0 11drst.exe -b211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7syspath0  7drv.exe1 00 24Added by the SOBER WORM!45http://www.avp.ch/avpve/worms/email/sober.stm0
111drvddll.exe0 11drvddll.exe1 00 28Added by the BEAGLE.AP WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html0
111Drvddll_exe0 11drvddll.exe1 00 27Added by the BEAGLE.X WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.x@mm.html0
0 9DrvListnr0 13DrvListnr.exe1 00 42Analog Devices SoundMAX soundcard related. 01
3 7DrvLsnr0 11DrvLsnr.exe1 00 36adi DrvLsnr 1, 0, 0, 3, adi. DrvLsnr 01
3 7drvlsnr0 11drvlsnr.exe1 00120Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly 01
310DrvMon.exe0 10DrvMon.exe111HKEY_CU\Run0 78Alcor Micro, Corp. Drive Monitor 1, 0, 0, 9, Alcor Micro, Corp.. Drive Monitor39http://www.absolutestartup.com/startup/1
1 7drvnetw0 11drvnetw.exe1 00 56Added by the Troj/Brogger-B information stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbroggerb.html0
1 7drvr32h0 11drvr32h.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
111drvrmanager0 15drvrquery32.exe1 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
1 6avidrv0  9drvsc.exe1 00118Detected as the Trojan-Downloader.Win32.Agent.ph TROJAN! by Kaspersky Anti-Virus. Note: No URL available at this time. 01
110drvsys.exe0 10drvsys.exe1 00 27Added by the BEAGLE.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.w@mm.html0
1 8ipconfig0 10drvsys.exe1 00 34Added by the Troj/Erazer-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojerazera.html0
1 8drwatson0 15drwatson_32.exe1 00 34Added by the  TROJ/LOHAV-S TROJAN!56http://www.sophos.com/virusinfo/analyses/trojlohavs.html0
1 9[default]0 14DrWatson32.exe1 00 26Added by the DREMN TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.dremn.html0
111Sync Server0 13drwatsoon.exe1 00 30Added by the WATSOON.A TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/w32.watsoon.a.html0
115DrWeb Antivirus0 11DRWEBAV.EXE1 00 40Added by an unidentified WORM or TROJAN! 01
414Drwebscheduler0 12Drwebscd.exe1 00160Dr. Web antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem20http://www.sald.com/0
414DrWebScheduler0 12drwebscd.exe1 00105Dr.Web ® for Windows 9x/Me/NT/2000/XP 4, 32, 2, 8170, Doctor Web Ltd.. Dr.Web Scheduler for Windows 95-XP 01
1 6drwhxk0 10drwhxk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117COM+ Event System0 12DRWTSN16.EXE1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 2ds0  6ds.exe1 00 45Added by the Backdoor.Spymon backdoor Trojan.76http://www.sarc.com/avcenter/venc/data/backdoor.spymon.html#technicaldetails0
310DesktopSpy0  7dsa.exe1 00128Added by the Spyware.DesktopSpy surveillance software. If you did not install this program, you should uninstall it immediately.62http://www.sarc.com/avcenter/venc/data/spyware.desktopspy.html0
1 3dsa0  7dsa.exe1 00 47Homepage hijacker - redirecting to downseek.com 01
113DASDS VSAVdjs0 10dsabdw.exe1 00130Added by the W32/Sdbot-RE worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotre.html0
114Answer Problem0 11dSAFsqs.exe1 00 75W32/Sdbot-SC is an IRC backdoor Trojan! Found in the WIndows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotsc.html0
311dellsupport0 10DSAgnt.exe1 00 98Dell Support Agent offers additional support and update features for your Dell computer or laptop. 01
311DellSupport0 19DSAgnt.exe /startup211HKEY_CU\Run0 50Dell Support 1, 1, 0, 73, Gteko Ltd.. Dell Support39http://www.absolutestartup.com/startup/1
1 3DSB0  7DSB.exe1 00 19EnergyPlugin adware62http://sarc.com/avcenter/venc/data/pf/adware.energyplugin.html0
022Desktop Service Centre0  7DSC.exe1 00 43OptusNet DSL or Dial-Up connection software 01
3 8DS Clock0 11dsclock.exe1 00 78Digital desktop clock including synchronization with atomic servers - see here35http://www.dualitysoft.com/dsclock/0
123microsoft compiler pack0  9DSDEV.EXE1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
2 7DSentry0 11DSentry.exe1 00260Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts 01
2 9DVDSentry0 11DSentry.exe1 00260Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts 01
2 9DVDSentry0 11DSentry.exe111HKEY_LM\Run0 75Dell - DVDSentry 1, 0, 5, 0, Dell - Advanced Desktop Engineering. DVDSentry39http://www.absolutestartup.com/startup/1
315Absolute Shield0 12dseraser.exe1 00 60Absolute Shield/Evidence Eliminator - iternet history eraser44http://www.absoluteshielderaserinternet.com/0
1 5rCron0 12dservice.exe1 00 22Switch Dialer Variant. 01
428Sharing and Mapping Software0 10DShmap.exe1 00126a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm"Intel AnyPoint internet sharing software 01
3 7SIDEBAR0 12dsidebar.exe111HKEY_CU\Run0 49Desktop Sidebar 1.05.90.0, Idea2. Desktop Sidebar39http://www.absolutestartup.com/startup/1
118Windows Disk Check0 12dskcheck.exe1 00 50Added by the W32/Tilebot-CQ worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotcq.html0
1 9Dskcompat0 13Dskcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 9diskchk320 12dskmon32.exe1 00 48Added by the W32/Rbot-BCL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcl.html0
411DSLAGENTEXE0 12dslagent.exe1 00  0 01
411DSLagentexe0 12DSLagent.exe1 00175Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection42http://www.eicon.com/worldwide/default.htm0
411DSLAGENTEXE0 16dslagent.exe USB211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221YAMAHA DS-XG Launcher0 12dslaunch.exe1 00101System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups 01
1 9ASDPLUGIN0 12dslgeacc.exe1 00 31Added by the Dial/Asd-A dialer.54http://www.sophos.com/virusinfo/analyses/dialasda.html0
118dropspam lifestyle0 15dslifestyle.exe1 00 89Added by the AdwareDropspam Slyware! Note: This will install even if you try to abort it.54http://vil.mcafeesecurity.com/vil/content/v_137582.htm0
3 6DSLMON0 10dslmon.exe1 00 55DSLMON Application 1, 0, 0, 1, . ADIMON MFC Application 01
3 6dslmon0 10dslmon.exe1 00 62Sagem DSL modem related. Apparently needed to detect the modem 01
322Consola KIT Terra ADSL0 10DSLMON.EXE122StartUp menu\All users0 55DSLMON Application 1, 0, 0, 1, . ADIMON MFC Application39http://www.absolutestartup.com/startup/1
3 6DSLMON0 13dslmon.exe /W222StartUp menu\All users0 55DSLMON Application 1, 0, 0, 1, . ADIMON MFC Application39http://www.absolutestartup.com/startup/1
4 6DSLMON0 13dslmon.exe /W2 00  0 01
036at&amp;amp;t dsl service pca program0 10dslpca.exe1 00 16AT&T DSL related 01
332at&amp;t dsl service pca program0 10dslpca.exe1 00 16AT&T DSL related 01
328AT&T DSL Service PCA Program0 14dslpca.exe /ws211HKEY_LM\Run0 50AT&T DSL Service 4.0.0.0300, AT&T. DSL Application39http://www.absolutestartup.com/startup/1
310DSLSTATEXE0 11dslstat.exe1 00103System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example) 01
310DSLSTATEXE0 16dslstat.exe icon2 00 62DSL Status 4.1.0, GlobespanVirata, Inc.. DSL Status Executable 01
1 5AvSer0  7dsm.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6DsmSer0  7dsm.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 6rollbk0  7dsm.exe1 00101Added by the W32.Serflog.B worm.  This worms spreads through file-sharing networks and MSN Messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.b.html0
1 2ss0  8dssa.dll1 00 77Added by the Backdoor.Xebiz backdoor Trojan.br /br /Uses CLSID: b[Various]/b.92http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xebiz.html#technicaldetails0
2 8DSSSGENS0 12dssagens.exe1 00  2?? 01
1 3DSS0 12dssagent.exe1 00157DSSAgent by Brøderbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info28http://cexx.org/dssagent.htm0
1 6dstray0 10dstray.exe1 00 35Added by the Troj/CmjSpy-AA Trojan.58http://www.sophos.com/virusinfo/analyses/trojcmjspyaa.html0
315Kýsayol DSunucu0 11DSunucu.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
223Iomega Backup Scheduler0 11dtiom98.exe1 00 95Used by Iomega drives. Details of its purpose can be found here. Available via Start - Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
2 8EDLoader0 12DTLoader.exe1 00 97Effective Desktop from MiniStars Software - desktop management software no longer being supported 01
115[Various Names]0 10DTOURS.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
129DirectX For Microsoft Windows0 14dtxservice.exe1 00 28Added by the PROGENT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.progent.html0
215Winsock2 driver0 11DTZEDGC.EXE111HKEY_LM\Run0111Microsoft® Windows® Operating System 5.1.2700.0, Microsoft Corporation. Generic Host Process for Win32 Services39http://www.absolutestartup.com/startup/1
3 9No-IP DUC0  9DUC20.exe1 00237Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available20http://www.no-ip.com0
1 4duck0  8duck.exe1 00 83Added by W32/Agobot-APO, a WORM/backdoor. It is found in the Windows system folder.58http://www.sophos.com/virusinfo/analyses/w32agobotapo.html0
313Direct Update0 13DUControl.exe1 00 32DirectUpdate dynamic DNS updater28http://www.directupdate.net/0
110Win32_Duel0  8Duel.exe1 00 82Added by the PE_LUDER.A-O virus/worm. This virus infects only .exe and .scr files.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE%5FLUDER%2EA%2DO&VSect=T0
113Win32_Duel_v20 11Duel_v2.exe1 00 52Added by the W32/Dref-L mass-mailing worm and virus.54http://www.sophos.com/virusinfo/analyses/w32drefl.html0
2 8DU Meter0 11DUMETER.EXE1 00 45Hagel Technologies internet bandwidth monitor31http://www.dumeter.com/main.php0
3 8DU Meter0 11DUMeter.exe111HKEY_LM\Run0 53DU Meter 3.07 Build 192, Hagel Technologies. DU Meter39http://www.absolutestartup.com/startup/1
116Dumeter Services0 11dumeter.exe1 00219Added by the W32/Sdbot-AEQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This infection will also create the file msdirectx.sys in the Windows System folder.57http://www.sophos.com/virusinfo/analyses/w32sdbotaeq.html0
3 9NWEReboot0  9dummy.exe1 00 82Temporary file used during the installation of Ahead Nero CD/DVD burning software. 01
212dumprep 0 -k0 12dumprep 0 -k2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
216kernelfaultcheck0 12dumprep 0 -k2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
216KernelFaultCheck0 12dumprep 0 -k211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212dumprep 0 -u0 12dumprep 0 -u2 00  0 01
216kernelfaultcheck0 12dumprep 0 -u2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
214UserFaultCheck0 12dumprep 0 -u2 00  0 01
214UserFaultCheck0 12dumprep 0 -u2 00324Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out 01
113DUN_SERVICES30 13DUN_SERVICES31 00 35Added by the Trojan.Sokiron trojan.75http://www.sarc.com/avcenter/venc/data/trojan.sokiron.html#technicaldetails0
113dun_services30  8dun3.exe1 00 28Added by the  Trojan.Sokiron75http://securityresponse.symantec.com/avcenter/venc/data/trojan.sokiron.html0
119windowsupdatedirect0 14dupadirect.exe1 00 25Added by the  Troj/Dupa-C55http://www.sophos.com/virusinfo/analyses/trojdupac.html0
113windowsupdate0 14dupadupam2.exe1 00 25Added by the  Troj/Dupa-B55http://www.sophos.com/virusinfo/analyses/trojdupab.html0
2 9DoUWantIt0  8duwi.exe1 00 56DoUWantIt - online shopping assistant. Start it manually 01
1 6dvb03a0 10dvb03a.dll1 00 98Added by the Troj/Haxdoor-CF Trojan. This infection is stealthed/hidden by the dvb06a.sys rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorcf.html0
1 7WDVB 050 10dvb06a.sys1 00 37A variant of Troj/Haxdor-Fam rootkit.59http://www.sophos.com/virusinfo/analyses/trojhaxdorfam.html0
3 5dvd430  9DVD43.exe1 00  5DVD4332http://www.dvdidle.com/dvd43.htm0
2 5dvd430 14dvd43_tray.exe1 00 101.0.0.0, . 01
2 5dvd430 14DVD43_Tray.exe1 00106DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"32http://www.dvdidle.com/dvd43.htm0
1 8dvd4free0 12dvd4free.dll1 00 36Added by the Troj/Haxdoor-BC Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbc.html0
3 9DVDBitSet0 13DVDBitSet.exe1 00192DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used 01
3 9DVDBitSet0 19DVDBitSet.exe /NOUI2 00109DVD+RW Drive/Disc Compatibility Setting 1.1, Hewlett-Packard Company. DVD+RW Drive/Disc Compatibility Setting 01
138{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}0 10dvdcap.dll1 00164A file used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}/b.68http://www.bleepingcomputer.com/startups/SpywareQuake.exe-14686.html0
0 8dvdcheck0 12DVDCheck.exe1 00 81Related to an  Intervideo program. What does it do and is it required in startup?38http://www.intervideo.com/jsp/Home.jsp0
0 8watchdog0 12DVDCheck.exe1 00  038http://www.intervideo.com/jsp/Home.jsp0
1 9Dvdcompat0 13Dvdcompat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
123UDP checksum correction0 12dvdkernl.sys1 00 36Added by the Troj/Haxdoor-BC Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbc.html0
211DVDLauncher0 15DVDLauncher.exe1 00174A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process - and is installed for ease of use 01
011ultradvdmon0 10DVDMon.exe1 00 28UltraDVD DVD player software32http://www.ultra-dvd-player.com/0
120configuration loader0 14DVD-Player.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8DVDrealm0 12DVDrealm.sys1 00133Added by the W32/Tilebot-G worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tilebotg.html0
3 5DVD430 25DVDRegionFree.exe /hidden211HKEY_LM\Run0131DVD Region-Free - Watch and copy CSS encrypted DVDs from any region! 5, 6, 1, 8, Fengtao Software Inc.. DVD Region-Free Application39http://www.absolutestartup.com/startup/1
3 7DVDTray0 11DVDTray.exe1 00 56HP CD/DVD Tray icon. What does it do, and is it required 01
3 7DVDTray0 11DVDTray.exe111HKEY_LM\Run0 412.0, Hewlett-Packard Company. HP DVD Tray39http://www.absolutestartup.com/startup/1
310DVDUpgrade0 12DVDUpgrd.exe1 00  2?? 01
122Microsoft Time Manager0 10dveldr.exe1 00 26Added by the RBOT-HQ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbothq.html0
125Windows Automatic Updates0  9dvldr.exe1 00 26Added by the RBOT.MF WORM!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.MF0
1 8messnger0 11Dvldr32.exe1 00 28Added by the DELODER.A WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A0
4 5Dvp950  9Dvp95.exe1 00 92Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine35http://www.f-secure.com/index.shtml0
012LoadDvpApi9x0 12DVPAPI9X.exe1 00 61Part of Command AntiVirus for Windows 95/98/Me. Is it needed? 01
4 8dvpapi9x0 12DVPAPI9X.exe1 00 38Command AntiVirus for Windows 95/98/Me 01
410DvpInitExe0 11Dvpinit.exe1 00 25Command Antivirus related53http://www.command.co.uk/html/products/csav/index.cfm0
4 6dvprpt0 10Dvprpt.exe1 00 38Command Antivirus real time protection53http://www.command.co.uk/html/products/csav/index.cfm0
1 8dvraudio0 12dvraudio.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
3 6DVSync0 10dvsync.exe1 00127DVSync is the program that allows you to synchronize your daVinci’s PDA's data with your Personal Information Manager on the PC 01
1 7dvuakfl0 11dvuakfl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321DataViz Inc Messenger0 14DvzIncMsgr.exe1 00 50Installed with  DataViz "Documents to Go" software46http://www.dataviz.com/products/documentstogo/0
217DataViz Messenger0 11DvzMsgr.exe1 00229DataViz Documents to Go - &quot;allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts&quot;46http://www.dataviz.com/products/documentstogo/0
112DownloadWare0  6dw.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
1 2dw0  6dw.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
110MediaLoads0  6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
110MediaLoads0  6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
120MediaLoads Installer0  6dw.exe1 00154Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information26http://www.medialoads.com/0
1 6sstata0  9dwdas.exe1 00 26Added by the DASDA TROJAN!61http://www.symantec.com/avcenter/venc/data/TROJAN!.dasda.html0
1 6yymikI0  9dwdlb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118DamedWare Services0 10dwdrce.exe1 00142Added by the W32/Rbot-AOJ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaoj.html0
116{8c-c4-4a-a4-zn}0 12dwdsregt.exe1 00 36Added by  Adware.ZenoSearch ADAWARE!57http://sarc.com/avcenter/venc/data/adware.zenosearch.html0
119DownloadWare Engine0  7Dwe.exe1 00337DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent24http://downloadware.net/0
318DWHeartbeatMonitor0 22DWHeartbeatMonitor.exe1 00175DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference 01
318DWHeartbeatMonitor0 22DWHeartbeatMonitor.exe111HKEY_CU\Run0 74weather.com DWHeartbeatMonitor 1, 0, 1, 1, weather.com. DWHeartbeatMonitor39http://www.absolutestartup.com/startup/1
221DigitalWizard Monitor0  9dwMon.exe1 00131InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content 01
324Desktop Weather Platinum0 14DWPlatinum.exe122StartUp menu\All users0 35Screenweaver 0.0.0.0, Screenweaver.39http://www.absolutestartup.com/startup/1
1 6DxLoad0 12DX3DRndr.exe1 00 25Added by the GIBE.B WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html0
1 9Dx8compat0 13Dx8compat.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
113DirectX9 Diag0 11dx9diag.exe1 00132Added by the W32/Rbot-ALT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalt.html0
1 6ktubqr0 12dxcqqijz.exe1 00153Added by the Troj/Sdbot-DF backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotdf.html0
117Direct X Direct3D0  9dxd3d.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
111dxdiags.exe0 11dxdiags.exe1 00 34Added by the Troj/Certif-G Trojan.57http://www.sophos.com/virusinfo/analyses/trojcertifg.html0
211DXDllRegExe0 12dxdllreg.exe1 00120Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it 01
136DirectX DLL Register Support Service0 12DXDLLSVC.EXE1 00 50Added by W32/Codbot-I, a WORM/IRC backdoor TROJAN!56http://www.sophos.com/virusinfo/analyses/w32codboti.html0
116DirectX Graphics0 11dxdmain.exe1 00 31Added by the W32/Codbot-O worm.56http://www.sophos.com/virusinfo/analyses/w32codboto.html0
138{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}0  9dxmpp.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}/b. 01
1 6dxmsrv0 10dxmsrv.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 7version0 10Dxokpo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Direct X Opengl0 12dxopengl.exe1 00 39Added by a variant of the RBOT-CJ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotcj.html0
114DirectX Plugin0  9dxreg.exe1 00 42Added by the Troj/Theef-M backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheefm.html0
115Service Manager0 11dxsound.exe1 00 31Added by the PROXY-GRIC TROJAN!72http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1008860
1 5Dxsty0  9Dxsty.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
120DirectX Video Driver0 11dxterm5.exe1 00 28Added by the WILAB-A TROJAN!55http://www.sophos.com/virusinfo/analyses/w32wilaba.html0
112Dxupdate.exe0 12Dxupdate.exe1 00 24Added by the MAFEG WORM!70http://securityresponse.symantec.com/avcenter/venc/data/w32.mafeg.html0
1 5dxvid0  9dxvid.exe1 00 49Added by Trojan-Downloader.Win32.Dluca.by TROJAN! 01
1 9fddddHOME0 10dxxatp.exe1 00135Added by the Troj/Ranck-AF proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaf.html0
214DynDNS Updater0 10DynDNS.exe111HKEY_CU\Run0 65DynDNS Updater 2.1.0.0, Kana Solution. Dynamic IP address updater39http://www.absolutestartup.com/startup/1
314dyndns updater0 10DynDNS.exe1 00118Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org. 01
118Dynamic Dns Binary0 12dynitora.exe1 00 86Added by W32/Rbot-WT, a WORM/backdoor, and will be found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwt.html0
118dynhttp dns binary0 12dynizari.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 7dynsite0 11DynSite.exe1 00 69DynSite is a dynamic DNS client, also called an automatic IP updater.29http://noeld.com/download.htm0
317Dynu Basic Client0 11dynubas.exe1 00 71Dynu online dynamic IP update client. Useful when using a dial up modem20http://www.dynu.com/0
1 7boqamah0 12dytevevi.exe1 00136Added by the W32/Sdbot-UH worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuh.html0
1 7dyttyfd0 11dyttyfd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311Dzieñdobry!0 20dziendobry.exe /auto211HKEY_CU\Run0 50Dzieñdobry! 2.4, VSD Software. Program Dzieñdobry!39http://www.absolutestartup.com/startup/1
2 8DZKillMe0 12DZSAVEME.EXE1 00  2?? 01
323EPSON Stylus C40 Series0 72E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"211HKEY_CU\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
331epson stylus photo rx420 series0 13E_FATI9CE.EXE1 00 70Related to the EPSON Stylus Photo RX420 Series printer/scanner/copier. 01
331EPSON Stylus Photo RX420 Series0 89E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
326EPSON Stylus CX6600 Series0 18E_FATI9EE.EXE /P26211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
331EPSON Stylus Photo RX620 Series0 18E_FATI9HE.EXE /P31211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
323EPSON Stylus C43 Series0 17E_S08IC1.EXE /P23211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323Epson Stylus C82 Series0 12e_s0hic1.EXE1 00132Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required 01
323EPSON Stylus C42 Series0 73E_S10IC1.EXE "/P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.03, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
3 8E_S10IC20 12E_S10IC2.exe1 00 60Epson Stylus printer monitor - for checking ink levels, etc. 01
323EPSON Stylus C44 Series0 12E_S10IC2.EXE1 00 70Epson Stylus C44 Series printer monitor - for checking ink levels, etc 01
319EPSON Stylus CX32000 71E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.05, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323EPSON Stylus C43 Series0 73E_S10IC2.EXE /P23 " PSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43""211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
330EPSON Stylus Photo R300 Series0 86E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
330EPSON Stylus Photo R300 Series0 80E_S4I0F2.EXE /P30 EPSON Stylus Photo R300 Series /O6 USB001 /M Stylus Photo R3002 00 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 3 01
330EPSON Stylus Photo R200 Series0 17E_S4I0H2.EXE /P30211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
317EPSON PictureMate0 17E_S4I0P1.EXE /P17211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
326EPSON PictureMate (Copy 1)0 76E_S4I0P1.EXE /P26 "EPSON PictureMate (Copy 1)" /O6 "USB001" /M "PictureMate"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323EPSON Stylus C66 Series0 73E_S4I0S2.EXE "/P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
332EPSON Stylus C66 Series (Copy 1)0 82E_S4I0S2.EXE "/P32 "EPSON Stylus C66 Series (Copy 1)" /O6 "USB001" /M "Stylus C66"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
323EPSON Stylus C46 Series0 12E_S4I0T1.EXE1 00 70Epson Stylus C46 Series printer monitor - for checking ink levels, etc 01
332EPSON Stylus C46 Series (Copy 4)0 81E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 4)" /O6 "USB024" /M "Stylus C46"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
2 8E_S4I2F10 12E_S4I2F1.exe1 00146Epson Status Monitor 3 for the Epson Stylus Photo R300 (and probably others) printers - monitors the status of a print job spooled to that printer 01
330EPSON Stylus Photo R300 Series0 84E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"211HKEY_CU\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
0 8E_S4I2G10 12E_S4I2G1.EXE1 00 58Related to the Epson Stylus CX5400 printer/scanner/copier. 01
319EPSON Stylus CX64000 71E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
024EPSON Stylus Photo RX6000 12E_S4I2M1.EXE1 00 86Part of the printer drive for the Epson Stylus Photo RX600 printer. Is this necessary?90http://www.epson.com/cgi-bin/Store/consumer/consDetail.jsp?BV_UseBVCookie=yes&oid=417642780
344Auto EPSON Stylus C86 Series (Copy 1) on MOM0 17E_S4I2R1.EXE /P44211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
329EPSON Stylus Photo 820 Series0  8E_S6.tmp111HKEY_CU\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
3 5E_S230 12E_SICN03.exe1 00 60Epson printer status monitor - for checking ink levels, etc. 01
3 8E_SOEIC10 12E_SOEIC1.exe1 00 60Epson Stylus printer monitor - for checking ink levels, etc. 01
2 3EPS0 12e_srcv02.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check0 12e_srcv02.exe1 00  0 01
242EPSON Status Monitor 3 Environment Check 20 12e_srcv02.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
242EPSON Status Monitor 3 Environment Check 20 12E_SRCV02.EXE1 00 86EPSON Status Monitor 3 2.09, SEIKO EPSON CORPORATION. StatusMonitor3 Environment Check 01
2 3EPS0 12e_srcv03.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check0 12e_srcv03.exe1 00  0 01
242EPSON Status Monitor 3 Environment Check 20 12e_srcv03.exe1 00443According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu  Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check 01
240EPSON Status Monitor 3 Environment Check0 12E_SRCV03.EXE122StartUp menu\All users0 86EPSON Status Monitor 3 1.10, SEIKO EPSON CORPORATION. StatusMonitor3 Environment Check39http://www.absolutestartup.com/startup/1
343EPSON Status Monitor 3 Environment Check(3)0 12E_SRCV03.EXE122StartUp menu\All users0 86EPSON Status Monitor 3 3.01, SEIKO EPSON CORPORATION. StatusMonitor3 Environment Check39http://www.absolutestartup.com/startup/1
1 5empin0 11e121307.exe1 00 98Adware downloader/installer,  Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530767750
1 800D34A520 12E5C5BDB4.exe1 00108Added by the Adware.CashSaver  spyware/redirector.  File found in the %System%\56171D04\E5C5BDB4.exe folder.60http://www.sarc.com/avcenter/venc/data/adware.cashsaver.html0
136a70f6a1d-0195-42a2-934c-d8ac0f7c08eb0 12E6F1873B.DLL1 00 36BrowserAid/Startium parasite related61http://www.sarc.com/avcenter/venc/data/adware.browseraid.html0
1 6e7wLcg0 10e7wLcg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8OEXCheck0 12EA2Check.exe1 00118Express Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others37http://www.ajsystems.com/oexhome.html0
312eabconfg.cpl0 12EabServr.exe1 00 92Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys 01
312eabconfg.cpl0 19EabServr.exe /Start211HKEY_LM\Run0 71Quick Launch Buttons 5, 0, 4, 2, Hewlett-Packard . Quick Launch Buttons39http://www.absolutestartup.com/startup/1
3 7EACLEAN0 11eaclean.exe1 00 61For Compaq PC's.  Easy Access button support for the keyboard75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
1 4eacm0  8eacm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113EanthologyApp0 12EANTHO~1.EXE1 00148Stop-Sign from eAccelerration. Detects spyware, malware, viruses and keyloggers and stops popups. Spyware itself - read their privacy statement here25http://www.stop-sign.com/0
213eanthologyapp0 14eanthology.exe1 00 59eAcceleration Stop-Sign related; not recommended; see  note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
222eanthology_install.exe0 22eanthology_install.exe1 00 60eAcceleration Stop-Sign related; not recommended - see  note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
114EastFax ¿Í»§¶Ë0 26EastFaxClient.exe /autorun211HKEY_CU\Run0 51EastFax ¿Í»§¶Ë 3, 6, 0, 0, ¸´Ô°¿Æ¼¼. EastFax ¿Í»§¶Ë39http://www.absolutestartup.com/startup/1
316Easy File Backup0 20Easy File Backup.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
120Easy.Windows.Monitor0 31Easy.Windows.Monitoring.exe.exe1 00 33Added by the WORM_MINUSIA.A worm.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMINUSIA%2EA&VSect=T0
1 6EasyAV0 10EasyAV.exe1 00 40Added by the NETSKY.S or NETSKY.T WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.s@mm.html0
224Lotus Organizer EasyClip0 12easyclip.exe1 00184The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page. Available via Start - Programs 01
1 9EasyDates0 13EasyDates.exe1 00 34Premium rate adult content dialler 01
112EasyDates_nl0 16EasyDates_nl.exe1 00 21Adult content dialler 01
3 8Easy Key0 11easykey.exe1 00111For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used 01
3 7EasyKey0 11easykey.exe1 00111For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used 01
3 7EasyPHP0 11EasyPHP.exe111HKEY_LM\Run0 53Application EasyPHP 1.8.0.0, EasyPHP. EasyPHP Manager39http://www.absolutestartup.com/startup/1
324Kodak EasyShare software0 13EasyShare.exe1 00123Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually 01
324Kodak EasyShare software0 16EasyShare.exe -h222StartUp menu\All users0 86Kodak EasyShare software 4, 0, 2, 134, Eastman Kodak Company. Kodak EasyShare software39http://www.absolutestartup.com/startup/1
324Kodak EasyShare software0 17EasyShare.exe -hx2 00 64KODAK EasyShare Software 5, 2, 0, 49, . KODAK EasyShare Software 01
311EasyTuneIII0 12EasyTune.exe1 00 75Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available 01
311EasyTuneIII0 12EasyTune.exe111HKEY_LM\Run0 53myapp Application 1, 0, 0, 1, . myapp MFC Application39http://www.absolutestartup.com/startup/1
1 7easywww0 11easywww.exe1 00 14EasyWWW adware64http://www.kephyr.com/spywarescanner/library/easywww/index.phtml0
1 7easywww0 12easywww2.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 4eatj0  8eatj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
120EbatesMoeMoneyMaker00 24EbatesMoeMoneyMaker0.exe1 00 13Ebates adware76http://www.kephyr.com/spywarescanner/library/ebatesmoemoneymaker/index.phtml0
114Windows Update0  8ebay.exe1 00 29Added by the GAOBOT.BUU WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.buu.html0
112eBay Toolbar0 12EBAYTBAR.EXE1 00 64eBay Toolbar - reportes as spyware as it &quot;phones home&quot;35http://pages.ebay.com/ebay_toolbar/0
311ebaytoolbar0 16eBayTBDaemon.exe1 00 98eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites.35http://pages.ebay.com/ebay_toolbar/0
311eBayToolbar0 16eBayTBDaemon.exe111HKEY_LM\Run0 57eBay Toolbar Daemon 2, 0, 5, 2, eBay. eBay Toolbar Daemon39http://www.absolutestartup.com/startup/1
1 4Notn0  8Eber.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
1 4eblf0  8eblf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7Proc9950 10ebmqbx.exe1 00 54Added by the W32/Ixbot-E worm and IRC backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32ixbote.html0
3 6eBoard0 10Eboard.exe1 00 73eMachines multimedia keyboard manager. Required if you use the extra keys 01
316eMachines eBoard0 10Eboard.exe1 00 73eMachines multimedia keyboard manager. Required if you use the extra keys 01
1 2RF0  6EC.exe1 00 81Added by the Troj/Lineage-U password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineageu.html0
1 6E-Card0  9ecard.exe1 00 23Added by the YODI WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodi.html0
1 3Tmm0  7Ecb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 3ecc0  7ecc.exe111HKEY_LM\Run0 46Online Start 1, 4, 2, 1, Telenor. Online Start39http://www.absolutestartup.com/startup/1
320C-Media Echo Control0 12EchoCtrl.exe1 00165C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer 01
316evidence cleaner0 12ecleaner.exe1 00 73Evidence_Cleaner cleans up tracks left by your PC and Internet activities32http://www.evidence-cleaner.net/0
0 4ecpe0  8ECPE.EXE1 00  2?? 01
125COM+ EventSystem Services0 12ECSERVER.EXE1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
322PCSuiteForNokia3650 TS0 19ECTaskScheduler.exe122StartUp menu\All users0 59ECTaskScheduler Module 1, 0, 0, 1, . ECTaskScheduler Module39http://www.absolutestartup.com/startup/1
3 9Sgeecview0 10Ecview.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
1 8ecwooxgx0 12ecwooxgx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114EDDIEBOYISBACK0 19EDDIEBOYWASHERE.vbs1 00 12Added by the18VBS/Ediboy-B WORM!0
4 7eDexter0 11eDexter.exe1 00 31eDexter 1.34, Pyrenean. eDexter 01
4 7edexter0 11edexter.exe1 00107EDexter is an older, small, free web filtering program produced by: Edexter.  It is used to filter out ads.35http://www.pyrenean.com/edexter.php0
3 6EdHTML0 15EdHTML.exe /min211HKEY_CU\Run0 35EdHTML 5.0, Binboy Software. EdHTML39http://www.absolutestartup.com/startup/1
316e06dxlrd_76047030  9EDICT.EXE1 00 50Related to  Microsoft_Encarta Dictionary functions23http://encarta.msn.com/0
1 7editpad0 11editpad.exe1 00 30Added by the CONSPER-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojconsperb.html0
1 5edjwb0  9edjwb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111eDonkey20000 15eDonkey2000.exe1 00264A peer to peer application for sharing files over the Internet.  The free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar, and WinTools. Located in c:\program files\eDonkey2000\eDonkey2000.exe 01
111eDonkey20000 18eDonkey2000.exe -t2 00  0 01
3 8Edwizard0 12Edwizard.exe1 00266SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"34http://www.ediport.hu/_sgeasy.html0
219Evidence Eliminator0  6ee.exe1 00132Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis48http://www.evidence-eliminator.com/product.shtml0
1 6ee.exe0  6ee.exe1 00 48Unknown adware.  Located in c:\program files\ee. 01
1 4ahmB0  8eee2.exe1 00 88Added by the Troj/LowZone-CA backdoor Trojan which lowers the security on your computer.59http://www.sophos.com/virusinfo/analyses/trojlowzoneca.html0
1 3Air0  7Eej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4aida0  8eetu.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
116Windows Explorer0 13EEXPLORER.EXE1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
112efaxs lptt010  9efaxs.exe1 00186Variant of the  RapidBlaster parasite (in an &quot;efaxs&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
112efaxs ml097e0  9efaxs.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
1 4efdx0  8efdx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
315EFI Job Monitor0 12efjm.dll,run111HKEY_CU\Run0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
1 5efmcn0  9efmcn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Efpap.exe0  9Efpap.exe1 00123Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching41http://www.softstack.com/fileprotpro.html0
418eTrust EZ Firewall0 11efpeadm.exe1 00 18eTrust EZ Firewall47http://www1.my-etrust.com/products/Firewall.cfm0
1 9CSMonitor0 10efqgqh.exe1 00134Added by the W32/Sdbot-NJ worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnj.html0
110Explorer320 12efsdfgxg.exe1 00 35Added by the Troj/Clicker-Y Trojan.58http://www.sophos.com/virusinfo/analyses/trojclickery.html0
110Explorer640 12efsdfgxg.exe1 00 36Added by the Troj/Clicker-AA Trojan.59http://www.sophos.com/virusinfo/analyses/trojclickeraa.html0
439EarthLink Firewall Process Path Service0 16EFWPPService.exe1 00102Related to EarthLink's Firewall, a part of the EarthLink Protection Control Center, powered by Aluria.46http://www.earthlink.net/software/free/pcc/fw/0
1 5ehbcn0  9ehbcn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112Media center0 11ehshell.exe1 00 34Added by a Rbot variant infection.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3WIN0 11ehshell.exe1 00 75Added by the W32/Mytob-CQ mass-mailing worm with IRC backdoor funtionality.56http://www.sophos.com/virusinfo/analyses/w32mytobcq.html0
3 6ehTray0 10ehtray.exe1 00 29eHome Media Center PC related 7#FF00000
1 5ehusq0  9ehusq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ei10.exe0  8ei10.exe1 00 28Added by the AGOBOT-NK WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnk.html0
1 9[unknown]0 16EIEXPLORER32.EXE1 00134Added by the W32/Sdbot-NX worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnx.html0
1 5Einfo0  9Einfo.exe1 00 36Added by the Troj/GrayBrd-BD Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbd.html0
1 4eity0  8eity.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Nab0  7Eja.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6ejdukv0 10ejdukv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9EJzBg.exe0  9EJzBg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310ExitKiller0 11Ekiller.exe1 00 65Exit Killer - automatically closes pop-up windows in your browser26http://www.exitkiller.net/0
1 7igamatu0  8ekor.exe1 00 39Added by the  BACKDOOR.SDBOT.AQ TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.aq.html0
3 5ekort0 26ekort.exe /dontopenmycards211HKEY_LM\Run0 83Swedbank e-kort 2, 4, 0, 1, 81, Orbiscom Ltd. All rights reserved.. Swedbank e-kort39http://www.absolutestartup.com/startup/1
114bron-spizaetus0 14eksplorasi.exe1 00 31Added by the  RONTOKBRO.J WORM!88http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBRO.J&VSect=P0
110[not used]0 14eksplorasi.pif1 00 50Added by the W32/Korbo-A worm and backdoor Trojan.55http://www.sophos.com/virusinfo/analyses/w32korboa.html0
311Eksplorator0 15Eksplorator.exe122StartUp menu\All users0 62EDBUD Eksplorator 3.00.0002, MTM Digital s.c.. Eksplorator.EXE39http://www.absolutestartup.com/startup/1
315CloneCDElbyCDFL0 13ElbyCheck.exe1 00318From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it42http://www.elby.org/english/corp/index.htm0
3 9Elbycheck0 13ElbyCheck.exe1 00318From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it42http://www.elby.org/english/corp/index.htm0
315CloneCDElbyCDFL0 25ElbyCheck.exe /L ElbyCDFL2 00 67Elaborate Bytes ElbyCheck 2, 1, 0, 0, Elaborate Bytes AG. ElbyCheck 01
1 7Element0 11Element.txt1 00 25Added by the ELEM TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/w32.elem.trojan.html0
115[various names]0  7elf.exe1 00 48Elf is a hacker program, tied to a trojan server 01
1 6elgvrn0 10elgvrn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6etbrun0 13elit***32.exe1 00 46Adware.EliteBar toolbar and search redirector. 01
1 8checkrun0 14elite***32.exe1 00 16EliteBar adware.76http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html0
121Windows Fixes Systems0  9elite.exe1 00137Added by the W32.Mytob.EG@mm worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.eg@mm.html#technicaldetails0
1 6etbrun0 14eliteetf32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8checkrun0 14eliteevl32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8checkrun0 14elitelsj32.exe1 00 29Added by the  Troj/Multidr-ER59http://www.sophos.com/virusinfo/analyses/trojmultidrer.html0
110elitemedia0 17elitemediapop.exe1 00 36Added by the Troj/LowZone-BB Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzonebb.html0
2 8checkrun0 14elitenfp32.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8antiware0 14elitezjx32.exe1 00 34Related to searchmiracle hijacker. 01
2 3elm0 10Elmenv.exe1 00 68ViaTech eLicense for securing, distributing and selling music online 01
443EarthLink Protection Control Center Service0 12ELNKServ.exe1 00 98Added by EarthLink's Protection Control Center, including EarthLink's Firewall, powered by Aluria.43http://www.earthlink.net/software/free/pcc/0
114Bron-Spizaetus0 10ElnorB.exe1 00 45Added by the W32/Brontok-A mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontoka.html0
1 8elphqlfs0 12elphqlfs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9elpow_spy0 13elpow_spy.sys1 00119Added by the Spyware.ElpowKeylogger surveillance software.  This should be removed if it was not installed by yourself.66http://www.sarc.com/avcenter/venc/data/spyware.elpowkeylogger.html0
313ELSAChipGuard0 12elsavect.exe1 00249ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking 01
310elsblaunch0 14ELSBLaunch.exe1 00 22EarthLink  SpamBlocker51http://www.earthlink.net/software/free/spamblocker/0
310ELSBLaunch0 14ELSBLaunch.exe122StartUp menu\All users0 76EarthLink spamBlocker 1.1.0.11, . EarthLink spamBlocker Launcher Application39http://www.absolutestartup.com/startup/1
125Windows Internet Services0 11eltsass.exe1 00 50Added by the W32/Tilebot-EO worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboteo.html0
1 8elxvlgfe0 12elxvlgfe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7EM_EXEC0 11EM_EXEC.EXE1 00186Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled 01
3 7EM_EXEC0 11EM_EXEC.EXE111HKEY_LM\Run0 65MouseWare 9.40, Logitech Inc.                    . Control Center39http://www.absolutestartup.com/startup/1
311EasyMessage0  7em2.exe1 00 72Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See here27http://www.easymessage.net/0
311EasyMessage0 13em2.exe -wait2 00  0 01
2 7EMA.exe0  7EMA.EXE1 00 75Time management system which helps you to manage your time and appointments 01
1 7emakesv0 11EMAKE2B.EXE1 00 48Switch premium rate adult content dialer variant52http://www.spywareguide.com/product_show.php?id=19490
1 7eMakeSV0 11EMAKESV.EXE1 00 24A switch dialer variant. 01
112EMAP Service0  9emape.exe1 00116Added by the W32/Tilebot-EM worm and IRC backdoor. This infection utilizes the rootkit C:\Windows\System32\rofl.sys.58http://www.sophos.com/virusinfo/analyses/w32tilebotem.html0
1 6emfhor0 10emfhor.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
140(tt9381D8F2-0288-11D0-9501-00AA00B911A5)0  9emgfx.exe1 00 54Added by the Troj/Fusion-B keylogging backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfusionb.html0
319Electron Microscope0  9EMIII.exe1 00332Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues21http://www.em-dc.com/0
1 7emoc0re0  7emo.exe1 00 61W32/Agobot-AGE is a network worm with backdoor functionality.58http://www.sophos.com/virusinfo/analyses/w32agobotage.html0
115Help Temp Files0  9emp32.exe1 00 41Added by the W32/Forbot-EC Backdoor/Worm!57http://www.sophos.com/virusinfo/analyses/w32forbotec.html0
1 8emsw.exe0  8emsw.exe1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
214eMuleAutoStart0  9emule.exe1 00296As of today, eMule is one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release. Located in C:\Program Files\eMule\emule.exe54http://www.emule-project.net/home/perl/general.cgi?l=10
314eMuleAutoStart0  9emule.exe1 00297As of today, eMule is one of the biggest and most reliable peer-to-peer file sharing clients around the world. Thanks to it's open source policy many developers are able to contribute to the project, making the network more efficient with each release." Located in C:\Program Files\eMule\emule.exe54http://www.emule-project.net/home/perl/general.cgi?l=10
314Skrót do eMule0  9eMule.exe125StartUp menu\Current user0 57eMule 0.45.1 Unicode, http://www.emule-project.net. eMule39http://www.absolutestartup.com/startup/1
1 5emule0  9emule.exe1 00132Added by the W32/Rbot-ALZ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalz.html0
314eMuleAutoStart0 15emule.exe /tray2 00 57eMule 0.46.2 Unicode, http://www.emule-project.net. eMule 01
214eMuleAutoStart0 20emule.exe -AutoStart211HKEY_CU\Run0 57eMule 0.45.1 Unicode, http://www.emule-project.net. eMule39http://www.absolutestartup.com/startup/1
314eMuleAutoStart0 20emule.exe -AutoStart2 00 57eMule 0.47.0 Unicode, http://www.emule-project.net. eMule 01
220eMusicClient Systray0 16eMusicClient.exe1 00 28eMusic MP3 download software38http://www.emusic.com/about/index.html0
215EN4060C Taskbar0 12en4060ct.exe1 00 94Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray 01
1 8enakeplb0 12enakeplb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116www.hidro.4t.com0 10enbiei.exe1 00 28Added by the BLASTER.F WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.f.worm.html0
318Encompass_ENCMONTR0 12ENCMONTR.EXE1 00 46Optional simple browser from Yahoo (Encompass) 01
319Energizer FileSaver0 23Energizer FileSaver.exe2 00 68Energizer FileSaver - UPS back-up utility for Energizer UPS products43http://www.energizerups.com/productline.asp0
319Energizer FileSaver0 23Energizer FileSaver.exe222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
312EnergyPlugIn0 16EnergyPlugin.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112energyplugin0 16EnergyPlugin.exe1 00 27EnergyPlugin adware variant83http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.energyplugin.html0
114enewsletterpro0 18enewsletterpro.exe1 00 64Added by the Troj/StartPa-KN Internet Explorer hijacking Trojan.59http://www.sophos.com/virusinfo/analyses/trojstartpakn.html0
224SB Audigy 2 Startup Menu0  3eng1 00517Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function 01
1 6enggfj0 10enggfj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 9enginecs20 13enginecs2.exe1 00 91Part of the Cyber Sentinel Internet filtering software. Does anyone know if what this does?46http://www.securitysoft.com/new601/cs_home.htm0
214MGA_CD_Install0  7English1 00  0 01
217Status Monitor XE0  9ENGSS.EXE1 00258The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start - Programs 01
4 7EngUtil0 11EngUtil.exe1 00110Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking 01
418RoxioEngineUtility0 11EngUtil.exe1 00110Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking 01
1 9enhance320 13enhance32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
112Enh Win Updt0 11enhupdt.exe1 00100Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h36http://www.kaspersky.com/personalpro0
215EnigmaPopupStop0 19EnigmaPopupStop.exe1 00 64SpyHunter - spyware remover of somewhat dubious repute, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note0
1 4enjl0  8enjl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 9envyhfcpl0 12EnMixCPL.exe1 00 39VIA  Envy24 PCI Audio Controller driver59http://www.via.com.tw/en/products/audio/controllers/envy24/0
115Start aThe Roll0 11enotxa2.exe1 00108Added by the W32/Rbot-PV worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotpv.html0
012ENSMIX32.EXE0 12ENSMIX32.EXE1 00 18Sound card driver. 01
311entbloess 20 14Entbloess2.exe1 00174Related to  Window-Switcher it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Exposé, for Windows 2000 and XP.25http://www.entbloess.com/0
0 9$EnterNet0 12Enternet.exe1 00 65Connection manager for the EnterNet ISP. You can also use RASPPOE37http://user.cs.tu-berlin.de/~normanb/0
011prodigy dsl0 15EnterNetDUN.Exe1 00 33Prodigy EnterNet DUN PPPoE Client 01
3 8Entunnel0 12Entunnel.EXE122StartUp menu\All users0 68Entunnel 1.1.2.70, VanDyke Software, Inc.. Entunnel Tray Application39http://www.absolutestartup.com/startup/1
1 7enwnsis0 11enwnsis.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8enydmvsx0 12enydmvsx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119Registry Value Name0  9enzxp.exe1 00188Added by the W32/Rbot-BAJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This infection will also disable the Windows firewall.56http://www.sophos.com/virusinfo/analyses/w32rbotbaj.html0
3 7eonemng0 11eOneMng.exe1 00118eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC 01
1 8eonpyrxx0 12eonpyrxx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 6EOUApp0 10EOUWiz.exe1 00 56Ease of Use Wizard Application for Intel wireless cards. 01
3 6EOUApp0 10EOUWiz.exe111HKEY_LM\Run0 83Intel PROSet/Wireless 9, 0, 0, 0, Intel Corporation. Ease Of Use Wizard Application39http://www.absolutestartup.com/startup/1
318easykeyboardlogger0  7epl.exe1 00 92EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!69http://www.symantec.com/avcenter/venc/data/spyware.easykeylogger.html0
316ePowerManagement0 12ePM.exe boot211HKEY_LM\Run0 77Acer ePowerManagement 1.0.0.0, Acer Value Labs, Taiwan. Acer ePowerManagement39http://www.absolutestartup.com/startup/1
3 6epm-dm0 10epm-dm.exe111HKEY_LM\Run0 75Acer EPM Device Manager 2.00, Acer Value Labs, USA. Acer EPM Device Manager39http://www.absolutestartup.com/startup/1
412Naimagent_UI0 20EPOAgentnaimag32.exe1 00400Workstation background program for Network Associates’ McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan 01
417Naimagent_service0 20EPOAgentnaimas32.exe1 00268Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages 01
218eprint 4.0 service0 11EPRINT4.EXE1 00244A component of the LEADTOOLS  ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more! - Can be started manually.28http://www.eprintdriver.com/0
3 9ePrompter0 13ePrompter.exe1 00 40ePrompter - E-mail notification software25http://www.eprompter.com/0
328aluria&#039;s pop-up stopper0  7eps.exe1 00 19Aluria  Pop-Stopper54http://www.aluriasoftware.com/homeproducts/popstopper/0
323aluria's pop-up stopper0  7eps.exe1 00 19Aluria  Pop-Stopper54http://www.aluriasoftware.com/homeproducts/popstopper/0
118EPS Printer driver0 12epsn2sys.sys1 00 34Identified as Trojan.NtRootKit.75. 01
317EPSON CardMonitor0 24EPSON CardMonitor1.0.exe2 00106Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint 01
229\\MOM\EPSON Stylus C86 Series0 53EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"211HKEY_LM\Run0 76EPSON Status Monitor 3 3.00, SEIKO EPSON CORPORATION. EPSON Status Monitor 339http://www.absolutestartup.com/startup/1
317EpsonPhotoStarter0 22EPSON_PhotoStarter.exe1 00100Only needed if you want to make full use of the capabilities of an Epson printer that included this  01
118EPS Printer Driver0 12EPSONSYS.SYS1 00 71Added by the Trojan.Goldun.I password-stealing Trojan for online banks.76http://www.sarc.com/avcenter/venc/data/trojan.goldun.i.html#technicaldetails0
219soap blah part dart0 11Eq Less.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4NiCQ0  8eqgq.exe1 00135Added by the Troj/Ranck-AA proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckaa.html0
1 9EQTraffic0 13EQTraffic.exe1 00 45Unknown Adware.  Possible CAS adware related. 01
3 8Equipmen0 12Equipmen.exe1 00  2?? 01
3 6eraser0 10eraser.exe1 00 63Eraser allows for complete removal of data from your hard drive27http://www.heidi.ie/eraser/0
3 6eraser0 16eraser.exe -hide2 00 63Eraser allows for complete removal of data from your hard drive27http://www.heidi.ie/eraser/0
3 6Eraser0 16eraser.exe -hide211HKEY_CU\Run0 22Eraser 5.7, -. Eraser.39http://www.absolutestartup.com/startup/1
213OP12 Reminder0  8Ereg.exe1 00 55Registration reminder for OmniPage Pro 12 from ScanSoft33http://www.scansoft.com/omnipage/0
320PDFConverterReminder0  8ereg.ini111HKEY_LM\Run0 62Ereg Application 1.0.1.6, ScanSoft, Inc.. Ereg MFC Application39http://www.absolutestartup.com/startup/1
2 3erm0  7erm.exe1 00  2?? 01
1 7LasErma0 13Ermasys32.exe1 00 25Added by the W32/Lerma-A.55http://www.sophos.com/virusinfo/analyses/w32lermaa.html0
1 8eros.exe0  8eros.exe1 00 21Adult content dailler 01
323XTNDConnect PC - ErPhn20 10ErPhn2.exe1 00 99Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook15#EasySync%20Pro0
110ErrorGuard0 14ErrorGuard.exe1 00 33Spyware remover of dubious repute 01
211Error Nuker0 14ErrorNuker.exe1 00 66scan at startup. The program can be launched manually if required. 01
211Error Nuker0 24ErrorNuker.exe autostart2 00 49Error Nuker 01.02.04, Trek Blue, Inc. Error Nuker 01
323XTNDConnect PC - ErTray0 10ErTray.exe1 00 99Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook15#EasySync%20Pro0
0 8ERTS07490 12ERTS0749.exe1 00110IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire? 01
325IBM Warranty Notification0 12ERTS0749.exe1 00  0 01
115[Various Names]0 10ERTYDF.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
122Microsoft DDEs Control0  8Erun.pif1 00132Added by the W32/Rbot-AMU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamu.html0
1 5erver0  9erver.exe1 00 44Added by the Troj/Bckdr-ACI backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojbckdraci.html0
1 8erwnades0 12erwnades.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
323Epson Stylus C62 Series0 12E-S0BIC1.EXE1 00132Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required 01
217Easy Start Button0  7esb.exe1 00111Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys 01
3 3ESB0  7esb.exe1 00131Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys 01
113EasySearchBar0 13ESBUpdate.exe1 00 31EasySearchBar adware downloader 01
1 6Helper0 10eschlp.exe1 00 28Added by the BLASTER.T WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.t.worm.html0
1 9EScorcher0 13escorcher.exe1 00197Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead25http://www.escorcher.com/0
2 5ESFTP0  9esftp.exe1 00 87ESftp - FTP client for transfering files between a local PC and another remote computer30http://esftp.com/features.html0
122Microsoft ESTMP Server0  9ESMTP.EXE1 00 49Added by the WORM_MYTOB.OX worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EOX&VSect=T0
1 4Esoh0 11Esoh123.exe1 00 28Added by the AGOBOT.FF WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.FF0
3 7ESPN3600 18espn360.exe -nogui211HKEY_CU\Run0 38ESPN360 1.0.0.21, ESPN. ESPN360 Client39http://www.absolutestartup.com/startup/1
413eSafe Protect0 12ESPWatch.exe1 00 69eSafe from Aladdin - internet security for gateway and E-mail servers44http://www.esafe.com/esafe/default.asp?cf=tl0
0 6essapm0 10essapm.exe1 00 26ESS Solo soundcard driver. 01
010ESS Daemon0  8Essd.exe1 00 35Related to an ESS based soundacard. 01
4 5Essdc0  9essdc.exe1 00 63Related to an ESS Solo soundcard. Seems as though it's required 01
0 8ESSNDSYS0 12ESSNDSYS.EXE1 00 35Related to an ESS based soundacard. 01
4 6ESSOLO0 10ESSOLO.exe1 00 65Sound card driver that re-instates itself every time it's removed 01
3 5load=0  9esspk.exe1 00 60Speakerphone capability through a soundcard for an ESS modem23http://www.esstech.com/0
4 5esspk0  9esspk.exe1 00 81ESS Technology modem speaker driver file. Required to get on-line with this modem 01
311EssSpkPhone0 10essspk.exe1 00116ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets 01
1 3Qqi0  7Est.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
120e-surveiller station0 12estation.exe1 00 25Added by the  ESurveiller67http://www.symantec.com/avcenter/venc/data/spyware.esurveiller.html0
0 8esupinit0 11eSupCmd.exe1 00109Related to  SupportSoft "Real-Time Service Management software" - what exactly does it do and is it required?62http://support.com/solutions/overview/solutions_overview.shtml0
114alt CTRL Shift0  9et3rd.exe1 00134Added by the Troj/Sdbot-RH worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/trojsdbotrh.html0
115alt CTRLx Shift0  9et3rd.exe1 00130Added by the W32/Sdbot-RG worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrg.html0
310EasyTuneIV0 11ET4Tray.exe1 00 75Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available 01
1 7etauyxg0 11etauyxg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110ETB Tester0 11etbtest.exe1 00128Added by the W32/Rbot-ABR. When this infection starts it connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotabr.html0
222Scotia OnLine Recovery0 12etdirrcv.exe1 00229Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process32http://www.entrust.com/index.cfm0
236Scotia OnLine Security v*.* Recovery0 12etdirrcv.exe1 00229Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. *.* represents the version number. Now obsolete after Scotiabank modernised their login process32http://www.entrust.com/index.cfm0
116Ethernet Drivers0 12ethernet.exe1 00 97Added by the a  href="http://www.sarc.com/avcenter/venc/data/w32.gaobot.cez.html#technicaldetails64W32.Gaobot.CEZ infection. Found in the Windows system directory.0
115EthernetDrivers0 12ethernet.exe1 00 77Added by the W32.Gaobot.CEZ infection. Found in the Windows system directory.75http://www.sarc.com/avcenter/venc/data/w32.gaobot.cez.html#technicaldetails0
112the ethernet0 12ethernet.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 6Yahoo!0 12ethernet.exe1 00 36Added by the BKDR_PROSTI.A backdoor.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FPROSTI%2EAA&VSect=T0
120WindowsRegKey%update0 15ethernet32m.exe1 00 26Added by the RBOT-EN WORM!55http://www.sophos.com/virusinfo/analyses/w32rboten.html0
218Slingshot Tray App0 20EtiTray.exe /startup211HKEY_CU\Run0 44Enfish 6.1, Enfish Software. Enfish Eti Tray39http://www.absolutestartup.com/startup/1
312ET Minimizer0  9etmin.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 9MSRegScan0  9ETNKL.exe1 00128Added by the Spyware.ComKeylogger surveillance software. This program should be uninstalled if it was not installed by yourself.64http://www.sarc.com/avcenter/venc/data/spyware.comkeylogger.html0
221EarthLink ToolBar 5.00 12etoolbar.exe1 00199EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time 01
1 7eueghwp0 11eueghwp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Iji0  7Eug.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6eujqsu0 10eujqsu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7tE7h34e0 11eunache.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8EuroGlot0 12EuroGlot.exe1 00125Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"44http://www.euroglotonline.nl/en/default.html0
2 9ICH Synth0 10eusexe.exe1 00216Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices 01
311DEventAgent0 12eventagt.exe1 00114DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this 01
3 9Event Log0 12eventlog.exe1 00  2?? 01
2 8eventmgr0 12eventmgr.exe1 00 97Used with a Microtek scanner. Manages the scanner's button events. Available via Start - Programs 01
1 8eventwvr0 12eventwvr.exe1 00 43Added by the Troj/Cosiam-G backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamg.html0
1 4Evil0  8Evil.exe1 00158Added by the W32.Mytob.JM@mm mass-mailing worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.jm@mm.html#technicaldetails0
1 7evjdihr0 11evjdihr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313EVENTLISTENER0 11EvLstnr.exe1 00 75Used with a Nikon digital camera to recognize when the camera is plugged in 01
2 7evntsvc0 10evntsc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
210TkBell.Exe0 11evntsvc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
2 9TkBellExe0 11evntsvc.exe1 00256Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it. Note that eventsvc.exe no longer appears to be in a newer version20http://www.real.com/0
118System Event Agent0 11evntsvc.exe1 00 42Added by the Troj/Wollf-I backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojwollfi.html0
3 8EVOLOSTA0 12EVOLOSTA.EXE1 00544Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start - Run dialog to run it 01
112blah service0 10evosys.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6EvtHtm0 10evthtm.exe1 00 34Premium rate adult content dialler 01
1 6EvtHtm0 18evthtm.exe /nocomm211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
321BMO MasterCard Wallet0 11EWALLET.EXE1 00 83The wallet conveniently stores billing, shipping and payment information on your PC 01
3 4Lasb0  8ewat.exe1 00  2?? 01
1 6ewlxde0 10ewlxde.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7w32data0  9eworo.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 9ewupdater0 13ewupdater.exe1 00 28EasyWebSearch adware updater81http://www.kephyr.xaviermedia.us/spywarescanner/library/easywebsearch/index.phtml0
119TmNetDriver Monitor0  9exbce.exe1 00133Added by the W32/Sdbot-ABR worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotabr.html0
115[Various Names]0 18ExchangeMaster.exe1 00132Part of the Wareout infection as described A href=http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
0 8FPEXCNVT0 10ExCnvt.exe1 00150Related to the a hred="http://www.castelle.com/products/faxpress/default.htm"Castelle Faxpress fax server product line.  Anyone know what this is for? 01
1 8exdl.exe0  8exdl.exe1 00 22BargainBuddy foistware59http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html0
110exe lptt010  7exe.exe1 00184Variant of the  RapidBlaster parasite (in an &quot;Exe&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
110exe ml097e0  7exe.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
115[Various Names]0 12EXE32EXE.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 4seli0  9exe82.exe1 00 36Added by the Troj/LowZone-AS Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzoneas.html0
3 9cleantemp0 17EXEBCleanTemp.exe1 00108CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory44http://www.html2exe.com/mnu/dl/dl.shtml#free0
2 7uoltray0  8exec.exe1 00 40Netzero free ISP software - not required 01
215netzero_uoltray0 15exec.exe regrun2 00  0 01
129System Executable DLL Library0 13EXECDLL32.exe1 00 28Added by the RANDEX.AZ WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.az.html0
1 7execfg40 11execfg4.exe1 00 27Added by the ELECTRON WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.electron.html0
110[not used]0 12exeroute.exe1 00 90Added by the Troj/WowPWS-A password-stealing Trojan for the online game World of Warcraft.57http://www.sophos.com/virusinfo/analyses/trojwowpwsa.html0
1 7winprot0 13exeserver.exe1 00 42Added as a result of the CHUPACABRA VIRUS!62http://www.dark-e.com/archive/trojans/chupacabra/10/index.shtm0
115Windows Updates0  9exesy.exe1 00 24Added by a Rbot variant.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
412vet start up0 12exevet32.exe1 00244Computer Associates &quot;InnoculateIT&quot;&nbsp; and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options22http://www.vet.com.au/0
2 7exgiwsl0 11exgiwsl.exe1 00  2?? 01
313Exif Launcher0 18Exiflaquickdcr.exe1 00116USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly 01
116NOYPI_KANG_ASTIG0 21Exit to DosPrompt.pif2 00 46Added by the W32.Filukin.A@ mass-mailing worm.77http://www.sarc.com/avcenter/venc/data/w32.filukin.a@mm.html#technicaldetails0
215Excite Platform0 12Exlaunch.exe1 00287Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer 01
1 6xevivi0 11exobaba.exe1 00132Added by the W32/Sdbot-UQ worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuq.html0
2 6Exodus0 10Exodus.exe1 00 90Added by Exodus. Exodus is an instant messaging program that utilizes the jabber protocol.31http://exodus.jabberstudio.org/0
1 7exp.exe0  7exp.exe1 00 53Added by a variant of the SMALL.ABD downloader TROJAN 01
1 6rforce0 12EXP1ORER.EXE1 00 29Added by the  TROJ_DROPPER.KN87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.KN&VSect=T0
114WINDOWS SYSTEM0 12expI0rer.exe1 00132Added by the W32/Mytob-FI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobfi.html0
116Navegador de red0 12ExpIorer.exe1 00 44Added by the Troj/Taladra-E backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojtaladrae.html0
114WINDOWS SYSTEM0 12EXPIORER.EXE1 00 49Added by the WORM_MYTOB.MA worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EMA&VSect=T0
111expl0re.exe0 11EXPL0RE.EXE1 00 26Added by the  Troj/Popno-A56http://www.sophos.com/virusinfo/analyses/trojpopnoa.html0
1 8EXPL0RER0 12EXPL0RER.exe1 00 43Added by the Troj/Feutel-G backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelg.html0
1 8EXPLORER0 12EXPL0RER.EXE1 00 44Added by the Troj/BeastDo-Y backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojbeastdoy.html0
118Microsoft Internet0 12expl0rer.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
124Microsoft Update Machine0 12expl0rer.exe1 00 27Added by the SDBOT.OK WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.OK&VSect=T0
113Expl0rer soft0 12expl0rer.pif1 00133Added by the W32/Rbot-ARE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotare.html0
1 8explorer0 10expl32.exe1 00 27Added by the RATSOU TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.html0
110Explorer320 10Expl32.exe1 00 31Added by the HACKTACK.B TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HACKTACK.B0
1 3pcc0 12explcrer.exe1 00 43Added by the Troj/Agent-FW backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfw.html0
114Office Startup0 11Exploer.exe1 00 87Added by the GAOBOT.BV WORM! Note the different filename to the valid MS Office entries79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bv.html0
112COM++ System0 12exploier.exe1 00 39Added by a variant of the LOVGATE WORM!57http://www.sophos.com/virusinfo/analyses/w32lovgatef.html0
118Microsofts Updatez0 13exploirez.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
117microsoft windows0 12explorar.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7explore0 11explore.exe1 00 49Added by any number of VIRUSES, WORMS or TROJANS! 01
1 7Explore0 11explore.exe1 00 21Adult content dialler 01
115explore manager0 11explore.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
111explore.exe0 11Explore.exe1 00 31Added by the GRAYBIRD.G TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.g.html0
116filename process0 11explore.exe1 00129Added by W32/Agobot-QN,  a TROJAN/backdoor that allows for unauthorized access to the PC using an IRC channel to a remote server.57http://www.sophos.com/virusinfo/analyses/w32agobotqn.html0
114SystemExplorer0 11explore.exe1 00 73Homepage hijacker - file located in the "Services" folder in Common Files 01
114Update Windows0 11EXPLORE.EXE1 00 59Added by the Backdoor.Win32.Rbot.aal worm and IRC backdoor. 01
114Video Services0 11explore.exe1 00 28Added by the GAOBOT.GL WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.gl.html0
1 6Window0 11explore.exe1 00 29Added by the GAOBOT.ADW WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adw.html0
1 7Default0 11explore.vbs1 00138ml" target=_blankALLEM mass-mailing worm.  It finds addresses to send to in the Microsoft Outlook address book.  It also spreads via MIRC. 01
119Microsoft Update 320 13explore32.exe1 00 29Added by the SPYBOT.CYM WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.cym.html0
1 8startkey0 13explore32.exe1 00 43Added by the Troj/Bdoor-MT backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoormt.html0
1 5Video0 12explored.exe1 00 28Added by the GAOBOT.RF WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rf.html0
113Windows Login0 12explored.exe1 00 28Added by the GAOBOT.SY WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sy.html0
113exploreff.exe0 13exploreff.exe1 00 36Added by the Trojan.Finfanse Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.finfanse.html#technicaldetails0
113Explorer soft0 12explorer.com1 00133Added by the W32/Rbot-ARM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotarm.html0
1 8EXPLORER0 12EXPLORER.dll1 00 33Added by the Troj/SCLog-B trojan.56http://www.sophos.com/virusinfo/analyses/trojsclogb.html0
1 8Explorer0 12Explorer.doc1 00 38Added by the WM97/Resume-A email worm.57http://www.sophos.com/virusinfo/analyses/wm97resumea.html0
2 5Jgvta0 12explorer.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8explorer0 12explorer.exe1 00248Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL84http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_BISTRO&amp;VSect=T0
3 3klp0 12explorer.exe1 00119Added by the Spyware.ComSurveilSys surveillance software. bIf this was not installed by you, you should uninstall it./b65http://www.sarc.com/avcenter/venc/data/spyware.comsurveilsys.html0
115[random number]0 12explorer.exe1 00 53Added by the Troj/Keylog-AN password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojkeylogan.html0
1 64566550 12Explorer.exe1 00135Added by the Troj/Bifrose-DF Trojan.  This infection should not be confused with the legitimate Microsoft file C:\Windows\Explorer.exe.59http://www.sophos.com/virusinfo/analyses/trojbifrosedf.html0
1 5ccreg0 12explorer.exe1 00178Added by the ZCREW TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\System or C:\Winnt\System subdirectory66http://www.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html0
1 7Explore0 12Explorer.exe1 00155Added by the IRC.FLOOD.G TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.g.html0
115Explorer lptt010 12explorer.exe1 00304Variant of the  RapidBlaster parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually!49http://www.doxdesk.com/parasite/RapidBlaster.html0
115Explorer ml097e0 12explorer.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
112IE configure0 12explorer.exe1 00 81Added by the Troj/Lineage-C password-stealing Trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagec.html0
1 9IExplorer0 12explorer.exe1 00  092http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FZAPCHAST%2EBD&VSect=T0
1 7Loadab10 12explorer.exe1 00 36Added by the Troj/Lineage-AJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojlineageaj.html0
1 9loadMecq00 12explorer.exe1 00101tml" target=_blankMUMUBOU.C trojan.  Note that legitimate explorer.exe resides in the Windows folder. 01
1 9loadMect10 12explorer.exe1 00 72Added by the  Troj/Lineage-L trojan to the %Windr%/Program Files folder.58http://www.sophos.com/virusinfo/analyses/trojlineagel.html0
1 8MicroCQ00 12explorer.exe1 00 82Added by the Troj/Lineage-AK password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageak.html0
127Microsoft Automatic Updater0 12Explorer.exe1 00 31Added by the  W32/RBOT-SG WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotsg.html0
133Microsoft Synchronization Manager0 12explorer.exe1 00225Added by the W32/Sdbot-AEA worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer. Note: this is not the legitimate explorer.exe found in your c:\Windows folder.57http://www.sophos.com/virusinfo/analyses/w32sdbotaea.html0
119Microsoft Update 320 12explorer.exe1 00223Added by the W32/Rbot-ARF worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This should not be confused with the legitimate explorer.exe found in the Windows folder.56http://www.sophos.com/virusinfo/analyses/w32rbotarf.html0
134Microsoft Windows Keyboard service0 12explorer.exe1 00132Added by the W32/Rbot-ECN worm and IRC backdoor.  This infection should not be confused with the legitimate C:\Windows\explorer.exe.56http://www.sophos.com/virusinfo/analyses/w32rbotecn.html0
1 4mmb20 12explorer.exe1 00279Added by an unidentified WORM or TROJAN - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in the C:\Windows\System folder (Win 98/ME) or in the C:\Winnt\System32 or C:\Windows\System32 subfolder (Windows 2000 and Win XP) 01
1 7MsAudio0 12explorer.exe1 00119Added by the Troj/LegMir-BY Trojan.  This infection should not be confused with legitimate file C:\Windows\explorer.exe58http://www.sophos.com/virusinfo/analyses/trojlegmirby.html0
1 8oadMect10 12explorer.exe1 00125Added by the Troj/Lineage-L password stealing trojan.  This trojan targets passwords associated with the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagel.html0
112QoS Provider0 12explorer.exe1 00142Added by the W32/Agobot-UX worm and IRC backdoor.  This infection should not be confused with the legitimate explorer.exe found in C:\Windows.57http://www.sophos.com/virusinfo/analyses/w32agobotux.html0
1 5Shell0 12explorer.exe1 00 35Added by the Trojan.Kakkeys trojan.75http://www.sarc.com/avcenter/venc/data/trojan.kakkeys.html#technicaldetails0
1 7Shell320 12explorer.exe1 00134Added by the W32/Sdbot-NF worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnf.html0
1 5smsys0 12Explorer.exe1 00186Added by the CLICKER-C TROJAN! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\Template or C:\Winnt\Template subdirectory58http://www.sophos.com/virusinfo/analyses/trojclickerc.html0
1 6Sustem0 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
112SustemUpdate0 12explorer.exe1 00  0 01
110sys_Runtt10 12explorer.exe1 00132Added by the Troj/Lineage-M password stealing trojan.  This trojan attempts to steal passwords from the popular online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagem.html0
1 8sysMett10 12explorer.exe1 00 52Added by the Troj/LegMir-Y password stealing trojan.57http://www.sophos.com/virusinfo/analyses/trojlegmiry.html0
1 6system0 12Explorer.exe1 00247Added by the GRAYBIRD TROJAN! Note - this is located in this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) rather than the valid Windows Explorer which is located in C:\Windows or C:\Winnt78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html0
114System Update20 12explorer.exe1 00 31Added by the AUTOTROJ-C TROJAN!59http://www.sophos.com/virusinfo/analyses/trojautotrojc.html0
1 7Taskmrg0 12explorer.exe1 00 37Added by the TROJ_ZAPCHAST.BD Trojan.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FZAPCHAST%2EBD&VSect=T0
1 7Windows0 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
116Windows Explorer0 12explorer.exe1 00 44Added by the W32/Poebot-J WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotj.html0
116Windows Services0 12explorer.exe1 00128Added by the W32/Sdbot-W.  When this infection loads it connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotwt.html0
116Windows System320 12explorer.exe1 00 31Added by the W32/Opanki-V worm.56http://www.sophos.com/virusinfo/analyses/w32opankiv.html0
119Windowz Update V2.00 12Explorer.exe1 00150Added by the YODO WORM! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in the System32 sub-directory74http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.yodo.html0
1 8WinUPD320 12explorer.exe1 00170Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually 01
1 6WksSVC0 12EXPLORER.exe1 00 12Added by the134W32/Mytob-BW0
113Explorer soft0 12explorer.pif1 00133Added by the W32/Rbot-APK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapk.html0
118Microsoft Explorer0 12explorer.pif1 00133Added by the W32/Sdbot-ACX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacx.html0
116Windows Explorer0 12explorer.pif1 00133Added by the W32/Rbot-AID worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaid.html0
118Microsoft Explorer0 12explorer.scr1 00121Added by the W32/Rbot-ADH worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotadh.html0
114System-Service0 12EXPLORER.SCR1 00 61Added by the  BENJAMIN WORM! KaZaA file-sharing users beware!86http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A&VSect=T0
1 6Limpet0 14explorer16.exe1 00133Added by the W32/Rbot-AJD worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotajd.html0
116Explorer Service0 14Explorer32.exe1 00 26Added by Backdoor.Fraggle.60http://www.sarc.com/avcenter/venc/data/backdoor.fraggle.html0
125Microsoft Windows Updates0 14explorer32.exe1 00 27Added by the SDBOT.VQ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.VQ&VSect=T0
114Win32 Explorer0 14Explorer32.exe1 00 28StartPa-MN homepage hijacker55http://sophos.com/virusinfo/analyses/trojstartpamn.html0
134Windows Explorer Update Build 11420 14EXPLORER32.EXE1 00 50Added by the KaZaA based  KWBOT or  KWBOT.Y WORMS!76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.A0
112explorer.exe0 17explorer32dbg.exe1 00 69Browser Hijacker to http://default.home and possibly other locations. 01
122Microsoft Explorer(64)0 14EXPLORER64.EXE1 00136Added by the W32/Spybot-R worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32spybotr.html0
110explorer320 15explorer6s4.exe1 00 47Added by the Downloader.Win32.Small.biq TROJAN! 01
123MicrosoftServiceManager0 13EXPLORERE.EXE1 00 26Added by the YAHA.AB WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.ab@mm.html0
115Explorer Loader0 13explorerl.exe1 00143Added by the W32/Sdbot-ADI worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotadi.html0
114Config Loader20 12explores.exe1 00 28Added by the GAOBOT.BT WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.bt.html0
1 8RavTimer0 12explores.exe1 00 42Added by the Troj/Homey-A backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojhomeya.html0
128Microsoft EXPLOREXP Protocol0 13explorexp.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
115explorer loader0 11explr32.exe1 00 28Added by the  AGOBOT.N WORM!124http://www.0
115[Various Names]0 11expoler.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
121Outlook Mail Services0 11express.exe1 00132Added by the W32/Rbot-ATJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatj.html0
1 6Explkw0  9expup.exe1 00 17Keywords hijacker 01
1 8exqvbedm0 12exqvbedm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8Exshow950 12EXSHOW95.exe1 00142Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices 01
1 6extapp0 10extapp.exe1 00119Added by the Backdoor.Acidoor  backdoor trojan.  This backdoor listens on TCP ports 4432 and 4433 awaiting connections.60http://www.sarc.com/avcenter/venc/data/backdoor.acidoor.html0
121External Dependencies0 12External.exe1 00147Added by the W32/Mytob-AT mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobat.html0
120Configuration Loader0 10extrac.exe1 00133Added by the W32/Sdbot-AFP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafp.html0
3 8ExtraDNS0 12ExtraDNS.exe1 00 33ExtraDNS - DNS configuration tool26http://www.extratools.com/0
325extreme messenger for aim0 20ExtremeMessenger.exe1 00 69Extreme_Messenger - an extension for the AIM Instant Messenger client32http://www.extrememessenger.com/0
1 4exww0  8exww.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
019ExxtremeHelperDemon0 12exxdemon.exe1 00 40Creative Exxtreme graphics card related? 01
1 3XXX0 16exysa ummama.vbs2 00116Added by the VBS/Suasage-A emailing worm.  This worm spreads by emailing all the users in your Outlook contact list.57http://www.sophos.com/virusinfo/analyses/vbssausagea.html0
1 5eyiid0  9eyiid.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6eyjvbw0 10eyjvbw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110bwomnduwaj0 10eyuzqp.exe111HKEY_LM\Run0 79TODO: <Product name? 0, 0, 7, 0, TODO: <Company name?. TODO: <File description>39http://www.absolutestartup.com/startup/1
2 7ezagent0 11ezagent.exe1 00 80EzVCR recording software for the ASUS TV FM card. Available via Start - Programs50http://www.asus.com/products/vga/tvfm/overview.htm0
3 8EzButton0 12EzButton.EXE1 00148EZbutton, is quick launcher of the Media player app that comes with certain laptops.  Typically installed in C:\Program Files\EzButton\EzButton.EXE. 01
2 6EZDesk0 10EZDESK.EXE1 00 82Utility that remembers icon locations for each user and resolution. Available here32http://members.aol.com/EzDesk95/0
410eTrustCIPE0 12ezdsmain.exe1 00164eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior128http://www10
2 8EzEjMnAp0 12EzEjMnAp.exe1 00272For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start - Programs 01
2 8EZEJMNAP0 12EzEjMnAp.Exe111HKEY_LM\Run0108IBM ThinkPad EasyEject Support Application 1, 0, 0, 0, IBM Corp.. IBM ThinkPad EasyEject Support Application39http://www.absolutestartup.com/startup/1
01439ELTFH25Z8SKF0 10Ezg1q5.exe1 00 57Seems to be associated with software by Resplendence SP ? 7#FF00000
1 5jijbl0  9ezlwy.bat1 00 24Added by the REDDW WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reddw@mm.html0
1 5ezula0 10eZmmod.exe1 00128Regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
3 7EZNORUN0 11EZNORUN.EXE1 00 22Easy Internet related? 01
2 9Web Offer0 13ezPopStub.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
1 9web offer0 13ezPopStub.exe1 00 15Added by  eZula90http://research.sunbelt-software.com/threat_display.cfm?name=eZula.WebOffer&threatid=149970
316ab EazyScheduler0 11ezsched.exe1 00  2?? 01
311EZSMART App0 11ezsmart.exe1 00 97EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported 01
4 7ezPS_Px0 11ezSP_Px.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px0 11ezSP_Px.exe1 00 68ezSP_Px Application 1, 0, 0, 0, Easy Systems Japan Ltd.. ezSP_Px MFC35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px0 11ezSP_Px.exe1 00 80ezSP_Px Application 1, 0, 0, 0, Easy Systems Japan Ltd.. ezSP_Px MFC Application 01
4 7ezPS_Px0 17ezSP_PxEngine.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
424ezShieldProtector for Px0 17ezSP_PxEngine.exe1 00180Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings35http://www.easy.co.jp/dd2e/sony/cd/0
2 6eZstub0 10eZstub.exe115HKEY_CU\RunOnce0  039http://www.absolutestartup.com/startup/1
1 9web offer0 12EZSTUB22.EXE1 00 21eZula  TopText adware44http://www.doxdesk.com/parasite/TopText.html0
1 9eZulaMain0 13eZulaMain.exe1 00136Ezula - regarded as spyware/theftware and bundled with the popular iMesh and KaZaA file-sharing programs. Read here for more information39http://www.ahfb2000.com/ezula/ezula.php0
1 9eZuluMain0 13eZuluMain.exe1 00 87Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work 01
115start athx roll0 11f0mered.exe1 00 28Added by the  RBOT.AAV WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AAV&VSect=P0
115Mozilla Firefox0 11F1REF0X.EXE1 00 37Added by a variant of the SDBOT WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SDBOT.GEN0
114Compaq Drivers0 13F1rewalls.exe1 00 31Added by the W32/Sdbot-WD WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotwd.html0
310f1Tray.exe0 10F1TRAY.EXE1 00182System Tray icon for FusionOne’s MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"27http://www.mightyphone.com/0
1 4f6070  8f607.exe1 00 27Added by the URAT.B TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.urat.b.html0
111Conf Loader0 12F64MGR32.EXE1 00143Added by the Troj/Sdbot-GQ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgq.html0
116microsoft driver0  8faet.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8FS Agent0 10fagent.exe1 00 47Added by the Troj/Volver-B IRC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojvolverb.html0
125FAH@C:+FAH504-Console.exe0 18FAH504-Console.exe1 00267Folding@Home version 5.0.4. "Folding@Home is a distributed computing project -- people from through out the world download and run software to band together to make one of the largest supercomputers in the world. Every computer makes the project closer to our goals." 8<a href=0
2 5FAhid0  9Fahid.exe1 00 52Tablet drivers for Chinese and Japanese handwriting. 01
110[not used]0 12fakegina.dll1 00 54Added by the Trojan.Fakegina password-stealing Trojan.76http://www.sarc.com/avcenter/venc/data/trojan.fakegina.html#technicaldetails0
112blah service0  9FaLeH.exe1 00133Added by the W32/Rbot-AES worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaes.html0
1 4UCmd0 12fallfour.exe1 00 49Added by the W32/Sdbot-AZA worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaza.html0
411Toshiba Fan0  7fan.exe1 00 97Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat 01
0 6fapmon0 10fapmon.exe1 00 63Fair Access Policy monitor for DirecPC/DirecWay internet access33http://www.copperhead.cc/fap.html0
3 8farmmext0 12farmmext.exe111HKEY_LM\Run0 380, 4, 1, 3, FarmMext. www.farmmext.com39http://www.absolutestartup.com/startup/1
1 8farmmext0 12farmmext.exe1 00 38Transponder parasite updater/installer48http://www.doxdesk.com/parasite/Transponder.html0
1 4Fash0  8Fash.exe1 00 27Ibis toolbar adware related68http://www.liutilities.com/products/wintaskspro/processlibrary/Fash/0
2 4fast0  8fast.exe1 00328Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys 01
2 8fastuser0  8fast.exe1 00328Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys 01
2 7FastUsr0  8fast.exe1 00  0 01
211FAST Defrag0  9FAST2.EXE1 00 33FastDefrag defragmenting software21http://www.ams.as.ro/0
227Microsoft Office Fast Cache0 12Fastboot.exe1 00137Part of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled63http://support.microsoft.com/default.aspx?scid=kb;en-us;Q1327550
1 7acocash0 12fastdown.exe1 00 21Adult content dialler 01
1 7acocash0 12fastfown.exe1 00 21Adult content dialler 01
310FastTVSync0 14FastTVSync.exe111HKEY_LM\Run0 49FastTVSync Module 1, 0, 0, 1, . FastTVSync Module39http://www.absolutestartup.com/startup/1
115Fat32 Microsoft0  9fat32.exe1 00232Added by the W32/Rbot-EL trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection also attempts to terminate various processes including other infections.55http://www.sophos.com/virusinfo/analyses/w32rbotel.html0
1 8fatrecov0 12fatrecov.exe1 00235Added by the TrojanSpy.SCKeyLog.j keylogger - A  keylogger or keyboard logger is a type of surveillance software  that has the capability to record every keystroke you make to a log file, which can then be sent to a specified receiver.46http://www.webopedia.com/TERM/K/keylogger.html0
316Windows Guardian0 12Fawgrd32.exe1 00158Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes 01
1 2110 13faxcomdos.exe1 00 12Added by the34Troj/Dloader-KF TROJAN/downloader!0
311CstlFaxTray0 11FaxTray.Exe1 00229Used by Castelle fax servers. This application allows you to directly access FaxPress functionality from your system tray. To store the icon in your system tray for ready access, click the check box for Run FaxTray in system tray23http://www.castelle.com0
1 8System330 10FB_PNU.EXE1 00 29Added by the NICHELLO-A WORM!59http://www.sophos.com/virusinfo/analyses/w32nicehelloa.html0
2 9PP****usb0 12FBDirect.exe1 00282Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start - Programs 01
3 8FBDirect0 12FBDirect.exe1 00282Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start - Programs 01
0 3FBI0  9FBISM.exe1 00 35Compaq related but what does it do? 01
326mount safe &amp;amp; sound0 11Fbmount.exe1 00  0 01
321Mount Safe &amp;Sound0 11Fbmount.exe1 00193From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start 01
317Mount Safe &Sound0 11Fbmount.exe1 00193From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start 01
1 6dvsfss0 12fbsfsdrs.exe1 00 27Added by the SDBOT-QA WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotqa.html0
212BlazeChanger0 12FBZPaper.exe1 00 55Ember graphic file viewer, manager, and touch-up system30http://www.firehand.com/Ember/0
3 9FastCache0  6fc.exe1 00 77FastCache from AnalogX - speeds up browsing by resolving DNS requests locally55http://www.analogx.com/contents/download/network/fc.htm0
1 8fcengine0 12FCEngine.exe1 00 24CASClient adware variant109http://re0
1 6fchelp0 10FCHelp.exe1 00 30Added by either  Adware.FCHelp74http://securityresponse.symantec.com/avcenter/venc/data/adware.fchelp.html0
112User Manager0 10fcllls.exe1 00 36Added by the  Troj/Zagaban-B TROJAN!58http://www.sophos.com/virusinfo/analyses/trojzagabanb.html0
328Freecom Personal Media Suite0  9FCPMS.exe125StartUp menu\Current user0 64Freecom Personal Media Suite 1.27, Freecom. Personal Media Suite39http://www.absolutestartup.com/startup/1
3 6FD_SAP0  6FD.exe1 00 27Genicom SAP Printer driver. 01
322Free Downloads Monitor0 10fdcmon.exe1 00  2?? 01
110FDD SYSTEM0  7Fdd.exe1 00 61Added by the W32/Mytob-FO mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobfo.html0
1 6msjdqs0 10fddwqt.exe1 00132Added by the W32/Sdbot-POworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotpo.html0
1 8fdifekae0 12fdifekae.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
221Free Download Manager0  7fdm.exe1 00 32Free Download Manager - see here14- see <a href=0
221Free Download Manager0 16fdm.exe -autorun211HKEY_CU\Run0 50Free Download Manager 1.0, . Free Download Manager39http://www.absolutestartup.com/startup/1
1 6fdnqlb0 10fdnqlb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Windows Update0  8fdos.exe1 00 48Added by the W32/Rbot-COG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcog.html0
117Microsoft Startup0 11FDWQCVE.EXE1 00152Added by the W32/Sdbot-BA backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotba.html0
1 8fdwwrlmd0 12fdwwrlmd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9msgsmrsgs0  9fdxit.exe1 00132Added by the W32/Sdbot-QYworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotqy.html0
311ODBC BackUp0  9fdxxl.exe1 00156G Data "PC Spion" - monitoring and surveillance software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself! 8PC Spion0
3 8SysPilot0  9fdxxl.exe1 00  0 8PC Spion0
112Fear Service0 10fear32.exe1 00 32Added by the W32/Tilebot-T worm.57http://www.sophos.com/virusinfo/analyses/w32tilebott.html0
118Monitor SynManager0 12FECWVNCD.EXE1 00121Added by the W32/Sdbot-IW worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotiw.html0
1 8FixError0 10fedisk.com1 00 48Added by the Troj/IRCBot-HH IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojircbothh.html0
319FEELitDeviceManager0 12feelitdm.exe1 00115Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals) 01
123Microsoftf DDEs Control0  8FEnR.exe1 00133Added by the W32/Rbot-AIM worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaim.html0
112Fen Startups0 12fensvc32.exe1 00 29Added by the RANDEX.CCF WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ccf.html0
1 9hpDexmark0 11feqfevhj.ex1 00130Added by the W32/Sdbot-RA worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotra.html0
316FerrariWallPaper0 13FerrariWP.exe1 00155Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com 01
316FerrariWallPaper0 13FerrariWP.exe111HKEY_LM\Run0 18WallPaper 1.00, ..39http://www.absolutestartup.com/startup/1
1 6fetimr0 10fetimr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4feyo0  8feyo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0  6FF.EXE1 00 29Added by the W32/Rirc-D worm.54http://www.sophos.com/virusinfo/analyses/w32rircd.html0
1 9SAvasddwq0  9ffasd.exe1 00130Added by the W32/Sdbot-SI worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotsi.html0
322FriendFinder Messenger0  9FFIMC.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 4ffis0 13ffisearch.exe1 00 33iSearch "Desktop Search" hijacker 01
1 7dS35DLL0  9ffqca.exe1 00121Added by the W32/Sdbot-KV worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkv.html0
120Windows Reg Services0 13ffservice.exe1 00 47Added by the Troj/Redrival-A downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojredrivala.html0
1 7ffspjte0 11ffspjte.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7DfqwSfS0 10ffsqsd.exe1 00130Added by the W32/Sdbot-SH worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotsh.html0
1 5fggmf0  9fggmf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8CRCCheck0 10FGHECX.EXE1 00121Added by the W32/Sdbot-JU worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotju.html0
1 6fginqv0 10fginqv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311FolderGuard0  9FGKEY.EXE1 00 85Part of the Winability's Folderguard program.  Used to protect folders on a computer.26http://www.winability.com/0
1 6fgqyos0 10fgqyos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5fgsrv0  9fgsrv.dll1 00 71Added by the Troj/Fgbot-A Trojan.br /br /Uses CLSID: b{random clsid}/b.56http://www.sophos.com/virusinfo/analyses/trojfgbota.html0
1 7fhsvbec0 11fhsvbec.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7fhtfnoe0 11fhtfnoe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7Fhtisxk0 11fhtisxk.exe1 00206XtraKeys - keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove via Spybot S&D (for example) 01
119ProcessEnumerator320  8fi49.exe1 00133Added by the W32/Sdbot-ACN worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacn.html0
132windows service pack auto update0 10figgaz.exe1 00 96Added by a  TROJAN.CLICKER - identified by  Kaspersky antivirus as Trojan-Clicker.Win32.Agent.bt46http://www.f-secure.com/v-descs/trojclik.shtml0
122Microsoft DLL Verifier0  8file.exe1 00134Added by the  W32/Rbot-AED worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaed.html0
3 6FileBX0 10FileBX.exe122StartUp menu\All users0 74FileBox eXtender 1, 90, 3, 0, Hyperionics Technology LLC. FileBox eXtender39http://www.absolutestartup.com/startup/1
122ntfss microsoft system0 10filees.exe1 00 28Added by the  RBOT.GAB WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GAB&VSect=P0
316FileList.org.URL0 16FileList.org.URL125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
115service cleaner0  9filen.exe1 00 28Added by the  RBOT.BRH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BRH&VSect=T0
1 7Systray0 12filename.exe1 00 19Winfavorites adware80http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html0
122ntfss microsoft system0 10filess.exe1 00 28Added by the  RBOT.AXZ WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AXZ&VSect=P0
111SystemTasks0  9filez.exe1 00 21Adult content dialler 01
3 8filmloop0 19FilmLoopService.exe1 00 94Related to  FilmLoop A photocasting network. Share your Pictures with your family and friends.24http://www.filmloop.com/0
310FilterGate0 14filtergate.exe1 00120Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items26http://www.filtergate.com/0
311Filterguard0 12Filtrgrd.exe1 00289An icon located in the lower left of the screen and looks like a lifesaver. This icon is a “short-cut” to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by “right-clicking” on the icon 01
1 4find0  8find.exe1 00126With the word this being a link.  This infection also connects to an IRC server where it waits for remote commands to execute. 01
319Microsoft Find Fast0 12FINDFAST.EXE125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 9Find Fast0 12Findfast.exe1 00121Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier 01
119Microsoft Find Fast0 12Findfast.exe1 00142Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier 01
211BrowseProxy0 15FindService.exe1 00212Actual Names - "It is now possible to enter a particular word or keyword phrase that is associated with your business, and immediately be directed to YOUR WEBSITE! The Actual Names technology can do this for you"46http://actualnames.com/index.php?cont=products0
1 9ASDPLUGIN0 11Finland.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
114Mozila Firefox0 11firebox.exe1 00133Added by the W32/Rbot-AIP worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaip.html0
1 7FireFox0 11firefox.exe1 00132Added by the W32/Rbot-ATP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatp.html0
119firefox auto update0 11firefox.exe1 00 50Added by the W32/Tilebot-DN worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotdn.html0
221Firefox Preloader.lnk0 20FirefoxPreloader.exe1 00 84Used by Firefox to load portions of the program into memory so its launched quicker. 01
314McAfeeFireTray0 12Firetray.exe111HKEY_LM\Run0107McAfee Desktop Firewall 8.5, Networks Associates Technology, Inc.. McAfee Desktop Firewall Tray Application39http://www.absolutestartup.com/startup/1
116Windows Firewall0 12FIREWAL1.EXE1 00144Added by the W32/Rbot-DB trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotdb.html0
1 8firewall0 12Firewall.bat1 00 31Added by the  VBS.Ypsan.G(AT)mm75http://securityresponse.symantec.com/avcenter/venc/data/vbs.ypsan.g@mm.html0
110Protection0 12Firewall.exe1 00 77Added by W32/Elitper-A, a WORM, and found inthe Windows Program Files folder.57http://www.sophos.com/virusinfo/analyses/w32elitpera.html0
124Windows Network Firewall0 12firewall.exe1 00 44Added by the W32/Poebot-J WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotj.html0
4 7dwStart0 12FireWall.exe1 00 47Shield Firewall 3, 1, 0, 0, NextAisle. Firewall 01
4 7dwstart0 12FireWall.exe1 00 19The_Shield Firewall46http://www.pcsecurityshield.com/webApp/208.asp0
113firewall_anti0 17firewall_anti.exe1 00 35Added by the Troj/Netdeny-A trojan.58http://www.sophos.com/virusinfo/analyses/trojnetdenya.html0
122Life Personal Firewall0 18FirewallingV10.exe1 00 48Added by the W32/Rbot-BKF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbkf.html0
118Microsoft Firewall0 15firewallsp2.exe1 00 26Added by the RBOT-MC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotmc.html0
315firewallstartup0 19Firewallstartup.exe1 00 21Innovative  Solutions30http://www.innovative-sol.com/0
111FirewallSvr0 15FirewallSvr.exe1 00 40Added by the NETSKY.X or NETSKY.Y WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.x@mm.html0
121Life FireWall Update10 20FireWall-Update1.exe1 00145Added by the W32/Rbot-ARS worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotars.html0
120Personal Firewall V90 21Firewall-UpdateV9.exe1 00 48Added by the W32/Rbot-BJR worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbjr.html0
133Microsoft Synchronization Manager0 12firewire.exe1 00133Added by the W32/Sdbot-AFC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafc.html0
1 9weboqacuc0 13FIRITIROL.EXE1 00127Added by the W32/Sdbot-UC. When started this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuc.html0
1 6serves0 13FirstLove.vbs1 00 12Added by the17VBS/VBSWG-D WORM!0
218Admin Bin Mp3 Bait0 13FirstPeak.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7HGTXPEI0 15FirstReboot.exe1 00118Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -&gt; Settings -&gt; Control Panel 01
1 7SyncMon0 13fixcomdos.exe1 00 43Added by the Troj/Clunky-B backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojclunkyb.html0
115ARCHIVE CONTROL0 14fixupdattr.exe1 00137Added by the W32.Mytob.GU@mm worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.gu@mm.html#technicaldetails0
1 50agU30  9fiyej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5fjgcb0  9fjgcb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6fjmenu0 10FjMenu.exe1 00407From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, Organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX,  Enable/disable Button Panel and the Fujitsu menu settings, which are customizable. 01
312fujitsu menu0 12FjMnuIco.exe1 00407From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, Organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX,  Enable/disable Button Panel and the Fujitsu menu settings, which are customizable. 01
1 4fjqi0  8fjqi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313FJTWAIN Setup0 22FjtwSetup.exe /Station211HKEY_LM\Run0 76Scanner Utility for Microsoft Windows 1, 1, 7, 0, FUJITSU LIMITED. FjtwSetup39http://www.absolutestartup.com/startup/1
2 8fkSysMon0 12fksysmon.exe1 00153fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"39http://www.fkware.com/sysmon/index.html0
1 3Boq0  7Fla.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 3Kcp0  7Fla.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6flacpy0 10flacpy.exe1 00 28FlashEnhancer adware variant60http://sarc.com/avcenter/venc/data/adware.flashenhancer.html0
2 7FLASH320 11flash32.exe1 00  2?? 01
116Macromedia Flash0 16flash8player.exe1 00 50Added by the W32/Tilebot-EI worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotei.html0
1 9flashdrvr0 13Flashdrvr.dll1 00115Added by the Troj/Haxdoor-BX Trojan.  This infection is bundled with the rootkit C:\Windows\System32\Flashdrv3.sys.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbx.html0
3 8FlashEnc0 12FlashEnc.exe1 00247Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission. which is a pain. No need for it if you do not want these features 01
125Flashget Download Manager0 12Flashget.exe1 00 51Added by the W32/Rbot-AGZ WORM/IRC backdoor trojan!56http://www.sophos.com/virusinfo/analyses/w32rbotagz.html0
211DataCaching0 12FlashKsk.exe1 00162SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon24http://www.smartdisk.com0
117Flash Memory tool0 12FLASHMGR.EXE1 00 42Added by the Troj/Riler-F backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojrilerf.html0
2 9Flashnote0 13flashnote.exe111HKEY_CU\Run0 70FlashNote Application 1, 3, 0, 0, Softvoile. FlashNote MFC Application39http://www.absolutestartup.com/startup/1
2 7PP3100b0 11flatbed.exe1 00184Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop 01
114kl antifunlove0  9flcss.exe1 00118Added by the  W32.Funlove.4099 WORM! **Note:  located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (XP/WinNT/2K)77http://securityresponse.symantec.com/avcenter/venc/data/w32.funlove.4099.html0
1 8fldiysch0 12fldiysch.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7fldrsys0 11fldrsys.dll1 00 96Added by the Troj/Agent-QY Trojan.br /br /Uses CLSID: b{A49667E0-E10C-4BAB-98B5-54FC5A6F3AF9}/b.57http://www.sophos.com/virusinfo/analyses/trojagentqy.html0
1 7FlenCPY0 11flencpy.exe1 00 28FlashEnhancer Adware variant 01
311FlexType 2K0 10Flex2K.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
3 7Flexicd0 11Flexicd.exe1 00 40CD player - part of the Win95 Power Toys86http://www.microsoft.com/windows95/downloads/contents/WUToys/W95PwrToysSet/Default.asp0
1 8jvdnlssn0 12fljzsshc.exe1 00 60Flingstone.com adware - and its Golden Palace Casino program 01
115[Various Names]0  9FLKPT.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6flncpy0 10flncpy.exe1 00 28FlashEnhancer adware variant60http://sarc.com/avcenter/venc/data/adware.flashenhancer.html0
310Flow Go TV0 11flogotv.exe1 00  2?? 01
1 8FLooDNeT0 11FLooDeR.exe1 00 30Added by of the ENDOOL TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.endool.html0
110OLE Object0  9floop.dll1 00 71Added by the Troj/Proxmeg-B proxy Trojan.br /br /Uses CLSID: bRandom/b.58http://www.sophos.com/virusinfo/analyses/trojproxmegb.html0
1 4flps0  8flps.vbs1 00 24Added by the BYRON WORM!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.bryon@mm.html0
1 8flpycntl0 12flpycntl.exe1 00 30Added by the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
217FlashPath Monitor0 12FLSHSTAT.EXE1 00184System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start - Programs 01
216FlashPath Status0 12FLSHSTAT.EXE1 00  0 01
2 6FLSVCI0 10FLSVCI.exe1 00  2?? 01
1 7NotFaut0 10flxper.exe1 00 49Added by the W32/Sdbot-AGZ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotagz.html0
114FlyswatDesktop0 11flydesk.exe1 00 19Advertising spyware 01
315FaxCenterServer0 10fm3032.exe1 00234FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others.41http://www.data-tech.com/content/fax.aspx0
315FaxCenterServer0 13fm3032.exe /s2 00  0 01
310FmctrlTray0 10Fmctrl.EXE1 00130Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used) 01
2 4run=0 10fmedia.exe1 00 45FMedia FaxWorks related - can be run manually 01
311FreeMem Pro0 11FMEMPRO.EXE1 00186Some users swear by memory management utilities such as FreeMem Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
311FreeMem Pro0 21fmempro.exe autostart211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
112fmnwebassist0 16fmnwebassist.exe1 00 22Adware popup generator 01
1 8fmopkwsg0 12fmopkwsg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7FMStart0 11Fmstart.exe1 00150GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop28http://www.gfi.com/faxmaker/0
1 4FMSZ0  8fmsz.exe1 00 25Added by the FMSZ TROJAN!45http://www.pestpatrol.com/pestinfo/f/fmsz.asp0
317Alcom PCL Capture0 12FMW_PCAP.EXE1 00  2?? 01
114Fenio Startups0 12fnesvc32.exe1 00 59A variant of the Agobot WORM/IRC backdoor Trojan adds this.57http://www.sophos.com/virusinfo/analyses/w32agobotos.html0
112fnmwebassist0 16fnmwebassist.exe1 00 12WinPL adware38http://doxdesk.com/parasite/WinPL.html0
1 4fnnr0  8fnnr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Npe0  7Fnt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4run=0 10fntldr.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 8fnvfseve0 12fnvfseve.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4fnxr0  8fnxr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 5Focus0  9Focus.exe1 00 26ISDN configuration wizard? 01
1 6foikvh0 10foikvh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110RealP1ayer0 10folder.bat1 00113Added by the Trojan.Rplay.A Trojan!  Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
110RealP1ayer0 10folder.exe1 00113Added by the Trojan.Rplay.A Trojan!  Files are located in the C: drive or in the folder where the trojan was run.75http://www.sarc.com/avcenter/venc/data/trojan.rplay.a.html#technicaldetails0
318folderclone v*.*.*0 15folderclone.exe1 00 47Folderclone backup and synchronization software37http://www.folderclone.com/fcinfo.htm0
4 4fspr0 16FolderShield.exe1 00 47Folder Shield - hide personal files and folders38http://www.baxbex.de/foldershield.html0
311folder view0 14folderview.exe1 00106Folder_View enhances the Windows file Explorer by making all folders you need available in a single click.37http://www.folderview.com/folderview/0
218FoneSyncSystemTray0 22FoneSyncSystemTray.exe1 00284System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required 01
1 7FontFix0 11fontfix.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
110AdobeFonts0  9fonts.hta1 00 48Browser hijacker - redirecting to Hugesearch.net 01
1 9TrueFonts0  9fonts.hta1 00  0 01
1 8FONTVIEW0 12FONTVIEW.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
1 5filit0 10foobar.exe1 00 39Added by the Troj/Perda-F proxy Trojan.56http://www.sophos.com/virusinfo/analyses/trojperdaf.html0
1 7Tiny AV0 11fooding.exe1 00 27Added by the NETSKY.I WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.i@mm.html0
2 6Forbes0 16ForbesAlerts.exe1 00 95Forbes Business News Alerts - displays business news headlines in a little window on the screen 01
1 6deejay0 10forboo.exe1 00 28Added by the FORBOT-AY WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotay.html0
115[Various Names]0 16forces_elite.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 7Systrsy0 12format32.exe1 00 12Added by the19W32/Cellery-A WORM!0
1 6avnort0 13formatsys.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5ltwob0 13formatsys.exe1 00  074http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 5serpe0 13formatsys.exe1 00101Added by the W32.Serflog.A worm.  This worms spreads through file sharing networks and MSN messenger.74http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.html0
1 8RunDLL320  4foto1 00 31Added by the W32/Bimoco-A WORM!56http://www.sophos.com/virusinfo/analyses/w32bimocoa.html0
1 4foto0  8foto.exe1 00129Added by the a href ="http://www.sarc.com/avcenter/venc/data/backdoor.antilam.g1.html" target="_new"Backdoor.Antilam.g1 backdoor. 01
328viewpointphotosdeviceconnect0 24FotomatDeviceConnect.exe1 00294Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this  article You can remove it, go to Start - Control Panel - Add/Remove Programs list... 3bad0
227FotoStation Easy AutoLaunch0 31FotoStation Easy AutoLaunch.exe2 00193Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either 01
3 7Foul PX0 10FoulPX.exe1 00 36Foul PX, Optusnet usage stat checker 01
3 9FourthDay0 13FourthDay.exe1 00 70The Fourth Day - "astronomical clock and almanac for your system tray"46http://www.starstonesoftware.com/fourthday.htm0
1 7foveegm0 11foveegm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5foxdh0  9foxdh.exe1 00 56Added by the Troj/GWGhost-Q information stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojgwghostq.html0
1 5foxdh0 12foxdhend.exe1 00 97Added by the PWSteal.Menghuan password-stealing trojan for the online game Menghuan Xiyou Online.77http://www.sarc.com/avcenter/venc/data/pwsteal.menghuan.html#technicaldetails0
1 5Foxdh0 13foxdhsend.exe1 00 35Added by the TSPY_FOLIN.AP spyware.96http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FFOLIN%2EAP&VSect=Td0
1 8foxmkbvb0 12foxmkbvb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7foxrxjh0 11foxrxjh.exe1 00 35Added by the Troj/GWGhost-T Trojan.58http://www.sophos.com/virusinfo/analyses/trojgwghostt.html0
314Fatpipe Dialer0 12fpdialer.exe1 00137Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users 01
223FinePrint Dispatcher v50 12fpdisp5a.exe1 00135Added by Fineprint. "FinePrint is a Windows printer driver that saves ink, paper and time by controlling and enhancing printed output."54http://www.fineprint.com/products/fineprint/index.html0
323FinePrint Dispatcher v50 12fpdisp5a.exe111HKEY_LM\Run0 50FinePrint 5.25, FinePrint Software, LLC. FinePrint39http://www.absolutestartup.com/startup/1
323FinePrint Dispatcher v50 25fpdisp5a.exe /source=HKLM2 00 50FinePrint 5.35, FinePrint Software, LLC. FinePrint 01
223FinePrint Dispatcher vx0 12FPDISPxA.EXE1 00185FinePrint - virtual printer for use with any printer. Search for "dispatcher"  here for more information. If removed, it will re-install when program is run - hence the Y recommendation44http://www.softwarelabs.com/fp/fineprint.htm0
228pdfFactory Pro Dispatcher v10 11fppdis1.exe1 00151With pdfFactory you can create PDF documents from any program printing to the virtual PDF printer. Available via a desktop shortcut or Start - Programs44http://www.fineprint.com/software/index.html0
328pdfFactory Pro Dispatcher v20 12fppdis2a.exe111HKEY_LM\Run0 72FinePrint pdfFactory 2.25, FinePrint Software, LLC. FinePrint pdfFactory39http://www.absolutestartup.com/startup/1
328pdfFactory Pro Dispatcher v20 25fppdis2a.exe /source=HKLM2 00 52pdfFactory 2.43, FinePrint Software, LLC. pdfFactory 01
326Warning: do not remove it!0 11fpplock.exe1 00141Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data" 01
115Terminate Popup0  8FPUK.exe1 00257a target="_blank" href="http://www.free-popup-killer.com/"Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see a target="_blank" href="http://www.spywareinfo.com/yabbse/index.php?board=21;action=display;threadid=2411"here 01
2 8FPWGMWZD0 12FPWGMWZD.exe1 00  2?? 01
4 9FoolProof0 12fpwinldr.exe1 00 55FoolProof Security PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
1 7fI@HOME0 10fq13rp.exe1 00135Added by the Troj/Ranck-AE proxy trojan.  This infection allows a remote intruder to use your Internet connection to hide his location.57http://www.sophos.com/virusinfo/analyses/trojranckae.html0
1 6fqdlgc0 17fqdlgc.exe -start211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4fqfy0  8fqfy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
413Quick Startup0 12Fquick32.exe1 00 91For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone31http://www.nisis.com/index.html0
1 6fqytuf0 10fqytuf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9ASDPLUGIN0 10france.exe1 00 69Added by a variant of the  ASDPLUG adult content premium rate dialer!58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
3 5Fraps0  9FRAPS.EXE1 00 37FRAPS 2, 7, 0, 5492, Beepa P/L. Fraps 01
3 5Fraps0  9fraps.exe1 00 38Fraps Real-Time Video Capture software 01
3 5Fraps0 30fraps.exe /nosplash /minimized2 00 37FRAPS 2, 7, 2, 5533, Beepa P/L. Fraps 01
216Monstersoundtray0 12Freectrl.exe1 00 43Diamond Multimedia sound card control panel 01
3 9Safeworld0 11Freedom.exe1 00 27SafeWorld Internet Security72http://www.safeworldsoftware.com/products/is2003_features.html/SafeWorld0
322Zero Knowledge Freedom0 11Freedom.exe111HKEY_CU\Run0 71Freedom 3.2.0 3.2.0.2002.0304, Zero-Knowledge Systems Inc.. Freedom 3.239http://www.absolutestartup.com/startup/1
4 7Freedom0 11Freedom.exe1 00 69Freedom 5.1.3 5.1.3.36337, Zero-Knowledge Systems Inc.. Freedom 5.1.3 01
4 7Freedom0 11Freedom.exe1 00173Zero Knowledge Freedom - Anti-Virus, Personal Firewall and Parental Control, it also blocks ads, safeguards your personal information, encrypts your passwords, and much more23http://www.freedom.net/0
422TELUS Security service0 11freedom.exe1 00 63Freedom Internet Security, provided by TELUS Communications Inc60http://www.freedom.net/products/bundles/security_bundle.html0
310FreeMemVn20 11FreeMem.exe1 00182Some users swear by memory management utilities such as FreeMem but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind34http://www.aumha.org/a/memmgmt.htm0
4 8Freenote0 12freenote.exe1 00 96FreeNote is a freeware application that lets you place virtual sticky notes around your desktop.39http://www.mgshareware.com/fnmain.shtml0
310FreeRAM XP0 29FreeRAM XP Pro 1.40.exe /tray2 00 76FRXPRO 1.0.0.0, YourWare Solutions (TM). FreeRAM XP Pro (YourWare Solutions) 01
310FreeRAM XP0 28FreeRAM XP Pro 1.40.exe -win211HKEY_CU\Run0 76FRXPRO 1.0.0.0, YourWare Solutions (TM). FreeRAM XP Pro (YourWare Solutions)39http://www.absolutestartup.com/startup/1
310FreeRAM XP0 20FreeRAM XP Pro x.exe2 00223Some users swear by memory management utilities such as FreeRAM XP Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind. "x" indicates the version number33http://www.yourwaresolutions.com/0
314BySoft FreeRAM0 11FreeRAM.exe111HKEY_CU\Run0 64BySoft FreeRAM - freeware 4.0, BySoft. BySoft FreeRAM - freeware39http://www.absolutestartup.com/startup/1
214Spyware Begone0 12freescan.exe1 00 73Spyware BeGone - free spyware removal utility. Not recommended - see note52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
116Spyware Vanisher0 15FreeScanner.exe1 00 99Spyware remover of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites52http://www.spywarewarrior.com/rogue_anti-spyware.htm0
114ET dll Locator0 11frepdll.exe1 00 32Added by the W32/Tilebot-D worm.57http://www.sophos.com/virusinfo/analyses/w32tilebotd.html0
2 9freshclam0 13freshclam.exe1 00 58Auto update agent of the open source Clamwin virus scanner23http://www.clamwin.com/0
313Fresh Desktop0 16freshdesktop.exe1 00195Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals41http://www.softcows.com/fresh_desktop.htm0
322FridaysInHellInstaller0 26FridaysInHellInstaller.exe1 00  2?? 01
1 4frjs0  8frjs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119windows frame works0 13frmwrks32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 6FG1_000 12frntgate.exe1 00 34FrontGate MX - e-mail spam blocker54http://www.presorium.com/en_au/products/fg/index.shtml0
318free ram optimizer0  7fro.exe1 00 94Free_Ram_Optimizer monitors your memory, and frees up ram if it falls below a certain minimum.37http://www.acelogix.com/freeware.html0
1 4Frsk0  8frsk.exe1 00 37Unidentified adware downloader trojan 01
122Windows network client0 12FRundlll.exe1 00 45Added by the Troj/GrayBrd-CA backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdca.html0
112Windows Rwxf0 12FRundlll.exe1 00 44Added by the Troj/GrayBrd-A backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojgraybrda.html0
1 8WindowsF0 12FRundlll.exe1 00 45Added by the Troj/GrayBird-Y backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdy.html0
4 7FRW_EXE0  7FRW.EXE1 00 55ConSeal Signal9 firewall - now McAfee Personal firewall42http://www.claymania.com/rate-conseal.html0
4 8frxmxins0 12frxmxins.exe1 00 28ATI 3D Studio MAX/VIZ driver 01
3 8Fryderyk0 12fryderyk.exe111HKEY_CU\Run0 34Fryderyk 1.6, Aktywni.pl. Fryderyk39http://www.absolutestartup.com/startup/1
3 7DepFrez0 12frzstate.exe1 00249Deep Freeze from Hyper Technologies. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example70http://www.winselect.com/pages/deepfreeze/dpfrz_info.htm?B13=More+Info0
310freesurfer0  8fs20.exe1 00 38EMS Free Surfer mk II - pop-up stopper39http://www.kolumbus.fi/eero.muhonen/FS/0
4 4fsaa0  8fsaa.exe1 00108F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers53http://www.f-secure.com/products/anti-virus/fsav2005/0
1 4fsbq0  8fsbq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7FSCBoss0 11FSCBoss.exe1 00 36Free Store Club shop online software53http://freestorenow.com/dollardriven/makingmoney.html0
318FRISK FP-Scheduler0 11F-Sched.exe1 00 99Scheduler for  F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis22http://www.f-prot.com/0
318FRISK FP-Scheduler0 19F-Sched.exe STARTUP2 00106Scheduler for F-Prot for Windows 1, 0, 0, 8, FRISK Software International. Scheduler - Windows application 01
2 7FSDPSRV0 11FSDPSRV.exe1 00  2?? 01
1 8dasxdads0  9fsdqd.exe1 00 29Added by the GAOBOT.BIQ WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.biq.html0
3 6fsserv0  9fserv.exe1 00272a target="_blank" href="http://www.bysoft.se/sureshot/farsighter/manual.html"Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time 01
129DirectX for Microsoft Windows0 12Fservice.exe1 00 27Added by the PRORAT TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html0
134DirectX For Microsoft&reg; Windows0 12fservice.exe1 00 12Added by the21Troj/Prorat-L TROJAN!0
1 8Trickler0  7fsg.exe1 00  6Adware 01
1 8Trickler0 12Fsg_3202.exe1 00 96Added by the Gator Adware.  This program downloads and displays advertisements on your computer.56http://www.sarc.com/avcenter/venc/data/adware.gator.html0
212fsg_4104.exe0 12fsg_4104.exe1 00 53Installed with Kazaa and believed to be Gator adware? 01
1 8Trickler0 12fsg_4203.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Trickler0 15fsg-ag_3102.exe1 00  6Adware 01
1 6fsliqy0 18fsliqy.exe  -start211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
416F-Secure Manager0  9FSM32.EXE1 00 66F-Secure Antivirus - carry out scheduled virus scans automatically44http://www.f-secure.com/products/anti-virus/0
416F-Secure Manager0 17FSM32.EXE /splash2 00 98F-Secure Management Agent 5.80 Build 8213 , F-Secure Corporation. F-Secure Settings and Statistics 01
325F-Secure Management Agent0 10FSMA32.EXE1 00104F-Secure Antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products44http://www.f-secure.com/products/anti-virus/0
3 3fsp0  7fsp.exe1 00115Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents39http://www.baxbex.com/foldershield.html0
413f-secure 20060  9fspex.exe1 00 37F-Secure Anti-Virus automatic updater53http://www.f-secure.com/products/anti-virus/fsav2006/0
2 8FSScrCtl0 12FSScrCtl.exe1 00101Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver" 01
220Screen Saver Control0 12FSScrCtl.exe1 00151Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon 01
220Screen Saver Control0 12FSScrCtl.exe1 00 93Stardust Screen Saver Toolkit 2.1 2, 1, 0, 46, Stardust Software. Screen Saver Control applet 01
423F-Secure Startup Wizard0  8FSSW.EXE1 00 18F-Secure antivirus44http://www.f-secure.com/solutions/home.shtml0
423F-Secure Startup Wizard0 16FSSW.EXE /reboot2 00 89F-Secure Personal Express 5, 10, 0, 0, F-Secure Corporation. F-Secure PEX Start-up Wizard 01
4 7F-StopW0 11F-StopW.exe1 00 55F-Prot anti-virus background scanner by F-Risk Software21http://www.f-prot.com0
4 7F-StopW0 11F-StopW.EXE111HKEY_LM\Run0 75F-StopW NT/2000/XP 3.16, Frisk Software International. F-StopW Version 3.1639http://www.absolutestartup.com/startup/1
1 3FSW0  7FSW.exe1 00 26FreeScratchAndWin parasite54http://www.doxdesk.com/parasite/FreeScratchAndWin.html0
110SysDesktop0  9fswan.exe1 00 35Added by the Troj/QQPass-AF Trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpassaf.html0
110SysDesktop0 11fswanQQ.exe1 00 52Added by the Troj/QQSend-A password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojqqsenda.html0
311fswebserver0  8fsws.exe1 00174Easy_File_Sharing_Web_Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services.28http://www.sharing-file.com/0
115[Various Names]0  9ftbar.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
4 8GilatFTC0  7ftc.exe1 00120For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system 01
223faxtalk callcontrol 6.00 12FTClCtrl.EXE1 00176This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually 01
211CallControl0 12ftctrl32.exe1 00268FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows 01
316anycom bluetooth0 15ftflauncher.exe1 00 50Associated with an Anycom bluetooth wireless card. 01
1 6ftkcpy0 10ftkcpy.exe1 00 28FlashEnhancer adware variant60http://sarc.com/avcenter/venc/data/adware.flashenhancer.html0
312FTMSFLT(USB)0 12FTMSFLTU.EXE1 00 38Fujitsu's Touch Panel Message Notifier 01
218BMail Installation0 12FTP_back.exe1 00202Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not20http://www.imesh.com0
1 9MSFWAVTSM0 10FTPDev.exe1 00108Added by the W32/Rbot-ACF worm. This infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32rbotacf.html0
210ftpmanager0  8FTPDM.ex1 00300Robust_FTP is a Windows-based file transfer client application that transfers files between a user’s local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (With upload transfer resume and download transfer resume) - can be started manually.31http://www.robust.ws/ftpdm.html0
210ftpmanager0  9FTPDM.exe1 00298Robust FTP is a Windows-based file transfer client application that transfers files between a user’s local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume). Can be started manually31http://www.robust.ws/ftpdm.html0
1 9FTPGraber0 13FTPGraber.exe1 00 31Added by the DLOADER-DT TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderdt.html0
113kernel faults0 11ftphost.exe1 00 28Added by the  RBOT.BHU WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BHU&VSect=P0
123QoS RSVP accdes service0 16ftplanServer.exe1 00 43Added by the Troj/Feutel-U backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelu.html0
1 6irwftp0 10ftpmon.exe1 00103Added by a password stealing TROJAN, Troj/Bancban-BO.  This file is found in the Windows system folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbo.html0
3 8Ftpqueue0 12Ftpsched.exe1 00 80Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers40http://www.ipswitch.com/Products/WS_FTP/0
110FUS_Server0 13FTPServer.exe1 00 45Added by the Troj/Hupigon-RO backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhupigonro.html0
115ftp for windows0 12ftpwin32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
020%FP%012-L2TP fts.exe0  7fts.exe1 00 20012.Net ISP software 01
025%FP%1776 Internet fts.exe0  7fts.exe1 00 261776 Internet ISP software 01
020%FP%Barak013 fts.exe0  7fts.exe1 00 21Barak013 ISP software 01
020%FP%Friendly fts.exe0  7fts.exe1 00 60Friendly ISP software -  what does it do and is it required? 01
220%FP%Friendly fts.exe0  7fts.exe1 00 60Friendly ISP software -  what does it do and is it required? 01
220%FP%Friendly fts.exe0  7fts.exe1 00 56Friendly Products 1, 0, 0, 0, Friendly Technologies. fts 01
415FlexType 2K.lnk0 11FType2K.exe1 00 44A program used to write and read in Cyrillic 01
122WINDOWS FUCK BY CLASIC0  8fuck.exe1 00131Added by the W32/Zotob-H worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32zotobh.html0
1 5super0 10fuckbx.exe1 00 36added by the  Troj/Lineage-H TROJAN!58http://www.sophos.com/virusinfo/analyses/trojlineageh.html0
139find a cheaper pussy then this, fuck it0 10FUCKIT.EXE1 00151Added by the W32/SdBot-C backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32sdbotc.html0
121NTSF MICROSOFT SYSTEM0 10fufffy.exe1 00133Added by the W32/Rbot-AEL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotael.html0
1 7fugujml0 11fugujml.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Amq0  7Fuh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112fukerservice0 10fukerz.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7reg_key0 13FUKULAMER.exe1 00 28Added by the BEAGLE.AH WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ah@mm.html0
1 9ASDPLUGIN0 13fullgames.exe1 00 33Premium rate adult content dialer 01
113Microsoft DLL0 10fumeta.exe1 00132Added by the W32/Rbot-AUG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaug.html0
122Userinterface Reporter0 17fuuuucktttttt.exe1 00151Added by the  W32/Mytob-DK worm. When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.56http://www.sophos.com/virusinfo/analyses/w32mytobdk.html0
1 4fvek0  8fvek.exe1 00 34Added by the Troj/Drivol-A trojan.57http://www.sophos.com/virusinfo/analyses/trojdrivola.html0
425Find Virus Launch Program0 12fvlaunch.exe1 00 81Part of a target="_blank" href="http://www.drsolomon.com/"Dr. Solomon's Antivirus 01
119Norton Antivirus AV0 13FVProtect.exe1 00 71Added by the NETSKY.P WORM! Note - this is not the popular AV software!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.p@mm.html0
1 4fvxv0  8fvxv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8firewall0 10fw_304.exe1 00 34Added by the Troj/Bdoor-JQ Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorjq.html0
1 8fwabrjwe0 12fwabrjwe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
016hp 1000 firmware0  8fwdl.exe1 00 96HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)? 01
3 8UpdateFW0 11fwdload.exe1 00 98Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module? 7#FF00000
110FWDMON.EXE0 10fwdmon.exe1 00 42Added by the Troj/Proxy-S backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojproxys.html0
316fritz!webprotect0 12FwebProt.exe1 00 44Firewall included in FRITZ! ISP DSL software 01
4 9fwenc.exe0  9fwenc.exe1 00262a target="_blank" href="http://www.checkpoint.com/products/protect/vpn-1_srsc.html"Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers" 01
113fwin32 Loader0 10FWIN32.EXE1 00142Added by the W32/SdBot-GH worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotgh.html0
1 6fwjtos0 10fwjtos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116All Sea web link0 10FWLink.exe1 00 69Free screensaver, installs lots of foistware. See here. Get rid of it42, installs lots of foistware. See <a href=0
112msfirewall320 10FWMs32.exe1 00 40Added by the Troj/Proxy-AA proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxyaa.html0
025%FP%012-L2TP FWPortal.exe0 12FWPortal.exe1 00 20012.Net ISP software 01
030%FP%1776 Internet FWPortal.exe0 12FWPortal.exe1 00 261776 Internet ISP software 01
025%FP%Barak013 FWPortal.exe0 12FWPortal.exe1 00 21Barak013 ISP software 01
118Fwr Command Module0  7fwr.exe1 00 27Added by the SDBOT-PP WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotpp.html0
2 8fwrastrc0 12fwrastrc.exe1 00 65Dial-up software for Friendly Technologies/1NationOnLine free ISP 01
1 9fwservice0  9fwservice1 00 59eAcceleration Stop-Sign related - not recommended, see note60http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note0
215JeticoPFStartup0  9fwsrv.exe111HKEY_LM\Run0 64Jetico Personal Firewall 1.0.1.58, Jetico, Inc.. Firewall Server39http://www.absolutestartup.com/startup/1
1 7fwvyjpo0 11fwvyjpo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5fwypu0  9fwypu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7fxcxvmt0 11fxcxvmt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6fxkrdf0 10fxkrdf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 7fxredir0 11fxredir.exe1 00 30Canon MultiPASS fax redirector 01
129microsoft security controlers0 12fxsecues.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 9fxX3C3vdz0 13fxX3C3vdz.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7testest0  9fxxxh.exe1 00133Added by the W32/Sdbot-MK worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmk.html0
138{e04408db-4812-4478-8d4d-e46edcffd3b6}0 10fyhhxw.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{e04408db-4812-4478-8d4d-e46edcffd3b6}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
121NTSF Microsoft System0  9fylez.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7fyrmsfw0 11fyrmsfw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6qfqqza0  8fzqw.exe1 00153Added by the Troj/Sdbot-EL backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/trojsdbotel.html0
1 5g.exe0  5g.exe1 00 49Added by the Backdoor.Graybird.Q backdoor Trojan.80http://www.sarc.com/avcenter/venc/data/backdoor.graybird.q.html#technicaldetails0
113$Windows Time0 12G_Server.exe1 00 44Added by the Troj/Feutel-BI Trojan backdoor.58http://www.sophos.com/virusinfo/analyses/trojfeutelbi.html0
112g_server.exe0 12G_Server.exe1 00 35Added by the  TROJ/FEUTEL-C TROJAN!57http://www.sophos.com/virusinfo/analyses/trojfeutelc.html0
118Gray_Pigeon_Server0 12G_Server.exe1 00 51Added as a new service by the Troj/Feutel-C TROJAN.57http://www.sophos.com/virusinfo/analyses/trojfeutelc.html0
116GrayPigeonServer0 12G_Server.exe1 00 49Added by the Backdoor.Greybird.K trojan backdoor.80http://www.sarc.com/avcenter/venc/data/backdoor.greybird.k.html#technicaldetails0
1 8H_Server0 12G_Server.exe1 00 36Added by the Troj/GrayBird-W Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdw.html0
115Removale Sorage0 12G_Server.exe1 00 44Added by the Troj/Feutel-AT backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelat.html0
111windowslogo0 12G_Server.exe1 00147Added by the Troj/GrayBrd-F backdoor Trojan. This infection also installs the files c:\windows\system32\Plugin\ENLOG.DLL and c:\windows\tpighz.dat.58http://www.sophos.com/virusinfo/analyses/trojgraybrdf.html0
115g_server1.2.exe0 15G_Server1.2.exe1 00 29Added by the  Troj/GrayBird-Z59http://www.sophos.com/virusinfo/analyses/trojgraybirdz.html0
118Gray_Pigeon_Server0 15G_Server1.2.exe1 00 45Added by the Troj/GrayBrd-AP backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdap.html0
121Gray_Pigeon_Server2.00 15G_Server2.0.exe1 00 36Added by the Troj/GrayBird-O Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybirdo.html0
118Network Connection0 15G_Server2.0.exe1 00 45Added by the Troj/GrayBrd-BE backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbe.html0
1 8NewWords0 15G_Server2.0.exe1 00 44Added by the Troj/Feutel-AL backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelal.html0
113Plug and P1ay0 15G_Server2.0.exe1 00155Added by the Troj/Feutel-AW backdoor Trojan. This infection also creates the files C:\windows\ohadpl.dat, C:\Windows\psslor.dat, and C:\Windows\vikyik.dat.58http://www.sophos.com/virusinfo/analyses/trojfeutelaw.html0
112sysServer2.00 15G_Server2.0.exe1 00 35Added by the Troj/Feutel-AK Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelak.html0
116Workstation ADSL0 15G_Server2.0.exe1 00 45Added by the Troj/GrayBrd-AH backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdah.html0
1 3wto0 15G_Server2.0.exe1 00 45Added by the Troj/GrayBrd-BN backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdbn.html0
1 5G0mez0  9G0mez.vbs1 00 77Added by the VBS.Gormlez@mm infection! Found in the Windows system directory.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
118Gray_Pigeon_Server0 13G1_Server.exe1 00 44Added by the Troj/Feutel-CE backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelce.html0
3 8GoToMyPC0  9g2svc.exe1 00195ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser37https://www.gotomypc.com/ad/corp/home0
3 8GoToMyPC0 16g2svc.exe -logon2 00 59GoToMyPC 5.0 Build 370, Citrix Online. GoToMyPC Host Loader 01
2 6g3dctl0 10g3dctl.exe1 00  2?? 01
2 8BPServer0 12G6FTPSrv.exe1 00 22BulletProof FTP Server45http://www.bpftpserver.com/?page=home&lang=en0
4 4g7ps0  8G7PS.dll1 00 96Part of G7 Productivity   Systems.br /br /Uses CLSID: b{9EACF0FB-4FC7-436E-989B-3197142AD979}/b.20http://www.g7ps.com/0
115[Various Names]0 10gabber.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8gacvmegc0 12gacvmegc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110hpSdwxmark0  9Gaddw.exe1 00130Added by the W32/Sdbot-RB worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrb.html0
112GAELICUM.EXE0 12GAELICUM.EXE1 00 44Added by the Troj/Penta-A downloader trojan.56http://www.sophos.com/virusinfo/analyses/trojpentaa.html0
1 8gah95on60 12gah95on6.exe1 00 26ShopAtHome/SAHagent adware62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530760820
2 4Gaim0  8gaim.exe1 00239Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks. 01
1 8Trickler0 22gain_trickler_3202.exe1 00  6Adware 01
1 5adobe0  7gam.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 5clock0  8game.exe1 00 31Added by the W32/Jincop-A worm.56http://www.sophos.com/virusinfo/analyses/w32jincopa.html0
110MS-Connect0  8game.exe1 00 32Adult content dialler - see here49http://vil.mcafee.com/dispVirus.asp?virus_k=999720
1 5Win320  8Game.exe1 00 31Added by the  VBS.Scafene WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.scafene@mm.html0
1 5Win320 12Game.exe.vbs1 00 31Added by the  VBS.Scafene WORM!75http://securityresponse.symantec.com/avcenter/venc/data/vbs.scafene@mm.html0
215WT Game Channel0 15GameChannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
214WT GameChannel0 15GameChannel.exe1 00248WildTangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case64http://www.wildtangent.com/default.asp?pageID=webdriver_download0
115microsoft games0 15gamemanager.exe1 00 30Added by the  SPYBOT.AHQ WORM!87http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AHQ&VSect=P0
312gameutil.exe0 12gameutil.exe1 00192Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot 01
1 5gasrv0  9gaSrv.exe1 00 75Adware downloader,  identified by  Panda antivirus as Trojan.Downloader.ALQ45http://www.pandasoftware.com/home/default.asp0
1 6gaSrve0 10gaSrve.exe1 00 70Adware downloader, identified by Panda antivirus as Trj/Downloader.ALQ 01
1 5Gator0  9gator.exe1 00 43Spyware - see here for removal instructions41http://www.pchell.com/support/gator.shtml0
113Gator eWallet0  9gator.exe1 00 85Gator eWallet from The Gator Corporation. Spyware - see here for removal instructions27http://www.gator.com/about/0
111Gay_Sexy_**0 15Gay_Sexy_**.exe1 00 61Premium rate adult content dialler (where * is a random char) 01
1 9jidifedig0  9gba1t.exe1 00133Added by the A href="http://www.sophos.com/virusinfo/analyses/w32sdbotvb.html"W32/Sdbot-VB WORM!  Found in the Windows system folder. 01
1 4gbga0  8gbga.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6GoBack0 10GBMenu.exe1 00376Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
1 6Driver0  8gbot.exe1 00 31Added by the JUNTADOR.K TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K0
322GoBack Polling Service0 10GBPoll.exe1 00376Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
3 6GBTray0 10GBTray.exe1 00403System Tray icon access to Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
3 6GoBack0 10GBTray.exe1 00  051http://www.roxio.com/en/products/goback/index.jhtml0
316GoBack Tray Icon0 10GBTray.exe1 00403System Tray icon access to Roxio's (nee Adaptec)  GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users51http://www.roxio.com/en/products/goback/index.jhtml0
123Windows Console Monitor0 12gcasAV32.exe1 00 44Added by the W32/Kedebe-A mass mailing worm.56http://www.sophos.com/virusinfo/analyses/w32kedebea.html0
427MicrosoftAntiSpywareCleaner0 15gcASCleaner.exe1 00 75Part of the Microsoft AntiSpyware cleaning engine.  Should not be disabled. 01
310gcasDtServ0 14gcasDtServ.exe1 00 17Giant Antispyware49http://www.giantcompany.com/home-antiSpyware.aspx0
3 8gcasServ0 12gcasServ.exe1 00 17Giant Antispyware49http://www.giantcompany.com/home-antiSpyware.aspx0
3 8gcasServ0 12gcasServ.exe111HKEY_LM\Run0 91GIANT AntiSpyware Service 1.00.0346, GIANT Company Software inc.. GIANT AntiSpyware Service39http://www.absolutestartup.com/startup/1
427wireless-g notebook adapter0  7Gcc.exe1 00 41LinkSys Wireless-G Notebook Adapter diver 01
312GCC Reminder0 10gccrem.exe1 00 77Associated with AcraMax Greeting Card Creator. Is it a registration reminder?50http://www.arcamax.com/products/oem/ogccreator.htm0
1 6gcdatt0 10gcdatt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6gceorg0 10gceorg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7vmtuner0  9gclib.exe1 00 76Hijacker - detected by  Kaspersky antivirus as Trojan-Clicker.Win32.Small.fh36http://www.kaspersky.com/personalpro0
1 6gctmkb0 10gctmkb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7gctstwr0 11gctstwr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7sws.exe0 11gd-dial.exe1 00 67Component of the   "GlobalDialer" adult content premium rate dialer80http://securityresponse.symantec.com/avcenter/venc/data/dialer.globaldialer.html0
1 7gdien320 11gdien32.exe1 00 51Added by the Troj/Singu-P password-stealing trojan.56http://www.sophos.com/virusinfo/analyses/trojsingup.html0
3 9GDMgr.exe0  9gdmgr.exe1 00114Added by the Spyware.GuardMon monitoring software.  If this program was not installed by you it should be removed.60http://www.sarc.com/avcenter/venc/data/spyware.guardmon.html0
2 6GDrive0 11GDriver.exe1 00164Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start - Settings - Control Panel - System - Device Manager 01
333NETGEAR WG311T Wireless Assistant0 12Gear311T.exe125StartUp menu\Current user0 66NetgearRev Application 2, 36, 24, 5,  . NetgearRev MFC Application39http://www.absolutestartup.com/startup/1
012AS00_Gear5110 11gear511.exe1 00245Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. is it at all required? 01
2 7GEARsec0 11gearsec.exe1 00117Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player 01
1 7Windows0 11gearsec.exe1 00 12Added by the254W32/Stubbot-B worm. It c0
1 7systemr0  9gedit.exe1 00 53Added by the Troj/QQPopoa-A password-stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojqqpopoaa.html0
1 6GEDZAC0 10GEDZAC.exe1 00 24Added by the GEMEL WORM!62http://www.symantec.com/avcenter/venc/data/w32.hllw.gemel.html0
4 9GeekAlarm0 13GeekAlarm.exe1 00168GeekAlarm is a program that helps you take breaks from staring at your computer screen for too long.  This program is required to run in order for the alerts to appear.25http://www.geekalarm.com/0
2 8GemStRmW0 12GemStRmW.exe1 00116For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually 01
2 8gemstrmw0 15gemstrmw.exe /r2 00 45GetStarted! 3, 14, 0, 0, Gemplus. GSCardStart 01
1 8gencroot0 12gencroot.exe1 00 35Added by the Troj/HacDef-X rootkit.57http://www.sophos.com/virusinfo/analyses/trojhacdefx.html0
114general lptt010 11general.exe1 00187Variant of the  RapidBlaster parasite (in a &quot;General&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
114general ml097e0 11general.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
117Microsoft Netview0 11gesfm32.exe1 00 27Added by the RANDEX.C WORM!60http://www.symantec.com/avcenter/venc/data/w32.randex.c.html0
312ganonymouspe0 17GetAnonymousP.exe1 00105GetAnonymous will prevent any attempt of private information becoming observed by anyone on the internet.57http://www.privatenavigator.com/GetAnonymous/personal.asp0
218GetRight Tray Icon0 12GETRIGHT.EXE1 00264GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start - Programs 01
214Start GetRight0 12getright.exe1 00 68GetRight 5.2d, Headlight Software, Inc.. GetRight®  www.getright.com 01
214Start Getright0 12getright.exe1 00 22See Getright Tray Icon 01
320GetRight - Tray Icon0 12getright.exe122StartUp menu\All users0 67GetRight 5.1, Headlight Software, Inc.. GetRight®  www.getright.com39http://www.absolutestartup.com/startup/1
2 9Get Smile0 12getsmile.exe1 00 60Puts smilie faces in your E-mail. Run manually when required 01
1 6Mcsoft0 11gfeqzvq.exe1 00134Added by the W32/Sdbot-NV worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotnv.html0
1 8gfofctgp0 12gfofctgp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 83Dfx Acc0 10GFXACC.EXE1 00 23Added by the GIBE WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html0
2 9Gadu-Gadu0  6gg.exe1 00 40Polish language Instant Messaging client 01
110r_services0  6gg.exe1 00 34Added by the Troj/Radnag-A trojan.57http://www.sophos.com/virusinfo/analyses/trojradnaga.html0
2 9Gadu-Gadu0 12gg.exe /tray2 00 69Gadu-Gadu 7, 0, 0, 22, Gadu-Gadu Sp. z oo. Gadu-Gadu - program glowny 01
1 7stratas0  9ggfig.exe1 00 28Added by the  OPANKI.W WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPANKI.W&VSect=P0
1 6bdfger0 10gggasw.exe1 00130Added by the W32/Sdbot-RT worm. When started, this infection will connect to a remote IRC server and wait for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotrt.html0
1 8gggyjqmw0 12gggyjqmw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7vmtuner0  9gglib.exe1 00 35Added by the Troj/QLowZon-D Trojan.58http://www.sophos.com/virusinfo/analyses/trojqlowzond.html0
114google toolbar0 10ggtb32.exe1 00 45Added by the W32/Agobot-RR WORM/iRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32agobotrr.html0
1 8Jfwehnrt0 11GHGFJRS.EXE1 00121Added by the W32/Sdbot-IJ worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotij.html0
1 7Sys_Run0  9ghost.exe1 00132Added by the Troj/Lineage-N password stealing trojan.  This infection attempts to steal the player information for the game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineagen.html0
217GhostStartService0 21GhostStartService.exe1 00136Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard50http://www.symantec.com/sabu/ghost/ghost_personal/0
217GhostStartTrayApp0 21GhostStartTrayApp.exe1 00 64System Tray access to Norton Ghost - added from the 2003 version50http://www.symantec.com/sabu/ghost/ghost_personal/0
3 9GhostSurf0 13GhostSurf.exe122StartUp menu\All users0 96Tenebril Super-Application Architecture 0.10, Tenebril Incorporated. Architecture launch vehicle39http://www.absolutestartup.com/startup/1
216Norton Ghost 9.00 13GhostTray.exe1 00 66Norton Ghost tray icon - the application can be launched manually.50http://www.symantec.com/sabu/ghost/ghost_personal/0
1 4gifa0  8gifa.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110ImagViewer0 15GifAnimator.exe1 00 30Added by the W32/USKAF-A worm.55http://www.sophos.com/virusinfo/analyses/w32uskafa.html0
111gigabit.exe0 11gigabit.exe1 00 27Added by the BEAGLE.U WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.u@mm.html0
1 7Cheatle0 12GigaByte.exe1 00 27Added by the SHODI.B VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.b.html0
110gimmygames0 14gimmygames.exe1 00 47Added by the Troj/Drsmartl-I downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojdrsmartli.html0
138{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}0 12ginuerep.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
0 8GisdnLog0 12gisdnlog.exe1 00 21BT Digital Access USB43http://www.bt.com/homehighway/more_info.htm0
1 8uteyilix0 12givohise.exe1 00139http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.am.html"Backdoor.Sdbot.AM Backdoor infection!  Found in the Windows system directory. 01
1 6gknarl0 10gknarl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4gkus0  8gkus.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
316Popup Terminator0 15GLADManager.exe1 00 32Popup Terminator - pop-up killer52http://www.gleanersoft.com/popupterminator/info.html0
3 7Glass2k0 11Glass2k.exe1 00 91Glass2k is a small little program that allows Win2K/XP users to make any window transparent42http://www.chime.tv/products/glass2k.shtml0
110[not used]0  7gld.exe1 00 46Added by the Backdoor.Zagaban backdoor Trojan.77http://www.sarc.com/avcenter/venc/data/backdoor.zagaban.html#technicaldetails0
1 8spyblocs0  8GLFF.exe1 00 27Rogue anti-spyware program.59http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm0
4 5Glide0 12Glidew32.exe1 00 22Cirque touchpad driver45http://www.cirque.com/products/touchpads.html0
3 6Glonim0 10Glonim.exe111HKEY_CU\Run0 71Glonim 1.4.1.0, Gregory Maynard-Hoare. Glonim Animation/Wallpaper Patch39http://www.absolutestartup.com/startup/1
0 9Miniphone0 12glophone.exe1 00257VoiceGlo Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - is it required in startup?24http://www.voiceglo.com/0
1 4glou0  8glou.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 5gluon0  9gluon.exe1 00 28In a gluon/bin sub-directory 01
1 3glv0  7glv.exe1 00 36Added by the Troj/Dloader-NG trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderng.html0
1 6gmoqst0 10gmoqst.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 6Gmouse0 10Gmouse.exe1 00 78Amouse mouse driver - required if you use non-standard Windows driver features 01
1 5gsads0  8gms2.exe1 00 43PacerD_Media/Pacimedia.com adware component55http://www.benedelman.org/spyware/installations/pacerd/0
1 8GStartup0  7GMT.exe1 00 33Gator spyware variant. See  Gator 6#Gator0
1 8GStartup0 16GMT.exe /startup222StartUp menu\All users0 47GAIN 7.1.0.6, GAIN Publishing. GAIN Application39http://www.absolutestartup.com/startup/1
135Microsoft Internet Firewall Manager0  9GMT16.exe1 00 28Added by the RANDEX.AT WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.at.html0
3 8Gnetmous0 12gnetmous.exe1 00 89Genius NetScroll+ mouse driver - required if you use non-standard Windows driver features56http://www.geniusnet.com.tw/product/mouse/netscroll+.htm0
1 5gngxi0  9gngxi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Gekio Startups0 12gnksvc32.exe1 00142Added by the W32/Agobot-PE network worm.  When started this infection connects to an IRC server where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotpe.html0
338{0228e555-4f9c-4e35-a3ec-b109a192b4c2}0 11gnotify.exe1 00 66Google Gmail_notifier. Alerts you when you have new Gmail messages39http://toolbar.google.com/gmail-helper/0
1 6gnsinl0 10gnsinl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 4gnub0  8gnub.exe1 00  2?? 01
1 4gnvv0  8gnvv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
126Go!Zilla Monster Downloads0  6Go.exe1 00101Download manager for resuming downloads and choosing multiple download locations. Advertising spyware 01
127microsoft intrenet explorer0  8goaw.pif1 00 26Added by the  W32/Rbot-API56http://www.sophos.com/virusinfo/analyses/w32rbotapi.html0
114OutlookExpress0  9goawv.exe1 00144Added by the W32/Rbot-CC trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotcc.html0
1 5VANTI0  7God.sys1 00 35Added by the Troj/Hackvan-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojhackvana.html0
1 3GOG0  7GOG.exe1 00 28Added by the PHILIS.B VIRUS!78http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.philis.b.html0
112RUNGogoTools0 14GoGoLaunch.exe1 00 37Added by the Adware.GoGoTools adware.60http://www.sarc.com/avcenter/venc/data/adware.gogotools.html0
1 5goidr0  9goidr.exe1 00 12Goidr adware61http://www.symantec.com/avcenter/venc/data/spyware.goidr.html0
1 6google0 10google.exe1 00132Added by the W32/Rbot-AMW worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamw.html0
124google Intrenet Explorer0 10google.pif1 00133Added by the W32/Rbot-ARA worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotara.html0
214GoogleDCClient0 13GoogleDCC.exe1 00366a target="_blank" href="http://toolbar.google.com/dc/faq_dc.html#about1"Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing" 01
221Google Desktop Search0 17GoogleDesktop.exe1 00344Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"36http://desktop.google.com/about.html0
221Google Desktop Search0 26GoogleDesktop.exe /startup2 00  0 01
221Google Desktop Search0 26GoogleDesktop.exe /startup211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
219google earth viewer0 14GOOGLEMAPS.EXE1 00141Google_Earth  "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips."24http://earth.google.com/0
310googletalk0 14googletalk.exe1 00142Google_Talk "enables you to call or send instant messages to your friends for free–anytime, anywhere in the world".  Can be launched manually.27http://www.google.com/talk/0
314&Google Search0 32GoogleToolbar2.dll/cmsearch.html1 00  0 01
126Run Google Web Accelerator0 22GoogleWebAccWarden.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 8goot.exe0  8goot.exe1 00146Added by the Troj/Bifrose-C backdoor Trojan.  This infection also installs the files C:\Windows\system32\god.sys and c:\windows\system32\ranx.dll.58http://www.sophos.com/virusinfo/analyses/trojbifrosec.html0
114WINDOWS SYSTEM0 11gothica.exe1 00133Added by the W32/Mytob-HU worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobhu.html0
1 7Command0  9Gotit.exe1 00 24Added by the TITOG WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.titog.worm.html0
1 9gotsmiley0 13GotSmiley.exe1 00 46Gator GotSmiley - adware based, also see  here42http://www.doxdesk.com/parasite/Gator.html0
1 8Go!Zilla0 11gozilla.exe1 00101Download manager for resuming downloads and choosing multiple download locations. Advertising spyware 01
1 6gpwfoi0 10gpwfoi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8gqgqqger0 12gqgeqegl.exe1 00153Added by the W32/Sdbot-CLJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotclj.html0
110[not used]0  9gr33n.exe1 00134Added by the W32/Sdbot-ZP worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotzp.html0
2 3GRA0  7gra.exe1 00329Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag&nbsp;and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility 01
2 3GCS0 16GrabClipSave.exe1 00 32GrabClipSave screen capture tool44http://www.boumchalak.net/Tools/GCS/gcs.html0
121DarkDevil.Grasiele.BR0 12Grasiele.VBS1 00 25Added by the LEMBRA WORM!74http://securityresponse.symantec.com/avcenter/venc/data/vbs.lembra@mm.html0
0 8GrdSys320 12GrdSys32.exe1 00160X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand? 01
1 6HELPER0 13greece_nm.exe1 00 49AsdPlug premium rate adult content dialer variant58http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html0
0 9AliUSBfix0 11GREENMK.exe1 00 59May be realted to a USB 2.0 PCI card - the IOgear GIC220OU? 01
1 5552780 15grepclient1.exe1 00 81Added by the Troj/Lineage-S password-stealing trojan for the online game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineages.html0
1 3Grm0  7Grm.exe1 00 89Added by the Backdoor.Grm infection.  This infection listens for connections on port 761456http://www.sarc.com/avcenter/venc/data/backdoor.grm.html0
2 8Grokster0 12Grokster.exe1 00 42Grokster Peer-To-Peer File Sharing program49http://www.pestpatrol.com/PestInfo/G/Grokster.asp0
2 7GrpConv0 11grpconv.exe1 00253To facilitate the upgrade from Windows 3.1 to Win95/98, an executable file named GRPCONV.EXE is included with Win95/98. This file provides the translation of groups and group items to folders and links unless you need to access Win 3.1 Group files&nbsp; 01
113Virtual CD v60 11grplscd.exe1 00132Added by the W32/Rbot-AXV worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaxv.html0
1 8Debugger0 12grpmnt32.exe1 00 36Added by the Troj/Dloader-WT Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwt.html0
110gcsxgsqfss0 11grwfsrs.exe1 00128Added by the W32/Sdbot-WZ worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotwz.html0
331Gravis Xperience Driver Support0 12Grxp4exe.exe1 00211Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used22http://www.gravis.com/0
115win usb support0 10grxsrv.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 5Gscbc0  9Gscbc.exe1 00  2?? 01
1 8DOGStart0 11GSDOGST.EXE1 00 88Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS 01
1 6Pigeon0 12GServer2.exe1 00 45Added by the Troj/GrayBrd-AK backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdak.html0
1 6zzgshp0  8gshp.vbs1 00 65Homepage hi-jacker that re-defines your IE or Netscape start page 01
2 9Gsiconexe0 10Gsicon.exe1 00252ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities42http://www.eicon.com/worldwide/default.htm0
2 9GSICONEXE0 10GSICON.EXE111HKEY_LM\Run0 56BT Voyager ADSL Modem 3.1.1, BT, Inc.. DSL Modem Monitor39http://www.absolutestartup.com/startup/1
1 7GMedia20  8GSM2.exe1 00 74Malware downloader - detected by Kaspersky antivirus as Trojan.Win32.VB.ux 01
3 8gsma.bat0  8gsma.bat122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
1 2g30 12GSMedia3.exe1 00 75Malware downloader - detected by  Kaspersky antivirus as Trojan.Win32.VB.ux36http://www.kaspersky.com/personalpro0
1 7GMedia20 12GSMedia3.exe1 00 74Malware downloader - detected by Kaspersky antivirus as Trojan.Win32.VB.ux 01
211GSOrganizer0 15GSOrganizer.exe1 00 54GoldenSection Organizer - personal information manager33http://www.tgslabs.com/index.php30
0 8gsifinal0 11gspndll.dll1 00 71USB DSL modem related - [what does it do and is it required in startup? 01
111VideoDriver0 12gspotbot.exe1 00 29Added by the SPIGOT.C TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spigot.c.html0
1 9gssomatic0 13gssomatic.exe1 00 22Searchcentrix hijacker54http://www.pestpatrol.com/pestinfo/s/searchcentrix.asp0
1 3gsv0  7gsv.exe1 00 39Added by the ROBAL 1.0 backdoor TROJAN! 01
1 5ccApp0 10gsw332.exe1 00 77Added by VBS/Speery-A, a WORM! It will be found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/vbsspeerya.html0
1 5ccApp0 14gsw332.exe.vbs1 00 77Added by VBS/Speery-A, a WORM! It will be found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/vbsspeerya.html0
312GazelDisplay0  9gsyno.exe1 00 64BT Digital Access USB - Gazel ISDN installation System Tray icon43http://www.bt.com/homehighway/more_info.htm0
2 9GotSmiley0 22GSYUpdater.exe /update211HKEY_LM\Run0 59GotSmiley 1.0.1.5, GAIN Publishing, Inc.. GotSmiley Updater39http://www.absolutestartup.com/startup/1
129Microsoft Windows WKS Service0  6gt.exe1 00152Added by the W32/Sdbot-AJ backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotaj.html0
115[random number]0  9gtask.exe1 00 88Added by the Troj/LegMir-AX password-stealing Trojan for the online game Legend of Mir..58http://www.sophos.com/virusinfo/analyses/trojlegmirax.html0
1 3Kbf0  7Gtn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 7Gtwatch0 11gtwatch.exe1 00 49Associated with a Mustec scanner and not required 01
3 5guard0  9Guard.exe1 00101Related to Phoenix_Technologies Core Managed Environment (cME) Integration and Certification program.23http://www.phoenix.com/0
111kernel32dll0 11guardpc.exe1 00 28Added by the FORBOT-CU WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcu.html0
1 8guarnset0 12guarnset.exe1 00 14Adlogix adware54http://sarc.com/avcenter/venc/data/adware.adlogix.html0
1 6gufimn0 10gufimn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
020Startup Launcher GUI0  7GUI.exe1 00 16Startup manager? 01
3 9EasyTuneV0  7GUI.exe1 00 99A utility installed by Gigabyte motherboard software that allows you to tweak settings in the bios. 01
218WinTOTAL Scheduler0  8guru.exe1 00 47WinTOTAL Real estate appraisal software related 01
3 7GuruNet0 11GuruNet.exe1 00 90GuruNet lets you click on any word on your screen to get the relevant information you want37http://www.gurunet.com/what_tools.jsp0
3 7VGAUtil0  9G-VGA.exe1 00111Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical) 01
3 7VGAUtil0  9G-VGA.exe111HKEY_LM\Run0 51Menu Application 1, 0, 0, 1, . Menu MFC Application39http://www.absolutestartup.com/startup/1
1 5gwcrx0  9gwcrx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4gwhm0  8gwhm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
323Multi-function Keyboard0 12GWHotKey.exe1 00103Gateway Multi-function Keyboard Utility 6.5, BillP Studios. Multi-function Keyboard   By Bill Pytlovany 01
323Multi-function keyboard0 12GWHotkey.exe1 00161Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc) 01
212GWInkMonitor0 16GWInkMonitor.exe1 00120Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some! 01
2 8GWMDMMSG0 12GWMDMMSG.exe1 00158Used with internal modems on Gateway and vprMatrix PCs. This is the &quot;GTW modem messaging applet&quot; and is not required for the modem to work correctly 01
3 7GWMDMpi0 11GWMDMpi.exe1 00183Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information153http://support0
210SourcePath0  9gwreg.exe1 00 91Used to update Gateway registry settings for System Restoration Kit and Web update programs 01
218Greetings Workshop0 12GWREMIND.EXE1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
237Microsoft Greetings Workshop Reminder0 12Gwremind.exe1 00 85You really want to be reminded about somebody's birthday at the expense of resources? 01
3 4gwum0  8gwum.exe1 00183Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system &quot;tweakers&quot; 01
110fGQEGqHOME0 10gwwgtp.exe1 00 28Added by the RANKY.J TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.j.html0
1 8gwxeqgfc0 12gwxeqgfc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9vmcleaner0  9gxlib.exe1 00 34Added by the Troj/Small-HS Trojan.57http://www.sophos.com/virusinfo/analyses/trojsmallhs.html0
1 7gywecwq0 11gywecwq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 3gyy0  7gyy.exe1 00 47Possibly Gator (and therefore spyware) related? 7#FF00000
1 1H0  5H.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113[random name]0  8H00D.EXE1 00 32Added by the W32/Randon-AB worm.57http://www.sophos.com/virusinfo/analyses/w32randonab.html0
114WINDOWS SYSTEM0  6h3.exe1 00135Added by the W32.Mytob.EP@mm worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ep@mm.html#technicaldetails0
120h4te service drivers0  8h4te.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8haaeapmv0 12haaeapmv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116hachimitsu-lemon0 20hachimitsu-lemon.exe1 00127Added by the Trojan.Hachilem trojan.  This trojan steals email addresses and registers them at porn sites without notification.76http://www.sarc.com/avcenter/venc/data/trojan.hachilem.html#technicaldetails0
1 3pms0 17Hacker.com.cn.exe1 00 44Added by the Troj/Feutel-CJ backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelcj.html0
1 9Messenger0 10Hacker.exe1 00 48Added by the Trojan.Esteems.E keylogging Trojan.77http://www.sarc.com/avcenter/venc/data/trojan.esteems.e.html#technicaldetails0
117Messenger Service0 10hacker.exe1 00 47Added by the Troj/PcClient-M keylogging Trojan.59http://www.sophos.com/virusinfo/analyses/trojpcclientm.html0
316unhackme monitor0 11hackmon.exe1 00107UnHackMe allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits".34http://www.softaward.com/9275.html0
231Ultra Hal Assistant 4.5 Startup0 11HalAsst.exe1 00138Zabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion34http://www.zabaware.com/assistant/0
112yeahdude.exe0 13hallowelt.exe1 00 42Added by the GAOBOT.RS or GAOBOT.SA WORMS!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.rs.html0
112Hardware Mon0 10halmon.exe1 00 42Added by the Troj/Theef-N backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojtheefn.html0
313HaMFrontPanel0 12hampanel.exe1 00190Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless 01
1 6haotia0 10haotia.exe1 00 88Added by the Troj/QQRob-AY Trojan.  This infection also creates the file %Temp%8fv9.dll.57http://www.sophos.com/virusinfo/analyses/trojqqrobay.html0
1 6winter0  9happy.exe1 00132Added by the W32/Sdbot-YF worm. When started this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotyf.html0
3 4Hare0  8hare.exe1 00 61Hare - improve and optimize performance of desktop/laptop PCs51http://www.foxpop.ndirect.co.uk/pc/dachshund_03.htm0
323Snelkoppeling naar Hare0  8Hare.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
324HawkEye IV Control Panel0 11HAWK_32.EXE1 00140Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -&gt; Programs 01
324HawkEye IV Control Panel0 11HAWK_32.EXE125StartUp menu\Current user0 90HawkEye(TM) 4.00.0000, Number Nine Visual Technology Corp.. HawkEye(TM) Control Panel File39http://www.absolutestartup.com/startup/1
3 7HawkEye0 11HAWK_95.EXE1 00140Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -&gt; Programs 01
316Handy Backup 3.90 11hbagent.exe1 00139Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers27http://www.handybackup.com/0
316Handy Backup 4.00 18hbagent.exe -logon211HKEY_CU\Run0 67Handy Backup 4.0 Agent 1, 0, 0, 1, Novosoft. Handy Backup 4.0 Agent39http://www.absolutestartup.com/startup/1
1 6Hbinst0 10Hbinst.exe1 00292Hotbar enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see here22http://www.hotbar.com/0
1 6Hotbar0 10Hbinst.exe1 00  022http://www.hotbar.com/0
122WINDOWS SYSTEM DNSPOOL0 10hbmail.exe1 00135Added by the W32.Mytob.FW@mm worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.fw@mm.html#technicaldetails0
1 6Hotbar0 13HbOEAddOn.exe1 00 27Added by the Hotbar adware.57http://www.sarc.com/avcenter/venc/data/adware.hotbar.html0
4 7HbTools0 14HbtOEAddOn.exe111HKEY_LM\Run0 34Hobar 4.6.2.1460, Hotbar.com Inc..39http://www.absolutestartup.com/startup/1
313WeatherOnTray0 20HbtWeatherOnTray.exe111HKEY_LM\Run0 34Hobar 4.6.2.1460, Hotbar.com Inc..39http://www.absolutestartup.com/startup/1
211HC Reminder0  6hc.exe1 00101For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed 01
2 8HCDetect0 12HCDetect.exe1 00335MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem 01
3 5tgcmd0 38hcenter.exe /starthidden /tgcmdwrapper211HKEY_LM\Run0 44Help Center 6,1,35,0, BellSouth. Help Center39http://www.absolutestartup.com/startup/1
1 6hcfcxg0 10hcfcxg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112hclean32.exe0 12hclean32.exe1 00133TROJAN downloader/installer! - assumed to be associated with Wareout, malware masquerading as a spyware and dialer remover, see  here44http://www.doxdesk.com/parasite/WareOut.html0
2 5spc_w0  7hcm.exe1 00 22NetZero Search related 01
3 8Hcontrol0 12hcontrol.exe1 00 73Hotkeys on an ASUS Notebook. Only required if you use the additional keys 01
3 8Hcontrol0 12Hcontrol.exe111HKEY_LM\Run0 33ATK0100 1043, 3, 2, 1, . HControl39http://www.absolutestartup.com/startup/1
312HiberMonitor0 10HCount.exe1 00  2?? 01
344High Definition Audio Property Page Shortcut0 12HDAShCut.exe111HKEY_LM\Run0139Microsoft® Windows® Operating System 5.10.01.5013, Windows (R) Server 2003 DDK provider. High Definition Audio Property Page Shortcut v1.0a39http://www.absolutestartup.com/startup/1
244High Definition Audio Property Page Shortcut0 21HDAudPropShortcut.exe1 00139Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required 01
244High Definition Audio Property Page Shortcut0 21HDAudPropShortcut.exe111HKEY_LM\Run0138Microsoft® Windows® Operating System 5.10.00.5010, Windows (R) Server 2003 DDK provider. High Definition Audio Property Page Shortcut v1.039http://www.absolutestartup.com/startup/1
121Hard drive Controller0 16hdcontroller.exe1 00 30Added by the W32.Kiman.B worm.72http://www.sarc.com/avcenter/venc/data/w32.kiman.b.html#technicaldetails0
213rsd_hddthermo0 19HDD Thermometer.exe2 00 64Related to  RSD_Software  hard disk temperature monitoring tool.23http://www.rsdsoft.com/0
3 9HDDHealth0 13hddhealth.exe1 00199HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure"27http://www.panterasoft.com/0
3 9HDDHealth0 17HDDHealth.exe -wl211HKEY_CU\Run0 172.1, PANTERASoft.39http://www.absolutestartup.com/startup/1
3 7hddlife0 11HDDlife.exe1 00117HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks.23http://www.hddlife.com/0
3 7HDDlife0 14HDDlifePro.exe1 00 63HDDlife 2, 5, 0, 74, BinarySense, Ltd.. HDDlife executable file 01
315HDD temperature0 18HDDTemperature.exe125StartUp menu\Current user0 79HDD Temperature Pro 1.4.0.206, PalickSoft. HDD Temperature main executable file39http://www.absolutestartup.com/startup/1
214Icon Animation0  7HDE.EXE1 00 86Part of McAfee Nuts &amp; Bolts. Provides entertaining animation of your desktop icons 01
315HDInspector.exe0 15HDInspector.exe111HKEY_LM\Run0 67Hard Drive Inspector 1, 3, 844, 0, Altrixsoft. Hard Drive Inspector39http://www.absolutestartup.com/startup/1
118HP Service Drivers0  9hdsys.exe1 00133Added by the W32/Sdbot-ZE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotze.html0
2 6HDtray0 10HDtray.exe1 00150Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start - Settings - Control Panel159http://www.con0
1 8sxvcAQam0 10hdvcxa.exe1 00134Added by the W32/Sdbot-DL worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdl.html0
2 8Head.txt0  8Head.txt125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 6Head240 10Head24.exe1 00 49Added by the W32/Sdbot-AUS worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotaus.html0
214Icon Hearit 950 12hearit95.exe1 00 75Audio desktop customization utility from Moon Valley Software. Resource hog 01
214Icon Hearit 980 12hearit98.exe1 00 75Audio desktop customization utility from Moon Valley Software. Resource hog 01
1 7Loaders0  8HeIp.exe1 00134Added by the W32/Sdbot-ADB worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotadb.html0
1 7Loaders0  8HeIp.pif1 00133Added by the W32/Sdbot-ACS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacs.html0
2 9PicasaNet0  9Hello.exe1 00130Hello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs30http://www.hello.com/index.php0
2 9PicasaNet0 12Hello.exe -b2 00 41Hello! 1, 0, 0, 651, Picasa, Inc.. Hello! 01
3 8HelloNet0 12HelloNet.exe111HKEY_CU\Run0 41HelloNet 2, 2, 0, 1, HelloNet. ADSL Shell39http://www.absolutestartup.com/startup/1
3 6ISHelp0  8help.exe1 00138Added by the Spyware.ISpy keystroke logger and screenshot capture.  If you did not install this on your machine then you should remove it.56http://www.sarc.com/avcenter/venc/data/spyware.ispy.html0
111MS Scandisk0  8Help.exe1 00 42Added by the Backdoor.AntiLam.20 backdoor.63http://www.sarc.com/avcenter/venc/data/backdoor.antilam.20.html0
122Remote Help Connection0  8Help.exe1 00 35Added by the Troj/Feutel-BD Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelbd.html0
219Windows Help System0  8Help.pif1 00  2?? 01
1 4help0  8help.scr1 00 54Added by the Troj/Banker-BIR password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankerbir.html0
111helpctl.exe0 11helpctl.exe1 00 28Added by the GASLIDE TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html0
110helper.dll0 20helper.dll, Rundll322 00 52CnsMin &quot;Chinese Keywords&quot; hijacker related42http://217.115.153.73/parasite/CnsMin.html0
112winlogon.exe0 10helper.exe1 00 36Added by the  Troj/Fakespy-A TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakespya.html0
111HelpExp.exe0 11HelpExp.exe1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
2 4Help0 11helpext.exe1 00  2?? 01
1 5helpw0  9helpw.exe1 00 17Adware downloader 01
1 8Driverab0  8helz.exe1 00 12Added by the236W32/Rbot-ABH trojan ba0
1 9heomstool0 13heomstool.exe1 00 68Added by the Trojan.Heoms Korean-based information gathering Trojan.73http://www.sarc.com/avcenter/venc/data/trojan.heoms.html#technicaldetails0
323Internet History Eraser0 11HERASER.exe1 00 54Internet History Eraser - deletes your browsing tracks49http://www.internet-history-eraser.com/index.html0
1 4heru0  8heru.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9wzservice0  8hess.exe1 00 31Added by the HACKARMY.W TROJAN! 01
3 2Hf0  6Hf.exe1 00 58Hide Folders - hide your folders so only you can view them24http://www.fspro.net/hf/0
3 6hffsrv0 10hffsrv.exe1 00202Hide_Files_&_Folders is a password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching.33http://www.softstack.com/hff.html0
111HF Security0 12hfsecure.exe1 00133Added by the W32/Agobot-TI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotti.html0
3 4hfxp0  8hfxp.exe1 00 61Hide Folders XP - hide your folders so only you can view them26http://www.fspro.net/hfxp/0
1 8hfyxuakw0 12hfyxuakw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118meeting connection0 12hgakdl32.exe1 00140Looks like a variant of the  Troj/PPdoor-E TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.57http://www.sophos.com/virusinfo/analyses/trojppdoore.html0
223Colorific Control Panel0 12Hgcctl95.exe1 00146From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor 01
220Matrox Color Control0 12hgcctl95.exe1 00 55For Matrox video cards. Quick access to changing colors 01
1 9hgqhp.exe0  9hgqhp.exe1 00 39Added by the Trojan.Flush.F DNS Trojan.75http://www.sarc.com/avcenter/venc/data/trojan.flush.f.html#technicaldetails0
1 7huigezi0 13HgzServer.exe1 00 31Added by the GRAYBIRD.C TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.c.html0
1 7msagent0  8hhnt.exe1 00 35Added by the  TSPY_AGENT.JI spyware83http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_AGENT.JI0
116HTML Help System0  7hhs.pif1 00132Added by the W32/Rbot-ATB worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatb.html0
118HTML32 Help System0  9hhs32.pif1 00133Added by the W32/Rbot-ATE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute..56http://www.sophos.com/virusinfo/analyses/w32rbotate.html0
1 3Dna0  7Hhv.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6hhxglp0 10hhxglp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311Hibernation0  9hib32.exe1 00202Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly 01
411Hibernation0 11hibserv.exe1 00 71Used compaq laptops to manage the power management hibernation feature. 01
127Working Network Connections0  9hicom.exe1 00151Added by the Trojan.Chimo.A  Trojan.  This file is installed as a service with the service name TY164.  The file is found in the Windows system folder.92http://securityresponse.symantec.com/avcenter/venc/data/trojan.chimo.a.html#technicaldetails0
1 7Hid.exe0  7hid.exe1 00 29Added by the RATSOU.B TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html0
110[not used]0 12hidedown.exe1 00 45Added by the Troj/Leodon-B trojan downloader.57http://www.sophos.com/virusinfo/analyses/trojleodonb.html0
1 5hiden0  9hiden.exe1 00 30Added by the  AGENT-IW TROJAN!57http://www.sophos.com/virusinfo/analyses/trojagentiw.html0
3 6HideOE0 10HideOE.exe1 00 80HideOE - allows you to 'hide'  Outlook Express or minimize it to the sytem tray.95http://www.r2.com.au/software.php?page=2&show=hideoe&PHPSESSID=2256bb0c52a103fac2bd9a885f0ca7870
1 4cpyt0  9hidep.exe1 00 35Added by the Troj/Mirjack-A trojan.58http://www.sophos.com/virusinfo/analyses/trojmirjacka.html0
111HideRun.exe0 38Hiderun.exe and svhost.exe and pro.gif2 00 25Added by the BOOHOO WORM!76http://securityresponse.symantec.com/avcenter/venc/data/bat.boohoo.worm.html0
1 9drvsyskit0  8hidr.exe1 00 36Added by the W32.Beagle.DZ P2P worm.74http://www.sarc.com/avcenter/venc/data/w32.beagle.dz.html#technicaldetails0
3 7hidserv0 11hidserv.exe1 00597This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards53http://www.microsoft.com/hwdev/tech/input/audctrl.asp0
110Search.vbs0  8Hijacker1 00  0 01
323hijackthis startup scan0 14HijackThis.exe1 00659HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you always should consult with knowledgable folks before deleting anything.  Required if you'd like Hijack This to run a scan at startup,  and show the results when new items are found (if so,  check the appropriate box in the "Config" section")47http://www.download.com/3000-8022-10227353.html0
1 8HijSrv320 10hijsrv.exe1 00 54Added by the Troj/Bankgerm-D password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankgermd.html0
1 8BT0000320 14hiklmnop27.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000330 14hiklmnop27.exe1 00  054http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
1 8BT0000340 14hiklmnop27.exe1 00 31Added by the Troj/VB-VT Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbvt.html0
114Memory manager0 11himem32.exe1 00 35Added by the Troj/MancSyn-C Trojan.58http://www.sophos.com/virusinfo/analyses/trojmancsync.html0
1 5load=0  8hint.exe1 00 23Added by the ATAK WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html0
319Petit Larousse 20010 17HIPL2000Popup.exe1 00 21Popup dictionary tool 01
211HistoryKill0 12histkill.exe1 00197HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start - Programs 01
211HistoryKill0 21histkill.exe /startup2 00 77HistoryKill 2003.01.0001, SwankSoft Technologies. HistoryKill privacy utility 01
1 9Diskstart0  7hit.exe1 00 21Adult content dialler 01
1 4hitq0  8HitQ.exe1 00 42Hijacker, for more information  Click_Here78http://www.talkaboutshareware.com/group/alt.comp.freeware/messages/289755.html0
313HitwarePKLite0 12HITWAR~1.EXE1 00 25Hitware Popup Killer Lite55http://www.rightutilities.com/products/hitware_lite.htm0
1 3HIV0  7HIV.exe1 00 25Added by the HIVA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.hiva.html0
1 8hjujemfi0 12hjujemfi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5hjvew0  9hjvew.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 2hk0  6hk.exe1 00 91KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself!68http://www.symantec.com/avcenter/venc/data/spyware.keyloggerexp.html0
313Hook99startup0  9hk2re.exe1 00313Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent47http://thunder.prohosting.com/~ladi/e_hook.html0
3 5hkcmd0  9hkcmd.exe1 00248Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via the Display Properties in Control Panel 01
311HotKeysCmds0  9hkcmd.exe1 00243Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via Control Panel - Display Properties 01
311HotKeysCmds0  9hkcmd.exe111HKEY_LM\Run0 74Intel(R) Common User Interface 7.0.0.4020, Intel Corporation. hkcmd Module39http://www.absolutestartup.com/startup/1
1 7windows0  8hkey.exe1 00 29Added by the GAOBOT.AFW WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afw.html0
1 7hkniqbd0 11hkniqbd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6hkserv0 10HKserv.exe1 00121Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS 01
310hkserv.exe0 10HKserv.exe1 00121Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS 01
3 4hkss0  8hkss.exe1 00 51Compaq HotKey Support - multimedia keyboard support 01
1 5hkvma0  9hkvma.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110hlhtxo.exe0 10hlhtxo.exe1 00 34Added by the  QLOWZONES-27 TROJAN!43http://vil.nai.com/vil/content/v_135291.htm0
1 7hlhvmth0 11hlhvmth.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112hlinstaller10 16hlinstaller1.exe1 00 62Identified by  Kasperksy_Labs as Trojan.Win32.SecondThought.aa25http://www.kaspersky.com/0
1 6hlkgbg0 10hlkgbg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118HLL Data Parameter0 11hllcxpa.exe1 00 27Added by the RBOT.AFG WORM!96http://es.trendmicro-europe.com/smb/security_info/virus_encyclopedia.php?s=1&VName=WORM_RBOT.AFG0
118auto__hloader__key0 15hloader_exe.exe1 00108Added by the Troj/BagleDl-W Trojan.  This infection also creates the following file %System%hloader_dll.dll.58http://www.sophos.com/virusinfo/analyses/trojbagledlw.html0
1 4down0  9hlp32.exe1 00 37Added by the  TROJ_DLOADER.BG TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?Vname=TROJ_DLOADER.BG0
1 9hlcleanup0 12hlsetup2.exe1 00 37LinkReplacer/FFinder adware component54http://vil.mcafeesecurity.com/vil/content/v_134892.htm0
1 4hmby0  8hmby.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115HMI PowerSystem0 12hmisvc32.exe1 00 51Added by the W32/Sdbot-WB Worm/IRC backdoor Trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwb.html0
115HML PowerSource0 12hmlsvc32.exe1 00 12Added by the38W32/Sdbot-XL WORM/IRC backdoor trojan!0
112HPl Services0 12hmlsvc32.exe1 00128Added by the W32/Agobot-SI worm.  When started, this infection connects to an IRC where it waits for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotsi.html0
324Hardware Sensors Monitor0 12hmonitor.exe1 00181Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems 01
3 8Hmonitor0 12Hmonitor.exe1 00110Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status 01
115HMV PowerSource0 12hmusvc32.exe1 00121Added by the W32/Sdbot-YW worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyw.html0
1 4hmvy0  8hmvy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5hmwbr0  9hmwbr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4hmxx0  8hmxx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9Sync Data0 11Hndsync.exe1 00123a target="_blank" href="http://www.pocketrealestate.com/PREWireless.asp"Pocket Real Estate - mobile synchronization manager 01
114Hekio Startups0 12Hnksvc32.exe1 00 42Added by the W32/Agobot-QE  TROJAN & WORM.57http://www.sophos.com/virusinfo/analyses/w32agobotqe.html0
112ho2stdll.exe0 12ho2stdll.exe1 00 53Added by the Troj/Banker-HO password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerho.html0
1 8hogxegrn0 12hogxegrn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214Holiday Lights0 18Holiday Lights.exe2 00116Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start - Programs37http://www.tigertech.com/hlights.html0
112hoi services0 12holsvc32.exe1 00 33Added by the  W32/AGOBOT-SF WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotsf.html0
112HOl Services0 12holsvc32.exe1 00 32Added by the W32/Agobot-SF worm.57http://www.sophos.com/virusinfo/analyses/w32agobotsf.html0
3 9HomeAlarm0 13HomeAlarm.exe1 00 47Chameleon Clock - system tray clock replacement30http://www.softshape.com/cham/0
116homeland network0 19HomelandNetwork.exe1 00 63Homeland_Network Notifier - Pops ads, see their  privacy_policy41http://www.homelandnetwork.com/index.html0
322Register Homesite+.exe0 24Homesite+.exe /REGSERVER217HKEY_LM\RunOnceEx0 45HomeSite6 6.0.0.0, Macromedia, Inc.. HomeSite39http://www.absolutestartup.com/startup/1
3 5Honor0  9honor.exe1 00  2?? 01
117Intel system tool0 12hookdump.exe1 00 56Identified as Trojan.Win32.TopAntiSpyware.m by Kapersky. 01
3 7HookSys0 11HookSys.exe1 00118SurfinGuard Pro - protects against all malicious code delivered through executables, scripting files, ActiveX and Java51http://www.rocketdownload.com/details/secu/6889.htm0
312HookUpFinder0 16hookupfinder.Exe111HKEY_LM\Run0 49HookUpFinder 2.00, Futurecast Media. HookUpFinder39http://www.absolutestartup.com/startup/1
1 4host0  8host.exe1 00 45Added by the Troj/GrayBrd-AR backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojgraybrdar.html0
120Windows Host Service0  8host.exe1 00 12Added by the104W32/Kelvi0
114Windows Update0 10host32.exe1 00 26Added by the RBOT-GU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotgu.html0
112ControlPanel0 44host32.exe internat.dll, LoadKeyboardProfile2 00 41Added by a vairant of the DELF.DW TROJAN!106http://it0
1 9servicing0  9hostd.exe1 00 29Added by the  SDBOT.BUI WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BUI&VSect=P0
111hostdll.exe0 11hostdll.exe1 00 59The Troj/Banker-BO TROJAN will add this to steal passwords.58http://www.sophos.com/virusinfo/analyses/trojbankerbo.html0
114WINTASKMANAGER0 13hostdrvXP.exe1 00 12Added by the38W32/Mytob-AX WORM/IRC backdoor trojan!0
111Hostren.exe0 11Hostren.exe1 00 59Added by PWS.BANKER.F,  a variant of the  BANKER-BO TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankerbo.html0
113Windows Hosts0  9hosts.exe1 00 34Added by the Troj/Kelvir-O TROJAN!57http://www.sophos.com/virusinfo/analyses/trojkelviro.html0
1 8hostserv0 12hostserv.exe1 00134Added by the W32/Rbot-AIH  worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaih.html0
122Windows Host32 Starter0 12hostserv.exe1 00 12Added by the38W32/Sdbot-WU WORM/IRC backdoor trojan!0
112HostSVC syse0 11HostSVC.exe1 00142Added by the W32/Rbot-ANZ worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotanz.html0
119Windows Host Device0 11hostsvc.exe1 00 26Added by the ZOOTY-A WORM!55http://www.sophos.com/virusinfo/analyses/w32zootya.html0
1 7WINTASK0  7hot.exe1 00 49Added by the WORM_MYTOB.NM worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ENM&VSect=T0
1 6hot_br0 10Hot_br.exe1 00 12Added by the56Dial/Dialer-G TROJAN, found in the Program Files folder.0
1 8Hot_Kiss0 12Hot_Kiss.exe1 00 21Adult content dialler 01
1 9Hot_Tarts0 13Hot_Tarts.exe1 00 21Adult content dialler 01
112Hot_Tarts_**0 16Hot_Tarts_**.exe1 00 60Premium rate adult content dialer (where * is a random char) 01
112hot_tarts_au0 16Hot_Tarts_Au.exe1 00 34Premium rate adult content dialler 01
112hot_tarts_mc0 16Hot_Tarts_mc.exe1 00 47Wink/HotTarts premium rate adult content dialer41http://www.doxdesk.com/parasite/Wink.html0
112Hot_Tarts_nz0 16Hot_Tarts_nz.exe1 00 36Added by the Dial/MPB-A porn dialer.54http://www.sophos.com/virusinfo/analyses/dialmpba.html0
112HotAction_hr0 16hotaction_hr.exe1 00 41Added by the Dial/SiteIcon-B porn Dialer.59http://www.sophos.com/virusinfo/analyses/dialsiteiconb.html0
311Hot Corners0  8Hotc.exe1 00124Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"37http://www.southbaypc.com/HotCorners/0
2 6PLFFAP0 18HotfixQ0306270.exe1 00177Used by various key-chain USB drive's software for detecting and syncing the usb drive when inserted or retained. The flash drive works either way and the resources are minimal. 01
3 8HOTFOON20 18hotfoon4[1].exe /h211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 6HotIDE0 10hotide.exe1 00101HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks 01
4 5load=0 10hotkey.exe1 00 58Solo 5300 display driver for Win2K on some Gateway laptops 01
3 9HotkeyApp0 13HotkeyApp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
110CPQHotKeys0 13hotkeysvc.exe1 00139Added by the W32/Rbot-XA WORM, which allows exploitation by a remote attacker over IRC channels.  It is found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotxa.html0
212Hot Party 220 13hotpart22.exe1 00  2?? 01
1 6HotPix0 10hotpix.exe1 00 21Adult content dialler 01
1 7hotplug0 11hotplug.exe1 00 28Added by the SILLYDL TROJAN!63http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=395740
111hotsurprise0 15HotSurprise.exe1 00 33Premium rate adult content dialer 01
215HotSync Manager0 11hotsync.exe1 00171Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing.  Available via Start - Programs 01
315HotSync Manager0 11HOTSYNC.EXE1 00 64HotSync® Manager 3.1.1, Palm, Inc.. HotSync® Manager Application 01
315HotSync Manager0 11HOTSYNC.EXE125StartUp menu\Current user0 78HotSync® Manager, Palm Desktop 4.1.0, Palm, Inc.. HotSync® Manager Application39http://www.absolutestartup.com/startup/1
215HotSync Manager0 18Hotsync.exe -logon2 00  0 01
218eFax.com Tray Menu0 11HotTray.exe1 00136eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start - Programs. Disabling instructions available here34http://www.efax.com/help/index.asp0
212j2 Tray Menu0 11HotTray.exe1 00136eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start - Programs. Disabling instructions available here34http://www.efax.com/help/index.asp0
110hotwetlove0 14hotwetlove.exe1 00 82Adult content dialler. Will not uninstall - components have to be manually deleted 01
3 9HoverDesk0 13HoverDesk.exe1 00 40HoverDesk - desktop replacement software25http://www.hoverdesk.net/0
1860000 - C:\Documents and Settings\Owner\Start Menu\Programs\hp deskjet 960c series v3.20 27hp deskjet 960c series v3.2215HKEY_LM\RunOnce0  039http://www.absolutestartup.com/startup/1
411HPLJ Config0 47HP LaserJet 1300 -pn "" -n 0 -l 1033 -sl 1200002 00 77SetConfig Application 2, 0, 0, 0, Hewlett-Packard Inc.. SetConfig Application 01
311hptvnow.exe0  9HP TV Now2 00164Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) - user's choice! 01
219hpWirelessAssistant0 25HP Wireless Assistant.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
319hpwirelessassistant0 25HP Wireless Assistant.exe2 00227The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices. 01
110HP Deskjet0 18HP_DeskJet_500.exe1 00 28Added by the FORBOT-DA WORM!60http://www.sophos.com.au/virusinfo/analyses/w32forbotda.html0
312HPLogiFinder0 13hp_finder.exe1 00118HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used 01
020Main Executable (HP)0 12HP05T0R5.exe1 00 79HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do? 01
1 3Bgi0  7Hpb.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 3Bgi0  7Hpb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
316HP Status Server0 10hpboid.exe1 00  2?? 01
313TomcatStartup0 12hpbpsttp.exe111HKEY_LM\Run0 66Hewlett-Packard ProxyStop3 2, 0, 0, 3, Hewlett-Packard. ProxyStop339http://www.absolutestartup.com/startup/1
413TomcatStartup0 12hpbpsttp.exe1 00254Apache Tomcat web server, part of HP LaserJet "Printer Tools" software. The Apache Tomcat server is required for the HP Toolbox software to run, as well as scanning across the network when using HP multifunction devices like the Laserjet 3015 All-in-One. 01
417TomcatStartup 2.50 12hpbpsttp.exe1 00  0 01
212HP CD Writer0 12hpcdtray.exe1 00 80System Tray access to a HP CD-Writer's functions. Available via Start - Programs 01
2 9HP CD-DVD0 12hpcdtray.exe1 00 80System Tray access to a HP CD-Writer's functions. Available via Start - Programs 01
220HP Component Manager0 12hpcmpmgr.exe1 00194Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended" 01
1 7wXEAbxb0 11hpcpttp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214HP Simple Trax0 10Hpcron.exe1 00139Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -&gt; Programs or Desktop Icon 01
219HP Display Settings0 12hpdisply.exe1 00131Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message 01
219HP Display Settings0 15hpdisply.exe /s211HKEY_LM\Run0 73Hewlett-Packard HpDisplay Settings 1, 11, 0, 0, Hewlett-Packard. hpdisply39http://www.absolutestartup.com/startup/1
2 8DJREGFIX0 14hpdjregfix.reg1 00265DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers 01
1 4HPNT0  9hpdll.exe1 00 63Unknown adware. Found in the C:\Program Files\hpdll\ directory. 01
111000hpdllhos0 13hpdllhost.exe1 00 26LZIO.com adware downloader51http://www.spywareguide.com/product_show.php?id=8530
118windows hp drivers0 10hpdmws.exe1 00 23Added by the  SDBOT.AQU86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AQU&VSect=T0
1 8hpdriver0 12hpdriver.sys1 00134Added by the W32/Tilebot-AI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotai.html0
2 41:000  9hpdrv.exe1 00 69HP utility for monitoring when and how many recoveries have been done 01
2 4run=0  8hpfsched1 00218HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature 01
2 8hpfsched0 12hpfsched.exe1 00  0 01
2 8hpgs2wnd0 12hpgs2wnd.exe1 00167&quot;HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites.&quot; Available via Start -&gt; Programs66http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm0
229Share-to-Web Namespace Daemon0 12hpgs2wnd.exe1 00263HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites. In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start - Programs66http://www.hp.com/peripherals2/scanjet_info/share-to-web/index.htm0
229Share-to-Web Namespace Daemon0 12hpgs2wnd.exe111HKEY_LM\Run0 60Hewlett-Packard hpgs2wnd 2,4,0,26, Hewlett-Packard. hpgs2wnd39http://www.absolutestartup.com/startup/1
3 8Hpha1mon0 12Hpha1mon.exe1 00142Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature. 01
3 8HPHAxMON0 12HPHAxMON.EXE1 00321Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon** (where ** is the version number) from version 4 onwards 01
3 8HPHmon**0 12HPHMON**.EXE1 00324Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don't use the reader 01
3 8hphmon030 12hphmon03.exe1 00 80Related to the Hewlett-Packard Photosmart's configuration and diagnostics module 01
3 8HPHmon030 12hphmon03.exe111HKEY_LM\Run0 47hp photosmart 3,4,13, Hewlett-Packard. HPHa3mon39http://www.absolutestartup.com/startup/1
3 8HPHmon040 12hphmon04.exe1 00141Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature 01
3 8HPHmon050 12hphmon05.exe111HKEY_LM\Run0 46HP Photosmart 5,1,7, Hewlett-Packard. HPHmon0539http://www.absolutestartup.com/startup/1
2 8HPHmon060 12HPHMON06.EXE1 00107Related to the Hewlett Packard software HP Photosmart software that is bundled with many of their printers. 01
3 8HPHmon060 12hphmon06.exe111HKEY_LM\Run0 47HP Photosmart 6,0,72, Hewlett-Packard. HPHmon0639http://www.absolutestartup.com/startup/1
1 6Hphome0  9hphome.js1 00 17Homepage hijacker 01
310PreloadApp0 11hphprld.exe1 00 26HP Printer driver related? 01
2 5setup0 25hphprld.exe ....setup.exe2 00 56HP DeskJet Setup - printers function normally without it 01
3 8HPHUPD**0 12hphupd**.exe1 00112HP software update checker and wizard launcher. ** represents the version number. Available via Start - Programs 01
2 8hphupd040 12hphupd04.exe1 00 89HP Photosmart software update checker and wizard launcher. Available via Start - Programs 01
3 8HPHUPD040 12hphupd04.exe111HKEY_LM\Run0 47hp photosmart 4,2,41, Hewlett-Packard. HPHupd0439http://www.absolutestartup.com/startup/1
3 8HPHUPD050 12hphupd05.exe111HKEY_LM\Run0 46HP Photosmart 5,1,7, Hewlett-Packard. HPHupd0539http://www.absolutestartup.com/startup/1
0 8HPHUPD060 12hphupd06.exe1 00 70Part of the Hewlett Packard printer drivers. Is this necessary to run? 01
3 8HPHUPD060 12hphupd06.exe111HKEY_LM\Run0 47HP Photosmart 6,0,72, Hewlett-Packard. HPHupd0639http://www.absolutestartup.com/startup/1
2 5CXMon0 15Hpi_Monitor.exe1 00132Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start - Programs 01
2 5CXMon0 15Hpi_Monitor.exe111HKEY_LM\Run0 83HP PhotoSmart Software 3.9.0.0, Hewlett-Packard Company. Device Monitor Application39http://www.absolutestartup.com/startup/1
312zzz-hpi-boot0 12hpi-boot.exe1 00 38Associated with HP Photosmart printers 01
314HP IDScheduler0 12HPIDSCHD.exe1 00 29HP Instant Delivery Scheduler 01
3 5exmon0 14hpimoniter.exe1 00 71Some kind of hp digital camera maybe or a photo smart connection probe? 01
215HP JetDiscovery0 12HPJETDSC.EXE1 00 74HP JetAdmin software which monitors printing jobs on a network environment 01
428JetAdmin Discovery Indicator0 12HPJETDSC.EXE1 00264HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator 01
310hpjsiroute0 11hpjsira.exe1 00122Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2" 01
4 6HpLamp0 10HPLAMP.EXE1 00123HP Scanner Utility that controls your scanner’s light bulb. Needed if it's switched on. Also refer here for troubleshooting94http://www.hp.com/cgi-bin/cposupport/get_doc.pl?SNI=hpscanjet320506&LC=scanners&Tfile=nps050420
3 7hplampc0 11hplampc.exe1 00 76HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off 01
123Hewlett Packard Manager0 13hpmanager.exe1 00133Added by the W32/Mytob-ET worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobet.html0
217HP Precision Scan0 12hpmdlbwx.exe1 00 89HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required 01
3 7HpMmKbd0 11HpMmKbd.exe1 00119HP’s multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard 01
4 3hpn0  7hpn.sys1 00 46NetRAID-4M Miniport driver added by Microsoft. 01
325HP Network Registry Agent0  9hpnra.exe1 00  2?? 01
016VDI Manager (HP)0 13HPO0VDX05.exe1 00 52HP (Hewlett-Packard) related. Now - what does it do? 01
338HPAiODevice(hp officejet v series) - 10 33hpoant07.exe -DeviceID 1119130605222StartUp menu\All users0 86hp officejet v series A.14.04.06, Hewlett-Packard Co.. HP OfficeJet COM Device Objects39http://www.absolutestartup.com/startup/1
334HPAiODevice(hp officejet g series)0 12hpoavn07.exe1 00105HP Printer related,  reportedly lets file transfers from an HP device pass files through Windows firewall 01
318hp psc 2000 Series0 12hpobnz08.exe1 00119System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start 01
233HPAiODevice(hp psc 900 series) -10 12hpobrt07.exe1 00172Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry 01
2 8hpodblia0 12hpodblia.exe1 00114HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually 01
211hpaiodevice0 12hpodev07.exe1 00466Direct from HP - &quot;Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when &quot;portable&quot; is chosen during installation)&quot;. Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to &quot;hpodir07.exe&quot; works just fine if you need to use the scanner 01
2 8hpodlb080 12hpodlb08.exe1 00114HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually 01
220HPAIO_PrintFolderMgr0 12hpoopm07.exe1 00381Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner 01
014officejet 61000 12hposol08.exe1 00 66Associated with a HP PSC2110 (and maybe others) all-in-one machine 01
314officejet 61000 12hposol08.exe122StartUp menu\All users0111hp digital imaging - hp all-in-one series 002.000.000.169, Hewlett-Packard Co.. HP OfficeJet COM Device Objects39http://www.absolutestartup.com/startup/1
331HP OfficeJet Series xxx Startup0 12HPOSTR03.EXE1 00 47xxx represents the series number - such as 700. 01
331HP OfficeJet Series xxx Startup0 12HPOstr05.exe1 00 47xxx represents the series number - such as 700. 01
315DeviceDiscovery0 12hpotdd01.exe1 00237Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" 01
315DeviceDiscovery0 12hpotdd01.exe1 00 62Hewlett-Packard hpotdd01 1, 0, 0, 1, Hewlett-Packard. hpotdd01 01
412hpotdd01.exe0 12hpotdd01.exe1 00237Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems" 01
314HP AutoIndexer0 18hppautoindexer.exe1 00181Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup 01
321HP Laser Jet Director0 15hppdirector.exe1 00200System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc 01
116hp photo manager0 18HPPhotoManager.exe1 00 29Added by the  SDBOT.AXU WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AXU&VSect=T0
3 5hpppt0 15hpppt.exe /ICON211HKEY_LM\Run0112HP ScanJet Parallel Port Test Utility 1, 0, 1, 0, Hewlett-Packard Company. HP ScanJet Parallel Port Test Utility39http://www.absolutestartup.com/startup/1
4 6hpppta0 10HPPPTA.exe1 00 44HP parallel port driver for certain hardware 01
122Win USB 2.0 USB Driver0 11HPPrint.exe1 00 29Added by the SPYBOT.DNB WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dnb.html0
120HP32X Printer driver0 14hpprintdrv.sys1 00 44Added by the Troj/Haxdoor-AU rootkit Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorau.html0
1 8hpprintx0 12hpprintx.dll1 00 36Added by the Troj/Haxdoor-AU Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorau.html0
2 8HPPROPTY0 12HPPROPTY.EXE1 00 19HP LaserJet Toolbox104http://h20
315HP SchedIndexer0 19hppschedindexer.exe1 00181Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup 01
315HP SchedIndexer0 19hppschedindexer.exe111HKEY_LM\Run0 74HP LaserJet 3300 1, 0, 12, 222, Hewlett-Packard. HP LaserJet 3300 Software39http://www.absolutestartup.com/startup/1
221HP Parallel Port Test0  8hppt.exe1 00 36Associated with a HP ScanJet scanner 01
3 8HPPWRSAV0 12HPPWRSAV.EXE1 00282Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch17http://www.hp.com0
010CamMonitor0 11hpqcmon.exe1 00 38From HP and related to digital imaging 01
0 7hpqcmon0 11hpqcmon.exe1 00 38From HP and related to digital imaging 01
410CamMonitor0 11hpqcmon.exe111HKEY_LM\Run0 56HpqCmon Application 2.0.0.133, . HpqCmon MFC Application39http://www.absolutestartup.com/startup/1
224hp image zone fast start0 12hpqthb08.exe1 00194Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time 01
224HP Image Zone Fast Start0 15hpqthb08.exe -s2 00 93hp digital imaging - hp all-in-one series 053.000.013.000, Hewlett-Packard Co.. HP Image Zone 01
324HP Image Zone Fast Start0 15hpqthb08.exe -s222StartUp menu\All users0 93hp digital imaging - hp all-in-one series 045.004.157.000, Hewlett-Packard Co.. HP Image Zone39http://www.absolutestartup.com/startup/1
226HP Digital Imaging Monitor0 12hpqtra08.exe1 00106hp digital imaging - hp all-in-one series 053.000.013.000, Hewlett-Packard Co.. HP Digital Imaging Monitor 01
226hp digital imaging monitor0 12hpqtra08.exe1 00 65HP digital imaging monitor;  can apparently be launched manually. 01
326HP Digital Imaging Monitor0 12hpqtra08.exe122StartUp menu\All users0106hp digital imaging - hp all-in-one series 045.004.157.000, Hewlett-Packard Co.. HP Digital Imaging Monitor39http://www.absolutestartup.com/startup/1
312HP ScanPatch0 13HPScanFix.exe1 00197Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting 01
122IPOT USB Service DRV320 12hpsebc08.exe1 00134Added by the W32/Sdbot-WH WORM/IRC backdoor Trojan, it also drops a file named msdirectx.sys in the folder it was originally run from.56http://www.sophos.com/virusinfo/analyses/w32sdbotwh.html0
123IPOT USB Service DRIVER0 13hpsebc087.exe1 00111A Sdbot Trojan variant will add this file, and also another detected as Troj/NtRootK-F, the file msdirectx.sys.56http://www.sophos.com/virusinfo/analyses/w32sdbotwa.html0
1 9HpPrinter0 12HPSERVER.EXE1 00 43Added by Troj/CmjSpy-T , a backdoor TROJAN!57http://www.sophos.com/virusinfo/analyses/trojcmjspyt.html0
2 8hpsjbmgr0 12hpsjbmgr.exe1 00242HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment 01
313HPSCANMonitor0 11hpsjvxd.exe1 00106HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner 01
214HP ScanPicture0 12hpsplmwa.exe1 00 89HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required 01
017hp Silent Service0 11HpSrvUI.exe1 00 10HP related 01
417hp Silent Service0 11HpSrvUI.exe111HKEY_LM\Run0 69hp Service Application 1, 0, 0, 3, Hewlett-Packard Co.. hp UI Service39http://www.absolutestartup.com/startup/1
2 7HPStart0 11hpstart.wsf1 00147This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot 01
2 9HP Status0 12hpstatus.exe1 00 28HP Printer Status and Alerts 01
124SyBot v2.1 By Sky-Dancer0  8HPSV.exe1 00 30Added by the W32.Zotob.I worm.72http://www.sarc.com/avcenter/venc/data/w32.zotob.i.html#technicaldetails0
110hp service0  9hpsys.exe1 00198Added by the W32/Codbot-AF worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer. This will also create the file %Temp%terminate.bat.57http://www.sophos.com/virusinfo/analyses/w32codbotaf.html0
2 8hpsysdrv0 12hpsysdrv.exe111HKEY_LM\Run0 54hpsysdrv 1, 7, 0, 0, Hewlett-Packard Company. hpsysdrv39http://www.absolutestartup.com/startup/1
3 8hpsysdrv0 12hpsysdrv.exe1 00 54hpsysdrv 1, 7, 0, 0, Hewlett-Packard Company. hpsysdrv 01
3 8hpsysdrv0 12hpsysdrv.exe1 00606This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working 01
216Display Settings0 11hptasks.exe1 00 98Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers 01
216Display Settings0 14hptasks.exe /s2 00 75Hewlett-Packard HP Notebook Utilities 1, 14, 0, 3, Hewlett-Packard. hptasks 01
316HP Tray Icon WMI0 14HPTrayIcon.exe111HKEY_LM\Run0 85hp toptools for desktops 5.6, Hewlett-Packard Co.. hp toptools for WMI Implementation39http://www.absolutestartup.com/startup/1
3 9HP TV Now0 11hptvnow.exe1 00164Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) - user's choice! 01
0 7cetihpz0 12hpuiprot.dll1 00 25Installed by HP Printers. 01
017HP Visualize Init0 12HpVisIni.exe1 00 30HP Visualize software related. 01
2 5load=0 10HPWHRC.EXE1 00 61Loads the Status Window software for the HP Laserjet printers 01
115Win Drivers SSL0  8hpws.exe1 00 38Added by the  WIN32/IRCBOT.67098 WORM!70http://info.ahnlab.com/securityinfo/virus_view_eng_new.jsp?SEQ_NO=20850
117Win Drivers SSL320 13hpwsnnsbc.exe1 00 68Added by the W32/Sdbot-VG WORM!  Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32sdbotvg.html0
211HPWebUpdate0 11hpwucli.exe115HKEY_CU\RunOnce0 80HP Software Update Client 3, 0, 4, 2, Hewlett-Packard. HP Software Update Client39http://www.absolutestartup.com/startup/1
218HP software update0 12HPWuSchd.exe1 00 85HP software updates. If a shortcut doesn't exist, create your own and run it manually 01
318HP Software Update0 12HPWuSchd.exe111HKEY_LM\Run0 62Hewlett-Packard hpwuSchd 1, 0, 0, 3, Hewlett-Packard. hpwuSchd39http://www.absolutestartup.com/startup/1
218HP software update0 13HPWuSchd2.exe1 00 84HP software updates. If a shortcut doesn't exist create your own and run it manually 01
318HP Software Update0 13HPWuSchd2.exe111HKEY_LM\Run0113hp digital imaging - hp all-in-one series 050.000.146.000, Hewlett-Packard Co.. Hewlett-Packard Product Assistant39http://www.absolutestartup.com/startup/1
416pml driver hpz120 12HPZipm12.exe1 00 93Used by HP Printer/Scanner/Copier printers to prevent Windows from entering hibernation mode. 01
2 7HPZTS040 11hpzts04.exe1 00 72Hewlett Packard printer toolbox shortcut that resides in the system tray 01
114Windows Update0 12hpztsb02.exe1 00 33Added by the Troj/Bancd-C Trojan.56http://www.sophos.com/virusinfo/analyses/trojbancdc.html0
320HPDJ Taskbar Utility0 12hpztsb04.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
320HPDJ Taskbar Utility0 12hpztsb05.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
220HPDJ Taskbar Utility0 12hpztsb06.exe1 00 99Hewlett Packard utility installed with HP Deskjet printers to do maintenance tasks and diagnostics. 01
220HPDJ Taskbar Utility0 12hpztsb07.exe1 00131This program will add a system tray icon to your taskbar that will assist in diagnosing problems with your Hewlett Packard printer. 01
320HPDJ Taskbar Utility0 12hpztsb07.exe111HKEY_LM\Run0 25HP DeskJet 2,140,0,0, HP.39http://www.absolutestartup.com/startup/1
320HPDJ Taskbar Utility0 12hpztsb08.exe111HKEY_LM\Run0 25HP DeskJet 2,223,0,0, HP.39http://www.absolutestartup.com/startup/1
220HPDJ Taskbar Utility0 12hpztsb09.exe1 00 99Hewlett Packard utility installed with HP Deskjet printers to do maintenance tasks and diagnostics. 01
320HPDJ Taskbar Utility0 12hpztsb09.exe111HKEY_LM\Run0 25HP DeskJet 2.245.1.0, HP.39http://www.absolutestartup.com/startup/1
320HPDJ Taskbar Utility0 12hpztsb10.exe111HKEY_LM\Run0 25HP DeskJet 2.323.0.0, HP.39http://www.absolutestartup.com/startup/1
320HPDJ Taskbar Utility0 12hpztsbol.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
320HPDJ Taskbar Utility0 12hpztsd02.exe1 00361(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer57http://home.t-online.de/home/Martin.Lottermoser/pcl3.html0
112HQI Services0 12hqisvc32.exe1 00 12Added by the32W32/Agobot-RO WORM/IRC backdoor!0
112HQI Services0 12hqlsvc32.exe1 00 12Added by the39W32/Agobot-RP WORM/IRC backdoor trojan!0
1 7MSTasks0  9hqybe.exe1 00 40Added by the Troj/Ranck-DS proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojranckds.html0
3 2HR0  6Hr.exe1 00173Added by the Spyware.HiddenRecorder spyware.  This programs periodically takes screenshots of your activity.  If you did not install this program, then it should be removed.66http://www.sarc.com/avcenter/venc/data/spyware.hiddenrecorder.html0
1 7Hrn_qtv0 12hrnsvc32.exe1 00133Added by the W32/Sdbot-AET worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotaet.html0
1 6hrxbgf0 10hrxbgf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7hsouvtt0 11hsouvtt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 9Live Menu0 37HsPfcW32.dll,JSPFCWSetHooking,1,0,0,01 00107eFax Messenger Plus (tm) 3.0.0.0, j2 Global Communications, Inc.. eFax Messenger Plus - DLL Command Utility 01
1 5hssvc0  9hssvc.exe1 00 55Added by the SecurityRisk.HubSafe information gatherer.64http://www.sarc.com/avcenter/venc/data/securityrisk.hubsafe.html0
3 9megapanel0 11HSTrans.exe1 00 72Added by the Homescan Internet Transporter - part of  ACNielson_Homescan53http://www2.acnielsen.com/products/cps_homescan.shtml0
128Remote Administrator Service0 12HSTSVC32.EXE1 00 43Added by the Troj/Remadm-M backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojremadmm.html0
013HsuGuiControl0 17HsuGuiControl.exe1 00 67Part of the Starband Internet satellite client.  Is this necessary? 01
1 7hsxgtjs0 11hsxgtjs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110WinUpdatea0  8hta1.hta111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 12htmlsync.exe1 00 44Added by the Troj/Chorus-A browser hijacker.57http://www.sophos.com/virusinfo/analyses/trojchorusa.html0
3 7HTpatch0 11htpatch.exe1 00197HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6% 01
1 6htproc0 12htproc32.dll1 00106Identified as a variant of the Trojan.Psw.Lineage.Sk password-stealing Trojan for the online game Lineage. 01
1 8htrvrscx0 12htrvrscx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117Internet Explorer0  8http.exe1 00606Added as part of a new potential CWS infection.  This program is part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge.Br /br /bThese files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information.  It should be deleted immediately and you should enable your firewall./bbr /br /The shttps directory should be removed in its entirety from safe mode and then you should contact your financial services and report the issue and have passwords changed. 01
116Microsoft Status0  8http.exe1 00132Added by the W32/Rbot-AML worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaml.html0
1 9https-ssl0  9https.exe1 00 26Added by the MOEGA.D WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.d.html0
1 5htwmn0  9htwmn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6huhdir0 10huhdir.exe1 00  2?? 01
3 8voowsmcr0 10huhdir.exe1 00  0 01
1 6huhukp0 10huhukp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7huuaohh0 11huuaohh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5myhuy0  7huy.exe1 00 32Added by the W32/Blaster-C worm.57http://www.sophos.com/virusinfo/analyses/w32blasterc.html0
1 5myhuy0  8huy2.exe1 00 32Added by the W32/Blaster-L worm.57http://www.sophos.com/virusinfo/analyses/w32blasterl.html0
1 8huySosat0 12huysosat.exe1 00 42Added by the Troj/Mdrop-RG dropper Trojan.57http://www.sophos.com/virusinfo/analyses/trojmdroprg.html0
1 4Hvid0  8Hvid.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
221Cryptographic Service0  9hvohv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
121Hardware Clock Driver0 11HWCLOCK.EXE1 00 12Added by the79W32/Hwbot-A WORM/IRC backdoor as a new service, it's servicename being Hwclock.0
1 8hwdetect0 12hwdetect.exe1 00 35Added by the Troj/MancSyn-B Trojan.58http://www.sophos.com/virusinfo/analyses/trojmancsynb.html0
315Hardware Doctor0 12Hwdoctor.exe1 00247Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems 01
1 4hwhw0  8hwhw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7HWINFO*0  7HWINFO*1 00 55Added by the  PUROL WORM! where * is a random character75http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.purol.html0
1 3hws0  7hws.exe1 00107Added by  Troj/StartPa-CT Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)59http://www.sophos.com/virusinfo/analyses/trojstartpact.html0
322hawking hwu54g utility0 10HWU54G.exe1 00 68Related to Hawking  Technologies  HWU54G Mini Wireless-G USB Adapter27http://www.hawkingtech.com/0
116Hardware Profile0  9hxdef.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
116Soft Profile Inc0 12hxdef.exe...1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 8HXDL.EXE0  8HXDL.EXE1 00 62Attune HelpExpress - spyware. Disable and uninstall - see here32http://www.c-squad.org/hxdl.html0
1 9HXIUL.EXE0  9HXIUL.EXE1 00166Also known as "HelpExpress". Will install itself if you have previously had Attune by Aveo installed as they're by the same company. Uninstall via Add/Remove programs 01
115[various names]0 11hyandex.exe1 00 37Added by a  NTRootKit TROJAN variant!42http://vil.nai.com/vil/content/v_99877.htm0
325HydraVisionDesktopManager0 11HydraDM.exe111HKEY_LM\Run0 91ATI Technologies Inc. HydraVision Desktop Manager 3.25.0006, ATI Technologies Inc.. HydraDM39http://www.absolutestartup.com/startup/1
1 8runhyper0 10hyperx.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 4test0 14i love you.exe2 00 51Added by the Troj/Singu-T password-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojsingut.html0
215CorelCENTRAL 100 13I_26dadCC.exe1 00135CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start - Programs108http://ww0
215CorelCENTRAL 100 22I_26dadCC.exe /startup2 00  0 01
1 8rate.exe0 12i11r54n4.exe1 00 76Added by the BEAGLE.E or BEAGLE.F or BEAGLE.G or BEAGLE.H or BEAGLE.I WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.E@mm.html0
1 4I3860  8I386.exe1 00 27Added by the  MYPOWER WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.mypower.b@mm.html0
1 5i386p0  9I386P.SYS1 00 39Added by the Backdoor.Rustock backdoor.77http://www.sarc.com/avcenter/venc/data/backdoor.rustock.html#technicaldetails0
118Config Loadatiorin0 14I3Explorer.exe1 00 28Added by the SDBOT.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html0
0 8I81SHELL0 12I81SHELL.exe1 00 89Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard 01
3 9i8kfangui0 13i8kfangui.exe1 00 41Graphical interface for fan speed control 01
3 9i8kfangui0 22I8kfanGUI.exe /startup2 00 87I8kfanGUI Application 2.2.0, Christian Diefer. Dell Inspiron 8000/8100/8200 fan control 01
113IntruderAlert0  8ia99.exe1 00 39Intruder Alert '99 from Bonzi - spyware56http://www.safersite.com/PestInfo/db/i/internetalert.asp0
3 8IAAnotif0 12iaanotif.exe1 00352IAA Event Monitor User Notification Tool - part of  Intel® Application Accelerator - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed42http://www.intel.com/support/chipsets/iaa/0
3 8IAAnotif0 12iaanotif.exe111HKEY_LM\Run0 94IAA RAID Event Monitor 4.0.0.6211, Intel Corporation. IAA Event Monitor User Notification Tool39http://www.absolutestartup.com/startup/1
1 8ialkdqea0 12ialkdqea.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
326Internet Answering Machine0  7IAM.exe1 00134From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access24http://www.callwave.com/0
326Internet Answering Machine0 14IAM.exe -start2 00 81CallWave Service 3.07.9 (13-May-2005), CallWave, Inc.. Internet Answering Machine 01
4 6iamapp0 10iamapp.exe1 00139AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well 01
4 6iamapp0 10IAMAPP.EXE111HKEY_LM\Run0 62Norton Internet Security 4.0, Symantec Corporation. IAMAPP.EXE39http://www.absolutestartup.com/startup/1
326Internet Answering Machine0 12IAMNET~1.EXE1 00136From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access24http://www.callwave.com/0
3 3Iap0  7iap.exe1 00247Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely? 7#FF00000
3 3ias0  7ias.exe1 00 92InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!69http://www.symantec.com/avcenter/venc/data/spyware.invisibleaspy.html0
1 7IASHLPR0 11IASHLPR.EXE1 00 28Added by the OPASERV.T WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.T0
142Local Security Authority Subsystem Service0  8Iass.exe1 00 50Added by the W32/Tilebot-CA worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tilebotca.html0
124Microsoft media services0  9Iassd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
139Microsoft Internet Acceleration Utility0  7iau.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
1 4iauo0  8iauo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6RenolB0  6ib.exe1 00  2?? 01
324ibwin background process0 15IBackground.exe1 00 19IBackup for Windows36http://www.ibackup.com/ibwin_new.htm0
324IBWin Background process0 15IBackground.exe111HKEY_LM\Run0 60IBWin Background Process 9.00.0005, Pro-softnet Corporation.39http://www.absolutestartup.com/startup/1
323Iomega Automatic Backup0 11ibackup.exe1 00 76Iomega Automatic Backup - automatic backups for use with Iomega portable HDD113http://www0
323Iomega Automatic Backup0 11ibackup.exe1 00 56Iomega Automatic Backup 1, 0, 2, 52, Iomega Corporation. 01
329Iomega Automatic Backup 1.0.10 11ibackup.exe1 00 76Iomega Automatic Backup - automatic backups for use with Iomega portable HDD113http://www0
119instant buzz daemon0 12IBDaemon.exe1 00 19Instant_Buzz adware50http://www.publishingcentral.com/news.php?story=720
1 3ibm0  7ibm.exe1 00 35Added by the Troj/LegMir-AH trojan.58http://www.sophos.com/virusinfo/analyses/trojlegmirah.html0
1 5Shell0 12ibm00001.exe1 00 34Added by the Troj/Torpig-C Trojan.57http://www.sophos.com/virusinfo/analyses/trojtorpigc.html0
327IBMUltraBayHotSwapCPLLoader0 12IBMBAY2N.EXE1 00 73Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops 01
023IBMUltraBayHotSwapSound0 12IBMBAYSN.EXE1 00123Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound? 01
211ibmmessages0 15ibmmessages.exe1 00 49Access IBM Message Center 1.102, IBM. ibmmessages 01
211ibmmessages0 15ibmmessages.exe1 00210Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport" 01
211ibmmessages0 15ibmmessages.exe111HKEY_CU\Run0 49Access IBM Message Center 2.012, IBM. ibmmessages39http://www.absolutestartup.com/startup/1
310Ibmmon.exe0 10Ibmmon.exe1 00  2?? 01
313ibwin monitor0 13IBMonitor.exe1 00 19IBackup for Windows36http://www.ibackup.com/ibwin_new.htm0
313IBWin Monitor0 17IBMonitor.exe Min211HKEY_LM\Run0 54IBWin Monitor v3.2 9.00.0002, Pro-Softnet Corporation.39http://www.absolutestartup.com/startup/1
3 8Ibmpmsvc0 12ibmpmsvc.exe1 00295Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 &amp; F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes 01
3 6IBMPRC0 10ibmprc.exe111HKEY_LM\Run0 60ibmprc Application 1, 0, 0, 1, IBM Corp.. ibmprc Application39http://www.absolutestartup.com/startup/1
112Shmgrate.exe0  9ibot4.exe1 00 27Added by the GASTER TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gaster.html0
1 3Ibs0  7ibs.exe1 00102The Troj/HideDial-B  TROJAN adds this, and downloads a third-party dialler application to C:\MISB.EXE.59http://www.sophos.com/virusinfo/analyses/trojhidedialb.html0
312InstallBuddy0  9Ibtna.exe1 00185InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync58http://www.bluenomad.com/ib/prod_installbuddy_details.html0
4 6icabar0 10icabar.exe1 00 27Related to Citrix MetaFrame 01
1 8icasserv0 12icasServ.exe1 00 51Browser hijacker, redirecting to Searchforfree.info 01
1 7iccmdsd0 11iccmdsd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9iccontrol0 13iccontrol.exe1 00 57Added by the  ICcontrol premium rate adult content dialer64http://www.symantec.com/avcenter/venc/data/dialer.iccontrol.html0
1 4icgy0  8icgy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6iClean0 10iClean.exe1 00132IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"35http://www.nsclean.com/ieclean.html0
316Integrity Client0 11iclient.exe122StartUp menu\All users0 62Integrity Client 3.5.175.087, Zone Labs Inc.. Integrity Client39http://www.absolutestartup.com/startup/1
4 7Sweep950 12ICLOAD95.EXE1 00 32Part of Sophos ant-virus sofware40http://www.sophos.com/products/software/0
4 3icm0  7ICM.EXE1 00206Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail 01
418InterCheck Monitor0  9Icmon.exe1 00 32Part of Sophos ant-virus sofware40http://www.sophos.com/products/software/0
112NtDIC(ntdic)0 10icntrl.exe1 00 50Added by the W32/Tilebot-EG worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/w32tileboteg.html0
2 3ICO0  7ICO.EXE1 00213Found on a Sony Vaio laptop and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games 01
321Mouse Suite 98 Daemon0  7ICO.EXE111HKEY_LM\Run0 69MouseSuite 98 1.0.0.0, Primax Electronics Ltd.. Mouse Suite 98 Daemon39http://www.absolutestartup.com/startup/1
111Icon lptt010  8icon.exe1 00175Variant of the  RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
111Icon ml097e0  8icon.exe1 00175Variant of the  RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
322VPN Dialer (OnStartup)0 56Icon3E5562ED.exe -run_only_if_connected -auto_initiation222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
4 8ICONCLNT0 12iconclnt.exe1 00 58APC PowerChute Tray Icon. Associated with the  UPS listing 4#UPS0
3 8ICONDESK0 12ICONDESK.EXE1 00 85Small utility which will allow you the option of hiding or showing your desktop icons 01
313FWD Softphone0 25IconE2A1D22B.ico -startup222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
211Iconfig.exe0 11Iconfig.exe1 00 27Icon for LS-120 "Superdisk" 01
3 7E-Color0 11IconMgr.exe1 00 56E-Color, Inc. IconMgr 1, 0, 0, 1, E-Color, Inc.. IconMgr 01
3 7E-color0 11IconMgr.Exe1 00314Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program 01
3 9LightSurf0 11IconMgr.exe122StartUp menu\All users0 57IconMgr 1, 0, 0, 1, LightSurf Technologies, Inc.. IconMgr39http://www.absolutestartup.com/startup/1
2 7Iconoid0 11Iconoid.exe1 00 33Iconoid is a desktop icon manager34http://www.sillysot.com/index.html0
2 9Iconsaver0 13Iconsaver.exe1 00 35IconSaver is a desktop icon manager35http://www.iconsaver.com/index.html0
126Internet Content Publisher0  7ICP.EXE1 00 31Added by the  W32/RBOT-UD WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotud.html0
213Mirabilis ICQ0  7icq.exe1 00133If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -&gt; Programs 01
3 3ICQ0 17Icq.exe -trayboot215HKEY_CU\RunOnce0 30ICQ  2003a Beta, ICQ Inc.. ICQ39http://www.absolutestartup.com/startup/1
118ICQ Messenger 20020 11ICQ2002.exe1 00133Added by the W32/Sdbot-ABL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotabl.html0
1 6runapp0 10icqchk.exe1 00 19Added by the  Bomka73http://securityresponse.symantec.com/avcenter/venc/data/trojan.bomka.html0
116icq chat service0 11icqjdhs.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 8ICQ Lite0 11ICQLite.exe1 00112a target="_blank" href="http://www.icq.com/download/"ICQ Lite - compact version of the popular messaging program 01
2 8ICQ Lite0 21ICQLite.exe -minimize211HKEY_LM\Run0 34ICQLite 1, 0, 0, ICQ Ltd.. ICQLite39http://www.absolutestartup.com/startup/1
2 8ICQ Lite0 21ICQLite.exe -trayboot215HKEY_CU\RunOnce0 42ICQLite 20, 34, 2321, 0, ICQ Ltd.. ICQLite39http://www.absolutestartup.com/startup/1
213Mirabilis ICQ0 10ICQNet.exe1 00133If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -&gt; Programs 01
1 3ICQ0 10ICQNET.vbs1 00 62Added by the VBS.Gormlez@mm infection! Found in the C:\ drive.75http://www.sarc.com/avcenter/venc/data/vbs.gormlez@mm.html#technicaldetails0
115ICQ Hacking Pro0 10ICQpro.exe1 00 40Added by a variant of the NETSPY TROJAN!75http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NETSPY0
2 8ICServer0 12Icserver.exe1 00117Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations 01
4 6ICSMGR0 10ICSMGR.EXE1 00128Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you’re sharing the internet on various computers 01
327ICW - Internet Call Waiting0  7Icw.exe122StartUp menu\All users0 69Internet Call Waiting 1.1.0, BellSouth Telecommunications. ICW Client39http://www.absolutestartup.com/startup/1
215SetupICWDesktop0 12icwconn1.exe1 00256Appears to be the &quot;Internet Connection Wizard&quot; from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -&gt; Programs -&gt; Accessories -&gt; Communication (or similar) anyway 01
216^SetupICWDesktop0 21icwconn1.exe /desktop215HKEY_CU\RunOnce0112Microsoft(R) Windows (R) 2000 Operating System 5.00.3502.6602, Microsoft Corporation. Internet Connection Wizard39http://www.absolutestartup.com/startup/1
112stcinstaller0  8id53.exe1 00 32Added by the SCTHOUGHT.L TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SCTHOUGHT.L0
1 6ID85250 10ID8525.exe1 00 29Added by the ID8525.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A0
1 6ID85250 11id85255.exe1 00 29Added by the ID8525.A TROJAN!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ID8525.A0
0 3IDA0  7IDA.EXE1 00 59HP related - in a Program FilesHewlett-PackardPC COE folder 01
3 3IDA0  7IDA.EXE1 00 59HP related - in a Program FilesHewlett-PackardPC COE folder 01
329Internet Download Accelerator0  7ida.exe1 00 46Internet Download Accelerator download manager28http://www.westbyte.com/ida/0
329Internet Download Accelerator0 16ida.exe -autorun2 00 74Internet Download Accelerator 4.4, WestByte. Internet Download Accelerator 01
1 6idabaj0 10idabaj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212ID Commander0  9IDCom.exe1 00 60Caller ID utility for identifying incoming telephone numbers 01
1 8intdctrr0 12idctup20.exe1 00 28SafeSurfing parasite variant48http://pestpatrol.com/pestinfo/s/safesurfing.asp0
1 3IDE0  7ide.exe1 00 30Added by the ASSASIN.F TROJAN!66http://www.symantec.com/avcenter/venc/data/backdoor.assasin.f.html0
1 7idecntl0 11idecntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
110IDE Loader0 13IDElibr32.exe1 00 68Added by the XILON TROJAN! Related to the game &quot;Diablo II&quot;77http://securityresponse.symantec.com/avcenter/venc/data/w32.xilon.trojan.html0
3 8iDesktop0 12idesktop.exe1 00 81Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse59http://www.immersion.com/products/ce/generaldownloads.shtml0
3 6detect0 11idetect.exe1 00168iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled41http://www.clasys.com/internet_turbo.html0
3 6Detect0 17iDetect.exe /auto2 00  0 01
115ToPicks Starter0 10Idhost.exe1 00 24ToPicks parasite related44http://www.doxdesk.com/parasite/TOPicks.html0
2 5IDMan0 18IDMan.exe  /onboot2 00133Internet Download Manager (IDM) 5, 0, 2, 2, Internet Download Manager Corp., Tonec Inc. . Internet Download Manager Application (IDM) 01
2 5IDMan0  9IDMan.exe1 00 70Internet Download Manager - download files faster, schedule and resume39http://www.internetdownloadmanager.com/0
2 5IDMan0 17IDMan.exe /onboot2 00133Internet Download Manager (IDM) 4, 0, 1, 0, Internet Download Manager Corp., Tonec Inc. . Internet Download Manager Application (IDM) 01
1 5idqex0  9idqex.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Nbe0  7Idt.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
111IDTemplates0 14IDTemplate.exe1 00 32Added by the W32/Brontok-H worm.57http://www.sophos.com/virusinfo/analyses/w32brontokh.html0
216IDW Logging Tool0 10idwlog.exe1 00144Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems 01
3 6CCWC7I0  8idxl.exe1 00 64Moleculesoft Cache, Cookie & Windows Cleaner Ver. 7 - auto clean39http://www.moleculesoft.se/index2b.html0
117Internet Explorer0  6IE.EXE1 00122Added by W32/Sdbot-VS TROJAN/backdoor.  Remote access, by way of the IRC network, becomes available to unauthorized users.56http://www.sophos.com/virusinfo/analyses/w32sdbotvs.html0
112SystemSearch0  6ie.reg1 00 42Installs a Seachxl.com browser page hijack 01
116[variable names]0  9ie_32.exe1 00 35Added by the Spyware.Acext spyware.57http://www.sarc.com/avcenter/venc/data/spyware.acext.html0
3 7Olympic0 10IE4321.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7olympic0 10IE4321.exe1 00 74Adult content premium rate dialer - also detected as Trojan.Win32.Small.CZ 01
310IECleanAux0 11Ieboot6.exe1 00115IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup35http://www.nsclean.com/ieclean.html0
1 4Ahst0  8iebs.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
2 7iecheck0 11iecheck.exe1 00181Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit225http://www.iconedit2.com/0
211iecheck.exe0 11iecheck.exe1 00182Integrity checker for  IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit225http://www.iconedit2.com/0
1 9[unknown]0 13IECONTROL.EXE1 00142Added by the W32/Sdbot-HO worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotho.html0
3 7IECount0 11IECount.exe111HKEY_CU\Run0 65IECount 3.2, F-Group Software. IECount - internet explorer add-on39http://www.absolutestartup.com/startup/1
1 5iedll0  9iedll.exe1 00 51Homepage hijacker, redirecting to coolwwwsearch.com 01
3 9IE Doctor0 12IEDoctor.exe1 00241IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options" 01
1 8IEDriver0 12IEDriver.exe1 00 93Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze 01
116Config Loadation0 14iEEexplore.exe1 00 28Added by the SDBOT.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.h.html0
110[not used]0 16ieen445F8764.dll1 00 33Added by the Troj/Opnis-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojopnisd.html0
1 8IEengine0  9IEeng.exe1 00 20STARTPAG.AI hijacker80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_STARTPAG.AI0
110ieexec.exe0 10ieexec.exe1 00 40Added by an unidentified WORM or TROJAN! 01
126Microsoft IE Execute shell0 10IEExec.exe1 00 30Added by the ALADINZ.N TROJAN!83http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.n.html0
127miscrosoft windows explorer0 14IEEXPLORER.exe1 00 37Reported as Win32/IRCBot.worm.74240.J 01
110IEFeatures0 14IEFeatures.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 8IEFilter0 12IEFilter.dll1 00 97Added by the Troj/SrchSpy-A Trojan.br /br /Uses CLSID: b{B9D06F5B-5BF3-4BC5-A58F-D1CD948478CE}/b.58http://www.sophos.com/virusinfo/analyses/trojsrchspya.html0
1 8IefxTray0 12Iefxtray.exe1 00110Added by the  Troj/Bdoor-ZAS. The backdoor can be instructed by remote users to find and read arbitrary files.58http://www.sophos.com/virusinfo/analyses/trojbdoorzas.html0
110ieharv.exe0 10ieharv.exe1 00 53Added by the Troj/Banker-HH password stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerhh.html0
115[Various Names]0 12iehelper.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 5Bakra0 10IEHost.EXE1 00 23IEDriver adware variant 01
114IE Java Update0 10iejava.exe1 00 43Added by the Troj/Agent-HD backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojagenthd.html0
1 8iekdjuyr0 12iekdjuyr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 2FX0 12ieloader.exe1 00 29Added by the SMALL.RR TROJAN! 01
3 9IEManager0 13IEManager.exe111HKEY_CU\Run0 78IEManager 4.3, F-Group Software. IEManager - tool to control Internet Explorer39http://www.absolutestartup.com/startup/1
323IE New Window Maximizer0 15iemaximizer.exe1 00111IE New Window Maximizer,  see  here - automatically maximize new Internet Explorer and Outlook Express windows.35http://www.jiisoft.com/iemaximizer/0
1 4ieoc0  8ieoc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318IE Privacy KeeperB0 29IEPrivacyKeeper.exe -scleanup211HKEY_LM\Run0 65IE Privacy Keeper 2.0.0.0, UnH Solutions, Inc.. IE Privacy Keeper39http://www.absolutestartup.com/startup/1
1 7ies4dll0 11IES4DLL.DLL1 00291Added by the Trojan.Goldun.G password-stealing Trojan.  This infection will attempt to steal passwords and online bank information.  If you have this infection, it is advised that you change all online bank passwords.  This infection will also create the file called %System%IES4SERVICE.SYS.76http://www.sarc.com/avcenter/venc/data/trojan.goldun.g.html#technicaldetails0
1 5Iesar0  9Iesar.exe1 00 51Browser hijacker - redirecting to an adult web page 01
1 7iesdl4l0 11iesdl4l.dll1 00119Added by the Troj/Haxdoor-AQ backdoor Trojan. This infection also creates the file C:\Windows\System32\iesservice4.sys.59http://www.sophos.com/virusinfo/analyses/trojhaxdooraq.html0
112Iesearch.exe0 12Iesearch.exe1 00 18LookNSearch adware61http://sarc.com/avcenter/venc/data/pf/adware.looknsearch.html0
119Microsoft IT Update0 10IEserv.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114\IEService.exe0 13IEService.exe1 00 25FastFind parasite variant 01
115[Various Names]0 14iesetupdll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6iesprt0 10IESPRT.SYS1 00118Added by the Troj/Goldun-G password stealing trojan.  If you have this infection you should change all your passwords.57http://www.sophos.com/virusinfo/analyses/trojgoldung.html0
1 8iets.exe0  8iets.exe1 00 33Added by the Troj/Rizon-D Trojan.56http://www.sophos.com/virusinfo/analyses/trojrizond.html0
2 5ietsr0  9ietsr.exe1 00 79IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc35http://www.nsclean.com/ieclean.html0
1 7window20 12ieupdate.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
120IEAgent update check0 11iewatch.exe1 00 34Added by the Troj/Agent-FV Trojan.57http://www.sophos.com/virusinfo/analyses/trojagentfv.html0
110iewq32.exe0 10iewq32.exe1 00 36Added by the Troj/Banker-AKW Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankerakw.html0
1 7easywww0 12iewwwint.exe1 00 14EasyWWW adware64http://www.kephyr.com/spywarescanner/library/easywww/index.phtml0
1 7iestart0 13iexp1orer.exe1 00 28Added by the NEMOG.C TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.c.html0
111iexpand.exe0 11iexpand.exe1 00 60Added by the Trojan.PSW.Platan.5.A password-stealing Trojan.82http://www.sarc.com/avcenter/venc/data/trojan.psw.platan.5.a.html#technicaldetails0
1 6sysres0 13IExpIore .exe2 00 33Added by the  W32.ELITPER.E WORM!64http://www.symantec.com/avcenter/venc/data/w32.elitper.e@mm.html0
119Default web browser0 12IexpIore.exe1 00164Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"59http://www.sophos.com/virusinfo/analyses/trojoblivionb.html0
117Internet Explorer0 12iexpiore.exe1 00132Added by the W32/Rbot-AZC worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotazc.html0
110winprofile0 12iexpiore.exe1 00 39Added by a variant of the MONCHER WORM! 01
110WinProfile0 12iexpIore.exe1 00 32Added by the Troj/Chum-C trojan.55http://www.sophos.com/virusinfo/analyses/trojchumc.html0
120Configuration Loader0 12IEXPL0RE.EXE1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 9IEXPL0RER0 13IEXPL0RER.EXE1 00 77Added by the W32/Agobot-QL WORM!  File is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32agobotql.html0
1 2[]0 13iexpl0res.exe1 00  0 01
1 9Antivirus0 13iexpl0res.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 9iexpl0res0 13iexpl0res.exe1 00164Added by the  RBOT.AEX WORM! - NOTE:  this malware actually changes the default value data of the Registry "Run"  key in order to force Windows to launch it at boot85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AEX&VSect=T0
1 8Iexploit0 13Iexploit.html1 00135Added by the VBS.Inker.B@mm mass-mailing worm.  This worm will also swap your mouse buttons, change icons, and lower security settings.75http://www.sarc.com/avcenter/venc/data/vbs.inker.b@mm.html#technicaldetails0
1 6AtxBrw0 11IEXPLOR.exe1 00 21Unidentified Malware. 01
122C:\WINDOWS\IEXPLOR.EXE0 11IEXPLOR.exe1 00  0 01
1 6iexplo0 11iexplor.exe1 00 34Added by the Trojan.Sidea  Trojan.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.sidea.html0
113winsockdriver0 11IEXPLOR.EXE1 00 95Added by the W32/WarPigs-C WORM/IRC backdoor TROJAN!  It is found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/w32warpigsc.html0
1 9IExplorer0 13Iexplor32.exe1 00 97Added by the Troj/Bdoor-BY trojan backdoor.  This infection allows remote access via TCP port 23.57http://www.sophos.com/virusinfo/analyses/trojbdoorby.html0
116macromedia drive0 13Iexplor32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8mssysint0 13Iexplore .exe2 00202Added by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!62http://www.symantec.com/avcenter/venc/data/pwsteal.abchlp.html0
110[not used]0 12iexplore.com1 00 32Added by the Troj/Pcik-A trojan.55http://www.sophos.com/virusinfo/analyses/trojpcika.html0
2 8IEXPLORE0 12IEXPLORE.EXE125StartUp menu\Current user0 93Microsoft® Windows® Operating System 6.00.2900.2180, Microsoft Corporation. Internet Explorer39http://www.absolutestartup.com/startup/1
121$WindowsRegKey%update0 12IEXPLORE.EXE1 00174Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!55http://www.sophos.com/virusinfo/analyses/w32rbotez.html0
1 7cmssapp0 12iexplore.exe1 00 54Added by the Troj/Bancban-DM password-stealing trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbandm.html0
116Explorer Updater0 12IEXPLORE.exe1 00175Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!56http://www.sophos.com/virusinfo/analyses/w32sdbotwo.html0
1 8IEXPLORE0 12iexplore.exe1 00178Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.aphexdoor.html0
1 8Iexplore0 12iexplore.exe1 00174Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!73http://securityresponse.symantec.com/avcenter/venc/data/trojan.boxer.html0
117Iexplore Services0 12iexplore.exe1 00195Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
117Iexplore Services0 12iexplore.exe1 00195Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
117Internet Explorer0 12IEXPLORE.EXE1 00174Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!55http://www.sophos.com/virusinfo/analyses/w32rbotey.html0
131Internet Explorer Configuration0 12Iexplore.exe1 00121Added by the http://www.sophos.com/virusinfo/analyses/w32sdbotgib.html Backdoor/Worm!  Found in the Windows system folder13W32/Sdbot-GIB0
112Intespention0 12IEXPLORE.exe1 00133Added by the W32/Forbot-FL worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfl.html0
113Java Runtimes0 12iexplore.exe1 00177Added by the KILLAV.B TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!76http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.b.html0
1 9Microsoft0 12iexplore.exe1 00 44Added by the Troj/QQRob-R downloader Trojan.56http://www.sophos.com/virusinfo/analyses/trojqqrobr.html0
112Microsoft IE0 12Iexplore.exe1 00176Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!57http://www.sophos.com/virusinfo/analyses/w32forbotag.html0
127Microsoft Internet Explorer0 12iexplore.exe1 00166Downloader trojan. Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!72http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/0
1 9OPTIMIZER0 12iexplore.exe1 00176Added by the EVIVINC TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html0
118Program in Windows0 12iexplore.exe1 00187Added by a variant of the LOVGATE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
114SerDgeonServer0 12IExplore.exe1 00153Added by the Troj/Feutel-AC backdoor Trojan. Note: this is not the the legitimate iexplore.exe found in the C:\program files\internet explorer directory.58http://www.sophos.com/virusinfo/analyses/trojfeutelac.html0
110ShellRun320 12iexplore.exe1 00 48Added by the Troj/IRCBot-AY IRC backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojircbotay.html0
1 5slide0 12Iexplore.exe1 00176Added by the GASLIDE TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.gaslide.html0
120System Configuration0 12iexplore.exe1 00176Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which should not appear in Msconfig/Startup unless you add it manually!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.a.d.html0
115Win32 Processer0 12iexplore.exe1 00 52Added by the W32/Agobot-PA WORM/IRC backdoor trojan!57http://www.sophos.com/virusinfo/analyses/w32agobotpa.html0
1 7windows0 12iexplore.exe1 00132Added by the W32/Rbot-UM worm.  When started this infections connects to a remote IRC server where it waits for commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotum.html0
128Windows Configuration System0 12IExplore.exe1 00 48Added by the W32/Rbot-DDG worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotddg.html0
116Windows Services0 12IEXPLORE.EXE1 00231Added by the W32/Rbot-WE worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.  These infections also log keystrokes, so if you are infected you should change all your passwords.55http://www.sophos.com/virusinfo/analyses/w32rbotwe.html0
122WINDOWS SYSTEM CLEANER0 12iexplore.exe1 00136Added by the W32.Mytob.ET@mm worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.et@mm.html#technicaldetails0
121$WindowsRegKey%update0 12IEXPLORE.EXE111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
113MSN Messenger0 12IEXPLORE.exe119HKEY_LM\RunServices0  039http://www.absolutestartup.com/startup/1
126Internet Explorer Security0 12iexplore.pif1 00132Added by the W32/Rbot-ALQ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalq.html0
1 7cmssapp0 13iexplore_.exe1 00 36Added by the Troj/Bancban-CQ trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbancq.html0
112iexplore.exe0 16iexplore_dbg.exe1 00 69Browser Hijacker to http://default.home and possibly other locations. 01
110IELoader320 14iexplore32.exe1 00 36Added by the  SPEX or  SPEX.B WORMS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.spex.worm.html0
125IExplorer6 Java Scripting0 15IExplore326.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
125IExplorer7 Java Scripting0 15IExplore327.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
126iexplorer32 java scripting0 15IExplore32b.exe1 00 28Added by the  RBOT.ABO WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABO&VSect=P0
127iexplorer32c java scripting0 16IExplore32cb.exe1 00 28Added by the  RBOT.ABN WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.ABN&VSect=P0
120Configuration Loaded0 13iexploree.exe1 00121Added by the W32/Sdbot-KC worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotkc.html0
1 7ALG.EXE0 14iexplorer .exe2 00 32Added by the W32/Demotry-B worm.57http://www.sophos.com/virusinfo/analyses/w32demotryb.html0
1 9iexplorer0 13iexplorer.exe1 00  0 01
1 9IExplorer0 13IExplorer.EXE1 00126Troj/Bancos-BC is a password stealing infection that targets users of Brazlilian banks.  Found in the Program Files directory.58http://www.sophos.com/virusinfo/analyses/trojbancosbc.html0
116iexplorer lptt010 13iexplorer.exe1 00190Variant of the  RapidBlaster parasite (in an &quot;iexplorer&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here49http://www.doxdesk.com/parasite/RapidBlaster.html0
116iexplorer ml097e0 13iexplorer.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
117Internet Explorer0 13iexplorer.exe1 00165Added by the LORSIS WORM! Note - the legitimate IE (iexplore.exe) does not figure in Msconfig/Startup unless added manually and this loads from the "RunServices" key76http://securityresponse.symantec.com/avcenter/venc/data/w32.lorsis.worm.html0
125Internet Explorer Updater0 13iexplorer.exe1 00 93Added by the  REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reur.b.html0
1 6irwftp0 13iexplorer.exe1 00 30Added by the BANKER-AN TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbankeran.html0
115kernel32sys.dll0 13IEXPLORER.exe1 00143Added by the W32/Rbot-MK trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotmk.html0
127Microsoft  Associates, Inc.0 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
126Microsoft Associates, Inc.0 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
114Microsoft Inc.0 13iexplorer.exe1 00 39Added by a variant of the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
130Microsoft(R) Windows(R) Operat0 13iexplorer.exe1 00 34Added by the Troj/Feutel-W Trojan.57http://www.sophos.com/virusinfo/analyses/trojfeutelw.html0
112msn messenge0 13IExplorer.exe1 00 26Added by the  Troj/Delf-LL56http://www.sophos.com/virusinfo/analyses/trojdelfll.html0
113MSN Messenger0 13IExplorer.exe1 00 53Added by the Troj/Banker-EU password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankereu.html0
1 8syscheck0 13iexplorer.exe1 00 29Added by the AGENT.DM TROJAN! 01
1 9sysconfig0 13iexplorer.exe1 00 25Added by the CULT.C WORM!66http://www.symantec.com/avcenter/venc/data/w32.hllw.cult.c@mm.html0
128Windows Backup Configuration0 13IEXPLORER.exe1 00 28Added by the GAOBOT.AZ WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.az.html0
1 6WinVNC0 13iexplorer.exe1 00 27Added by the EVIVINC VIRUS!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.evivinc.html0
1 9iexplorer0 12iexplorer.ie1 00 45Added by the Troj/NetDevil-A backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojnetdevila.html0
1 4Name0 14Iexplorer0.exe1 00 30Added by the THREADSYS TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/backdoor.threadsys.html0
113Microsoft Dev0 15iexplorer32.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
114Windows Update0 14iexplorere.exe1 00 28Added by the GAOBOT.AP WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ap.html0
115Windows Updater0 15iexplorerrs.exe1 00 30Added by the  W32/RBOT-TN WORM55http://www.sophos.com/virusinfo/analyses/w32rbottn.html0
117iexplorers loader0 14iexplorers.exe1 00134Added by the W32/Sdbot-DQ worm.  When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotdq.html0
124Microsoft Machine Script0 16iexplorersis.exe1 00 48Added by the W32/Rbot-CMH worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcmh.html0
112Start Upping0 17iexplorerupdt.exe1 00108Added by the W32/Rbot-RR worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrr.html0
121Windows HWinfo Loader0 11iexplre.exe1 00132Added by the W32/Rbot-ALS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotals.html0
116MSStartOptimizer0 11Iexpres.exe1 00 28Added by the POLDO.B TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/trojan.poldo.b.html0
117microsoft opeions0  9IEXwe.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112MsWin Update0  9IFA32.EXE1 00144Added by the W32/Rbot-BU trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotbu.html0
311iFinger 2.10 21iFinger.exe /NOSPLASH222StartUp menu\All users0 40iFinger 2.1, iFinger Ltd. iFinger Engine39http://www.absolutestartup.com/startup/1
413intelwireless0 12ifrmewrk.exe1 00 52Associated with the Intel PRO/Set Wireless software. 01
313IntelWireless0 38ifrmewrk.exe /tf Intel PROSet/Wireless211HKEY_LM\Run0 84Intel PROSet/Wireless 9, 0, 0, 0, Intel Corporation. Intel Framework MFC Application39http://www.absolutestartup.com/startup/1
413IntelWireless0 38ifrmewrk.exe /tf Intel PROSet/Wireless2 00 84Intel PROSet/Wireless 9, 0, 0, 0, Intel Corporation. Intel Framework MFC Application 01
312IFSplash.exe0 12IFSplash.exe1 00 48I-FORCE driver for force feedback steering wheel 01
1 8iftokgdl0 12iftokgdl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ekor.exe0  7igamatu1 00 39Added by the  BACKDOOR.SDBOT.AQ TROJAN!65http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.aq.html0
211persistence0 12igfxpers.exe1 00 73Associated with the Common User Interface module for Intel graphics cards 01
2 8igfxtray0 12igfxtray.exe1 00209Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start - Settings - Control Panel 01
232Intel&reg; Common User Interface0 12igfxtray.exe1 00  0 01
4 8IgfxTray0 12igfxtray.exe111HKEY_LM\Run0 77Intel(R) Common User Interface 7.0.0.2331, Intel Corporation. igfxTray Module39http://www.absolutestartup.com/startup/1
1 4WUPD0 12iglmtray.exe1 00 23Added by the TZET WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.tzet.worm.html0
114MS WINS Binary0  9IGN32.pif1 00145Added by the W32/Rbot-ASB worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotasb.html0
1 6lspins0  8igps.exe1 00 53Kapersky identified it as Trojan-Clicker.Win32.VB.kc. 01
1 7igsex2x0 11igsex2x.exe1 00 42NewDial premium rate adult content dialler75http://securityresponse.symantec.com/avcenter/venc/data/dialer.newdial.html0
1 5igwya0  9igwya.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Qqq0  7Ihn.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7ihotske0 11ihotske.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Adiliwut0 12ihotunib.exe1 00  8Added by14W32/Sdranck-C.0
215Explorer Player0 12ihoxbrde.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
0 7ihp-1000 13iHPDetect.exe1 00121Drive Letter Searcher ,  iRiver iHP-100  iHP and H Series player related - does it need to start with Windows every time?40http://www.redchairsoftware.com/irivium/0
122Microsoft Internet Exp0 14iiexplorer.exe1 00 26Added by the RBOT-KX WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotkx.html0
1 8Navegate0 14iiexplorer.exe1 00 89Added by the Troj/Bancban-OP Trojan that steals banking information for Brasillian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbanop.html0
1 5iihpg0  9iihpg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4iilc0  8IILC.EXE1 00 17Homepage hijacker 01
118Intel system works0  7iis.exe1 00 27Added by the RBOT.QGA WORM!90http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.QGA0
1 7iisvers0 11iisvers.exe1 00 41Added by an unidentified TROJAN or adware 01
413IJ75P2PSERVER0 12IJ75P2PS.EXE1 00 77Printer utility which is required in order to make the printer work correctly 01
1 7ijqgevr0 11ijqgevr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
414IKE Service 950 14IKEService.exe1 00 77disabled, but without IKESERVICE you won't be able to de- or encrypt anything 01
3 9iKeyWorks0 12Ikeymain.exe1 00 67A4Tech iKeyWorks Software 7.64.00.00, A4Tech Co.,Ltd.. IKeymain.exe 01
3 9iKeyWorks0 12IKEYMAIN.EXE1 00 43A4Tech wireless keyboard driver and utility46http://www.a4tech.com/a4techenglish/index.html0
1 6Jvqzoc0  9Ikigw.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ikkupyq0 11ikkupyq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
117boy lovers of bsd0 13ilikeboys.exe1 00 28Added by the  MYTOB.LY WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.LY&VSect=P0
1 7iLLeGaL0 11iLLeGaL.exe1 00126Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename76http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.C0
1 4ilmk0  8ilmk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8reluvage0 12ilulupac.exe1 00136Added by the W32/Sdbot-UJ worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotuj.html0
3 6iLyric0 10iLyric.exe1 00114iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button33http://www.ilyric.net/winamp.html0
1 9im_autorn0  8im_1.exe1 00 36Added by the Troj/BagleDl-BJ Trojan.59http://www.sophos.com/virusinfo/analyses/trojbagledlbj.html0
1 9im_autorn0  8im_2.exe1 00 36Added by the Troj/BagleDl-BO Trojan.59http://www.sophos.com/virusinfo/analyses/trojbagledlbo.html0
215iM Start Center0 11iM_Tray.exe1 00187Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start - Programs - iM Networks - iM Radio Tuner 01
1 5WIN320  9image.exe1 00135Added by the  W32/Sdbot-AAQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotaaq.html0
418Image &amp;Restore0 11IMAGE32.exe1 00152Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run 01
414Image &Restore0 11IMAGE32.exe1 00152Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run 01
324ImageDrive-{hex numbers}0 14ImageDrive.exe1 00 58Nero ImageDrive from Ahead - virtual CD/DVD drive software43http://www.nero.com/en/631910958042754.html0
3 8Imagefox0 12imagefox.exe1 00 89ImageFox 2.0 is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes76http://www.acdsystems.com/English/Products/ImageFox/index.htm?LAN=EnglishX200
110Imagemgt320 14Imagemgt32.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
2 7imekrig0 11imekrig.exe1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
211IMEKRMIG6.10 12IMEKRMIG.EXE1 00 86Microsoft Korean IME 2002 6.1.2600.0, Microsoft Corporation. Microsoft Korean IME 2002 01
2 5iMesh0 18iMeshClient.exe -s225StartUp menu\Current user0 62iMesh Client 4.0, iMesh.Com Inc. iMesh Client for PC platforms39http://www.absolutestartup.com/startup/1
112IMEvtMgr.exe0 12IMEvtMgr.exe1 00148Added by the Troj/Keylog-AR keylogging Trojan.  This infections logs keystrokes to C:\windows\_key.txt and mouse movements to c:\windows\_mouse.txt.58http://www.sophos.com/virusinfo/analyses/trojkeylogar.html0
3 7ImgIcon0 11ImgIcon.exe1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
317Iomega Disk Icons0 11IMGICON.EXE1 00354Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start - Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running 01
318Iomega Drive Icons0 11IMGICON.EXE1 00  0 01
313ZipDisk Icons0 11IMGICON.EXE1 00  0 01
313ZipDisk Icons0 11IMGICON.EXE1 00  0 01
318Iomega Drive Icons0 11ImgIcon.exe111HKEY_LM\Run0 43Iomega imgicon 6, 3, 0, 56, Iomega. imgicon39http://www.absolutestartup.com/startup/1
1 4dark0  9imgrt.scr1 00 81Added by the Troj/Bancban-DU password-stealing trojan targetting Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbandu.html0
1 4dark0  9imgst.scr1 00109Added by the Troj/Bancban-CK password-stealing trojan.  This infections targets customers of Brazilian banks.59http://www.sophos.com/virusinfo/analyses/trojbancbanck.html0
2 8ImgStart0 12ImgStart.exe1 00 99Used by Iomega drives. Details of its purpose can be found here. Available via Start -&gt; Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
222Iomega Startup Options0 12IMGSTART.EXE1 00 95Used by Iomega drives. Details of its purpose can be found here. Available via Start - Programs57http://pw2.netcom.com/~deepone/zipjaz/ioware.html#startup0
315Iomega ImIconXP0 12imiconxp.exe1 00228Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks47http://www.iomega.com/software/revsystemsw.html0
2 7imjpmig0 11IMJPMIG.EXE1 00138Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)73http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
210Imjpmig8.10 11IMJPMIG.EXE1 00  073http://www.microsoft.com/windows/ie/downloads/recommended/ime/default.asp0
2 7imjpmig0 54imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload2 00 67Microsoft IME 2002 8.0.2620.0, Microsoft Corporation. Microsoft IME 01
210IMJPMIG8.10 42IMJPMIG.EXE /Spoil /RemAdvDef /Migration322 00 67Microsoft IME 2002 8.1.4202.0, Microsoft Corporation. Microsoft IME 01
1 6imlkhf0 10imlkhf.exe111HKEY_LM\Run0 79TODO: <Product name> 0, 0, 7, 0, TODO: <Company name>. TODO: <File description?39http://www.absolutestartup.com/startup/1
012immcheck.exe0 12immcheck.exe1 00 60Related to I-FORCE driver for force feedback steering wheel? 01
3 4IMOL0 11IMOLApp.exe1 00 37IncrediMail for Office Outlook Add-On53http://www.incredimail.com/english/help/sysadmin.html0
2 4IMOL0 14IMOLApp.exe /c211HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 4IMOL0 14IMOLApp.exe /c2 00  0 01
421Remote Update Monitor0 12imonitor.exe1 00190Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer35http://www.sophos.com/products/sav/0
3 8imontray0 12imontray.exe1 00216System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards 01
320Intel Active Monitor0 12imontray.exe1 00216System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards 01
2 8MSPY20020 12ImScInst.exe1 00108Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word 01
2 8MSPY20020 18imscinst.exe /SYNC211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310IMSCMIG40W0 28IMSCMIG.EXE /SetPreload /Log211HKEY_LM\Run0 80΢ÈíÆ´ÒôÊäÈë·¨°²×°¹¤¿ß 6.0.0.2524, Microsoft Corporation. ΢ÈíÆ´ÒôÊäÈë·¨°²×°¹¤¾ß39http://www.absolutestartup.com/startup/1
1 3bbc0 10imsins.exe1 00128Added by the Troj/Hupigon-U Trojan. This infection also installs the files C:\Windows\imsins.dll and C:\Windows\imsins_Hook.DLL.58http://www.sophos.com/virusinfo/analyses/trojhupigonu.html0
116MSN Funny Images0 11imsngsr.exe1 00146Added by the W32/Agobot-TT worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.57http://www.sophos.com/virusinfo/analyses/w32agobottt.html0
3 7IMStart0 11IMStart.exe1 00 35InterMute security software related44http://www.intermute.com/products/index.html0
1 9IMprocess0 10IM-svr.EXE1 00 83Added by the Troj/IM-SR Trojan. Sends advertisements via instant messenger clients.54http://www.sophos.com/virusinfo/analyses/trojimsr.html0
113MSN IM Update0 12imupdate.exe1 00 47Added by the W32/VB-ATA Windows Messenger worm.54http://www.sophos.com/virusinfo/analyses/w32vbata.html0
1 6IMwire0 12imwireup.exe1 00 28SafeSurfing parasite variant48http://pestpatrol.com/pestinfo/s/safesurfing.asp0
2 4InCD0  8incd.exe1 00187Ahead InCD packet writing software. Similar to DirectCD. On my system there isn't an entry, on another visitor's there is. Run manually before insert an appropriately formatted CD-RW disk20http://www.nero.com/0
2 4InCD0  8InCD.exe111HKEY_LM\Run0 39Nero AG InCD 4, 3, 11, 1, Nero AG. InCD39http://www.absolutestartup.com/startup/1
2 7IncMail0 11IncMail.exe1 00228IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality45http://www.incredimail.com/english/index.html0
211Incredimail0 15incredimail.exe1 00228IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality45http://www.incredimail.com/english/index.html0
310mrublaster0 16indexcleaner.exe1 00123MRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder46http://www.wilderssecurity.com/mrublaster.html0
114Indexindicator0 18Indexindicator.exe1 00 37Added by the LAZAR trojan downloader.73http://securityresponse.symantec.com/avcenter/venc/data/trojan.lazar.html0
114Indexindicator0 25Indexindicator.exe /check2 00 43ml" target="_blank"LAZAR trojan downloader. 01
211IndexSearch0 15IndexSearch.exe1 00 56Associated with PaperPort scanner software from ScanSoft 01
211IndexSearch0 15IndexSearch.exe111HKEY_LM\Run0 52PaperPort 9.0, ScanSoft, Inc.. PaperPort IndexSearch39http://www.absolutestartup.com/startup/1
022Fujitsu Hotkey Utility0 16IndicatorUty.exe1 00 38Used to map certain keys to functions? 01
1 4inej0  8inej.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
138{081FE200-A103-11D7-A46D-C770E4459F2F}0 13inetapi64.dll1 00 97Added by the Troj/LegMir-AG Trojan.br /br /Uses CLSID: b{081FE200-A103-11D7-A46D-C770E4459F2F}/b.58http://www.sophos.com/virusinfo/analyses/trojlegmirag.html0
3 9inetcntrl0 13inetcntrl.exe1 00 30Bsafe Online - internet filter 01
3 8InetConf0 12inetconf.exe1 00  2?? 01
3 5Inetd0 11INETD32.EXE1 00262Windows Inet Daemon from Hummingbird Communications. &quot;Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons&quot;. Provides PCs with the full functionality of a UNIX workstation55http://www.hummingbird.com/products/nc/inetd/index.html0
113Inet DataBase0 11Inetdbs.exe1 00 23Added by the QEDS WORM!72http://securityresponse.symantec.com/avcenter/venc/data/w32.qeds@mm.html0
113Inet Delivery0 10inetdl.exe1 00 34Added by the Adware.IntDel adware.57http://www.sarc.com/avcenter/venc/data/adware.intdel.html0
113inet delivery0 12inetdl_2.exe1 00 20Inet_Delivery adware57http://www.sarc.com/avcenter/venc/data/adware.intdel.html0
1 6INET E0  9inete.exe1 00 48Added by the W32/Rbot-DCL worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotdcl.html0
114Windows Update0 11inetinf.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
312inetinfo.exe0 12inetinfo.exe1 00240Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more) 01
110[not used]0 12inetinfo.exe1 00 40Added by the Troj/Proxy-GG proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxygg.html0
1 3run0 12inetinfo.exe1 00123.html" target="_blank"BINGHE backdoor Trojan!  It has the ability to log your keystrokes, steal data, and execute commands. 01
1 6System0 12inetinfo.exe1 00 43Added by the Troj/ParDrop-A dropper Trojan.58http://www.sophos.com/virusinfo/analyses/trojpardropa.html0
124Windows Security Updater0 12inetinfo.exe1 00 48Added by the W32/Rbot-BPP worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbpp.html0
115Windows Updater0 12inetinfo.exe1 00 50Added by the Troj/Sdbot-AMX worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojsdbotamx.html0
119inetinfomon manager0 15inetinfomon.exe1 00154Added by the Trojan.Spexta trojan.  When infected your computer will become an open mail relay which will allow your computer to be used to send out spam.74http://www.sarc.com/avcenter/venc/data/trojan.spexta.html#technicaldetails0
124Microsoft System Checkup0 11inetman.exe1 00 25Added by the DONK.O WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.o.html0
1 7inetmgr0 11inetmgr.exe1 00 51Actual Names (AdvSearch) Internet Keywords parasite52http://www.pestpatrol.com/pestinfo/a/actualnames.asp0
115Internet Server0 11inetsrv.exe1 00 12Added by the23Troj/StartPa-EM TROJAN!0
221Compaq Internet Setup0 14inetwizard.exe1 00 89For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list 01
114Bron-Spizaetus0  9inf31.exe1 00 48Added by the WORM_RONTOKBRO.M mass-mailing worm.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRONTOKBRO%2EM&VSect=T0
1 4run=0 10info32.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
1 7Info32x0 11Info32x.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
124Microsoft Update Machine0 11infoDLL.exe1 00143Added by the W32/Rbot-EH trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rboteh.html0
123Microsoft Special offer0 12infoebay.exe1 00 42Added by a variant of the  WIN32.RBOT WORM64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
3 5Getca0 12InfoMyCa.exe111HKEY_LM\Run0 491, 0, 0, 3, . Set / Get WPA data to / from system39http://www.absolutestartup.com/startup/1
138(F084FD46-EB63-4CC0-B814-99C16EE76BD1)0 10InfoMz.Ime1 00 95Added by the Troj/Delf-WC Trojan.br /br /Uses CLSID: b(F084FD46-EB63-4CC0-B814-99C16EE76BD1)/b.56http://www.sophos.com/virusinfo/analyses/trojdelfwc.html0
133Microsoft Synchronization Manager0 10InfoNT.exe1 00208Added by the W32/Sdbot-TR IRC backdoor trojan.  When started this infection connects to an IRC server where it waits for remote commands to execute.  This infection logs keystrokes to a file named keylog.txt.56http://www.sophos.com/virusinfo/analyses/w32sdbottr.html0
310infopenmsn0 13InfoPenIM.exe1 00 87InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand37http://www.infopen.com.tw/english/es/0
312Infoplay.exe0 12Infoplay.exe1 00199Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed? 7#FF00000
1 7NVagent0 11Informe.exe1 00 29Added by the W32.Vig.C virus.70http://www.sarc.com/avcenter/venc/data/w32.vig.c.html#technicaldetails0
1 8Symantec0 11Informe.exe1 00  070http://www.sarc.com/avcenter/venc/data/w32.vig.c.html#technicaldetails0
1 5infus0  9infus.exe1 00 21Adult content dialler 01
3 7Infuzer0 11Infuzer.exe1 00386Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"36http://www.infuzer.com/IDC/features/0
1 6infwin0 10infwin.exe1 00 23Msview parasite variant48http://www.doxdesk.com/parasite/Transponder.html0
411ini910u.sys0 11ini910u.sys1 00 55INITIO ini910u SCSI miniport driver added by Microsoft. 01
010ScanInicio0 10Inicio.exe1 00279Part of Panda Anti-Virus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active29http://www.pandasoftware.com/0
310SCANINICIO0 10Inicio.exe111HKEY_LM\Run0 42Inicio Programado 1.0.0.0, Panda Software.39http://www.absolutestartup.com/startup/1
410SCANINICIO0 10Inicio.exe111HKEY_LM\Run0 57Panda Platinum Internet Security 8.0.0.0, Panda Software.39http://www.absolutestartup.com/startup/1
111Win_Library0 10INISvc.exe1 00 25Added by the ANARCH WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anarch@mm.html0
1 3MMC0 10inisys.exe1 00122Added by the W32/Agobot-SU worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32oscaboti.html0
312TrojanShield0  8Init.exe1 00 12TrojanShield28http://www.trojanshield.com/0
119Microsoft Update 330  8init.exe1 00132Added by the W32/Rbot-ATT worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotatt.html0
117Unix File Support0  9init3.exe1 00 12Added by the37W32/Rbot-ZN WORM/IRC backdoor Trojan!0
115[Various Names]0 10init32.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6init320 10Init32.exe1 00 33Added by the  W32.WINEX.A TROJAN!79http://securityresponse.symantec.com/avcenter/venc/data/w32.winex.a.trojan.html0
110[not used]0 11init32m.exe1 00 63Added by the Troj/Dloader-JT or Troj/Dlsw-B trojan downloaders.59http://www.sophos.com/virusinfo/analyses/trojdloaderjt.html0
123Windows Service Manager0 11initsvc.exe1 00 48Added by the W32/Rbot-BWT worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbwt.html0
110[not used]0 10inject.exe1 00225Added by Troj/Small-EH it also installs RSHELL32.DLL, both are hidden in the Windows system folder.  Once run, .DLL may modify a system component to penetrate a firewall and provide a new  remote shell which can be exploited.57http://www.sophos.com/virusinfo/analyses/trojsmalleh.html0
1 5injob0 10injobs.exe1 00 33Added by the Trojan.Binjo trojan.73http://www.sarc.com/avcenter/venc/data/trojan.binjo.html#technicaldetails0
211Ink Monitor0 14InkMonitor.exe1 00140Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line 01
211Ink Monitor0 14InkMonitor.exe111HKEY_LM\Run0 81Online Ink Purchase Utility 3.7.0.0, BillP Studios. Ink Monitor by Bill Pytlovany39http://www.absolutestartup.com/startup/1
1 9MBwpRUf8O0  9inkrm.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
3 8InkSaver0 17InkSaver.exe hide211HKEY_LM\Run0 68InkSaver 2.0.0.0, Strydent Software, Inc.. InkSaver Configuration UI39http://www.absolutestartup.com/startup/1
2 8InkWatch0 12InkWatch.exe1 00140Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line 01
4 6InoRPC0 10InoRpc.exe1 00 44Associated with eTrust Antivirus/InoculateIT92http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
4 5InoRT0 11InoRT9x.exe1 00196Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage - see here92http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
3 7InoTask0 11InoTask.exe1 00278Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates - see here92http://www1.my-etrust.com/?CFID=6909348&CFTOKEN=43ce20d-0001f1aa-f6e5-1d77-be1e-2f0eac14303f0
115[Various Names]0 14InpriseMon.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 8outlooks0 10InSane.exe1 00 27Added by the  SWOOP TROJAN!60http://www.symantec.com/avcenter/venc/data/trojan.swoop.html0
3 7insCOA50 11insCOA5.exe1 00  2?? 01
117windows incontext0 12InSearch.exe1 00  7Z-Quest74http://securityresponse.symantec.com/avcenter/venc/data/adware.zquest.html0
218Nielsen NetRatings0 11insight.exe1 00236Nielsen NetRatings -  "Provides real-time research and analysis about Internet users, delivering the timely, actionable data you need to make critical business decisions on your competition, your Web site’s audience and your customers".53http://www.nielsen-netratings.com/mktg.jsp?section=ps0
112InstaFinderK0 21InstaFinderK_inst.exe1 00 37VistaBar/Instafinder parasite related45http://www.doxdesk.com/parasite/VistaBar.html0
121EasySearch Start Page0 11install.exe1 00 40Added by the Adware.Umaxsearch hijacker.61http://www.sarc.com/avcenter/venc/data/adware.umaxsearch.html0
112Initial Page0 11install.exe1 00 35EasySearch browser hijack installer 01
1 7Install0 11Install.exe1 00 53Added by the Troj/Bancban-HG Internet banking Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanhg.html0
114Windows Update0 11install.exe1 00 70Added by the Troj/Banker-IB password-stealing Trojan for online banks.58http://www.sophos.com/virusinfo/analyses/trojbankerib.html0
1 7bootcfg0 15Install.log.vbs1 00 31Added by the  VBS.YPSAN.D WORM!62http://www.symantec.com/avcenter/venc/data/vbs.ypsan.d@mm.html0
115[Various Names]0 12install2.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
218InstallAurealDemos0 21InstallAurealDemos.js1 00 60Used to initialize the Aureal A3D demos InstallShield wizard 01
311plaxoupdate0 15InstallStub.exe1 00175Installstub.exe is is  Plaxo's core executable program, which is used to check for new or updated information from the Plaxo Network. This program also interacts with Outlook.29http://www.plaxo.com/products0
311PlaxoUpdate0 18InstallStub.exe -a2 00 46Plaxo InstallStub 2.1.0.80, Plaxo. InstallStub 01
3411 Click Fixer PLUS Install Wizard Support0 17InstallWizard.exe122StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
213InstantAccess0 12INSTAN~1.EXE1 00 76From TextBridge Pro 9.0 OCR scanner software. Available via Start - Programs 01
213InstantAccess0 15INSTAN~1.EXE /h2 00  0 01
213InstantAccess0 15INSTAN1.EXE /h2 00  0 01
312InstantDrive0 16InstantDrive.exe1 00140Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer’s hard drive. Part of InstantCD/DVD burning software26http://www.pinnaclesys.com0
3 5VOBID0 16InstantDrive.exe1 00140Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer’s hard drive. Part of InstantCD/DVD burning software26http://www.pinnaclesys.com0
111Hyper Start0 16instantmsgrs.exe1 00 26Added by the RBOT-NH WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotnh.html0
114mousedrive.exe0 16instantmsgrs.exe1 00133Added by the W32/Forbot-ER worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forboter.html0
118instant messengers0 16instantmsgtr.exe1 00 54Added by the   W32/Agobot-PC WORM/IRC backdoor trojan!57http://www.sophos.com/virusinfo/analyses/w32agobotpc.html0
115InstantPleasure0 19instantpleasure.exe1 00 21Adult content dialler 01
118InstantPleasureXXX0 22instantpleasurexxx.exe1 00 21Adult content dialler 01
1 6instit0 10instit.bat1 00 28Added by the OPASERV.H WORM!66http://www.symantec.com/avcenter/venc/data/w32.opaserv.h.worm.html0
1 6instit0 10INSTIT.BAT1 00 28Added by the OPASERV.K WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.K0
116micr0s servicese0 12instmsgr.exe1 00 30Added by the W32/Rbot-TR worm.55http://www.sophos.com/virusinfo/analyses/w32rbottr.html0
312InstUtlR.exe0 12InstUtlR.exe1 00  2?? 01
1 5Websx0 12Int*****.exe1 00 46Adult content dialler - where ***** are random 01
1 7Classes0  8int1.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 8Threaded0 11intcp32.exe1 00 28Added by the RANDEX.UG WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ug.html0
113Inet Delivery0 10Intdel.exe1 00  7Spyware 01
113Inet Delivery0 12intdel_2.exe1 00  7Spyware 01
324Intense Registry Service0 19IntEdReg.exe /CHECK2 00 51Intense Educational Ltd - Language Office Software.25http://www.intense.co.uk/0
018ILO_Office_Manager0 20IntEdReg.exe /OFFMAN2 00  025http://www.intense.co.uk/0
111Windows Fix0 13integator.exe1 00 28Added by the SDBOT.ZAB WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.ZAB0
111intel32.exe0 11intel32.exe1 00 60Added by a variant of the SmitFraud alias  FAKEALE-C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojfakealec.html0
112intell32.exe0 12intell32.exe1 00115Added by the Trojan.Desktophijack.C trojan. This infection modifies the Windows desktop to display a false warning.83http://www.sarc.com/avcenter/venc/data/trojan.desktophijack.c.html#technicaldetails0
113intell321.exe0 13intell321.exe1 00150Installed by various Smitfraud variants to issue fake task bar security alerts stating that you are infected and need a special software to remove it. 01
118intelliflag_be.exe0 18Intelliflag_be.exe1 00 42Added by the  Spyware.Intelliflag SPYWARE!80http://securityresponse.symantec.com/avcenter/venc/data/spyware.intelliflag.html0
3 8IntelMEM0 12IntelMEM.exe1 00321Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line 01
3 8IntelMeM0 12IntelMEM.exe111HKEY_LM\Run0101Intel Modem Event Monitor Application 0, 1, 0, 10, Intel Corporation. Modem Event Monitor Application39http://www.absolutestartup.com/startup/1
328Intel Product Number Utility0 23IntelProcNumUtility.exe1 00284Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here58http://www.intel.com/support/processors/pentiumiii/psu.htm0
113Local Service0 11Intenat.exe1 00131Added by the Troj/Nuclear-J backdoor Trojan. This infection also creates a file called Notepad.txt in your Windows %System% folder.58http://www.sophos.com/virusinfo/analyses/trojnuclearj.html0
1 9InterBase0 13INTERBASE.EXE1 00 45Added by the Troj/RemShell-B backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojremshellb.html0
114SecurityCenter0 13INTERBASE.EXE1 00  059http://www.sophos.com/virusinfo/analyses/trojremshellb.html0
1 8Interdll0 12Interdll.exe1 00 36Added by the DELF family of TROJANS!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.family.html0
1 8internat0 12internat.dic1 00 37Added by the Backdoor.Djump backdoor.58http://www.sarc.com/avcenter/venc/data/backdoor.djump.html0
212internat.exe0 12internat.exe1 00 38Language selection icon in system tray 01
212Internat.exe0 12Internat.exe111HKEY_CU\Run0120Microsoft(R) Windows (R) 2000 Operating System 5.00.2920.0000, Microsoft Corporation. Keyboard Language Indicator Applet39http://www.absolutestartup.com/startup/1
1 6CnsMax0 12Internat.exe1 00192Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%64http://www.symantec.com/avcenter/venc/data/backdoor.pointex.html0
1 8internat0 12internat.exe1 00192Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%56http://www.sophos.com/virusinfo/analyses/trojlydraf.html0
112Internat.exe0 12internat.exe1 00230Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.netsnake.html0
119Network Connections0 12internat.exe1 00149Added by Troj/VB-ZD along with another file run from the system folder, "Path to Trojan/rundll32.exe", named Background Intelligent Transfer Service.54http://www.sophos.com/virusinfo/analyses/trojvbzd.html0
1 7SVCHOST0 12internat.exe1 00 35Added by the Backdoor.AntiLam.20.K.65http://www.sarc.com/avcenter/venc/data/backdoor.antilam.20.k.html0
123Windows Taskbar Manager0 12internat.exe1 00 30Added by the PROTORIDE-H WORM!59http://www.sophos.com/virusinfo/analyses/w32protorideh.html0
110internat320 14internat32.exe1 00 45Added as result of a  Octa-B trojan infection55http://www.sophos.com/virusinfo/analyses/trojoctab.html0
326Internet DVR Control Panel0 30Internet DVR Control Panel.exe222StartUp menu\All users0 87ProDVD Control Panel Application 1, 105, 2, 409, . ProDVD Control Panel MFC Application39http://www.absolutestartup.com/startup/1
112blah service0 12internet.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8Internet0 12Internet.exe1 00 12Added by the69Troj/Singu-I. It will steal passwords and listen for remote commands.0
117Internet Explorer0 12Internet.exe1 00 44Added by the Troj/Feutel-AA backdoor Trojan.58http://www.sophos.com/virusinfo/analyses/trojfeutelaa.html0
117Internet Linkwork0 12Internet.exe1 00 35Added by the Troj/Agent-AMU Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentamu.html0
117Internet Services0 12internet.exe1 00131Added by the W32/Mytob-AU worm.  This infection connects to an IRC server on startup where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobau.html0
112Internet.exe0 12Internet.exe1 00 29Added by the MAGICCALL VIRUS!74http://securityresponse.symantec.com/avcenter/venc/data/w32.magiccall.html0
114Micrcoft Updat0 12Internet.exe1 00132Added by the W32/Rbot-ANA worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotana.html0
121NetworkAssociates Inc0 12internet.exe1 00 26Added by the LOVGATE WORM!80http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html0
1 6Runtt10 12Internet.exe1 00 74Added by the Troj/Lineage-Q password stealing trojan for the game Lineage.58http://www.sophos.com/virusinfo/analyses/trojlineageq.html0
1 8tdongbot0 12Internet.exe1 00138Added by the Backdoor.Sdbot.AS worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.61http://www.sarc.com/avcenter/venc/data/backdoor.sdbot.as.html0
126Windows connection manager0 12Internet.exe1 00133Added by the W32/Rbot-APN worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotapn.html0
324True Internet Color Icon0 17internetcolor.exe1 00270Part of Colorific &amp; 3Deep from LightSurf Technologies (nee E-Color). &quot;With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images&quot;34http://www.colorific.com/index.htm0
110IEFeatures0 20Internetfeatures.exe1 00 63Added by the POPMON.A TROJAN! - also known as PopMonster adware77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 9MSVersion0 20INTERNETFEATURES.exe1 00  077http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
1 9MSVersion0 20INTERNETFEATURES.exe1 00  077http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POPMON.A0
112ControlPanel0 46internst32.exe internet.dll,LoadNetworkProfile2 00 41Added by the Adware.StartPage.B hijacker.62http://www.sarc.com/avcenter/venc/data/adware.startpage.b.html0
112ControlPanel0 50internst32.exe internet.dll,LoadNetworkProfile</a>2 00 41Added by the Adware.StartPage.B hijacker.62http://www.sarc.com/avcenter/venc/data/adware.startpage.b.html0
1 7Internt0 11Internt.exe1 00 41Added by the PEEPER or CARUFAX.A TROJANS!76http://securityresponse.symantec.com/avcenter/venc/data/backdoor.peeper.html0
117internet services0 13interserv.exe1 00 28Added by the  RBOT.BNT WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BNT&VSect=P0
115intersoft msngr0 18intersoftmsngr.exe1 00 33Added by the  W32/AGOBOT-NW WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotnw.html0
116Internet Service0 12intersvc.exe1 00 28Added by the SPYBOT-DE WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotde.html0
3 9InterWARN0 13interwarn.exe1 00250InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start - Programs39http://www.interwarn.com/interwarn.html0
113[random name]0 12intfaxui.exe1 00 37Added by the Spyware.Apropos spyware.59http://www.sarc.com/avcenter/venc/data/spyware.apropos.html0
1 7Classes0  8intl.exe1 00 28Switch adult content dialler57http://www.sophos.com/virusinfo/analyses/dialswitchb.html0
1 6Intmgr0 10Intmgr.exe1 00 25Added by the GEMA TROJAN!72http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html0
1 7intnets0 11intnets.exe1 00 81Added by the Adware.Adtest browser hijacker.  Found in the Windows system folder.57http://www.sarc.com/avcenter/venc/data/adware.adtest.html0
112The Intranet0 12intranet.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 7Gremlin0 12intrenat.exe1 00 28Added by the DOOMJUICE WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html0
1 8Intrenat0 12Intrenat.exe1 00 48Added by the LEMIR.E and Troj/LegMir-AC TROJANS!76http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.e.html0
424Norton Personal Firewall0 12IntroWiz.exe1 00 60Part of Norton Personal Firewall or Norton Internet Security 01
139Generic Host Process for Win32 Services0 11intspvc.exe1 00 27Added by the DINFOR.D WORM!78http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.d.worm.html0
114InvisibleDrvNT0 18InvisibleDrvNT.sys1 00111Added by the Troj/Haxdor-Fam Trojan.  This driver utilizes rootkit stealthing technology to hide other malware.59http://www.sophos.com/virusinfo/analyses/trojhaxdorfam.html0
4 5RunCA0 14InvokeSvc3.exe1 00 77Wireless-G USB Wireless Network Adapter related - would appear to be required 01
4 9wusb54gv20 14InvokeSvc3.exe1 00 77Wireless-G USB Wireless Network Adapter related - would appear to be required 01
1 4invy0  8invy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 4iobi0 14iobiClient.exe1 00 41iobi_Home a mail/voice service by Verizon35https://www22.verizon.com/iobihome/0
4 8checkvcr0 11IOMagic.exe1 00 61Driver for the  I/OMagic Personal Video Recorder (DR-PCTV100)23http://www.iomagic.com/0
311Iomon98.exe0 11Iomon98.exe1 00 74PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang 01
1 9[unknown]0  7ION.EXE1 00202Added by the W32/Sdbot-ID worm. When started this infection connects to an IRC server where it waits for remote commands.  This program will log keystrokes to a file called c:\windows\system\keylog.txt.56http://www.sophos.com/virusinfo/analyses/w32sdbotid.html0
1 4ioud0  8ioud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212Iomega Watch0 11IOWATCH.EXE1 00 53Used by Iomega drives. Available via Start - Programs 01
1 6ioyccp0 10ioyccp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311iProtectYou0  6ip.exe1 00 81iProtectYou - internet filtering/parental control and network monitoring software39http://www.softforyou.com/ip-index.html0
1 2IP0  6IP.EXE1 00 31Added by a WORM, W32/Agobot-QO.57http://www.sophos.com/virusinfo/analyses/w32agobotqo.html0
1 6Ip4Sec0  6ip.sys1 00 60Added by the Trojan.Satiloler.E information-stealing Trojan.79http://www.sarc.com/avcenter/venc/data/trojan.satiloler.e.html#technicaldetails0
122Configuration Loader100  7ip7.exe1 00  8Added by15W32/Agobot-ANZ.0
114IPC Connection0 11ipcconn.exe1 00133Added by the W32/Rbot-AEG worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaeg.html0
1 9ipcfg.exe0  9ipcfg.exe1 00 79Adware - recognized by McAfee antivirus as a variant of the AdClicker-BM trojan54http://vil.mcafeesecurity.com/vil/content/v_130215.htm0
111Reg Service0  9ipcfg.exe1 00122Added by the W32/Agobot-SO worm. When started this infection connects to an IRC server where it waits for remote commands.57http://www.sophos.com/virusinfo/analyses/w32agobotso.html0
138internet protocol configuration loader0 10ipcl32.exe1 00 27Added by the  SDBOT TROJAN!75http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html0
115IPInSightLAN 010 12ipclient.exe1 00229Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resource - hence the "X" status34http://www.dslreports.com/faq/12470
315IPInSightLAN 010 15IPClient.exe -l211HKEY_LM\Run0 68Visual IP InSight 5.5.100.92, Visual Networks. IP Session Statistics39http://www.absolutestartup.com/startup/1
115IPInSightLAN 010 15IPClient.exe -l2 00 66Visual IP InSight 5.8.0.13, Visual Networks. IP Session Statistics 01
1 6IpCtrl0 11ipcon32.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN! 01
1 7IPtable0 14ipconfig32.exe1 00134Added by the W32/Tilebot-AP worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.58http://www.sophos.com/virusinfo/analyses/w32tilebotap.html0
121Windows driver update0 14Ipconfig32.exe1 00121Added by the W32/Sdbot-JV worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotjv.html0
1 8IPConfig0 13ipconfigs.exe1 00 48Added by the Backdoor.Hacarmy.C backdoor trojan.62http://www.sarc.com/avcenter/venc/data/backdoor.hacarmy.c.html0
1 9(Default)0 11ipconfx.exe1 00 33Added by the Troj/Sharp-M Trojan.56http://www.sophos.com/virusinfo/analyses/trojsharpm.html0
116Logitech Desktop0 10IPCONN.EXE1 00 51Added by the W32/Sdbot-WE WORM/IRC backdoor Trojan!56http://www.sophos.com/virusinfo/analyses/w32sdbotwe.html0
1 4ipcp0  8ipcp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3ipf0  7ipf.exe1 00 47Added by the Troj/DwnLdr-BWA downloader Trojan.59http://www.sophos.com/virusinfo/analyses/trojdwnldrbwa.html0
3 5wfips0 11iphider.exe1 00249ICQ (messaging/chat program) anti-bomb software. &quot;WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed.&quot; For more information about ICQ bombs see here39http://www.yammie.cc/ibinfo/ibinfo8.asp0
1 9ipmon.exe0  9ipmon.exe1 00 37Added by the RECERV or R3C.B TROJANS!63http://www.symantec.com/avcenter/venc/data/backdoor.recerv.html0
219IPInSightMonitor 010 11ipmon32.exe1 00151Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information34http://www.dslreports.com/faq/12470
219IPInSightMonitor 010 11IPMon32.exe1 00 57Visual IP InSight 5.5.33.226, Visual Networks. IP Monitor 01
1 7Ipnuker0 11Ipnuker.vbs1 00135Added by the VBS.Inker.B@mm mass-mailing worm.  This worm will also swap your mouse buttons, change icons, and lower security settings.75http://www.sarc.com/avcenter/venc/data/vbs.inker.b@mm.html#technicaldetails0
311iPodManager0 15iPodManager.exe1 00135Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods 01
212iPod Service0 15iPodService.exe1 00107This service is used by Itunes for using your Ipod.  If you do not use Itunes you can disable this service. 01
116ipod usb service0 15iPODService.exe1 00271Added by a variant of the  WIN32.RBOT WORM! -  Do NOT confuse with the Apple iPod process of the same name.  The legitimate iPod file will always be located in the Program FilesiPodbin folder,  and is implemented as a system service,  thus NOT listed in Msconfig/Startup!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115ipod usb driver0 11IPODUSB.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
011iPodWatcher0 15iPodWatcher.exe1 00 76Associated with Apple's iPod MP3 player. Detects when the iPod is connected? 01
1 5ipreg0  9ipreg.exe1 00 53Added by the Troj/Zagaban-H password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojzagabanh.html0
1 77sFf38T0 11iprentr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
211iprint tray0 12iprntctl.exe1 00132Novell®  iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net.62http://www.novell.com/products/netware/printing/quicklook.html0
112Policy Agent0  9ipsec.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
319windows ip security0  9ipsec.exe1 00130Related to the  VPN_IPSec_utility Used to create Security Policy (SP) entries and Security Association (SA) entries in the kernel.61http://research.microsoft.com/msripv6/docs/ipsec/ipsec_ut.htm0
311ipsecdialer0 52IPSECD~1.EXE -run_only_if_connected -auto_initiation2 00 92The Cisco  VPN_Client lets local users gain Administrator privileges on the operating system54http://www.cisco.com/en/US/products/sw/secursw/ps2308/0
324Cisco Systems VPN Client0 15ipsecdialer.exe1 00 89Cisco VPN Client - lets local users gain Administrator privileges on the operating system54http://www.cisco.com/en/US/products/sw/secursw/ps2308/0
324Cisco Systems VPN Client0 40ipsecdialer.exe "-run_only_if_connected"2 00 81Cisco Systems VPN Client 3.5.2 (C), Cisco Systems, Inc.. Cisco Systems VPN Client 01
324Cisco Systems VPN Client0 59ipsecdialer.exe "-run_only_if_connected" "-auto_initiation"2 00 81Cisco Systems VPN Client 3.6.6 (A), Cisco Systems, Inc.. Cisco Systems VPN Client 01
4 8IPSecMon0 12IPSecMon.exe1 00177Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet84http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp0
1 8IP Stack0 11ipstack.exe1 00 28Added by the AGOBOT.CW WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW0
1 4Iinl0  8iptl.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
2 3IPW0  7IPW.exe1 00  2?? 01
1 4IPFW0  8ipwf.exe1 00 36Added by the Troj/Dloader-UC Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderuc.html0
112Client Agent0 12ipxwping.exe1 00 43Added by the Troj/PPdoor-N backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojppdoorn.html0
1 5iprun0  7iPY.exe1 00 30Added by  iProtectYou SPYWARE!80http://securityresponse.symantec.com/avcenter/venc/data/spyware.iprotectyou.html0
2 8IQES.exe0  8iqes.exe1 00  2?? 01
138{70fbd528-2d3c-4a00-9b8c-bbf441e534be}0  8iqzv.dll1 00161A file used by the rogue antispyware app, SpyFalcon, to issue fake security alerts on your taskbar.br /br /Uses CLSID: b{70fbd528-2d3c-4a00-9b8c-bbf441e534be}/b.65http://www.bleepingcomputer.com/startups/SpyFalcon.exe-14415.html0
1 6ir_ftp0 10ir_ftp.exe1 00 26Added by the IRFTP TROJAN!74http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.irftp.html0
1 8irassync0 12irasyncd.exe1 00 29Added by  Adw.NewAds.IRASSync95http://research.sunbelt-software.com/threat_display.cfm?name=Adw.NewAds.IRASSync&threatid=426240
113IRBMe Sucks!!0  9IRBMe.exe1 00133Added by the W32/Randex-Y worm. When started, this infection connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32randexy.html0
128Randex virus built for IRBMe0  9irbme.exe1 00 28Added by the RANDEX.RH WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.rh.html0
4 6IREIKE0 10IreIKE.exe1 00177Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet84http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp0
317Infra-red Monitor0  9IRMON.EXE1 00 86System Tray access to infra-red devices. Not required unless you use infra-red devices 01
3 5IrMon0  9IRMON.EXE1 00 86System Tray access to infra-red devices. Not required unless you use infra-red devices 01
111ssgrate.exe0  8irun.exe1 00 33Added by the MITGLIEDER.D TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.d.html0
1 9ssate.exe0  9irun4.exe1 00 27Added by the BEAGLE.J WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html0
111ssgrate.exe0  9irun4.exe1 00 33Added by the MITGLIEDER.F TROJAN!80http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.f.html0
1 5irvvm0  9irvvm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ir_ftp0 10irwftp.exe1 00 29Added by the BANCOS.H TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.h.html0
3 6IrXfer0 10IrXfer.exe1 00 39Microsoft Infrared Transfer application 01
311Info Select0  6is.exe1 00 59Info Select from Micro Logic - personal information manager32http://www.miclog.com/isover.htm0
4 9STOPzilla0 16IS3WLHandler.dll1 00 18Part of STOPzilla.25http://www.stopzilla.com/0
116Microsoft Update0  8Isac.exe1 00 26Added by the RBOT-AU WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotau.html0
4 7CAISafe0  9isafe.exe1 00 46Part of Computer Associates eTrus EZ Antivirus49http://www1.my-etrust.com/products/Antivirus.cfm?0
316ISAM SMT Service0 11isamsmt.exe111HKEY_LM\Run0 541.00, IBM Global Services. ISAM Software Metering Tool39http://www.absolutestartup.com/startup/1
1 4Anti0  9ISASS.EXE1 00 31Added by the W32/Bropia-M worm. 01
1 9GLSetIT320  9isass.exe1 00 43Added by a variant of the OPTIX PRO TROJAN!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=394820
1 5Isass0  9Isass.exe1 00 26Added by the FUTRO TROJAN!62http://www.symantec.com/avcenter/venc/data/backdoor.futro.html0
123microsoft hosts service0  9Isass.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
119microsoft ie sasser0  9ISASS.EXE1 00 28Added by the  SDBOT.MX WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MX&VSect=P0
1 6NvMsnW0  9Isass.exe1 00 31Added by the W32/Bropia-M worm.56http://www.sophos.com/virusinfo/analyses/w32bropiam.html0
1 6NvMsnW0  9Isass.exe1 00 31Added by the W32/Bropia-M worm.56http://www.sophos.com/virusinfo/analyses/w32bropiam.html0
1 4boby0  9Isass.scr1 00 53Added by the Troj/Bancban-OH Internet banking Trojan.59http://www.sophos.com/virusinfo/analyses/trojbancbanoh.html0
1 7lsass320 11Isass32.exe1 00 32Added by the  W32.KELVIR.M WORM!60http://www.symantec.com/avcenter/venc/data/w32.kelvir.m.html0
1 8LSASS 320 11ISASS32.pif1 00 38Added by the W32/Assiral-C email worm.57http://www.sophos.com/virusinfo/analyses/w32assiralc.html0
112MSControl3d10 10isasse.exe1 00133Added by the W32/Rbot-APE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotape.html0
425microsoft firewall client0 11ISATRAY.EXE1 00 49MS Internet Security and Acceleration Server 2000 01
424MICROSOFT FIREWALLCLIENT0 11ISATRAY.EXE1 00 49MS Internet Security and Acceleration Server 2000 01
010isbmgr.exe0 10ISBMgr.exe1 00 66Belongs to Sony's ISB Utility. what does it do and is it required? 01
310ISBMgr.exe0 10ISBMgr.exe111HKEY_LM\Run0 44ISB Utility 1, 0, 0, 2180, Sony Corporation.39http://www.absolutestartup.com/startup/1
2 6isdbdc0 10isdbdc.exe1 00 91For Compaq PC's. May install properties in dial-up networking when you register with an ISP 01
410isDeleteMe0  9isDel.bat1 00115Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product. 01
1 4hsim0 11isearch.exe1 00 20Unidentified malware 01
110SystemInit0 10iservc.exe1 00 25Added by the FIZZER WORM!79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html0
1 3cms0 11iserver.exe1 00 36Added by the Troj/Dloader-WK Trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderwk.html0
1 6zsmsgs0 12iservice.exe1 00 35Added by the Troj/Bancos-BU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosbu.html0
1 6xevivi0 11isesobo.exe1 00134Added by the W32/Sdbot-US trojan.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotus.html0
3 7ishield0 11iShield.exe1 00109GuardWare  iShield blocks pornographic images when you surf the Internet on your computer using a web browser50http://www.guardwareinc.com/ishield/isaboutus.html0
138{2250D9C6-4CC7-4826-8EFD-1D04AFC7F7F0}0 10ISiNET.DLL1 00 98Added by the Troj/DelfDrop-A Trojan.br /br /Uses CLSID: b{2250D9C6-4CC7-4826-8EFD-1D04AFC7F7F0}/b.59http://www.sophos.com/virusinfo/analyses/trojdelfdropa.html0
2 8ISLP2STA0 12ISLP2STA.EXE1 00102Possibly a left over from Windows Update for wireless NIC (maybe Linksys) drivers? Not required though 01
114Regional Value0  8isng.exe1 00134Added by the W32/Sdbot-OW worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotow.html0
313ServiceConfig0 10ispbeg.exe1 00225Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation 01
012News Service0 11ispnews.exe1 00 27F-Secure antivirus related.44http://www.f-secure.com/solutions/home.shtml0
210isreminder0 11ISPopup.exe1 00117Related to GuardWare  iShield - this is the registration reminder for the trial version,  so not required in startup.41http://castlecops.com/s11820-iShield.html0
1 9ISPSystem0 14ISPSupport.exe1 00 60Added by the W32Mytob-HH mass-mailing worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32mytobhh.html0
3 7iSpyNOW0 11ispynow.exe1 00 53iSpyNOW - remote monitoring and surveillance software23http://www.ispynow.com/0
1 7Israfel0 11Israfel.vbs1 00 40Added by the GAGGLE.D or GAGGLE.E WORMS!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html0
423Internet Sharing Server0 12iss_srvr.exe1 00126a target="_blank" href="http://www.intel.com/products/desk_lap/hm_sm_office/index.htm"Intel AnyPoint internet sharing software 01
213ISUSScheduler0  9issch.exe1 00162InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version 01
213ISUSScheduler0 16issch.exe -start2 00110InstallShield Update Service 4, 50, InstallShield Software Corporation. InstallShield Update Service Scheduler 01
111issenc32svr0 12issEnc32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
321ISSI EZUpdate Service0 12issimsvc.exe111HKEY_LM\Run0 482.06, IBM Global Services. ISSI EZUpdate Service39http://www.absolutestartup.com/startup/1
3 7ISStart0 11ISStart.exe1 00357LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation 01
321LogitechGalleryRepair0 11ISStart.exe1 00357LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation 01
319LogitechVideoRepair0 11ISStart.exe1 00  0 01
321LogitechGalleryRepair0 11ISStart.exe111HKEY_LM\Run0 82Logitech QuickCam 8.2.0.1192, Logitech Inc.. Logitech QuickCam Startup Application39http://www.absolutestartup.com/startup/1
319LogitechVideoRepair0 11ISStart.exe111HKEY_LM\Run0 82Logitech QuickCam 8.4.1.1092, Logitech Inc.. Logitech QuickCam Startup Application39http://www.absolutestartup.com/startup/1
4 5ISSVC0  9ISSVC.exe1 00 38Part of Norton Internet Security Suite 01
121istinstall_zazzer.exe0 21istinstall_zazzer.exe1 00 40Unidentified adware downloader/installer 01
111IST Service0 10istsvc.exe1 00 16ISTBar foistware43http://www.doxdesk.com/parasite/ISTbar.html0
214ISUSPM Startup0 10ISUSPM.exe1 00162InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version 01
214ISUSPM Startup0 19isuspm.exe -startup2 00115InstallShield Update Service 4, 50, InstallShield Software Corporation. InstallShield Update Service Update Manager 01
1 6System0  8ISVC.EXE1 00 12Added by the23Troj/LdPinch-AZ trojan.0
213DigitalWizard0 12ISWizard.exe1 00131InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content 01
1 7isyckdo0 11isyckdo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7isystem0 11isystem.exe1 00 44Added by the Troj/Chorus-A browser hijacker.57http://www.sophos.com/virusinfo/analyses/trojchorusa.html0
110Win System0 14IsysUninst.exe1 00 52Added by the Troj/Banker-IJ Internet banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerij.html0
222InterTrust Quick Start0 12it_cpq~1.exe1 00135InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business36http://www.intertrust.com/index.html0
120Notification Utility0 10itbill.exe1 00 36Identified by Dr.Web as Adware.Fuel. 01
310IRPMonitor0 11itcnmon.exe1 00  2?? 01
1 7Systems0  9itDDD.exe1 00 46Added by the Troj/Dloader-P downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderpp.html0
1 8itgxdsqm0 12itgxdsqm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
314Internet Timer0 10ITIMER.exe1 00 62Shareware dial-up connection call cost calculator from Ratsoft35http://www.ratsoft.freeserve.co.uk/0
3 3Itk0  7Itk.exe1 00151In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it32http://www.itksoft.com/index.asp0
316Praize Messenger0 10itLoad.exe1 00 92a target="_blank" href="http://www.praize.com/IM/"Praize IM Christian chat instant messenger 01
3 6ITouch0 10iTouch.exe1 00 50iTouch 2.22.289, Logitech Inc.. iTouch Application 01
3 6iTouch0 10iTouch.exe1 00318iTouch loads the iTouch configuration program for Logitech keyboards. It’s needed if your keyboard has shortcut buttons and if you use them. It’s also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock 01
317zBrowser Launcher0 10iTouch.exe1 00193For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them 01
317zBrowser Launcher0 10iTouch.exe111HKEY_LM\Run0 50iTouch 2.22.289, Logitech Inc.. iTouch Application39http://www.absolutestartup.com/startup/1
319ItsDeductible7PopUp0 16ItsD7.exe  PopUp222StartUp menu\All users0 33ItsDeductible 7.02, Intuit, Inc..39http://www.absolutestartup.com/startup/1
218ItsDeductiblePopUp0 17ItsDeductible.exe1 00225ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip30http://www.itsdeductible2.com/0
1 4itsh0  8itsh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ITUNES0  9itune.exe1 00 50Added by the W32/Rbot-ZU WORM/IRC backdoor Trojan!55http://www.sophos.com/virusinfo/analyses/w32rbotzu.html0
1 6itunes0 10itunes.exe1 00251Added by a variant of the  WIN32.RBOT WORM! - NOTE -  this file will be placed in de Windows\System32 or Winnt\System32 folder,  and should NOT be confused with the (legitimate) Apple iTunes process,  always located in the Program Files\iTunes folder.64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8itunesff0 12itunesff.exe1 00 64Identified by NOD32 as the Win32/Dialer.EB adult premium dialer. 01
313iTunes Helper0 16iTunesHelper.exe1 00219Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation 01
413iTunes Helper0 16iTunesHelper.exe1 00219Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation 01
412ituneshelper0 16iTunesHelper.exe1 00  0 01
111iTunesMusic0 15iTunesMusic.exe1 00 91Added by the W32.Spybot.NLX worm.  This worm also has rootkit functionality to hide itself.61http://www.sarc.com/avcenter/venc/data/pf/w32.spybot.nlx.html0
118information update0  6iu.exe1 00 70Reported by Kaspersky Anti-Virus as Downloader.Win32.Centim.ch TROJAN! 01
1 7iuqjqxt0 11iuqjqxt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5iuvuc0  9iuvuc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
112W32/Rbot-BJN0 10ivhost.exe1 00 48Added by the W32/Rbot-BJN worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbjn.html0
1 5ivooo0  9ivooo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
213ivpservicemgr0 12ivpsvmgr.exe1 00290Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray.  This is Toshiba’s equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates.  Not required. 01
3 3IVt0  7IVt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119Internet Washer Pro0  6iw.exe1 00155Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 200330http://www.internetwasher.com/0
117InternetWasherPro0  6iw.exe1 00155Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 200330http://www.internetwasher.com/0
213eWare Startup0 14iWareStart.exe1 00 34eWare iWare task bar. Not required36http://www.eware.com/about/index.asp0
3 9ISDNwatch0 10IWatch.exe1 00263FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"63http://www.avm.de/en/press/announcements/2003/2003_05_19_1.php30
3 9ISDNWatch0 10IWatch.exe1 00 48ISDNWatch 2.01.21, AVM Berlin. ISDNWatch Monitor 01
316IW ControlCenter0 10iwctrl.exe1 00269Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis27http://www.pinnaclesys.com/0
3 6iwctrl0 10iwctrl.exe1 00  027http://www.pinnaclesys.com/0
110StartupBin0 12iwnujdss.exe1 00 31Added by the W32/Sdbot-XZ worm.56http://www.sophos.com/virusinfo/analyses/w32sdbotxz.html0
1 3Sts0 13iwnujdss2.exe1 00121Added by the W32/Sdbot-YI worm. When started this infection connects to an IRC server where it waits for remote commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotyi.html0
1 6iwvipp0 10iwvipp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
214Camio Viewer x0 12IXApplet.exe1 00148Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version 01
312Camio Viewer0 15IXApplet.exe -s222StartUp menu\All users0 53Camio Viewer 1.0.0 (440), Jasc Software. Camio Viewer39http://www.absolutestartup.com/startup/1
317wextract_cleanup00 10IXP000.TMP115HKEY_LM\RunOnce0 94Microsoft® Windows® Operating System 5.1.2600.2180, Microsoft Corporation. Run a DLL as an App39http://www.absolutestartup.com/startup/1
114scvhost loader0 11ixplore.exe1 00 29Added by the SDBOT-CY TROJAN!57http://www.sophos.com/virusinfo/analyses/trojsdbotcy.html0
119system restore dlls0 12ixplorer.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
1 8ixplores0 12ixplores.exe1 00152Added by the W32/SdBot-CE backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotce.html0
1 7ixproxy0 11ixproxy.exe1 00 40Added by the Troj/Xorpix-A proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojxorpixa.html0
1 5ixwpr0  9ixwpr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7iydmdxl0 11iydmdxl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6N2913c0 13j[RANDOM].exe1 00 50Added by the W32.Rontokbro.X@mm mass-mailing worm.79http://www.sarc.com/avcenter/venc/data/w32.rontokbro.x@mm.html#technicaldetails0
1 7Jufualt0  6j2.exe1 00 49Added by the W32/Sdbot-ALJ worm and IRC backdoor.57http://www.sophos.com/virusinfo/analyses/w32sdbotalj.html0
311efax dllcmd0 13J2GDllCmd.exe1 00 27eFax_Messenger fax software52http://www.efax.com/en/efax/twa/page/download?rqcp=10
315eFax DllCmd 3.50 16J2GDllCmd.exe /R222StartUp menu\All users0 99eFax Messenger (tm) 3.5.231.0, j2 Global Communications, Inc.. eFax Messenger - DLL Command Utility39http://www.absolutestartup.com/startup/1
314efax tray menu0 11J2GTray.exe1 00 37eFax_Messenger fax software tray menu52http://www.efax.com/en/efax/twa/page/download?rqcp=10
318eFax Tray Menu 3.50 11J2GTray.exe122StartUp menu\All users0 84eFax Messenger (tm) 3.5.231.0, j2 Global Communications, Inc.. eFax Messenger - Tray39http://www.absolutestartup.com/startup/1
1 9[unknown]0 10JACFG2.EXE1 00237Added by the  W32/Rbot-AL trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  This infection also attempts to terminate known AV software so that it remains undetected.55http://www.sophos.com/virusinfo/analyses/w32rbotal.html0
114ja cfg util v20 10jacfg2.exe1 00 31Added by the  W32/RBOT-AL WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotal.html0
115[various names]0 10JAguAr.exe1 00 89TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here44http://www.doxdesk.com/parasite/WareOut.html0
138(78E611A2-E484-4A0D-811E-C40100A3F452)0 10jajlee.dll1 00 96Added by the Troj/Fasong-B Trojan.br /br /Uses CLSID: b(78E611A2-E484-4A0D-811E-C40100A3F452)/b.57http://www.sophos.com/virusinfo/analyses/trojfasongb.html0
3 6Jammer0 10jammer.exe1 00223Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"39http://www.agnitum.com/products/jammer/0
1 9Jammer2nd0 13Jammer2nd.exe1 00 27Added by the NETSKY.Z WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.z@mm.html0
2 4BKxW0 10jamtku.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118*JanisRuckenbrodII0  9janis.com1 00 23Added by the POPS WORM!69http://securityresponse.symantec.com/avcenter/venc/data/w32.pops.html0
127Microsoft Word Profissional0 22Java Plug In close.exe2 00 53Added by the Troj/Banker-EL password-stealing trojan.58http://www.sophos.com/virusinfo/analyses/trojbankerel.html0
1 6JavaVM0  8java.exe1 00249Added by the MYDOOM.M or MYDOOM.N WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html0
133Microsoft Synchronization Manager0  8java.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
115Service Monitor0 12javams32.exe1 00 42Added by the Troj/Delf-NK backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojdelfnk.html0
115Service Monitor0 12javams64.exe1 00133Added by the W32/Sdbot-AFO worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotafo.html0
118SunJavaUpdateSched0 10javamx.exe1 00 31Added by the W32/Sdbot-WI WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotwi.html0
114JavaPlatform640 12JavaPlatform1 00 41Added by the W32/Kassbot-M backdoor worm.57http://www.sophos.com/virusinfo/analyses/w32kassbotm.html0
1 8Etraffic0 11JavaRun.exe1 00 32Marketing software from TopMoxie24http://www.etraffic.com/0
1 8topmoxie0 11JavaRun.exe1 00  024http://www.etraffic.com/0
126Enables Javascript Support0 14javascript.exe1 00 31Added by the W32/Codbot-V worm.56http://www.sophos.com/virusinfo/analyses/w32codbotv.html0
210javate.exe0 10javate.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111Java applet0 10javaup.exe1 00133Added by the W32/Sdbot-ACF worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotacf.html0
130Microsoft Java Virtual Machine0 10javavm.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
2 8Swap Nut0  9javaw.exe1 00233SwapNut is a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network 01
120java virtual machine0  9javaw.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6jawa320 10jawa32.exe1 00 27Added by the AGENT.BG WORM!71http://www.liutilities.com/products/wintaskspro/processlibrary/aqadcup/0
1 7jawa3220 10jawa32.exe1 00 51Added by a variant of the  Backdoor.Agent.bg trojan70http://www.liutilities.com/products/wintaskspro/processlibrary/jawa32/0
1 9jb???.exe0  9jb???.exe1 00 85The ??? in the file name are three random letters.  Added by the Troj/Jubik-A Trojan.56http://www.sophos.com/virusinfo/analyses/trojjubika.html0
1 4jbny0  8jbny.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111JC Services0 11jcsvc32.exe1 00142Added by the W32/Sdbot-TT network worm.  When the infection starts it connects to an IRC server where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbottt.html0
124Service Registry NT Save0 13jdbgmgrnt.exe1 00 35Added by the Troj/Bancos-CG TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancoscg.html0
1 7MSAdmin0 11jdbgmrg.exe1 00 86Added by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.A0
1 9MSConfigr0 11jdbgmrg.exe1 00 86Added by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DASMIN.C0
1 4jejl0  8jejl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 1a0  9jesse.exe1 00 29Added by the W32/Melo-A worm.54http://www.sophos.com/virusinfo/analyses/w32meloa.html0
314Jet-PhotoShell0  9JetPS.exe125StartUp menu\Current user0 92Jet-Photo Shell 1.2, COWON System, Inc.. Jet Photo Shell - Shell Extension for Digital Image39http://www.absolutestartup.com/startup/1
310jetToolBar0  9JetTB.exe122StartUp menu\All users0 49jetToolBar 3, 8, 0, 0, JetAudio, Inc.. jetToolBar39http://www.absolutestartup.com/startup/1
1 3Bfu0  7Jfk.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 8jftkdomr0 12jftkdomr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Pfk0  7Jgk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jgvadmp0 11jgvadmp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4jidr0  8jidr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4jier0  8jier.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7WINDOWS0  7jif.exe1 00133Added by the WORM_MYTOB.NE worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ENE&VSect=T0
2 2JB0 12Jiffybar.exe1 00 44&quot;Get Paid As You surf&quot; application 01
1 8jihkcpqh0 12jihkcpqh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Hqd0  7Jjd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
122msjava critical update0 11jjfixer.exe1 00 37Troj/Hector-A is a downloader Trojan.57http://www.sophos.com/virusinfo/analyses/trojhectora.html0
1 6jjuams0 10jjuams.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6jjvtjx0 10jjvtjx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Fsn0  7Jkf.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 5jkhhg0  9jkhhg.dll1 00 35Added by the Troj/ConHook-N Trojan.58http://www.sophos.com/virusinfo/analyses/trojconhookn.html0
124Daemons Updates Services0  8jkiw.exe1 00108Added by the W32/Rbot-RJ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrj.html0
138(78E611A2-E484-4A0D-811E-C40100A3F452)0  9jknla.dll1 00 96Added by the Troj/Fasong-C Trojan.br /br /Uses CLSID: b(78E611A2-E484-4A0D-811E-C40100A3F452)/b.57http://www.sophos.com/virusinfo/analyses/trojfasongc.html0
1 3Qnu0  7Jkv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6jmegom0 10jmegom.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
311Creata Mail0 10JMSrvr.exe1 00131Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express41http://www.bluemountain.com/mail/index.pd0
1 8jnambuqc0 12jnambuqc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6jnjljy0 10jnjljy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jnwknod0 11jnwknod.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
310JobHisInit0 14JobHisInit.exe1 00 73Used by Ricoh network printers to enable network printing from the client 01
3 9Jog Serve0 12JogServ2.exe1 00124Jog Dial on a Sony Vaio laptop.  The dial can select various functions such as control audio. Needed if you use its features 01
3 8JogServ20 12JogServ2.exe1 00124Jog Dial on a Sony Vaio laptop.  The dial can select various functions such as control audio. Needed if you use its features 01
115[Various Names]0 12jopplerg.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
128Launch Norton AntiVirus 20000  9jorgf.exe1 00132Added by the W32/Rbot-AUI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaui.html0
1 3jov0  7jov.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5jovke0  9jovke.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
211Game Device0 12JOYUPDRV.EXE1 00 40Genius game controller profile activator 01
1 7jpmyqqb0 11jpmyqqb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5jqsbk0  9jqsbk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Systes0 17jrdtifkkxbbsa.exe1 00132Added by the W32/Rbot-ADC worm.  When started this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotadc.html0
1 4Jreg0 10Jreg2b.exe1 00 26BroadcastPC adware variant60http://sarc.com/avcenter/venc/data/adware.broadcastpc.b.html0
1 3Lml0  7Jrl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6jrrqql0 10jrrqql.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8jryetdrj0 12jryetdrj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
128JavaScript Debugging Service0 12JsDbgMan.exe1 00 45tml" target=_blankDERDEO.E mass-mailing worm. 01
1 8jsdyybch0 12jsdyybch.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jsjcruh0 11jsjcruh.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8jslhinos0 12jslhinos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7jtytwse0 11jtytwse.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
119MICROSFT NT SUPPORT0 14jtzbpfnkxk.EXE1 00 48Added by the W32/Rbot-CMI worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcmi.html0
1 7jugjkgo0 11jugjkgo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6juktwg0 10juktwg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114Jumper Defualt0 12jumsvc32.exe1 00 12Added by the38W32/Sdbot-TM WORM/IRC backdoor trojan!0
431USB SECURITY DEVICE CoInstaller0 11JupitCo.exe1 00 91ButterflyMedia USB Flash drive related - required for the password security feature to work79http://www.butterflymedia.com/USBFlashDriveManual/ButterflyFlashDriveManual.htm0
1 4JuPo0  9jupos.exe1 00153Added by the W32/Sdbot-CAG backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotcag.html0
2 7jusched0 11jusched.exe1 00150Checks with Sun's Java updates site to see if newer Java versions are available. Visit  http://java.sun.com or just run the Java Plug-In Control Panel19http://java.sun.com0
218SunJavaUpdateSched0 11jusched.exe1 00  019http://java.sun.com0
218SunJavaUpdateSched0 11jusched.exe111HKEY_LM\Run0127Java(TM) 2 Platform Standard Edition 5.0 Update 2 5.0.20.9, Sun Microsystems, Inc.. Java(TM) 2 Platform Standard Edition binary39http://www.absolutestartup.com/startup/1
1 3Sun0 11jusched.exe1 00172Identified as the Codbot-Y worm and IRC backdoor.  This should not be confused with the legitimate file found here in the C:\Program Files\Java\jreversionnumber\bin folder. 01
1 4wmon0 11jusched.exe1 00 97Added by the W32/Agobot-OW WORM/IRC backdoor trojan and using a new servicename called wsaconfig.57http://www.sophos.com/virusinfo/analyses/w32agobotow.html0
115javaupdatesched0 13jusched32.exe1 00 28Added by the  Troj/Bckdr-CKB58http://www.sophos.com/virusinfo/analyses/trojbckdrckb.html0
111WINTASK DLL0 13jusched32.exe1 00136Added by the W32.Mytob.AI@mm worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ai@mm.html#technicaldetails0
112jushed32.exe0 12jushed32.exe1 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
315jussdroputility0 12JussDrop.exe1 00116Related to  DropShots Inc. A subscription based service for family to connect, converse and share photos and videos.25http://www.dropshots.com/0
3 8JustUrls0 12justurls.exe111HKEY_CU\Run0127Justurls Application 5, 2, 0, 0, Eastern Digital Pty. Ltd.  Australia   http://easterndigitalsoftware.com. Justurls Application39http://www.absolutestartup.com/startup/1
1 5jutsu0  9jutsu.exe1 00 26Added by the RBOT-LS WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotls.html0
323Jv16pt Network Resident0 18jv16pt_network.exe1 00102jv16 PowerTools' network resident program. Only needed if you are using the program's network features46http://www.vtoy.fi/jv16/shtml/powertools.shtml0
121microsoft corporation0  9jview.exe1 00 26Added by the  W32/Rbot-AOD56http://www.sophos.com/virusinfo/analyses/w32rbotaod.html0
1 8jvrvqnrg0 12jvrvqnrg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9wintask320 12Jwintask.com1 00154Added by the W32/Nafbot-A P2P worm.  This infection will also modify your hosts file so that you are unable to reach various antivirus vendor's web sites.56http://www.sophos.com/virusinfo/analyses/w32nafbota.html0
111jWv2pPn.exe0 11jWv2pPn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8jxef11040 12jxef1104.exe1 00 33Added by the W32/Xipi-A P2P worm.54http://www.sophos.com/virusinfo/analyses/w32xipia.html0
2 5Jzi160  9jzi16.exe1 00  2?? 01
114K2ps_full.task0 13K2ps_full.exe1 00 31Added by the JUNTADOR.K TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNTADOR.K0
2 9K6CPU.EXE0  9K6CPU.EXE1 00 44Authenticates CPU as K6 in system properties 01
2 2K90  6K9.exe122StartUp menu\All users0 26K9 1, 2, 1, 0, KeirNet. K939http://www.absolutestartup.com/startup/1
1 3kak0  7kak.hta1 00 26Added by the KAKWORM WORM!63http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html0
118autoupdate service0  8kaka.exe1 00 34Added by the  TROJ/SYMPE-B TROJAN!56http://www.sophos.com/virusinfo/analyses/trojsympeb.html0
3 8Kalibump0 12Kalibump.exe1 00181Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy20http://www.kali.net/0
1 7kalvsys0 30kalv****.exe [* = random char]2 00 39EliteBar/SearchMiracle adware installer92http://www.giantcompany.com/antispyware/research/spyware/spyware-SearchMiracle.EliteBar.aspx0
1 7kalvsys0 31kalv***32.exe [* = random char]2 00 39EliteBar/SearchMiracle adware installer92http://www.giantcompany.com/antispyware/research/spyware/spyware-SearchMiracle.EliteBar.aspx0
110[not used]0  8kane.exe1 00106Added by the Backdoor.Dckane backdoor. This infection also installs the file c:\windows\system32\kane.dll.76http://www.sarc.com/avcenter/venc/data/backdoor.dckane.html#technicaldetails0
1 6kaoqkd0 10kaoqkd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115[Various Names]0  9Kargo.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
110[not used]0 12karnal32.dll1 00112Added by the W32.Monikey@mm mass-mailing worm.  This worm attempts to gather information found on your computer.75http://www.sarc.com/avcenter/venc/data/w32.monikey@mm.html#technicaldetails0
116Kasper Antivirus0 19KASPERANTIVIRUS.EXE1 00 34Added by the  SPYBOTER.GEN TROJAN!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.spyboter.gen.html0
111KasperskyAv0 13kaspersky.exe1 00 91Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky AntiVirus76http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.t@mm.html0
125Windows Messenger Service0 13kaspersky.exe1 00133Added by the W32/Mytob-DP worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobdp.html0
119Kaspersky Antivirus0 15KasperskyAV.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114KasperskyAVEng0 18Kasperskyaveng.exe1 00 27Added by the NETSKY.V WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.v@mm.html0
1 9antivirus0 11kaspery.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
111KatchEm.exe0 11KatchEm.exe1 00 76An overwriting virus.  This virus will overwrite all .exe files with itself. 01
413KAVPersonal500  7Kav.exe1 00 33Kaspersky Anti-Virus Personal 5.033http://www.kaspersky.com/personal0
413KAVPersonal500  7kav.exe1 00 87Kaspersky Anti-Virus Personal Pro 5.0.0.0, Kaspersky Lab. Kaspersky Anti-Virus GUI Part 01
413KAVPersonal500 17kav.exe /minimize211HKEY_LM\Run0 83Kaspersky Anti-Virus Personal 5.0.0.0, Kaspersky Lab. Kaspersky Anti-Virus GUI Part39http://www.absolutestartup.com/startup/1
4 5KAV500 45kav.exe -run -n PersonalPro -v 5.0.0.0 -chkss211HKEY_LM\Run0 94Kaspersky Anti-Virus Personal Pro 5.0 5.0.20.0, Kaspersky Lab. Personal Pro Tray GUI Component39http://www.absolutestartup.com/startup/1
1 9NvCplScan0  9kav32.exe1 00122Added by the W32/Forbot-EW network worm, also adding NvCplScan as the display & service names of a new service it creates.57http://www.sophos.com/virusinfo/analyses/w32forbotew.html0
1 5lsass0  9kavmm.exe1 00250Added by an unidentified WORM or TROJAN! - NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described  here .  Contrary to this impostor,  the legitimate file will always be located in the Kaspersky Lab folder in Program Files.52http://www.processlibrary.com/directory/files/kavmm/0
421kaspersky anti-hacker0  9KAVPF.exe1 00 31Kaspersky  Anti-Hacker firewall35http://www.kaspersky.com/antihacker0
4 5KAVPF0  9KAVPF.exe111HKEY_CU\Run0 68Kaspersky Anti-Hacker 1.5.0.0, Kaspersky Labs. Kaspersky Anti-Hacker39http://www.absolutestartup.com/startup/1
4 6kavpfw0 10KavPFW.exe1 00 26KingSoft Personal Firewall27http://www.kingsoft.com/en/0
4 8kavstart0 12KAVStart.exe1 00 26KingSoft Personal Firewall27http://www.kingsoft.com/en/0
4 6kavsvc0 10kavsvc.exe1 00 19Kaspersky antivirus33http://www.kaspersky.com/personal0
115WIn32S Java DLL0 10kavsvx.exe1 00 52Added by the W32/Agobot-RZ worm/IRC backdoor trojan.57http://www.sophos.com/virusinfo/analyses/w32agobotrz.html0
2 5KAZAA0  9kazaa.exe1 00198KAZAA is a file-sharing program which unfortunately being ad-based includes &quot;Cy-door&quot; adware. Check here for information about &quot;Cy-door&quot; and here for a program that can remove it30http://www.cexx.org/cydoor.htm0
112Kazaa lptt010  9kazaa.exe1 00277Variant of the  RapidBlaster parasite (in a &quot;kazaa&quot; folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see  here. Note - this is not the valid KaZaA file sharing program which has the same executable name49http://www.doxdesk.com/parasite/RapidBlaster.html0
112Kazaa ml097e0  9kazaa.exe1 00  049http://www.doxdesk.com/parasite/RapidBlaster.html0
2 5KAZAA0 18kazaa.exe /SYSTRAY2 00 69Kazaa Media Desktop 2, 6, 7, 0, Sharman Networks. Kazaa Media Desktop 01
2 9kazaalite0 13kazaalite.exe1 00174Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms44http://www.webattack.com/get/kazaalite.shtml0
2 6KaZooM0 10KaZooM.Exe1 00179KaZoom from  Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"30http://www.bluehavenmedia.com/0
115InternalSystray0  9Kazza.exe1 00191Added by a variant of the OPTIX TROJAN! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=161060
1 9Messenger0 14KB08953265.exe1 00 37Added by the Trojan.Esteems.F Trojan.77http://www.sarc.com/avcenter/venc/data/trojan.esteems.f.html#technicaldetails0
138{686BC654-BC45-D597-22DC-CA34BD693002}0  8kb32.com1 00 96Added by the Troj/Tometa-E Trojan.br /br /Uses CLSID: b{686BC654-BC45-D597-22DC-CA34BD693002}/b.57http://www.sophos.com/virusinfo/analyses/trojtometae.html0
112explorer.exe0  8kb32.exe1 00125This infection hijacks Internet Explorer to redirect to search-area.com.  More information can be found here - Troj/Malche-A.57http://www.sophos.com/virusinfo/analyses/trojmalchea.html0
4 8KB8917110 12KB891711.EXE1 00393This security update is to address the following vulnerability Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution.  As of right now it is unknown if this entry is a buggy installation routine or if this file needs to continue running in order to patch the vulnerability.  Until this information is received, you should allow this update to continue starting up.64http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx0
3 3KBD0  7KBD.EXE1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
3 3KBD0  7KBD.EXE111HKEY_LM\Run0 73Hewlett-Packard Company KBD EXE 1.0.2.0, Hewlett-Packard Company. KBD EXE39http://www.absolutestartup.com/startup/1
310FLMTRUSTKB0 12KbdAp32A.exe1 00185Keyboard utility for a Trust brand wireless keyboard.  If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard. 01
1 8kbddrv320 12kbddrv32.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
1 9kbddrvinf0 13kbddrvinf.exe1 00 30Added by the CRYPTER.A TROJAN!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_CRYPTER.A0
215TypingSatellite0 10KBOOST.exe1 00156Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -&gt; Programs27http://www.typingmaster.com0
215TypingSatellite0 10KBOOST.EXE1 00 57Typing Satellite 6.30, TypingMaster Inc. Typing Satellite 01
1 6kbvfgb0 10kbvfgb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 6KCeasy0 10KCeasy.exe1 00158KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella24http://kceasy.com/about/0
1 6Update0  9kchts.EXE1 00 33Added by the W32/Clantard-A worm.58http://www.sophos.com/virusinfo/analyses/w32clantarda.html0
3 5cpqek0 10kcpqek.exe1 00 61For Compaq PC's.  Easy Access button support for the keyboard75http://h18000.www1.hp.com/support/techpubs/whitepapers/13W1-1200a-wwen.html0
3 8KillCopy0 21kcresume.exe /startup211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3kdc0  7kdc.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
1 5kdhfc0  9kdhfc.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7kdhivgl0 11kdhivgl.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5kdjcu0  9kdjcu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
125Mabochine Deybug Malnager0  7kdm.exe1 00129An Sdbot WORM variant adds the file, and the IRC backdoor TROJAN component allows for unauthorized remote access to the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotsd.html0
114Microzoft_Ofiz0 13KdzEregli.exe1 00 25Added by the AMUS.A WORM!74http://securityresponse.symantec.com/avcenter/venc/data/w32.amus.a@mm.html0
117AVXSearch service0 10ke7dnl.sys1 00 44Added by the Troj/Haxdoor-BH rootkit Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorbh.html0
116AVSearch service0 10kednl6.sys1 00 45Added by the Troj/Haxdoor-AT backdoor Trojan.59http://www.sophos.com/virusinfo/analyses/trojhaxdoorat.html0
1 9Keenvalue0 13Keenvalue.exe1 00 28Keenvalue spyware - see here42http://www.infobeat.com/infobar/terms.html0
111Disk Keeper0  8keep.exe1 00 77Mslware - recognized by  Kaspersky antivirus as Trojan-Dropper.Win32.Small.ve36http://www.kaspersky.com/personalpro0
317Logitech SetPoint0  7KEM.exe1 00191Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys 01
3 8KEMailKb0 12KEMailKb.EXE1 00168Controls the buttons at the top of the  Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down69http://www.mic-innovations.com/micro_inv/large_image_pages/kb650i.htm0
2 5Kemet0  9kemet.exe1 00  2?? 01
129windows task manager emulator0 11kennewr.exe1 00 33Added by the  W32/SPYBOT-FA WORM!57http://www.sophos.com/virusinfo/analyses/w32spybotfa.html0
319KEN Taskbar Service0 12kentbsrv.exe111HKEY_LM\Run0 43AVM KEN! 3.00.84.2001, AVM Berlin. kentbsrv39http://www.absolutestartup.com/startup/1
3 8KERclink0 12KERclink.exe125StartUp menu\Current user0 33KERclink 2.00.0039, MidTen Media.39http://www.absolutestartup.com/startup/1
1 8kernel320 10kern32.exe1 00 29Added by the BADTRANS.A WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.A0
117Windows Kernel 640 12kernal64.exe1 00 47Added by the W32/Yimp-B Instant Messaging worm.54http://www.sophos.com/virusinfo/analyses/w32yimpb.html0
110[not used]0 13Kerne0110.exe1 00 82Added by the Troj/Lineage-FU password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagefu.html0
110[not used]0 11Kerne12.exe1 00 36Added by the Troj/Lineage-AS Trojan.59http://www.sophos.com/virusinfo/analyses/trojlineageas.html0
110[not used]0 12Kerne121.exe1 00 82Added by the Troj/Lineage-BW password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineagebw.html0
110[not used]0 13Kerne1211.exe1 00 82Added by the Troj/Lineage-CA password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageca.html0
110[not used]0 11Kerne14.exe1 00 82Added by the Troj/Lineage-BA password-stealing Trojan for the online game Lineage.59http://www.sophos.com/virusinfo/analyses/trojlineageba.html0
110[not used]0 13Kerne1412.exe1 00 54Added by the Troj/Lineage-OJ password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojlineageoj.html0
1 4Plob0 10kernel.com1 00 32Added by the OPTIXPRO.12 TROJAN!80http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_OPTIXPRO.120
1 8kernel320 10kernel.dli1 00 31Added by the NETDEVIL.B TROJAN!67http://www.symantec.com/avcenter/venc/data/backdoor.netdevil.b.html0
1 8Kernel320 10Kernel.dll1 00 28Added by the REDLOF.M VIRUS!49http://vil.mcafee.com/dispVirus.asp?virus_k=994760
112kernel12.exe0 12kernel12.exe1 00 40Added by an unidentified WORM or TROJAN! 01
1 6Win32G0 12Kernel32.com1 00 29Added by the ESTRELLA TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/w32.estrella.html0
1 8kernel320 12kernel32.dlI1 00 32Added by the NETDEVIL.15 TROJAN!81http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netdevil.15.html0
1 8Kernel320 12Kernel32.exe1 00 48Added by a number of VIRUSES, WORMS and TROJANS! 01
1 8Services0 12kernel32.exe1 00 39Added by the Troj/EliteKey-B keylogger.59http://www.sophos.com/virusinfo/analyses/trojelitekeyb.html0
114Windoes Kernel0 12kernel32.exe1 00 41Added by the  KICKIN.A (or CYDOG.C) WORM!68http://www.symantec.com/avcenter/venc/data/w32.hllw.kickin.a@mm.html0
1 7Windows0 12Kernel32.exe1 00 28Added by the  TENDOOLF WORM!78http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_TENDOOLF.A0
127Win32 Kernel core component0 12Kernel32.pif1 00 24Added by the MOKS VIRUS!69http://securityresponse.symantec.com/avcenter/venc/data/w32.moks.html0
1 8Kernel320 12Kernel32.win1 00 40Added by the GAGGLE.D or GAGGLE.E WORMS!73http://securityresponse.symantec.com/avcenter/venc/data/vbs.gaggle.d.html0
123Distributed File System0 15kernel32dll.exe1 00 38Added by the MYFIP-C or MYFIP.K WORMS!55http://www.sophos.com/virusinfo/analyses/w32myfipc.html0
136Distributed Link Tracking Extensions0 15kernel32dll.exe1 00106Added by the W32/Myfip-I WORM wirh a service display name of "Distributed Link Tracking Extensions", also.55http://www.sophos.com/virusinfo/analyses/w32myfipi.html0
1 8Kernel320 13kernel32s.exe1 00 29Added by the SDBOT-PU TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbckdrcic.html0
122Microsoft Kernel Patch0 13kernel3ox.exe1 00142Added by the W32/Rbot-UJ network worm.  When this infection starts it connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotuj.html0
1 9Kernell320 11Kernell.dll1 00 30Added by the DESTINY.A TROJAN!77http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DESTINY.A0
114Service System0 13kernels32.exe1 00 73Added by the Troj/Bancos-DA password-stealing trojan for Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbancosda.html0
1 6System0 13kernels32.exe1 00 31Added by the DLOADER-FC TROJAN!59http://www.sophos.com/virusinfo/analyses/trojdloaderfc.html0
111SystemTools0 13kernels32.exe1 00 33Added  by the  DLOADER-FC TROJAN!107http://ww0
1 6System0 13kernels64.exe1 00 33Added by the Troj/Vixup-V Trojan.56http://www.sophos.com/virusinfo/analyses/trojvixupv.html0
1 6System0 12kernels8.exe1 00 34Added by the Troj/Vixup-BN Trojan.57http://www.sophos.com/virusinfo/analyses/trojvixupbn.html0
125Microsoft Update Emulator0 14kernelvmon.exe1 00144Added by the W32/Rbot-CH trojan backdoor.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32rbotch.html0
1 7Kernelw0 13Kernelw32.exe1 00 26Added by the INDOR.E WORM!67http://www.symantec.com/avcenter/venc/data/w32.hllw.indor.e@mm.html0
125Microsoft Update Emulator0 12kern-mxe.exe1 00 36Added by a variant of the RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 3Laz0  9Kernn.exe1 00 53Added by the Troj/Bancos-LN password stealing TROJAN!58http://www.sophos.com/virusinfo/analyses/trojbancosln.html0
110[not used]0 21KesenjanganSosial.exe1 00 45Added by the W32/Brontok-K mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokk.html0
117MicroSoft Toolbar0  7key.exe1 00133Added by the W32/Rbot-AEW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaew.html0
4 9KeyAccess0 12keyacc32.exe1 00256KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure" 01
1 9Keybdcntl0 13keybdcntl.exe1 00 43Added by a variant of the CRYPTER.C TROJAN!58http://www.sophos.com/virusinfo/analyses/trojcrypterc.html0
115[Various Names]0 11keybdll.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
129Microsoft TaskManager Updater0 12keyboard.exe1 00132Added by the W32/Rbot-ALU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotalu.html0
134Microsoft Windows Keyboard service0 12keyboard.exe1 00 48Added by the W32/Rbot-CRF worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotcrf.html0
112NLS Keyboard0 12keyboard.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
113keyboard_enum0 17keyboard_enum.exe1 00 43Added by the Troj/Bdoor-GP backdoor trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorgp.html0
3 8Srv32Win0 13KeyCaptor.exe1 00135Added by the Spyware.KeyCaptor surveillance program.  You should uninstall this program immediately if you did not install it yourself.61http://www.sarc.com/avcenter/venc/data/spyware.keycaptor.html0
319SiS Windows KeyHook0 11keyhook.exe1 00133SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings 01
112WinEssential0 11Keyhost.exe1 00 33Hijacker - hailing from jraun.com 01
1 6VC_Log0 10keylog.exe1 00 37Added by the Adware.Starware spyware.61http://www.sarc.com/avcenter/venc/data/spyware.paqkeylog.html0
1 3ABC0 13keylogger.exe1 00139Monitors keystrokes so you can check if someone has typed anything while your away from your PC. Reported as spyware by SpyCop in their FAQ32http://www.spycop.com/index.html0
3 91Win32Cfg0 16Keyloggerpro.exe1 00 34KeyloggerPro - monitoring software28http://www.keyloggerpro.com/0
312CherryKeyMan0 10KeyMan.exe1 00108Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys34http://www.cherrycorp.com/english/0
3 6keymap0 10keymap.exe1 00182System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game 01
124Microsoft System Checkup0 10Keymgr.exe1 00 25Added by the DONK.M WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.donk.m.html0
3 9KeyPatrol0 13KeyPatrol.exe1 00122KeyPatrol - detects Key Loggers ("keyboard loggers" or "keyloggers") using both behavioral and pattern-matching algorithms36http://www.pestpatrol.com/KeyPatrol/0
1 4keyq0  8keyq.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
227Stardock Keyboard Launchpad0 17Keys.exe /startup225StartUp menu\Current user0 56Keyboard Lauchpad v1.2, Stardock.net. Keyboard Launchpad39http://www.absolutestartup.com/startup/1
1 7keyserv0 11keyserv.exe1 00130Added by the  Spyware.KeyThief SPYWARE!, Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.64http://www.symantec.com/avcenter/venc/data/spyware.keythief.html0
010ChromeMark0  9keysh.exe1 00 75Related to this. Don't know what keysh.exe does though and if it's required 7#FF00000
3 4klog0 10Keyspy.exe1 00114Added by the  Hacktool.KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself!82http://securityresponse.symantec.com/avcenter/venc/data/hacktool.keyloggpro.b.html0
3 4pskl0 10keyspy.exe1 00139Added by the Spyware.KeyboardLogger surveillance software.  If you did not install this software, then you should uninstall it immediately.66http://www.sarc.com/avcenter/venc/data/spyware.keyboardlogger.html0
317Toshiba Key State0 12KEYSTATE.EXE1 00200Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -&gt; Programs 01
3 9keystroke0  9keystroke1 00127QuickLaunch is a spyware program that logs keystrokes and captures screenshots.  If you didn't install this yourself remove it.59http://sarc.com/avcenter/venc/data/spyware.quicklaunch.html0
3 9keystroke0 13keystroke.exe1 00136Added by the Spyware.QuickLaunch surveillance software.  If you did not install this software, then you should uninstall it immediately.63http://www.sarc.com/avcenter/venc/data/spyware.quicklaunch.html0
2 8Key Text0 11KeyText.exe1 00113Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start - Programs34http://www.mjmsoft.com/keytext.htm0
2 7keytext0 11KeyText.exe1 00113Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start - Programs34http://www.mjmsoft.com/keytext.htm0
112WinEssential0 11keyword.exe1 00 18Jraun.com hijacker73http://securityresponse.symantec.com/avcenter/venc/data/adware.jraun.html0
115[Various Names]0 17KeywordFinder.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
114Service System0 13kgbfsm344.exe1 00 73Added by the Troj/Bancos-FS password-stealing Trojan for Brazilian banks.58http://www.sophos.com/virusinfo/analyses/trojbancosfs.html0
1 6kgcgyv0 10kgcgyv.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7kgjdi270 12kgjdie27.exe1 00 28Added by the  Sdbot.AP WORM!78http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ap.html0
1 4kgml0  8kgml.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8kgqyiofm0 12kgqyiofm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115Winsock2 driver0 13kgzgjkpcw.exe1 00 28Added by the SDBOT.T TROJAN!77http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.t.html0
121SETPOINT Logitech Inc0 11KHALMNP.exe1 00 12Added by the38W32/Rbot-AAX WORM/IRC backdoor trojan!0
035Logitech Hardware Abstraction Layer0 12Khalmnpr.exe1 00253Logitech Bluetooth mouse Hardware Abstraction layer. A "hardware abstraction layer" is an interface that enables adding support for new devices and new ways of connecting devices to the computer, without modifying every application that uses the device. 01
235Logitech Hardware Abstraction Layer0 12KHALMNPR.EXE111HKEY_LM\Run0 95Productivity Software Common Files 2.12.735, Logitech Inc.. Logitech Hardware Abstraction Layer39http://www.absolutestartup.com/startup/1
2 7khooker0 11khooker.exe1 00156SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required 01
211SiS KHooker0 11khooker.exe1 00  0 01
211SiS KHooker0 11khooker.exe111HKEY_LM\Run0157SIS (R) Compatible Super VGA keyboard daemon for Windows 2000/XP 0.0.0.2098, Silicon Integrated Systems Corporation. SiS Compatible Super VGA Keyboard Daemon39http://www.absolutestartup.com/startup/1
2 3kdx0  9KHost.exe1 00344KonTiki Secure Delivery Plug In related. &quot;The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers&quot;95http://help.kontiki.com/enduser/group.jsp;jsessionid=445B8C402E10C9AFBC8E053A3BBC395C?node=18290
2 3kdx0 14KHost.exe -all2 00 61Delivery Manager 4.20.51004.0, Kontiki Inc.. Delivery Manager 01
110[not used]0 12kiamarsi.exe1 00 34Added by the Troj/Detest-A Trojan.57http://www.sophos.com/virusinfo/analyses/trojdetesta.html0
311KICKMON.EXE0 11KICKMON.EXE1 00162KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required 01
115[Various Names]0 11killall.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6Dlload0 10killer.exe1 00 35Added by the Troj/KillAV-FK Trojan.58http://www.sophos.com/virusinfo/analyses/trojkillavfk.html0
1 6cartao0 11killing.exe1 00 47Added by the Troj/Dloader-QN downloader trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderqn.html0
310Kill Popup0 13KillPopup.exe1 00 26KillPopup - pop-up stopper42http://www.killpopup.shareware-rating.com/0
112SCRNSAVE.EXE0  9kimmo.scr1 00 35Added by the Troj/Antinny-N Trojan.58http://www.sophos.com/virusinfo/analyses/trojantinnyn.html0
114System Startup0 11kimochi.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
112kimochiz.exe0 12kimochiz.exe1 00 35Added by the  TROJ/MDROP-BB TROJAN!57http://www.sophos.com/virusinfo/analyses/trojmdropbb.html0
210Kinberlink0 14Kinberlink.exe1 00 60Kinberlink network messaging. Available via Start - Programs45http://www.kinberlin.com/kinberlink/index.asp0
1 7kjrawyp0 11kjrawyp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116Microsoft Update0  7Kkk.exe1 00134Added by the  W32/Rbot-AHL worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotahl.html0
111KKM Service0  7kkm.exe1 00 30Added by the W32/Nanpy-I worm.55http://www.sophos.com/virusinfo/analyses/w32nanpyi.html0
1 5klkje0  9klkje.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8WinAC v40 12klsuicbn.exe1 00 28Added by the FORBOT-CS WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcs.html0
210BtcMaestro0 12KMaestro.exe111HKEY_LM\Run0 53BTC Kmaestro 1, 0, 0, 0, BTC. KeyMaestro main program39http://www.absolutestartup.com/startup/1
310KeyMaestro0 12kmaestro.exe1 00 68Multimedia keyboard manager. Required if you use the multimedia keys 01
1 6System0  7kmc.dll1 00163Added by the Troj/Dropper-BT dropper Trojan. This infection also makes the file C:\Windows\csrss.exe.br /br /Uses CLSID: b(126024AD-DC8A-48F7-9CD2-4A6FFB867874)/b.59http://www.sophos.com/virusinfo/analyses/trojdropperbt.html0
1 4kmmp0  8kmmp.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4kmmt0  8kmmt.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
113KeimoServices0 11kmsvc32.exe1 00 12Added by the39W32/Sdbot-AHE WORM/IRC backdoor trojan!0
311kmw_run.exe0 11kmw_run.exe1 00 97Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features 01
311kmw_run.exe0 11kmw_run.exe111HKEY_LM\Run0 78KMW 6.11.4.1, Kensington Technology Group. Kensington MouseWorks Win32 Support39http://www.absolutestartup.com/startup/1
312kmw_show.exe0 12kmw_show.exe1 00 97Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features 01
1 6WinSrv0  8kn0x.exe1 00 27Added by the HOBBIT.F WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.F0
322Kodak software updater0 26Kodak Software Updater.exe222StartUp menu\All users0  039http://www.absolutestartup.com/startup/1
4 8KodakCCS0 12KodakCCS.exe1 00 27Kodak DC File System Driver 01
1 5kojbe0  9kojbe.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
123Bron-Spizaetus-5118REPM0 18komodo-6321422.exe1 00 45Added by the W32/Brontok-R mass-mailing worm.57http://www.sophos.com/virusinfo/analyses/w32brontokr.html0
312Konfabulator0 16Konfabulator.exe125StartUp menu\Current user0 46Konfabulator 1.8.3, Pixoria Inc.. Konfabulator39http://www.absolutestartup.com/startup/1
222Konni Symbol Autostart0 15KonniSymbol.exe1 00139Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 536http://www.besoftware.com/index.html0
2 4cnet0 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 8GameSpot0 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 7kontiki0 11kontiki.exe1 00  095http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
2 5zdnet0 11kontiki.exe1 00115Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops95http://help.kontiki.com/enduser/group.jsp;jsessionid=2C47C896EA1784C5321FD3E6845E8157?node=28460
4 8KPDrv4XP0 12KPDrv4XP.EXE1 00 94Dritek Keyboard Device Update Utility 1, 0, 1, 221, Dritek System Inc.. Update Keyboard Driver 01
4 8KPDrv4XP0 12KPDrv4XP.exe1 00 26MediaKey USB Keypad Driver 01
1 4kpem0  8kpem.sys1 00 46Added by the Trojan.Duganss Trojan downloader.75http://www.sarc.com/avcenter/venc/data/trojan.duganss.html#technicaldetails0
1 8krdfyhra0 12krdfyhra.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 6KREC320 10krec32.exe1 00 45StarrCommander Pro Keystroke logging software 01
118Microsoft Document0  9krisp.exe1 00 27Added by the SDBOT-RQ WORM!56http://www.sophos.com/virusinfo/analyses/w32sdbotrq.html0
110krisvc.exe0 10krisvc.exe1 00 63Added by the Infostealer.Kurofoo.B information stealing Trojan.82http://www.sarc.com/avcenter/venc/data/infostealer.kurofoo.b.html#technicaldetails0
1 5krlee0  9krlee.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8startkey0  8krnl.exe1 00 35Added by the Troj/Bifrose-S Trojan.58http://www.sophos.com/virusinfo/analyses/trojbifroses.html0
110[not used]0 10krnl32.dll1 00 67Added by the  Troj/Vipgsm-J keylogger and password-stealing Trojan.57http://www.sophos.com/virusinfo/analyses/trojvipgsmj.html0
1 8Kernel320 10krnl32.exe1 00 23Added by the EPON WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.epon@mm.html0
114kernel manager0 11krnlmgr.exe1 00 33Added by the  TROJ_JUNY.A TROJAN!83http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_JUNY.A&VSect=P0
3 7Krnlmod0 11Krnlmod.exe1 00187Keylogger - see  here. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't, treat it as "X" and uninstall or remove via Spybot S&D (for example)58http://www.pestpatrol.com/PestInfo/W/Windows_Keylogger.asp0
2 7Whbrhzn0  8Krrs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6Ksrv320 10Ksrv32.exe1 00133Added by the W32/Agobot-PI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32agobotpi.html0
3 7KClient0 11kstatus.exe1 00197KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet 01
116KTAX Auto Loader0  8ktax.exe1 00133Added by the W32/Sdbot-MZ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32sdbotmz.html0
1 4ktaz0  8ktaz.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6ktbmmo0 10ktbmmo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7ktboeij0 11ktboeij.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8ktchnsnk0 12ktchnsnk.exe1 00144HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted 01
1 8ktkgaymo0 12ktkgaymo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
426Start RF Wireless Keyboard0 10ktrexe.exe1 00 47Yuanxun Electronics RF wireless keyboard driver 01
1 7kumsmvb0 11kumsmvb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Ece0  7Kuo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6kvevqg0 10kvevqg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6kvgnlx0 10kvgnlx.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
4 7KvMonXP0 17KVMonXP.kxp /auto211HKEY_LM\Run0 55Jiangmin AntiVirus 9, 0, 0, 505, JiangMin Ltd.. KVmonxp39http://www.absolutestartup.com/startup/1
316kerio vpn client0 14kvpnclient.exe1 00 16Kerio VPN Client33http://www.kerio.com/kwf_vpn.html0
1 6kvvynr0 10kvvynr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 9KeyWallet0 11KWallet.exe1 00150KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually34http://www.keywallet.com/index.php0
3 5kx5090 15kx509_kfwk5.exe1 00 42Kerberos Secure Authentication for Windows49http://www.mcmcse.com/win2k/guides/kerberos.shtml0
1 8kxawsgas0 12kxawsgas.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7kxksnos0 11kxksnos.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 8kX Mixer0 11kxmixer.exe1 00 94Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards 01
1 9bsogvsqfn0 10kxqcdy.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110[not used]0 12kxrnxl32.dll1 00 32Added by the Troj/Gina-K Trojan.55http://www.sophos.com/virusinfo/analyses/trojginak.html0
120kyk control settings0 11KYSVCXD.EXE1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
113[random name]0  9l?ass.exe1 00 29PurityScan/Clickspring adware47http://www.doxdesk.com/parasite/PurityScan.html0
113[random name]0 11l?gonui.exe1 00 26PurityScan adware variant.47http://www.doxdesk.com/parasite/PurityScan.html0
1 6strtas0  8l071.exe1 00110Added by the W32/Rbot-BHU worm and IRC backdoor.  This infection also installs the msdirectx.sys rootkit file.56http://www.sophos.com/virusinfo/analyses/w32rbotbhu.html0
1 6strtas0  8l074.exe1 00174Added by the Troj/Agent-II Trojan.  This infection also installs the rootkit file C:\Windows\System32\msdirectx.sys which is used to hide files, processes, and registry keys.57http://www.sophos.com/virusinfo/analyses/trojagentii.html0
1 7runload0  8l0ad.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 4suck0  8l0ad.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 6load320  8l32x.exe1 00 52Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.z@mm.html0
1 7L4r1$$a0 11L4r1$$a.pif1 00 38Added by the W32/Assiral-C email worm.57http://www.sophos.com/virusinfo/analyses/w32assiralc.html0
1 6laltin0 18L90112201.Stub.exe1 00 98Adware downloader/installer,  Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!62http://www3.ca.com/securityadvisor/pest/pest.aspx?id=4530767750
1 8DBGA0EEG0 12Laabph32.dll1 00119Added by the W32/Doxpar-E password-stealing network worm.br /br /Uses CLSID: b(54206BCE-0715-687D-5BFC-660B572D5F06)/b.56http://www.sophos.com/virusinfo/analyses/w32doxpare.html0
010SystemBoot0 10ladies.htm1 00 36Unknown but sounds very suspicious?? 01
124norton personal firewall0  7lah.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5Login0  8lala.exe1 00 43Added by the Troj/Bugspr-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbugspra.html0
111vdat update0  9lalaa.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6lamyen0 10lamyen.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7lanbrup0 11lanbrup.exe1 00 18SafeSurfing adware80http://securityresponse.symantec.com/avcenter/venc/data/spyware.safesurfing.html0
110lan driver0 15landriver32.exe1 00 27Added by the  RBOT.BT WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BT&VSect=P0
1 8LanGuard0 12languard.exe1 00 17Adware downloader 01
114TCP Monitoring0 11LanNSvc.exe1 00 29Added by the RANDEX.AAS WORM!75http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.aas.html0
122Windows Update Manager0 10lansas.exe1 00 49Added by the WORM_RBOT.EKK worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRBOT%2EEKK&VSect=T0
3 9LanSpeed20 13LanSpeed2.exe1 00 86Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card) 01
124Microsoft Update Machine0 11LANWAKE.EXE1 00 26Added by the RBOT-QZ WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotqz.html0
124Microsoft LAN32 Protocol0  9lanXp.exe1 00126Added by W32/Rbot-SS, it will terminate processes and perform a variety of other functions under control of a remote attacker.55http://www.sophos.com/virusinfo/analyses/w32rbotss.html0
310laokey.exe0 10LaoKey.exe1 00160Lao Script for Windows  (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications.33http://www.tavultesoft.com/lswin/0
118LARISSA ANTI VIRUS0 22LARISSA_ANTI_VIRUS.exe1 00 29l" target=_blankALLEM trojan! 01
3 7ZeroAds0 11LAS0Ads.exe1 00 86ZeroAds - culls ads, cookies and pop-ups. Required for the cookie interception to work36http://zeroads.com/flash/default.asp0
119Windows_Help_Server0  9lasas.exe1 00 87Added by the Troj/Delf-JQ trojan downloader.  This infection also logs your keystrokes.56http://www.sophos.com/virusinfo/analyses/trojdelfjq.html0
118Gray_Pigeon_Server0  8lass.exe1 00102Added by the Troj/Feutel-AS backdoor Trojan. This infection also creates the file C:\windows\lass.dll.58http://www.sophos.com/virusinfo/analyses/trojfeutelas.html0
121microsoft server base0  8lass.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
115microsoftkeysds0 10lass32.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 6.mscdr0  9lassa.exe1 00 28Added by the WEBUS.C TROJAN!62http://www.symantec.com/avcenter/venc/data/trojan.webus.c.html0
110NavAgent320 11lasvr32.exe1 00 26Added by the FEMOT.D WORM!64http://www.symantec.com/avcenter/venc/data/w32.femot.d.worm.html0
110[not used]0 10Latent.com1 00 53Added by the Troj/Agent-ADU password-stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentadu.html0
2 5Later0  9later.exe1 00  2?? 01
3 7LaunApp0 11LaunApp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 01
2 6Launcg0 10launcg.exe1 00  2?? 01
322PCSuiteTrayApplication0 34Launch Application 2.exe -onlytray211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
2 9Traceless0 10launch.exe1 00174Traceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box56http://users.bigpond.com/pvantarakis/traceless/index.htm0
312Screen Guard0 10launch.exe1 00 51Part of Access Denied security and privacy software22http://www.johnru.com/0
316IZSoftTrayHelper0 10Launch.exe111HKEY_CU\Run0 55Launch Application 1, 0, 0, 2, . Launch MFC Application39http://www.absolutestartup.com/startup/1
419MailScan Dispatcher0 10Launch.exe1 00183MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned49http://www.mspl.net/antivirus/mailscan/ms4adv.asp0
324SMS Application Launcher0 12LAUNCH32.EXE1 00 84Microsoft Systems Management Server - used to manage computers on a network remotely45http://www.microsoft.com/smserver/default.asp0
112RUNGogoTools0 16LaunchAdware.exe1 00 20Unidentified adware. 01
3 8LaunchAp0 12LaunchAp.exe1 00 85Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 61023http://global.acer.com/0
222pcsuitetrayapplication0 21LaunchApplication.exe1 00221System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu. 01
222PCSuiteTrayApplication0 31LaunchApplication.exe -onlytray2 00 56Launch Application 6, 0,24, 0, Nokia. Launch Application 01
1 7runback0 12LaunchBD.exe1 00 75MyBackDrop - is or bundles a  GoGotools adware variant. See  privacy_policy26http://www.mybackdrop.com/0
3 8Webshots0 16Launcher.exe  /t225StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
013PrimaLauncher0 12Launcher.exe1 00 35Associated with PrimaScan scanners.25http://www.primascan.com/0
222Vegas Palms - Launcher0 12Launcher.exe1 00 27Vegas Palms on-line cassino26http://www.vegaspalms.com/0
222Vegas Palms - Launcher0 12Launcher.exe1 00 27Vegas Palms on-line cassino26http://www.vegaspalms.com/0
313PrimaLauncher0 12Launcher.exe1 00 35Associated with PrimaScan scanners.25http://www.primascan.com/0
317OE_Plugin_Startup0 12Launcher.exe111HKEY_LM\Run0 55SpamCatcher Universal 4.0.0.0, Mailshell Inc.. Launcher39http://www.absolutestartup.com/startup/1
1 8Launcher0 12launcher.exe1 00 71Spyware component related to DownloadWare and found in Program FilesKFH 01
315Entropia Client0 21Launcher.exe -Startup211HKEY_LM\Run0 59Launcher Application 1, 0, 0, 1, . Launcher MFC Application39http://www.absolutestartup.com/startup/1
310LaunchList0 14LaunchList.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
313ATI Launchpad0 12launchpd.exe1 00174Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu 01
313ATI Launchpad0 12launchpd.exe111HKEY_CU\Run0 82ATI Multimedia Center 9.08, ATI Technologies Inc.. ATI Multimedia Center Launchpad39http://www.absolutestartup.com/startup/1
2 6MadExe0 12LaunchRA.exe1 00 25Dell Resolution Assistant 01
1 4laxd0  8laxd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
412laxmsp32.exe0 12laxmsp32.exe1 00119Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work  01
1 7towfezv0 10Lbczxs.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8lblyjyud0 12lblyjyud.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
116Winsock32 driver0  7lcd.exe1 00 27Added by the SPYBOT.B WORM!56http://www.sophos.com/virusinfo/analyses/w32spybotb.html0
1 3LCD0  9LCD32.exe1 00 62Added by the WORM_MYTOB.QF mass-mailing worm and IRC backdoor.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EQF&VSect=T0
3 4LCDC0  8LCDC.exe1 00146LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins28http://www.lcdc.cc/about.htm0
3 4LCDC0 10LCDC.exe 0211HKEY_LM\Run0 671.0.0.0, DPS Ltd. www.dps.uk.com. LCDC - Drive it to the edge baby!39http://www.absolutestartup.com/startup/1
325ScreenManager Pro for LCD0 11Lcdctrl.exe111HKEY_LM\Run0 72EIZO LCD Utility 1.18, EIZO NANAO CORPORATION. ScreenManager Pro for LCD39http://www.absolutestartup.com/startup/1
4 9LCDPlayer0 12LCDPlyer.exe1 00 26Related to  SuperAdBlocker30http://www.superadblocker.com/0
2 5lcfep0  9lcfep.exe1 00221Tivoli ‘TME’ System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally" 01
2 6Tivoli0  9LCFEP.EXE1 00  0 01
3 6lclock0 10lclock.exe1 00 85LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock.85http://www.softpedia.com/get/Desktop-Enhancements/Clocks-Time-Management/LClock.shtml0
1 3Vqg0  7Lcn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4lcnf0  8lcnf.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Vhq0  7Lcr.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 7lcshkrn0 11lcshkrn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
118microsofts service0 11lcsrv16.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 4Lcss0  8lcss.exe1 00 31Added by the W32/Wenper-B worm.56http://www.sophos.com/virusinfo/analyses/w32wenperb.html0
1 5lcvga0  9lcvga.exe1 00 29Added by the HOSTOL-A TROJAN!57http://www.sophos.com/virusinfo/analyses/trojhostola.html0
1 5lcxuk0  9lcxuk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 2ld0  6ld.exe1 00 63CoolWebSearch parasite related - redirects to fastwebfinder.com53http://www.spywareinfo.com/~merijn/cwschronicles.html0
120configuration loader0  9ldasp.exe1 00 29Added by the  AGOBOT.BH WORM!86http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.BH&VSect=P0
111fontsloader0 11ldfnt32.hta1 00 20Unidentified malware 01
314inventory scan0 12LDISCN32.EXE1 00 45LANDesk  Management_Suite software component.37http://www.landesk.com/Products/LDMS/0
2 3LDM0 11ldmconf.exe1 00156Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech 01
226Logitech Desktop Messenger0 11ldmconf.exe1 00  0 01
226Logitech Desktop Messenger0 18LDMConf.exe /start2 00 75Logitech Desktop Messenger 2.30.04, Logitech. LDM Configuration Application 01
226Logitech Desktop Messenger0 18LDMConf.exe /start225StartUp menu\Current user0 75Logitech Desktop Messenger 2.01.02, Logitech. LDM Configuration Application39http://www.absolutestartup.com/startup/1
1 8WebCheck0  7ldr.dll1 00105Added by the Troj/Radium-A backdoor Trojan.br /br /Uses CLSID: b{FF00E8A3-2BE6-11D2-8003-92E340524100}/b.57http://www.sophos.com/virusinfo/analyses/trojradiuma.html0
1 5ldr640  9ldr64.dll1 00 34Added by the W32.Beagle.DV Trojan.74http://www.sarc.com/avcenter/venc/data/w32.beagle.dv.html#technicaldetails0
1 7ldriver0 11ldriver.exe1 00 44Added by the Troj/Chorus-A browser hijacker.57http://www.sophos.com/virusinfo/analyses/trojchorusa.html0
327Lector Film Player ver. 1.40 20LectorFilmPlayer.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
1 5lecvg0  9lecvg.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
3 8LED TRAY0 11LEDTRAY.EXE1 00183Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work 01
2 8LeechGet0 12LeechGet.exe1 00 25LeechGet download manager23http://www.leechget.de/0
2 8LeechGet0 20LeechGet.exe -intray2 00  0 01
1 6leeman0 10leeman.exe1 00 40Added by the Troj/Cosiam-D proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojcosiamd.html0
111ActiveX Key0 11lemonyt.exe1 00 45Added by the Backdoor.Banito Trojan backdoor.76http://www.sarc.com/avcenter/venc/data/backdoor.banito.html#technicaldetails0
1 4lemr0  8lemr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8lemxbosi0 12lemxbosi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
110LetsSearch0 14LetsSearch.exe1 00 39BrowserAid/BrowserPal foistware variant47http://www.doxdesk.com/parasite/BrowserAid.html0
3 9LetterBox0 13LetterBox.exe125StartUp menu\Current user0 34LetterBox 4.03.0004, Ultima Thule.39http://www.absolutestartup.com/startup/1
1 5Letum0  9Letum.exe1 00 34Added by the MSIL.Letum.A@mm worm.76http://www.sarc.com/avcenter/venc/data/msil.letum.a@mm.html#technicaldetails0
125Internet Explorer Updater0 10lexbac.exe1 00 29Added by the DOWNLOAD TROJAN!76http://securityresponse.symantec.com/avcenter/venc/data/download.trojan.html0
119tknetdriver monitor0 10lexbce.exe1 00 43Added by a variant of the  W32.SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
413LexBce Server0 11LEXBCES.EXE1 00 62bNote: /b Notice the space after depend= .  This is necessary. 01
1 8lexplore0  8lexplore1 00116Added by the Bropia.A WORM! This worm spreads through MSN Messenger.  File is found in the Windows system directory.46http://www.f-secure.com/v-descs/bropia_a.shtml0
120Configuration Loader0 12lexplore.exe1 00133Added by the W32/Rbot-AGX worm.  When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagx.html0
126Internet Explore Microsoft0 12lEXPLORE.EXE1 00142Added by the W32/Rbot-AOF worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaof.html0
111KernellApps0 12lexplore.exe1 00 85Added by Troj/Bancban-BS,  it is found in the Windows system folder, in a new folder.59http://www.sophos.com/virusinfo/analyses/trojbancbanbs.html0
127Microsoft Internet Explorer0 12lEXPLORE.EXE1 00132Added by the W32/Rbot-AMM worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotamm.html0
127Windws Configuration Loader0 12LEXPLORE.exe1 00 26Added by the SODABOT WORM!77http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.sodabot.html0
1 8apiclass0 13lexplore_.exe1 00  057http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
1 8regmutex0 13lexplore_.exe1 00 27Added by the  Troj/MSNOpt-A57http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
1 8ShellRun0 13lexplore_.exe1 00 43Added by the Troj/MSNOpt-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
1 5winex0 13lexplore_.exe1 00 27Added by the  Troj/MSNOpt-A57http://www.sophos.com/virusinfo/analyses/trojmsnopta.html0
110SysUtilits0 13lexplorer.exe1 00170Added by the W32/Kassbot-K worm and IRC backdoor.  This should not be confused with the legitimate iexplore.exe found in the C:\Program Files\Internet Explorer directory.57http://www.sophos.com/virusinfo/analyses/w32kassbotk.html0
2 6lexpps0 10lexpps.exe1 00300For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges 01
3 8LexStart0 12lexstart.exe1 00223Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance 01
114WINDOWS SYSTEM0 11lf66prc.exe1 00137Added by the W32.Mytob.GC@mm worm.  When started, this infections connects to a remote IRC server where it waits for commands to execute.76http://www.sarc.com/avcenter/venc/data/w32.mytob.gc@mm.html#technicaldetails0
320Configuration Loader0  9lfass.exe1 00  2?? 01
1 3Lfh0  7Lfh.exe1 00 12Added by the21Troj/Zaurga-A TROJAN!0
3 8Lfsndmng0 12lfsndmng.exe1 00193LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"62http://www.lightningfax.com/products/lightningfax/features.htm0
113LoginPassport0 12Lgnpsp32.exe1 00 27Added by the REDIST.C WORM!81http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.redist.c@mm.html0
110load-guard0 10LGuarg.exe1 00 30Added by the  VBS.YENO.C WORM!61http://www.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html0
110load-guard0 14LGuarg.exe.vbs1 00 30Added by the  VBS.YENO.C WORM!61http://www.symantec.com/avcenter/venc/data/vbs.yeno.c@mm.html0
017HomeCentre WakeUp0 12LGWAKEUP.EXE1 00 72Associated with the no longer supported Xerox HomeCentre printer/scanner 01
215Logitech Wakeup0 12lgwakeup.exe1 00561Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start -&gt;Programs and still be able to scan images 01
3 8LgWDskTp0 12LgWDskTp.exe111HKEY_LM\Run0 62Wireless Desktop Software 1.0.4.1, Logitech Inc.. LgWDskTp.exe39http://www.absolutestartup.com/startup/1
1 5licli0  6li.exe1 00 56Added by the Troj/LowZone-CD/a security lowering Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzonecd.html0
124Microsoft System Checkup0 12libsys32.exe1 00133Added by the W32/Sdbot-ACK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotack.html0
124Microsoft System Checkup0 13libsysmgr.exe1 00 28Added by the SDBOT-CAF WORM!57http://www.sophos.com/virusinfo/analyses/w32sdbotcaf.html0
112WinLibUpdate0 13libupdate.exe1 00 69Added by the BIONET series of TROJANS such as BIONET.31 or BIONET.31078http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BIONET.310
114WinLibUpdate320 15libupdate32.exe1 00 31Added by the BIONET.405 TROJAN! 01
111WinLibUpdte0 12libupdte.exe1 00 31Added by the BIONET.318 TROJAN!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BIONET.3180
125Local Internet Connection0  7LIC.exe1 00 12Added by the18W32/Sdbot-YA WORM.0
1 4lich0  8lich.exe1 00 78Added by the Troj/QLowZon-BN Trojan which lowers Internet Explorer's security.59http://www.sophos.com/virusinfo/analyses/trojqlowzonbn.html0
2 4Path0  8lide.exe1 00  2?? 01
129http://www.lienvandekelder.be0 22Lien Van de Kelder.exe2 00 61Added by the W32/Mytob-CP email worm and IRC backdoor trojan.56http://www.sophos.com/virusinfo/analyses/w32mytobcp.html0
129http://www.lienvandekelder.be0 21Lien Vande Kelder.exe2 00133Added by the W32/Mytob-AQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobaq.html0
129http://www.lienvandekelder.be0 18Lien vd Kelder.exe2 00 62Added by the W32/Mytob-M mass-mailing trojan and IRC backdoor.55http://www.sophos.com/virusinfo/analyses/w32mytobm.html0
129http://www.lienvandekelder.be0  8Lien.exe1 00147Added by the W32/Mytob-CZ mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32mytobcz.html0
129http://www.lienvandekelder.be0 13Lientjeuh.exe1 00146Added by the W32/Mytob-P mass-mailing worm.  This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32mytobp.html0
129http://www.lienvandekelder.be0 19LienVandeKelder.exe1 00160Added by the W32/Mytob-AZ mass-mailing worm and backdoor trojan.  When started, this infection connects to an IRC where it waits for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobaz.html0
129http://www.lienvandekelder.be0 11LienVdK.exe1 00131Added by the W32/Mytob-Uworm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.55http://www.sophos.com/virusinfo/analyses/w32mytobu.html0
218LifeDrive™ Manager0 20LifeDriveMgrTray.exe125StartUp menu\Current user0 95LifeDrive™ Manager Tray Application 1.0.0.2, palmOne, Inc.. LifeDrive™ Manager Tray Application39http://www.absolutestartup.com/startup/1
1 8lifhmbxo0 12lifhmbxo.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4lifm0  8lifm.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
318Lightning Download0 13Lightning.exe1 00143Lightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer44http://www.lightningdownload.com/index.shtml0
3 8$sys$lim0  7lim.sys1 00 38How to remove the Sony XPC DRM Rootkit54http://www.bleepingcomputer.com/forums/topic34904.html0
3 9Limeshop00 13Limeshop0.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
212LimeWire x.x0 12LimeWire.exe1 00174LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware24http://www.limewire.com/0
1 8LimeWire0 12LimeWire.exe1 00132Added by the W32/Rbot-AGH worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotagh.html0
319LimeWire On Startup0 21LimeWire.exe -startup225StartUp menu\Current user0 45LimeWire 1, 0, 0, 2, Lime Wire, LLC. LimeWire39http://www.absolutestartup.com/startup/1
112li-multi****0 16li-multi****.exe1 00 34Adult web-dialler - **** is random 01
221Line Speed Meter V3.00 18LineSpeedMeter.exe1 00 81LineSpeedMeter - detect the download and upload speed of your internet connection48http://www.tcpiq.com/tcpiq/linespeed/Default.asp0
1 6linker0 13LinkMaker.exe1 00 12Adware.Links76http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.links.html0
1 5links0  9links.exe1 00 54Added by the Troj/LowZone-BI security lowering Trojan.59http://www.sophos.com/virusinfo/analyses/trojlowzonebi.html0
212ISDN Monitor0 11Linksts.exe1 00294Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon 01
1 7Linksts0 11linksts.exe1 00294Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon 01
212ISDN Monitor0 18Linksts.exe W 10242 00  0 01
124Microsoft Update Machine0  9linux.exe1 00 26Added by the RBOT-IM WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotim.html0
1 5Linux0  9Linux.vbs1 00 33Added by the LOVELETTER.AS VIRUS!42http://vil.nai.com/vil/content/v_98684.htm0
1 4Lisa0  8Lisa.exe1 00 33downloads code from the internet. 01
119List checker 32 BIT0 10list32.exe1 00133Added by the W32/Rbot-AHO worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotaho.html0
213ListProAlarms0 17ListProAlarms.exe125StartUp menu\Current user0  039http://www.absolutestartup.com/startup/1
3 8nihomeam0 16LiteClientAM.exe1 00207A managed web based internet security service that provides comprehensive & total protection for laptops/desktops - regardless of how, when or where they connect to the Internet, Made by  Netintelligence_Ltd31http://www.netintelligence.com/0
310Readmeidle0 18LiteGlobalSoap.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 8profiler0 11liteout.exe1 00110Added by the Troj/Zapchas-G TROJAN, one of two files run by a registry key it creates.  The other is prof.exe.58http://www.sophos.com/virusinfo/analyses/trojzapchasg.html0
112li-thund****0 16li-thund****.exe1 00 34Adult web-dialler - **** is random 01
2 3LIU0  7LIU.exe1 00189Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway 01
315Live Weather II0 19Live Weather II.exe225StartUp menu\Current user0 45DesktopX Widget 1, 0, 0, 1, . DesktopX Widget39http://www.absolutestartup.com/startup/1
114System Servlce0  8live.exe1 00 50Added by the Troj/IRCBot-GX worm and IRC backdoor.58http://www.sophos.com/virusinfo/analyses/trojircbotgx.html0
2 8LiveNote0 12livenote.exe1 00  0 01
2 8LiveNote0 12Livenote.exe1 00 45Asus graphics card driver live update feature 01
111LiveSexCams0 15LiveSexCams.exe1 00 34Premium rate adult content dialler 01
327Iomega Automatic Backup Pro0 17LiveSystem.exe -s211HKEY_CU\Run0108Iomega Automatic Backup 2.0 2, 0, 0, 75, Iomega Corporation. Iomega Automatic Backup 2.0 for Windows 2000/XP39http://www.absolutestartup.com/startup/1
218AceGain LiveUpdate0 14LiveUpdate.exe1 00292AceGain_LiveUpdate. "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences."27http://gameone.acegain.com/0
310LiveUpdate0 14LiveUpdate.exe1 00 66Web-update utility as used by various types of software - see here32http://liveupdate.openwares.org/0
320Openwares LiveUpdate0 14LiveUpdate.exe1 00  032http://liveupdate.openwares.org/0
320Openwares LiveUpdate0 14LiveUpdate.exe1 00 67Application LiveUpdate 1, 0, 0, 1, Openwares. Openwares' LiveUpdate 01
118Bouncer RunStartup0 14LiveUpdate.exe1 00374VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs59http://www.pestpatrol.com/PestInfo/v/virtualbouncer_2_0.asp0
213BTCLiveUpdate0 25LiveUpdate.exe /autostart211HKEY_CU\Run0 32LiveUpdate 1.0.0.0, . LiveUpdate39http://www.absolutestartup.com/startup/1
116SDAutoLiveupdate0 16LiveUpdateSD.exe1 00178Max Spyware Detector,   bogus "Spyware remover"  - for more information, search the  Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"15Spyware remover0
111li-vita****0 15li-vita****.exe1 00 34Adult web-dialler - **** is random 01
1 8ljejpxox0 12ljejpxox.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8ljgdwnkd0 12ljgdwnkd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Rje0  7Ljn.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Akv0  7Lka.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 4lkbi0  8lkbi.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 5lkiku0  9lkiku.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Lar0  9Llass.exe1 00 27Added by the INOR-A TROJAN!55http://www.sophos.com/virusinfo/analyses/trojinora.html0
1 7Cbznznq0  8Llpu.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6llsass0 10llsass.exe1 00198Added by the  TROJ/PROXY-GG TROJAN! - NOTE:  this malware actually changes the default value data of the Registry "Run"  key in order to force Windows to launch it at boot.  Name field may be empty.57http://www.sophos.com/virusinfo/analyses/trojproxygg.html0
317LapLink Scheduler0 11LLSCHED.EXE1 00 66LAPLINK GOLD 11,05,32,00, LapLink, Inc.. Quick Scheduler Component 01
317LapLink scheduler0 11Llsched.exe1 00 86Utility that automatically performs file transfers as unattended background operations 01
1 6llvset0 10llvset.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
111LMA Manager0 14lmamanager.exe1 00147Added by the W32/Tilebot-AD worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.58http://www.sophos.com/virusinfo/analyses/w32tilebotad.html0
1 5lMAPl0  9lMAPl.exe1 00166An Agobot WORM/IRC backdoor variant will add this file, terminating processes, disabling anti-virus & secrity programs and providing for remote access to an attacker.57http://www.sophos.com/virusinfo/analyses/w32agobotre.html0
120Microsoft Management0  8lmas.exe1 00 28Added by the FORBOT-CZ WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotcz.html0
117Windows Host Name0  9lmass.exe1 00 28Added by the  GAOBOT.O WORM!77http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.O0
1 3Qvt0  7Lme.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6lmfgia0 10lmfgia.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
422ArcGIS License Manager0  9lmgrd.exe1 00171Part of the Macrovision FLEXlm software. This software is installed as part of the licensing of the A href="http://www.esri.com/software/arcgis/index.html"ArcGis software.68http://www.macrovision.com/services/support/flexlm/lmgrd.shtml#intro0
413murphy shield0  9lmgui.exe1 00 51Firewall part of BitDefender virus scanner/firewall27http://www.bitdefender.com/0
1 7LmHosts0 11lmhosts.dll1 00 40Added by the Backdoor.Fuwudoor backdoor.78http://www.sarc.com/avcenter/venc/data/backdoor.fuwudoor.html#technicaldetails0
127Microsoft Lmhosting Service0 11lmhosts.exe1 00 26Added by the RBOT-RC WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotrc.html0
123TCP/IP NetBIOS Provider0 10lmhsvc.exe1 00 34Added by the W32.Dalbug.Worm worm.93http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html#technicaldetails0
110DR service0 13lmitvsoeo.exe1 00134Added by the W32/Rbot-CZT worm and IRC backdoor.  The filename may sometimes be different, but the registry name will remain the same.56http://www.sophos.com/virusinfo/analyses/w32rbotczt.html0
211LiveMonitor0 12LMonitor.exe1 00 88MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information 01
211LiveMonitor0 12LMonitor.exe1 00 69UpdateMonitor Application 1, 0, 0, 3, . UpdateMonitor MFC Application 01
2 8LMonitor0 12LMonitor.exe1 00 88MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information 01
1 6MovieM0 10lmovie.exe1 00 31Added by the W32/Bagle-CO worm.56http://www.sophos.com/virusinfo/analyses/w32bagleco.html0
0 8lmpdpsrv0 12lmpdpsrv.exe1 00 61Related to a Lexmark printer/scanner. Printer sharing server? 01
3 8LMPDPSRV0 12LMPDPSRV.EXE111HKEY_LM\Run0 57Printer Driver Plus 1.0.0.245, DeviceGuys. PDP RPC Server39http://www.absolutestartup.com/startup/1
124Microsoft Update Machine0  9lmrss.exe1 00 26Added by the RBOT-DY WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotdy.html0
1 4lmrt0  8lmrt.exe1 00 19Unidentified adware 01
1 7q36i36O0 12lms2cenu.exe1 00 33Added by the SECONDTHOUGHT VIRUS! 01
2 9lm status0 12LMSTATUS.EXE1 00 57Xerox WorkCenter XE - language monitor status application 01
2 8LMSTATUS0 12LMSTATUS.EXE1 00 90Lexmark Status Monitor. Checks the current status of Lexmark printers (and other devices?) 01
315XE 8x LM Status0 10lmsxxe.exe1 00 45Xerox XE8 series laser printer status monitor 01
1 3lmu0  7LMU.exe1 00 64Downloader trojan, recognized by Kaspersky antivirus as Agent.bg50http://www.tkqlhce.com/ig104ft1zt0GINJPQOHGOJHHQHM0
112SysService320  9ln32k.dll1 00 26Added by the KINDAL VIRUS!43http://vil.nai.com/vil/content/v_100207.htm0
311Launchboard0 11lnchbrd.exe1 00351LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions 01
124Daemons Updates Services0  8lnql.exe1 00108Added by the W32/Rbot-RJ worm.  This infection connects to an IRC server where it waits for remote commands.55http://www.sophos.com/virusinfo/analyses/w32rbotrj.html0
1 6strtas0  8lo71.exe1 00178Added by the W32/Sdbot-AGS worm and IRC backdoor.  This infection will also install the rootkit file C:\Windows\System32\msdirectx.sys to hide files, processes and registry keys.57http://www.sophos.com/virusinfo/analyses/w32sdbotags.html0
128Windows Shell Library Loader0 22load shell.dll /c /set2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
125Win64 Compatibility Check0 14load win64.drv2 00 30CoolWebSearch parasite variant53http://www.spywareinfo.com/~merijn/cwschronicles.html0
110[not used]0  8load.exe1 00 30Added by the W32/Nimda-A worm.55http://www.sophos.com/virusinfo/analyses/w32nimdaa.html0
1 5IMAPI0  8load.exe1 00 35Added by the Troj/Downdel-A Trojan.58http://www.sophos.com/virusinfo/analyses/trojdowndela.html0
110win32servv0  8load.exe1 00 41Added by an unidentified trojan or adware 01
1 6load320 10load32.exe1 00 49Added by the NIBU, BAMBO TROJANS and DUMARU WORM!74http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.html0
120Configuration Loader0 13loadcfg32.exe1 00 39Added by the  LOADCFG or SDBOT TROJANS!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_LOADCFG.A0
1 7loaddll0 11loaddll.exe1 00 26Added by  Winvest SPYWARE!76http://securityresponse.symantec.com/avcenter/venc/data/spyware.winvest.html0
111SystemTasks0 10loaded.exe1 00 21Adult content dialler 01
112ClrSchLoader0 10Loader.exe1 00 31Clearsearch variant of  IGetNet39http://www.igetnet.com/iGetNet_Home.asp0
1 6loader0 10loader.exe1 00 77Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe 01
1 7reg_key0 15loader_name.exe1 00 53Added by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS!76http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.y@mm.html0
127dynamic link library loader0 12Loader32.exe1 00 34Added by the  BACKDOOR.KOL TROJAN!73http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kol.html0
1 8loader320 12Loader32.exe1 00 32Added by an unidentified TROJAN! 01
1 8*loadfax0 11loadfax.exe1 00104Added by the Troj/Winflux-C backdoor Trojan.  This program will load automatically in safe mode as well.58http://www.sophos.com/virusinfo/analyses/trojwinfluxc.html0
1 9LoadFonts0 13LoadFonts.vbs1 00 69Homepage hijacker that changes your homepage to an adult content site 01
4 9FP Loader0 10loadfp.exe1 00 57FoolProof Security - PC security software from SmartStuff42http://www.smartstuff.com/fps/fpsinfo.html0
115loadgolfcourses0 19LoadGolfCourses.exe1 00 47PlayMiniGolf.com foistware - stealth installed! 01
1 8dwMyTest0 10LOADHW.EXE1 00 54Added by the Troj/Wlook-A information-stealing Trojan.56http://www.sophos.com/virusinfo/analyses/trojwlooka.html0
3 9KK Loader0 10loadkk.exe1 00214KeyKey XP Professional from KeyKey.com. &quot;Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user.&quot;33http://www.keykey.com/index1.html0
3 6LoadQM0 10loadqm.exe1 00377Installed with MSN Explorer and loads the  MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it63http://support.microsoft.com/default.aspx?scid=KB;EN-US;q3094180
1 9loads.exe0  9loads.exe1 00 31Popuppers.com adware downloader 01
111LoadService0 15LoadService.exe1 00 35Added by the Troj/Dloadr-UP Trojan.58http://www.sophos.com/virusinfo/analyses/trojdloadrup.html0
118Protected Exchange0 11loadsvc.exe1 00 33Added by the Troj/Urbin-C trojan.56http://www.sophos.com/virusinfo/analyses/trojurbinc.html0
3 7LOAD WB0 10LOADWB.EXE1 00294Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it28http://www.windowblinds.net/0
215BrowserWebCheck0 10loadwc.exe1 00 57Checks to make sure that IE is still your default browser 01
1 6strtas0  8loc1.exe1 00185Added by the W32/Rbot-AZU worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This infection also uses the rootkit msdirectx.sys.56http://www.sophos.com/virusinfo/analyses/w32rbotazu.html0
122Windows Streams Server0 12localsrv.exe1 00 27Added by the SDBOT.LN WORM!99http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=60777&VName=WORM_SDBOT.LN0
122Windows Local Services0 12localsvc.exe1 00 36Added by the Troj/Dloader-NY trojan.59http://www.sophos.com/virusinfo/analyses/trojdloaderny.html0
1 5Modem0 13locatesvc.exe1 00 38Added by a variant of the SPYBOT WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html0
325Microsoft Location Finder0 18LocationFinder.exe1 00465Microsoft Location Finder is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware. When launched by a user, Microsoft Location Finder uses WiFi access points - or reverse IP lookup when WiFi is not available - to center and display the person's location on an MSN Virtual Earth map, enabling the user to quickly and easily search in their present location.108http://ww0
1 6strtas0  9lock1.exe1 00134Added by the W32/Sdbot-ADQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.57http://www.sophos.com/virusinfo/analyses/w32sdbotadq.html0
110freexstyle0 11lockbar.exe1 00120Added by the W32.Loxbot.D worm and IRC backdoor.  This infection installs the rootkit file msdirectx.sys to hide itself.73http://www.sarc.com/avcenter/venc/data/w32.loxbot.d.html#technicaldetails0
110freexstyle0 10lockbr.exe1 00 48Added by the W32.Loxbot.C worm and IRC backdoor.73http://www.sarc.com/avcenter/venc/data/w32.loxbot.c.html#technicaldetails0
310Lock My PC0 10lockpc.exe1 00136Lock_My_PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse26http://www.fspro.net/lmpc/0
1144flagvgainside0 14locks that.exe211HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9freestyle0  9lockx.exe1 00 53Added by the W32/Maibot-A AOL instant messenger worm.56http://www.sophos.com/virusinfo/analyses/w32maibota.html0
1 7stratas0  9lockx.exe1 00143Added by the W32/Sdbot-ADD worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.57http://www.sophos.com/virusinfo/analyses/w32sdbotadd.html0
1 6strtas0  9lockx.exe1 00229Added by the W32/Rbot-APL worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.  When first run this infection creates the files %System%msdirectx.sys and %SystemDrive%xz.bat.56http://www.sophos.com/virusinfo/analyses/w32rbotapl.html0
2 7lodytuj0 11lodytuj.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 6lofgyh0 10lofgyh.exe1 00127Added by the W32/Sdbot-TP. When started this infections connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbottp.html0
112Winlogin.exe0  7log.exe1 00 53Added by a variant of the AGENT.AH downloader TROJAN! 01
126Microsoft Windows updaterD0 11log32zx.exe1 00 27Added by the MYDOOM.W WORM!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.w@mm.html0
112winlogin.exe0 11logfile.exe1 00 29Added by the AGENT.AH TROJAN! 01
312HSLAB Logger0 10logger.exe1 00107Added by the Spyware.HSLABLogger spyware.  bIf you did not install this software you should uninstall it./b63http://www.sarc.com/avcenter/venc/data/spyware.hslablogger.html0
216Logitech Utility0 12Logi_MwX.Exe111HKEY_LM\Run0 64MouseWare 9.75.294, Logitech Inc.. Logitech Launcher Application39http://www.absolutestartup.com/startup/1
3 8Logi_Mwx0 12Logi_MwX.exe1 00  0 01
316Logitech Utility0 12Logi_MwX.exe1 00186Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled 01
114WINDOWS SYSTEM0  9logic.exe1 00136Added by the W32.Mytob.IC@mm worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.76http://www.sarc.com/avcenter/venc/data/w32.mytob.ic@mm.html#technicaldetails0
118login screen saver0  9login.scr1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8logitech0 12Logitech.exe1 00 28Added by the  RBOT.BJH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.BJH&VSect=P0
3 3LDM0 28LogitechDesktopMessenger.exe111HKEY_CU\Run0 72Logitech Desktop Messenger 2.1.2.0, Logitech. Logitech Desktop Messenger39http://www.absolutestartup.com/startup/1
320Easy Synchronization0 20LogitechEasySync.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 9Logitechs0 13Logitechs.exe1 00 40Added by an unidentified WORM or TROJAN! 01
117Logitech Wireless0 15logitechwls.exe1 00128Added by the W32/Mytob-BS worm.  When started, this infection connects to a remote IRC server and waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32mytobbs.html0
223LogitechImageStudioTray0 12LogiTray.exe1 00 57Logitech Image Studio - installed with Logitech QuickCams 01
223LogitechImageStudioTray0 12LogiTray.exe1 00 76Logitech ImageStudio 7.3.0.1113, Logitech Inc.. ImageStudio Tray Application 01
217LogitechVideoTray0 12LogiTray.exe1 00 57Logitech Image Studio - installed with Logitech QuickCams 01
2 8LogiTray0 12LogiTray.exe1 00  0 01
311logmein gui0 18LogMeInSystray.exe1 00277RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone.32http://www.remotelyanywhere.com/0
311LogMeIn GUI0 18LogMeInSystray.exe111HKEY_LM\Run0 61LogMeIn 2.00.461, 3am Labs, Inc.. LogMeIn Desktop Application39http://www.absolutestartup.com/startup/1
314Customizer20000  9logon.exe1 00199Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"55http://www.hot-shareware.com/utilities/customizer-2000/0
1 9Logon.exe0  9logon.exe1 00 27Added by the ZINS.A TROJAN!88http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=BKDR_ZINS.A0
114update run dos0  9logon.exe1 00 37Added by a variant of the SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
117update run msword0  9LOGON.EXE1 00248Added by the W32/Rbot-NJ trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. These infections are usually capable of logging keystrokes, retrieve cd keys, and flood other computers.55http://www.sophos.com/virusinfo/analyses/w32rbotnj.html0
125Windows Logon Application0  9logon.exe1 00 44Added by the W32/Poebot-J WORM/IRC backdoor!56http://www.sophos.com/virusinfo/analyses/w32poebotj.html0
121windows logon manager0  9logon.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 8WinLogon0  9logon.exe1 00  0 01
1 8WinLogon0  9logon.exe1 00 70Added by the Troj/Abox-A Trojan!  File is found in the Windows folder. 01
1 8logon0320 12logon032.dll1 00174Identified as a variant Trojan.PWS.Egold.  This Trojan when run will act as a rootkit and hide the files c:\windows\system32\logon032.dll and c:\windows\system32\wnlogon.sys. 01
312logon loader0 15LogonLoader.exe1 00  036http://logonloader.danielmilner.com/0
319logon loader random0 15LogonLoader.exe1 00 45Logon_Loader - customize Boot & Login Screens36http://logonloader.danielmilner.com/0
319Logon Loader Random0 23LogonLoader.exe /random211HKEY_LM\Run0 181.0.1887.17536,  .39http://www.absolutestartup.com/startup/1
130Microsoft Logon User Interface0 12logonnui.exe1 00 48Added by the W32/Rbot-BCC worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotbcc.html0
311LogonStudio0 15logonstudio.exe1 00261WinCustomize LogonStudio - &quot;Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users&quot;45http://www.stardock.com/products/logonstudio/0
311LogonStudio0 23logonstudio.exe /RANDOM2 00 49LogonStudio 1.00.0064, Stardock and Luca Saggese. 01
311LogonStudio0 23LogonStudio.exe /RANDOM211HKEY_LM\Run0 49LogonStudio 1.00.0064, Stardock and Luca Saggese.39http://www.absolutestartup.com/startup/1
114windows update0 12logonuit.exe1 00 28Added by the  Troj/LegMir-AO58http://www.sophos.com/virusinfo/analyses/trojlegmirao.html0
3 8LogWatch0 12logwat95.exe1 00220Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll - see here. Not required if you already have a newer version or the patch has been applied61http://support.ca.com/Download/patches/licenseit/LO51215.html0
1 6loifqk0 10loifqk.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
124outlook express protocol0  8look.exe1 00 32Added by the  W32/RBOT-ACS WORM!56http://www.sophos.com/virusinfo/analyses/w32rbotacs.html0
423Look &#039;n&#039; Stop0 13looknstop.exe1 00 31Look 'n' Stop personal firewall38http://www.looknstop.com/En/index2.htm0
413Look 'n' Stop0 13looknstop.exe1 00 31Look 'n' Stop personal firewall38http://www.looknstop.com/En/index2.htm0
413Look 'n' Stop0 19looknstop.exe -auto2 00 86Look 'n' Stop Personal Firewall 2, 0, 0, 5, Soft4Ever. Look 'n' Stop Personal Firewall 01
110Lookup_Sys0 13lookupsys.exe1 00 11P04n trojan 01
123microsoftm eegs cuntrol0  8loor.pif1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 5lopby0  9lopby.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 4abtu0 13lopsearch.exe1 00 67Loads the executable for Lop.com. lopsearch.exe is the beta version35http://www.spywareinfo.com/lop.html0
115[Various Names]0 11LOPTCON.exe1 00133Part of the Wareout infection as described A href="http://www.doxdesk.com/parasite/WareOut.html"  rel="nofollow" target="_blank"here. 01
1 6LOAD320 10Lorena.exe1 00 27Added by the MAPSON.C WORM!65http://www.symantec.com/avcenter/venc/data/w32.mapson.c.worm.html0
1 7runloud0  8loud.exe1 00 72Adware related downloader,  detected as TrojanDropper.Win32.PurityScan.g 01
1 4LOVE0  8LOVE.EXE1 00 31Added by the Troj/VB-ZQ Trojan.54http://www.sophos.com/virusinfo/analyses/trojvbzq.html0
1 6kv30000  9lover.vbe1 00 27Added by the ZSYANG.B WORM!76http://securityresponse.symantec.com/avcenter/venc/data/vbs.zsyang.b@mm.html0
127Local Procedure Call Mapper0  7LPC.exe1 00135Added by the W32/Rbot-UZ worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotuz.html0
1 7lpdpexb0 11lpdpexb.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Lpdriver0 12lpdriver.sys1 00133Added by the W32/Tilebot-H worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32tileboth.html0
1 6lpexht0 10lpexht.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 7lpjskte0 11lpjskte.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 3Lpr0 10Lpr123.exe1 00 47Added by the REMPSTEAL password stealer TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html0
1 6Lpr1230 10Lpr123.exe1 00 47Added by the REMPSTEAL password stealer TROJAN!78http://securityresponse.symantec.com/avcenter/venc/data/spyware.rempsteal.html0
3 3LPS0  7Lps.exe1 00 94Local Port Scanner - "With LPS you're able to check your computer for open or listening ports" 01
0 9Reg Check0  7lpt.exe1 00 31Related to Supanet ISP software23http://www.supanet.com/0
3 6LPtask0 10lptask.exe1 00 99Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted45http://www.sanegroup.com/sanegroup/lppro.html0
1 6lpuajr0 10lpuajr.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
115lrbz utility 320 10lrbz32.exe1 00 33Added by the  W32/AGOBOT-JQ WORM!57http://www.sophos.com/virusinfo/analyses/w32agobotjq.html0
113ms config v130 10lrbz32.exe1 00 34Added by the  W32.GAOBOT.AOL WORM!58http://www.sarc.com/avcenter/venc/data/w32.gaobot.aol.html0
115micrsoft cfg 320 12lrbzus32.exe1 00 46Added by a variant of the  AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 3Jog0  7Lrl.exe111HKEY_CU\Run0  039http://www.absolutestartup.com/startup/1
1 6lrrdhd0 10lrrdhd.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
1 8Quickzip0  6Ls.exe1 00 38MsConnect browser hijacker and dialler 01
1 3lsa0  7lsa.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
114norton updater0  7lsa.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
116Win32 LSA Driver0  7lsa.exe1 00133Added by the W32/Forbot-FJ worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.57http://www.sophos.com/virusinfo/analyses/w32forbotfj.html0
112lsa Services0 11lsa2srv.exe1 00 54The path to windows may be different on your computer. 01
116Microsoft Update0  8lsac.exe1 00 28Added by the GAOBOT.XW WORM!88http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=484280
118WindowsProtocolLog0 10lsadst.exe1 00 42Added by the Troj/Stinx-S backdoor Trojan.56http://www.sophos.com/virusinfo/analyses/trojstinxs.html0
110LsaManager0 10lsamgr.exe1 00 45Added by the WORM_BAGLE.EV mass-mailing worm.89http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBAGLE%2EEV&VSect=T0
124COM+ System Applications0  8lsas.exe1 00 28Added by the AGOBOT.SE WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.SE0
1 8ShellSpl0  8lsas.exe1 00 26Added by the Troj/Yaler-A.56http://www.sophos.com/virusinfo/analyses/trojyalera.html0
1 6SYSTEM0  8lsas.exe1 00 28Added by the SPYBOT.CJ WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.CJ0
116Windows Explorer0  8Lsas.exe1 00146Added by the GAOBOT.AO WORM! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually79http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ao.html0
1 36780 10lsas32.exe1 00 35Added by the Troj/Slsorve-B trojan.58http://www.sophos.com/virusinfo/analyses/trojslsorveb.html0
1 5lsass0 10lsasrv.exe1 00 28Added by the MYDOOM.AG WORM!64http://www.symantec.com/avcenter/venc/data/w32.mydoom.ag@mm.html0
1 9.TEXTCONV0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 8.WMAudio0  9lsass.exe1 00  062http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 3brl0  9lsass.exe1 00143Added by the TROJ_DLOADER.CPD downloading Trojan. This should not be confused with the legitimate Microsoft file c:\Windows\System32\lsass.exe.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOADER%2ECPD&VSect=T0
1 7ccpApps0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
118DLL Enhancer Drive0  9lsass.exe1 00 44Added by the Troj/Bdoor-CGM backdoor trojan.58http://www.sophos.com/virusinfo/analyses/trojbdoorcgm.html0
112FriendlyType0  9lsass.exe1 00  062http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
142Local Security Authority Subsystem Service0  9lsass.exe1 00231Added by the W32/Tilebot-AK worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.  This file should not be confused with the legitimate lsass.exe residing in the %System% folder.58http://www.sophos.com/virusinfo/analyses/w32tilebotak.html0
111lsa service0  9LSASS.exe1 00141Added by the  W32.Ahker.G WORM!  **Note - this is NOT the legitimate Windows  lsass.exe process, which should NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.g@mm.html0
126LSA Shell (Export Version)0  9LSASS.exe1 00 82Added by the W32/Ahker-F worm.  This infections spreads by email and P2P networks.55http://www.sophos.com/virusinfo/analyses/w32ahkerf.html0
1 5lsass0  9lsass.exe1 00134Added by the RATSOU.B TROJAN! Note - this is not the legitimate  Lsass.exe system file should normally NOT figure in Msconfig/Startup!82http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html0
127Microsoft Authority Service0  9lsass.exe1 00134Added by the W32.Kalel.B@mm mass-mailing worm. bBe careful that you do not delete the legitimate file c:\windows\system32\lsass.exe./b75http://www.sarc.com/avcenter/venc/data/w32.kalel.b@mm.html#technicaldetails0
119Microsoft UPDATER320  9lsass.exe1 00132Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!74http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ar.html0
119MicrosoftSourceSafe0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
110MS-Outlook0  9lsass.exe1 00131Added by the TROJ_DLOADER.BXQ Trojan. This infection should not be confused with the legitimate file C:\Windows\System32\lsass.exe.92http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOADER%2EBXQ&VSect=T0
115NortonAntivirus0  9LSASS.exe1 00176Added by the W32.Pexmor@mm mass-mailing worm. This file should not be confused with the legitimate Windows file of the same name that is located in the Windows %System% folder.74http://www.sarc.com/avcenter/venc/data/w32.pexmor@mm.html#technicaldetails0
1 4Prog0  9lsass.exe1 00  062http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 9RegDoneEx0  9lsass.exe1 00126Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!62http://www.symantec.com/avcenter/venc/data/trojan.webus.b.html0
1 6Runner0  9lsass.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
111SondBlaster0  9lsass.exe1 00140Added by the BKDR_PROSTI.A backdoor. This infection should not be confused with the legitimate Microsoft file c:\windows\system32\lsass.exe.90http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FPROSTI%2EAA&VSect=T0
114System Handler0  9LSASS.EXE1 00128Added by the NIMOS WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!75http://securityresponse.symantec.com/avcenter/venc/data/w32.nimos.worm.html0
113System Kernel0  9lsass.exe1 00 42Added by the Troj/VBbot-G backdoor trojan.56http://www.sophos.com/virusinfo/analyses/trojvbbotg.html0
114System Process0  9lsass.exe1 00 74Added by the Troj/AdClick-AG Trojan!  File is found in the Windows folder. 01
1 3ToP0  9LSASS.exe1 00190Added by the PWSteal.Wowcraft.C password-stealing Trojan for the online game World of Warcraft.  This infection should not be confused with the legitimate C:\Windows\system32\lsass.exe file.79http://www.sarc.com/avcenter/venc/data/pwsteal.wowcraft.c.html#technicaldetails0
1 7Traybar0  9lsass.exe1 00131Added by the MYDOOM.L WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!76http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.l@mm.html0
1 6Update0  9lsass.exe1 00  0 01
1 8Userinit0  9lsass.exe1 00146Added by the Troj/Viran-B backdoor Trojan.  This infection also installs the files c:\windows\system32\divx5.dll and c:\windows\system32\h323.txt.56http://www.sophos.com/virusinfo/analyses/trojviranb.html0
121Windows lsass Service0  9lsass.exe1 00 26Added by the W32/Rbot-AGD.56http://www.sophos.com/virusinfo/analyses/w32rbotagd.html0
134Windows Security Authority Service0  9lsass.exe1 00 46Added by the W32.Kalel.A@mm mass-mailing worm.75http://www.sarc.com/avcenter/venc/data/w32.kalel.a@mm.html#technicaldetails0
115WindowsUpdatem10  9lsass.exe1 00 53Added by the Troj/Agent-AAJ password stealing Trojan.58http://www.sophos.com/virusinfo/analyses/trojagentaaj.html0
1 7WinExec0  9lsass.exe1 00 31Added by the W32/Crutle-B worm.56http://www.sophos.com/virusinfo/analyses/w32crutleb.html0
112WinXPService0  9lsass.exe1 00159Added by the Troj/Zapchas-AS backdoor Trojan. This infection should not be confused with the legitimate lsass.exe file found in the C:\Windows\System32 folder.59http://www.sophos.com/virusinfo/analyses/trojzapchasas.html0
1 110  9lsass.scr1 00 38Added by the  PWSteal.Bancos.V TROJAN!64http://www.symantec.com/avcenter/venc/data/pwsteal.bancos.v.html0
116MS lsass Startup0 12lsass135.exe1 00 26Added by the RBOT.WM WORM!89http://ae.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.WM0
117ms lsass6 startup0 13lsass1356.exe1 00 42Added by a variant of the  W32/SDBOT WORM!43http://vil.nai.com/vil/content/v_100454.htm0
113lsass service0 10lsass2.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
112NDIS Adapter0 10lsass2.exe1 00  079http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
114darkness lsass0 11LsasS23.exe1 00 40Added by an unidentified WORM or TROJAN! 01
114lsass2k Update0 11lsass2k.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
1 7lsass320 11lsass32.exe1 00 54Added by the Troj/Banker-BFB password-stealing Trojan.59http://www.sophos.com/virusinfo/analyses/trojbankerbfb.html0
119Microsoft UPDATER320 11LSASS32.EXE1 00152Added by the W32/Sdbot-CC backdoor worm.  When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.56http://www.sophos.com/virusinfo/analyses/w32sdbotcc.html0
114lsass64bit.exe0 14lsass64BiT.exe1 00 33Added by the  W32/FORBOT-CK WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotck.html0
119Services Controller0 10lsassa.exe1 00 31Added by the CIADOOR.122 VIRUS! 01
112LSASS Daemon0 10LSASSd.exe1 00 45Added by a variant of the AGOBOT/GAOBOT WORM!79http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN0
1 6System0 10lsasse.exe1 00 84A variant of the Rbot WORM adds this, opening a backdoor that utilizes IRC channels.55http://www.sophos.com/virusinfo/analyses/w32rbotyl.html0
111msupdater250 11lsasser.exe1 00132Added by the W32/Rbot-ATS worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotats.html0
117LsassFTPzz daemon0 14LsassFtpdz.exe1 00145Added by the W32/Rbot-ARL worm. This infection will connect to a remote IRC server and wait for commands to be executed on the infected computer.56http://www.sophos.com/virusinfo/analyses/w32rbotarl.html0
1 7lsassig0 11lsassig.exe1 00 52Added by the Troj/Bancos-EC Internet Banking Trojan.58http://www.sophos.com/virusinfo/analyses/trojbancosec.html0
1 7Default0 10lsassM.exe1 00135Added by the W32/Rbot-UW worm.  When connected this infections connects to an IRC server where it waits for remote commands to execute.55http://www.sophos.com/virusinfo/analyses/w32rbotuw.html0
1 9LSASS SVR0 10lsasss.exe1 00 32Added by the  W32/Sasser-E worm.56http://www.sophos.com/virusinfo/analyses/w32sassere.html0
1 6lsasss0 10lsasss.exe1 00 44Added by the  Troj/Geekmy-A backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojgeekmya.html0
110lsasss.exe0 10lsasss.exe1 00 27Added by the SASSER.E WORM!90http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SASSER.E0
117Microsoft Winsock0 10lsasss.exe1 00132Added by the W32/Rbot-BAI worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32rbotbai.html0
118Microsofts Updates0 10lsasss.exe1 00133Added by the W32/Rbot-AEX worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.56http://www.sophos.com/virusinfo/analyses/w32rbotaex.html0
1 8System320 10lsasss.exe1 00120Added by the W32/Rbot-XW WORM/IRC backdoor Trojan, exploiting OS vulnerabilities that have patches available to correct.55http://www.sophos.com/virusinfo/analyses/w32rbotxw.html0
119Windows Taskmanager0 10lsassx.exe1 00 94Added by the W32/Rbot-WX WORM and IRC backdoor Trojan, and found in the Windows system folder.55http://www.sophos.com/virusinfo/analyses/w32rbotwx.html0
118Adope File Manager0  9lsasv.exe1 00 40Added by an unidentified WORM or TROJAN! 01
130Computing Technologie Firewall0 10lsauth.exe1 00131A Sdbot WORM variant adds this file. It has backdoor components, using an IRC channel to allow unauthorized access to the computer.56http://www.sophos.com/virusinfo/analyses/w32sdbotwx.html0
213lsburnwatcher0 17lsburnwatcher.exe1 00 43Used for automatically updating HP programs 01
310LSBWatcher0 17lsburnwatcher.exe111HKEY_LM\Run0 75LightScribe 4, 10, 14, 0, Hewlett-Packard Company. LightScribe Burn Watcher39http://www.absolutestartup.com/startup/1
1 5f3dsl0 10LSD_F3.DLL1 00118Added by the Troj/Goldun-G password stealing trojan.  If you have this infection you should change all your passwords.57http://www.sophos.com/virusinfo/analyses/trojgoldung.html0
116Microsoft Office0  9lserv.exe1 00 27Added by the SDBOT.MH WORM!85http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.MH&VSect=T0
123Microsoftf DDEs Control0  8lses.exe1 00 73Identified as a variant of Backdoor.Win32.Rbot.gen worm and IRC backdoor. 01
1 5lsess0  9lsess.exe1 00 33Added by the  W32.SINNAKA.A WORM!64http://www.symantec.com/avcenter/venc/data/w32.sinnaka.a@mm.html0
1 6Sysino0  9lsess.exe1 00 28Added by the FORBOT-BF WORM!57http://www.sophos.com/virusinfo/analyses/w32forbotbf.html0
115windows firewal0  9Lsess.exe1 00 43Added by a variant of the  WIN32.RBOT WORM!64http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=394370
120Generic Host Service0 10lshost.exe1 00 26Added by the RBOT.LU WORM!84http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.LU&VSect=T0
115LSASS Authority0 13lshosts32.exe1 00 59Added by Troj/Sdbot-UY. Found in the Windows system folder.57http://www.sophos.com/virusinfo/analyses/trojsdbotuy.html0
1 6lsmass0 10lsmass.exe1 00 47Added by the Troj/Wallop-B IRC backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojwallopb.html0
1 9lsmss.exe0  9lsmss.exe1 00 40Added by the Troj/Proxy-GG proxy Trojan.57http://www.sophos.com/virusinfo/analyses/trojproxygg.html0
1 6LSPFix0 14LSPmonitor.exe1 00 78eAcceleration Stop-Sign related - foistware. Read their privacy statement here37http://www.eacceleration.com/privacy/0
110LSPmonitor0 14LSPmonitor.exe1 00  037http://www.eacceleration.com/privacy/0
159Loads files to memory for later outputing over the endpoint0 10LSPOOL.EXE1 00129Added by the W32/Codbot-B backdoor. When started this infection connects to an IRC server where it waits for commands to execute.56http://www.sophos.com/virusinfo/analyses/w32codbotb.html0
1 4lspp0  8lspp.exe1 00187Added by the A href="http://www.sarc.com/avcenter/venc/data/adware.lspp.html"Adware.LSPP Adware.  This delivers advertisements on your computer and may download other programs to install. 01
118Microsoft Services0  8lsrv.exe1 00 26Added by the RBOT-BK WORM!55http://www.sophos.com/virusinfo/analyses/w32rbotbk.html0
224lssas Monitoring Startup0  9lssas.exe111HKEY_LM\Run0  039http://www.absolutestartup.com/startup/1
114AdobeReaderPro0  9lssas.exe1 00 48Added by the W32/Rbot-CLB worm and IRC backdoor.56http://www.sophos.com/virusinfo/analyses/w32rbotclb.html0
1 9DllLoader0  9lssas.exe1 00 43Added by the Troj/Bdoor-JE backdoor Trojan.57http://www.sophos.com/virusinfo/analyses/trojbdoorje.html0
131Local Security Authority Servce0  9lssas.exe1 00 31Added by the W32/Poebot-T worm.56http://www.sophos.com/virusinfo/analyses/w32poebott.html0
132Local Security Authority Service0  9lssas.exe1 00 67W32/Poebot-A is a network WORM! Found in the Windows system folder.56http://www.sophos.com/virusinfo/analyses/w32poebota.html0
1 6lssass0  9lssas.exe1 00 28Added by the AGOBOT.RL WORM!78http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.RL0
128Microsoft Management Console0  9lssas.exe1 00 17EasySearch adware57http://sarc.com/avcenter/venc/data/adware.easysearch.html0
118Microsoft Services0 10lsserv.exe1 00 47Added by an unidentified VIRUS, WORM or TROJAN!