(cache) CastleCops - StartupList

++ Salvation Army - Katrina & Rita - Red Cross ++

New User? Need help? Click here to register for free! Registering removes the advertisements.

StartupList Index

Currently 12015 startuplist entries and growing...
Last updated on 2005-11-29 19:58:41 Eastern.
!! THESE ARE STARTUP PROGRAMS AND NOT TASK MANAGER PROCESS ITEMS !!

For more information on startup programs, including how to identify them and the information required for submitting additions to this list please refer to Content & Info. Reprinted with permission from Paul Collins who owns the copyright to the list. CastleCops also adds additional items that may not be in the original list but attempts are made to ensure the original is also updated. The full HTML list is here.

CastleCops is now hosting the official Pacs-portal forums. CastleCops has also cross-referenced startup entries with our File Hash database where appropriate. Comments or questions can be fielded here.

KEY:

"Y" - Normally leave to run at start-up

"N" - Not required - typically infrequently used tasks that can be started manually if necessary

"U" - User's choice - depends whether a user deems it necessary

"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"

"?" - Unknown

Full List

Name	Status	Filename	Description
WinCheck	X	services.exe	Added by the W32.Sober.V WORM! Note: This worm file is found in the Windows\ConnectionStatus\Microsoft or Winnt\ConnectionStatus\Microsoft folder.
Windows	X	services.exe	Added by the W32.Sober.X WORM! Note: This is not the legitimate Windows process services.exe (Which is always found in the System32 folder.) This worm file is found in the Windows\WinSecurity or Winnt\WinSecurity folder.
!1_pgaccount	Y	pgaccount.exe	DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
!1_ProcessGuard_Startup	Y	procguard.exe	DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks.
!NoLoad	U	winrecon.exe	WinRecon - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
$EnterNet	U	Enternet.exe	Connection manager for the EnterNet ISP. You can also use RASPPOE
$sys$cmp	X	$sys$xp.exe	Added by the Backdoor.Ryknos.B TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer.
$sys$drv	X	$sys$drv.exe	Added by the Backdoor.Ryknos TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer.
$WindowsRegKey%update	X	IEXPLORE.EXE	Added by a W32/Rbot-EZ WORM! Note - this is not the legitimate Internet Explorer iexplorer.exe process, it should not appear in Msconfig/Startup unless you add it manually!
%cmpmixtitle%	?	%cmpmixstr%	Possibly related to C-Media Mixer Control panel?
%FP%012-L2TP fts.exe	?	fts.exe	012.Net ISP software - what does it do and is it required?
%FP%012-L2TP FWPortal.exe	?	FWPortal.exe	012.Net ISP software - what does it do and is it required?
%FP%1776 Internet fts.exe	?	fts.exe	1776 Internet ISP software - what does it do and is it required?
%FP%1776 Internet FWPortal.exe	?	FWPortal.exe	1776 Internet ISP software - what does it do and is it required?
%FP%Barak013 fts.exe	?	fts.exe	Barak013 ISP software - what does it do and is it required?
%FP%Barak013 FWPortal.exe	?	FWPortal.exe	Barak013 ISP software - what does it do and is it required?
%FP%Friendly fts.exe	?	fts.exe	Friendly ISP software - what does it do and is it required?
(*)API Machine	X	winSOCKS.exe	Homepage hijacker, see here (* = any digit)
(*)Run	X	win32API.exe	Homepage hijacker, see here (* = any digit)
(default)	X	(random filename).exe	Added by the BLACKMAL VIRUS!
(Default)	X	Systrsy.exe	Added by the Trojan.Cdtray TROJAN! Note: This trojan file is found in the Internet Explorer folder.
(default)	X	llsass.exe	Added by the TROJ/PROXY-GG TROJAN!
(Default)	X	webcam.exe	Added by the Troj/Monad-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
(Entry name)	X	System.exe	Added by the Troj/Nethief-N Trojan!
(L4r1$$4) (4nt1) (V1ruz)	X	SP00Lsv32.pif	Added by the ASSIRAL.B WORM!
(no name)	X	pathex.exe	Added by the TROJ/MKMOOSE-A WORM!
(Original file name)	X	svchost.scr	Added by Troj/Bancban-CX and Troj/Bancban-DA TROJANS!
(Original filename)	X	xphost.scr	Added by the Troj/Bancban-HM TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
(Original Trojan filename)	X	Install.exe	Added by the Troj/Bancban-FS TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
(random 12 digit number)	X	actxprxy.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	avicap32.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	browser8.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	avifile5.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	bootvid4.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	cdmodem4.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	acctres8.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	autodisc.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	cabview1.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	atitvo32.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	advpack1.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	batmeter.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	bidispl2.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	asferror.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	catsrvps.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	audiosrv.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	admparse.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	bootvid2.exe	Adsrv.com/IeDriver adware variant
(random 12 digit number)	X	cmpbk321.exe	Adsrv.com/IeDriver adware variant
(Random characters)	X	securewinload32x.exe	Added by the Troj/OptixP-N TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. The file system32dir2a.exe will also be found in the same folder and should be deleted.
(random name)	X	(random filename)	Added by the Troj/StartPa-GL Trojan! Found in the WINDOWS or Winnt directory.
(Random number)	X	explorer.exe	Added by the Troj/Keylog-AN TROJAN! Note: This trojan file is found in the Windows\service or Winnt\service folder, be sure to check the link for this one, It copies it's self under 9 additional file names, all in the Windows\service or Winnt\service folder.
(random)	X	lsass.scr	Added by Troj/Bancban-CW Trojan!
(random)	X	svchost.scr	Added by Troj/Bancban-CY Trojan!
(Random)	X	svshost.exe	Added by the W32/Kelvir-AX WORM! Note: This worm\trojan file is found in the System\(random folder name) (95/98/ME) or System32\(random folder name) (NT/2000/XP) folder.
(Randomly chosen existing folder name)	X	_cfg.exe	Added by the W32/Antinny-L WORM!
(Randomly chosen existing folder name)	X	_login.exe	Added by the W32/Antinny-L WORM!
(Randomly chosen existing folder name)	X	_start.exe	Added by the W32/Antinny-L WORM!
(Randomly chosen existing folder name)	X	_config.exe	Added by the W32/Antinny-L WORM!
(Randomly chosen existing folder name)	X	_autorun.exe	Added by the W32/Antinny-L WORM!
(Randomly chosen existing folder name)	X	_loader.exe	Added by the W32/Antinny-L WORM!
(Randomly chosen existing folder name)	X	_env.exe	Added by the W32/Antinny-L WORM!
(Randomly chosen existing folder name)	X	_setup.exe	Added by the W32/Antinny-L WORM!
(Registry Value Name)	X	roses.exe	Added by the W32/Rbot-AFT Worm!
(Unknown)	X	charmapnt.exe	Added by the Troj/Bancos-DR TROJAN!
(User name) config	X	(Path to Trojan exe)	Added by the Troj/Mosuck-H TROJAN!
(various file names)	X	mediaplayer32.exe	Added by a variant of the WIN32.RBOT WORM!
(various file names)	X	bling.exe	Added by the W32/RBOT-NI WORM!
(various names)	X	win32snd.exe	Added by the W32/RBOT-DQ WORM!
(various names)	X	svchostss.exe	Added by a variant of the WIN32.RBOT WORM!
(various names)	X	PasswdMon.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
(various names)	X	runload32.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
*JanisRuckenbrodII	X	janis.com	Added by the POPS VIRUS!
*Microsoft Update	X	wucxt.exe	Added by the W32.HLLW.STMU TROJAN!
*Microsoft Update	X	wuytc.exe	Added by the W32.HLLW.STMU TROJAN!
*Microsoft Update	X	ctxma.exe	Added by the W32.HLLW.STMU TROJAN!
*Microsoft Update	X	wstcl.exe	Added by the W32.HLLW.STMU TROJAN!
*Microsoft Update	X	cxma.exe	Added by the W32.HLLW.STMU TROJAN!
*microsoft update	X	cxma.exe	Added by the W32.HLLW.STMU TROJAN
*MS Setup	X	[random file name]	Virtumondo adware, also known as the VUNDO TROJAN!
*Security Center	X	secctr.exe	Added by the SDBOT.BRO WORM!
*StateMgr	Y	statemgr.exe	Windows ME default for System Restore. Do NOT disable!
*windows update	X	wurauclt.exe	Added by the W32/RBOT-SY WORM!
*windows update	X	wsctl.exe	Added by the SPYBOT.PR WORM!
*windows update	X	wscxt.exe	Added by the RBOT.AOS WORM!
*windows update	X	wkmst.exe	Added by the SDBOT.AVD WORM!
*windows update	X	wuaucrlt.exe	Added by the SPYBOT.HUR WORM!
*windows update	X	waurclt.exe	Added by a variant of the WIN32.RBOT WORM!
*WinLogon	X	[trojan path] ren time:[random number]	Added by the VUNDO TROJAN!
*winstats	X	winstats.exe	Added by the Trojan.Gargafx TROJAN! Note: This trojan file (winstats.exe) is found in the Windows or Winnt folder.
*wuauclt.exe	X	w***.exe ( = random char)	Added by a variant of the W32/RBOT-UG WORM! - NOTE: * in the file name represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
*wuauclt.exe	X	wmsvc.exe	Added by the W32/RBOT-UG WORM!
,main drive Loader	X	wininfo.exe	Suspected malware as it appears in 3 different registry locations - see here
.mscdr	X	lassa.exe	Added by the WEBUS.C TROJAN!
.mscdr	X	lsvchost.exe	Added by the WEBUS.D TROJAN!
.mscdsr	X	lsvchost.exe	Added by the Troj/Bdoor-CR Trojan!
.mscsbl	X	svhost.exe	Added by the BACKDOOR-CMQ TROJAN!
.msfupdate	X	msveup.exe	Added by the W32.ALLOCUP.A WORM!
.mssecure	X	mssecure.exe	Added by the DDOS_BOXED.X TROJAN!
.mssecure	X	mssecure.exe	Added by the Troj/Borobot-B Trojan!
.NET config	?	sysmon32.exe	??
.norton	X	rchost.exe	Added by a variant of the BOXED-A TROJAN!
.Prog	X	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe ) process
.Prog	X	winlogon.exe	Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process
.svchost	X	CSRSS.EXE	Added by the WEBUS.F TROJAN! - NOTE - this file is placed in the Winnt\System or Windows\System folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
.TEXTCONV	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
.WMAudio	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process" which provides text window support, shutdown, and hard-error handling
.WMAudio	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
/l:eng	N	N/A	Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup
000	U	pit.exe	Added by the PrivateEye SPYWARE! **Note - If you did not intentionally install this remove it.
000hpdllhos	X	hpdllhost.exe	LZIO.com adware downloader
000StTHK	U	000StTHK.exe	Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
0050726-007-i32-1	X	0050726-007-i32-1.exe	Added by the Troj/Bancban-EC TROJAN!
00DSKSVR00	N	desksaver.exe	Related to Advanced_Desktop_Shield
00DSKSVR01	N	desksaver.exe	Related to Advanced_Desktop_Shield
00THotkey	U	00THotKey.exe	For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
0190 Warner	U	WARN0190.EXE	Anti-dialer program (Germany)
0900 Warner	U	WARN0900.EXE	Anti-dialer program (Germany)
0utlook Express	X	****.exe (where = random char)	Added by the W32/RBOT-CC WORM!
1	X	1.exe	Added by the ESTEEMS TROJAN!
1	X	svchost.scr	Added by PWSteal.Bancos.X Trojan.
1	X	lsass.scr	Added by the PWSteal.Bancos.V TROJAN!
11	X	faxcomdos.exe	Added by the Tuimer TROJAN!
1111swapmgr.exe	X	1111swapmgr.exe	Added by the BDOOR-IC TROJAN!
123456	X	rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl	Added by the KITRO.C (or DANDI.A) VIRUS! 123456 can be any random 3 to 6 digit number
12Ghosts Popup-Killer	U	12popup.exe	12Ghosts Popup-Killer
17779Proj2002	?	N/A	??
180adsolution	X	180adsolution.exe	180Solutions/N-Case adware variant
180ax	X	180ax.exe	180Solutions/N-Case adware variant
180ClientStubInstall	X	stubinstaller***.exe ( = digit)	180Solutions adware related
180ClientStubInstall	X	*****.exe ( = random digit/character)	180Solutions adware related
180ClientStubInstall	X	*****.tmp ( = random digit/character)	180Solutions adware related
1:	N	hpdrv.exe	HP utility for monitoring when and how many recoveries have been done
1A:MacVisionTrayMonitor	N	TrayMonitor.exe	Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
1A:Stardock MCP	Y	mcpserver.exe	Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
1A:Stardock TrayMonitor	Y	TrayServer.exe	For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
1CmailS	?	NETMAIL.EXE	??
1on1	X	1on1.exe	Adult content dialler
1Srv32	U	SpyAgent4.exe	SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
1Win32Cfg	U	SpyBuddy.exe	SpyBuddy monitoring software
1Win32Cfg	U	Keyloggerpro.exe	KeyloggerPro - monitoring software
1WinCfg32	X	"\WebMailSpy.exe	Added by WebMailSpy SPYWARE!
2020Downloader	X	mssvr.exe	2020Search Toolbar related. Reported to be auto-installed
252	X	winmgr.exe	Added by the Troj/LegMir-AT TROJAN!
27	X	slsorve.exe	Added by the SLSORVE-A TROJAN!
27	X	csrss32.exe	Added by the TROJ/SLSORVE-D TROJAN!
27	X	msm32.exe	Added by the TROJ/SLSORVE-E TROJAN!
2kadiras	Y	2kadiras.exe	Allied_Telesyn AT series router/modem related - apparently required
2thousandbuck	X	(path to file)	Added by the RANKY.L TROJAN!
2wSysTray	U	2portalmon.exe	2Wire Homeportal user interface
32-bit Thunking service	X	thunk32.exe	Added by the W32.Derdero.A WORM!
357AA41A-B7A8-4632-A27D-5B980B25CF43	X	[path to svchost.exe]	Added by the SMALL-AQ TROJAN!
357AA41A-B7A8-4632-A27D-5B980B25CF43	X	services.exe	Added by FakeMessage/AdRotator adware - NOTE - this file is placed in a Winnt\System32\Inetserv or Windows\System32\Inetsrv folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
3c1807pd	Y	3cmlink.exe 3cpipe-3c1807pd	3Com WinModem driver. See here for more WinModem information
3capplnk	Y	3capplnk.exe	US Robotics Modem driver
3cdminic	N	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
3CM Link	Y	3cmcnkw.exe	Required for a US Robotics WinModem as it provides the link to Windows - won't work without it.
3Cmlink	Y	3CmlinkW.exe	For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information
3ComDMIAgent	N	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
3D Text	N	3D Text.scr	Added by the JERMY.A VIRUS!
3Deep Control Panel	U	3DeepCTL.EXE	From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games
3Dfx Acc	X	GFXACC.EXE	Added by the GIBE VIRUS!
3dfx Task Manager	N	3dfxMan.exe	System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
3dfx Tools	Y	3dfxCmn.dll	Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
3dfxv2ps.dll	Y	3dfxv2ps.dll	Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
3Dlabs Taskbar Display Manager	?	3DLman.exe	3DLabs graphics driver related. System Tray access to display settings?
3DLabsHelperDemon	U	3dldemon.exe	Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
3DMouse.EXE	Y	3DMouse.EXE	Dritek System Inc. 3D Mouse driver
3d_sound	X	3d_sound.exe	Added by the Troj/Riados-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
3qdctl.exe	U	3qdctl.exe	Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
3ware 3DM	Y	3dm.exe	Monitors status of the disk array on 3ware IDE RAID controllers
4wd!!!	X	Natal!.pif	Added by the OPASERV.AI VIRUS!
5-1-61-96	X	members-area.exe	Adult content dialler
5-2-46-112	X	5-2-46-112.exe	Adult content pop-up dialler. Removal instructions here
55278	X	grepclient1.exe	Added by the Troj/Lineage-S Trojan!
5p4m	X	(Path to Trojan)	Added by the Troj/Litebot-C TROJAN!
666	X	Ska.exe	Added by the Troj/Pipes TROJAN!
678	X	lsas32.exe	Added by the Troj/Slsorve-C TROJAN!
98D0CE0C16B1	X	rundll32.exe D0CE0C16B1,D0CE0C16B1	BrowserAid/Startium parasite related
9xadiras	Y	9xadiras.exe	Allied_Telesyn AT series router/modem related - apparently required
9xHtProtect	X	AVprotect9x.exe	Added by the W32.NETSKY.M WORM!
;Rundll	X	(random filename)	Added by the PWSLEGMIR.E VIRUS!
	X	Regsrv32.com	Added by the SOUTHGHOST VIRUS!
	X	App.exe	Added by the WAXPOW VIRUS! where <filename> is the executed filename
	X	wincpu.exe	Added by an unidentified VIRUS!
	X	elf.exe	Elf is a hacker program, tied to a trojan server
?ekio Startups	X	?nksvc32.exe	Added by the W32/AGOBOT-OV WORM!
@	X	regedit -s ..win.dll	Added by the SEEKER.K VIRUS!
@Hoc Toolbar	N	AtHoc.exe	One-click activated browsing toolbar used by various web-sites. See here for more info
@loha	N	reminder.exe	Registration reminder for @loha@home E-mail utility
@tour_ww	X	@tour_ww[1].exe	Adult content dialler
a	X	a.exe	Commercials file that registers itself in the system registry and redirects IE to a certain commercial website
a	X	jesse.exe	Added by the W32/Melo-A WORM! Note: This worm file is found in the system32\drivers\etc folder.
A New Windows Updater	X	w32NTupdt.exe	Added by W32.Mytob.BM WORM!
a-squared	U	a2guard.exe	a-Squared antitrojan - can be run on demand, but necessary in Startup, if you prefer the a� 'Background Guard' real time protection feature
a-winpoet-service	Y	winpppoverethernet.exe	WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
A1000 Settings Utility	U	cpqa1000.exe	Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
A4Proxy	U	A4Proxy.exe	Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites
A70F6A1D-0195-42a2-934C-D8AC0F7C08EB	X	rundll32.exe E6F1873B.DLL,D9EBC318C	BrowserAid/Startium parasite related
AAACLEAN	?	AAACLEAN.INF	??
AAAKeyboard	?	??	??
AAATraySaver	N	TraySaver.exe	System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
AAK	U	aak.exe	Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
Aaou	X	amee.exe	PurityScan/Clickspring adware
Aapp	X	adprot	AdBlaster adware
aauclient	?	ACNUpdater.exe	Appears to be related to software from Accenture.com - what does it do and is it required?
ab EazyScheduler	?	ezsched.exe	??
ABBYY Community Agent	N	CAGENT.EXE	Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
ABC	X	keylogger.exe	Monitors keystrokes so you can check if someone has typed anything while your away from your PC. Reported as spyware by SpyCop in their FAQ
abcdefgh	X	abcdefgh.exe	Malware - detected by Panda antivirus as the DOWNLOADER.EPJ TROJAN!
ABITEQ	N	abiteq.exe	Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds.
Absolute Shield	U	dseraser.exe	Absolute Shield/Evidence Eliminator - iternet history eraser
Absolute StartUp monitor	U	ASMon.exe	Absolute Startup - startup monitor from F-Group Software
ABsr	X	absr.exe	Added by the AUTOUPDER VIRUS!
absr	X	mwsvm.exe	SeekSeek search hijacker related - as seen here
abtu	X	mp3serch.exe	Loads the executable for Lop.com. mp3serch.exe is the final version whilst lopsearch.exe is the beta version
abtu	X	lopsearch.exe	Loads the executable for LOP adware - mp3serch.exe is the final version whilst lopsearch.exe is the beta version
AbyssWebServer	U	abyssws.exe	Abyss web server
AcBtnMgr_Xxx	Y	AcBtnMgr_Xxx.exe	Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
acc	U	acc.exe	Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"
ACCDEFRAGINFO	X	(path to file)	Added by the W32/Darby-O WORM!
Accelerate	U	accelerate.exe	Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
Access Ramp Monitor	N	armon32.exe	Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
Access WebControl	X	[path to file]	Added by the TROJ/PPDOOR-M TROJAN!
AccessManager	U	AccessMgr.exe	Part of SmartPipes SecureSite software - "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
AccessMedia P2P Loader	X	amp2pl.exe	My AccessMedia toolbar related, stealth installed!
AccessoriesPlus	U	clockplus.exe	"Clock Plus", part of Accessories_Plus allows you to select from dozens of alternatives for the Windows clock.
AccessRamp Monitor01	N	ARMon32a.exe	From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
AccessRampLAN01	N	ARUpld32.exe	Version of the above for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
AcctMgr	U	AcctMgr.exe	Norton� Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities�all from the safety of your own PC
AccuWeather.com� Desktop	N	??	Desktop weather from AccuWeather.com
accwizz.exe	X	accwizz.exe	Added by the W32.Ruland.A WORM!
accwizzz.exe	X	accwizzz.exe	Added by the W32.Ruland.A WORM!
Acecad.Wtxpload	Y	Wtxpload.exe Acecad	driver for an AceCad USB Graphics Tablet
AceGain LiveUpdate	N	LiveUpdate.exe	AceGain_LiveUpdate . "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences."
AcerGoto	U	AcerGoto.exe	Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer.
AcerNotebookManager	U	almxptray.exe	System Tray access on some Acer Notebooks to give faster access to system settings
AcerPowerkey	U	Powerkey.exe	PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn F3
Aceu	X	[random file name]	PurityScan/Clickspring adware
AceUtils	N	au.exe	Related to Ace Utilities from Acelogix_Software Note: this is NOT to be confused with the au.exe used by the BEAGLE.B worm!
AClntUsr	U	AClntUsr.exe	Altiris AClient Service Windows Tray Icon
Acme.PCHButton	N	pchbutton.exe	Used by HP Instant Support
ACMonitor_Xxx	Y	ACMonitor_Xxx.exe	Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
acocash	X	fastdown.exe, fastfown.exe	Adult content dialler
Acombo3dmouse	U	Acombo3d.exe	Mouse driver - required if you use non-standard Windows driver features
Aconti	X	aconti.exe	Adult content dialler
acoustic	U	acoustic.exe	Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained
acpart	N	agpart11.exe	Program for finding trucks on-line
Acrobat Assistant	U	ACROTRAY.EXE	Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation
Acronis Scheduler2 Service	U	schedhlp.exe	Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images
Acronis True Image Monitor	N	TrueImageMonitor.exe	Part of Acronis_True_Image - backup software. Can be disabled without affecting TrueImage
Acronis TrueImage Monitor	N	TrueImageMonitor.exe	Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage
AcronisTrueImage Monitor	N	TrueImageMonitor.exe	Part of Acronis_True_Image - backup software. Can be disabled without affecting TrueImage
Action Manager 32	N	am32.exe	Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
ActionAgent	?	actionagent.exe	"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?
Activation	N	Activation.exe	Part of Microsoft Money
Activboard	U	MMKeybd.exe	Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
Active Bit Station	X	abs.exe	Added by the W32.MYTOB.BZ WORM!
Active Email Monitor	U	aem25.exe	Active_Email_Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email.
Active shield	U	Activeshield.exe	Active_Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses["
ActiveDesktop	X	systray32.exe	Added by the DABOOM VIRUS!
ACTIVEDS	X	ACTIVEDS.EXE	Added by the OPASERV.T VIRUS!
ActiveEyes	N	ActiveEyes.exe	ActiveEyes from TFI Technology
ActiveMenu	U	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
ActivePlus	U	activeplus.exe	Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)
ActiveShield	Y	MCVSSHLD.EXE	McAfee VirusScan On-line. See also McAgentExe entry.
ActiveSpeed	U	AS.exe	Ascentive ActiveSpeed Internet Optimizer
ActiveX Streamer	X	msgfix.exe	Added by the SDBOT.NQ WORM!
ActiveXUpdate	X	svcss.exe	Added by a variant of the DEDLER.C TROJAN!
Activity	U	actik.exe	ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!
ActivSurf	N	backweb*****.exe	Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
ActMaker	U	ActMak25.exe	The ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer.
ACU	U	ACU.exe	Atheros wireless Client Utility For HP Compaq
ACU_QSB	U	ACU.exe	Atheros wireless Client Utility For HP Compaq
Ad Blocker	U	blocker.exe	Ad Blocker - blocks popups, and also removes banners, image ads and flash ads
Ad Blocker Pro	U	Ad Blocker Pro.exe	"Ad Away" popup and banner remover
Ad Muncher	U	AdMunch.exe	Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
Ad Online Guide	?	adonlineguide.exe	??
Ad-aware	N	Ad-aware.exe	Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
Ad-Aware	X	Ad-Aware.exe	Added by the W32/Rbot-ADJ Worm!
Ad-Aware-6	X	WINDOWSUPDATER.EXE	Added by an unidentified WORM or TROJAN!
Ad-Muncher	U	ADMUNCH.EXE	Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
Ad-watch	U	Ad-watch.exe	Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
AD2KClient	U	AD2KClient.exe	Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip� disk. Required if you wish the applications to launch on insertion of a disk
Adaptec DirectCD	N	Directcd.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
AdaptecDirectCD	N	Directcd.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
AdAware	X	wini.exe	Added by the W32/RBOT-XN WORM!
Adaware Bootup	N	ad-aware.exe	Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
Adaware lptt01 or Adaware ml097e	X	adaware.exe	Variant of the RapidBlaster parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Lavasoft Adaware
Add*.exe ( = random char)	X	Add*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Add*32.exe ( = random char)	X	Add*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log.
AddClass	X	(Path to Trojan)	Added by the Troj/SecDl-A TROJAN!
AdDelete	U	AdDelete.exe	Banner advertisment blocker
AdDestroyer	X	AdDestroyer.exe	Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code
ADG	?	ADG.exe	SoundBlaster Audigy related?
ADGJdet	N	ADGJDet.exe	Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Adiras	Y	Adiras.exe	ADSL USB modem related
ADM Library Loader	X	admlib32.exe	Added by a variant of the SDBOT WORM!
Admanager Controller	X	AdManCtl.exe	WindUpdates ADW_WINAD.M adware
Admilli Service	X	AdmilliServ.exe	WindUpdates AdmilliServ adware
Administrator	X	svchost.scr	Added by the Backdoor.Novacal TROJAN! Note: This trojan file is found in the Windows\Fonts or Winnt\Fonts folder.
AdminSoft	X	sysfile.vbs	Added by the VBS/STARGRUB-A WORM!
Adobe	X	Adobe.exe	Added by an unidentified VIRUS!
Adobe	X	sysconfig.exe	Added by an unidentified WORM or TROJAN!
Adobe	X	sysbat32.exe	Added by the TROJ_LOWZONES.T TROJAN!
adobe	X	gam.exe	Added by an unidentified WORM or TROJAN!
Adobe	X	zteam.exe	Added by an unidentified TROJAN!
Adobe Acrobat Distiller Application	X	acrotray.exe	Added by the W32.RANDEX.DFJ WORM!
Adobe Acrobat Reader CFG	X	[random file name]	Added by a variant of the WIN32.RBOT WORM!
Adobe Gamma Loader	U	Adobe Gamma Loader.exe	Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
Adobe Photoshop 7.0	X	AdobePhotoshop.exe	Added by a variant of the W32/SDBOT WORM! - NOTE: Do NOT confuse with the Adobe photo editing software of the same name!
Adobe Reader Speed Lauch	N	reader_sl.exe	Speeds up the lauch of Adobe (Acrobat) Reader 7
Adobe Reader Speed Lauch	N	READER~1.EXE	Speeds up the lauch of Adobe (Acrobat) Reader 7
Adobe Reader Speed Launch	N	reader_sl.exe	Speeds up the time it takes to load the Adobe_Reader application. Your choice, but not required for Adobe Reader to function properly
AdobeA	X	adobes.exe	Added by the FLOOD.BA VIRUS!
AdobeFonts	X	fonts.hta	Browser hijacker - redirecting to Hugesearch.net
AdobeReaderPro	X	msnxpsp.exe	Added by the W32/Rbot-ASK or W32/Rbot-AUS WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder
AdobeReaderPro	X	ntkernell32.exe	Added by W32/RBOT-ATY WORM!
AdobeVersionCue	N	VersionCueTray.exe	"An exclusive feature of the Adobe(r) Creative Suite, Version_ Cue(tm) helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
Adope File Manager	X	lsasv.exe	Added by an unidentified WORM or TROJAN!
adp	X	adp.exe	Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
AdPopup	X	dcf5678.exe	Added by the Troj/Agent-FZ TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
adprot	X	adprot.exe	AdBlaster adware variant
ADQuickAccess	N	Adtray.exe	After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
AdRoarUpdate	X	ARUpdate.exe	AdRoar adware updater
AdRotator.Application	X	csrss.exe	AdRotator adware variant - Note - do NOT be confuse with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, located in the Winnt\System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
AdRotator.Application	X	services.exe	Added by FakeMessage/AdRotator adware - NOTE - this file is placed in a Winnt\System32\Inetserv or Windows\System32\Inetsrv folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
ADService	U	ADService.exe	Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip� disk. Required if you wish the applications to launch on insertion of a disk
AdsGone	U	Adsgone.exe	AdsGone - pop-up stopper
ADSL Diagnostic Tools	N	mapiicon.exe	System tray access to ADSL modem diagnostic tools. Available via Start -> Programs
ADSLSYSTEMTRAY	?	SystemtrayV100B.exe	Apparently Annex A ADSL modem related - what does it do and is it required?
AdslTaskBar	Y	rundll32.exe stmctrl.dll, TaskBar	ISP software, initializes DSL modem
AdslTaskBars	X	taskmng.exe	Added by the W32/Rbot-AXZ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ADSL_A2	?	A2Installed	Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?
ADSS	Y	ADSS.exe	ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
adstartup	X	automove.exe	Adlogix adware variant
adstartup	X	Adstartup.exe	Adlogix adware
AdStatus Service	X	AdStatServ.exe	WindUpdates AdStatus_Service adware
AdSubtract	U	adsub.exe	AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs
adtech2005	X	adtech2005.exe	Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus.
Adtools Service	X	AdTools.exe	Windupdates Adware
AdultX	X	AdultX.exe	Adult content dialler and hijacker
Adult_Chat	X	Adult_Chat.exe	Adult content dialler
Adult_Chat1	X	Adult_Chat1.exe	Adult content dialler
AdUpdater	X	sysupudt.exe	Unidentified adware downloader/updater
ADUserMon	U	ADUserMon.exe	Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip� disk. Required if you wish the applications to launch on insertion of a disk
Advanced Internet Protocol	X	cerf.exe	W32.SpyBot worm variant
Advanced Protection System	X	advpsys.exe	Added by a variant of the WIN32.RBOT WORM!
Advanced Tool Checks	X	advchks.exe	Added by a variant of the WIN32.RBOT WORM!
Advanced Tools Check or ADVCHK	N	ADVCHK.EXE	Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Advanced Uninstaller PRO Installation Monitor	U	monitor.exe	Innovative Solutions The user can choose whether or not to monitor installs.
Advapi	X	Advapi.exe	Added by the NETDEVIL.12 (NetDevil 1.2) VIRUS!
Advertising Killer	U	Akiller.exe	AKiller - pop-up stopper
advmon32	X	advmon32.exe	Added by a Crypter.C trojan variant infection
Adware Agent	U	adware agent.exe	Adware Agent popup blocker
Adware Spy	N	AdwareSpy.exe	Adware remover - not recommended, see Rogue/Suspect_list
AdwareAlert	X	AdwareAlert.Exe	"Spyware remover" of dubious repute - see the SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites
Aeiwlsta.exe	?	Aeiwlsta.exe	IBM High Rate Wireless LAN Adapter driver. Is it required?
AELaunch	N	AELaunch.exe	Audio Applications Launcher for the Philips Acoustic Edge soundcard
AERVICESN	X	AERVICESN.exe	Added by the W32/RANDON-AO WORM!
AeXAgentLogon	N	AeXAgentActivate.exe	Altiris Agent transmits information about your machine for the purpose of asset management and deployment
AeXSWDUsr	?	AeXSWDUsr.exe	Altiris Express NS Client Manager software. Is it required?
AEZBProc	U	aptezbp.exe	IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
AFAFilter	U	windefault.exe	AFAFilter - internet filter software
Agent	N	Agent.exe	Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
Agent Browser	X	[random file name]	Added by the PPdoor.M-bdr backdoor TROJAN!
Agent Explorer	X	[random file name]	Unidentified adware
Agente	?	Remupd.exe	Part of Panda Antivirus Titanium. Is this an update reminder (guess because of the name), virus definition update reminder or something similar?
agentsvr	X	agentsvr.exe	Malware, detected by Kaspersky antivirus as AdWare.Monker.a - NOTE: do NOT confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder.
AgfaCLnk	U	AgfaCLnk.exe	For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
agp	X	agp32.exe	Added by the W32.Gaobot.SY worm
AGRSMMSG	Y	AGRSMMSG.exe	IBM AMR modem driver
AGSatellite	N	AGSatellite.exe	Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
AGSeyApp	X	AGSeyApp.exe	Added by the GoldenEye SPYWARE!
ahfpor and ahfprog	N	ahfp.exe	Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
AHNSD	U	AhnSD.exe	AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis
AHNUE	?	AHNUE.exe	??
AHQInit	N	ahqinit.exe	Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
Ahst	X	iebs.exe	PurityScan/Clickspring adware
Aica	X	tuaa.exe	PurityScan/Clickspring adware
Aida	X	ttuh.exe	PurityScan/Clickspring adware
Aida	X	eetu.exe	PurityScan/Clickspring adware
aiepk	U	aiepk2.exe	Another IE Popup Killer - pop-up stopper
AIM	N	aim.exe	AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs
AIM Instant Message Cookies	X	(random filename)	Added by the W32/RBOT-AFV WORM!
Aim Plugin	X	aimplugin.exe	Added by the W32/Guap-F WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Aim Quick Start	X	Aim.exe	Added by a W32/Forbot-BB worm infection
AIM reminder	X	AIM reminder.exe	Added by the BUDDY VIRUS!
AIM95 Startup	X	aim95.exe	Added by the AGOBOT.AEE WORM!
aimaol lptt01 or aimaol ml097e	X	aimaol.exe	Variant of the RapidBlaster parasite (in a "Aimaol" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
aimb.exe	U	aimb.exe	IMSufSentinel is a Spyware program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it.
AimingClick	N	AimingClick.exe	AimingClick from AimingTech. Web searching tool. Available via Start -> Programs
AIMster	N	??	Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
AIMWDInstall	N	AIMWDInstall.exe	WildTangent on-line games installer as part of AOL Instant Messenger. Note that Wild Tanget's privacy policy used to state they also collect and share individuals information, but that is no longer the case
Aiptek Graphics Tablet (USB)	Y	atwtusb.exe	USB interface for Aiptek Graphics Tablet (USB)
aircity	X	aircity.exe	Related to "Prutect" malware from e2Give
AKEYNAME	X	WinServ.exe	Added by the EVILBOT.C TROJAN!
AKiller	U	akiller.exe	BuyPin Advertising Killer - popup killer
ala.exe	U	ala.exe	Access_Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer.
Alarm Manager	U	Alarm.app.exe	Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop
AlarmWatcher	?	AlarmWatcher.exe	Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?
Album Fast Start	N	ABMTSR.EXE	Scanner software, not required for scanner to work
AlcFDMonitor	?	ALCFDRTM.EXE	RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
ALCFDRTM16	?	ALCFDRTM16.com	RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
Alchem	X	Alchem.exe	Transponder parasite updater/installer
alcmtr	X	ALCMTR.EXE	Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
Alcohol or Alcohol Autorun	U	Alcohol.exe	Alcohol 120% - CD/DVD emulation/writing/copying software
Alcom PCL Capture	?	FMW_PCAP.EXE	??
AlcWzrd	N	ALCWZRD.EXE	RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one.
AlcxMonitor	X	Alcxmntr.exe	Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
aldefr ere service	X	tay0x.exe	Added by the W32/RBOT-XS WORM!
Alevir	X	Alevir.exe	Added by the OPASERV.A VIRUS!
Alevir	X	Alevir.exe	Added by the OPASERV.F or OPASERV.G VIRUSES!
AlevirOld	X	(worm filename)	Added by the OPASERV.G VIRUS!
Alexa	N	Alexa.exe?	Alexa Toolbar"is a downloadable toolbar that helps you navigate the Internet as you surf, by instantly providing you with related information about the site you're viewing". Available via Start -> Programs
alexa	U	alexa.exe	Related to Alexa Note: COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, AND, WITH VERSIONS 5.0 AND HIGHER, THE PRODUCTS YOU PURCHASE ONLINE WHILE USING THE TOOLBAR SERVICE. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy_Policy Not Recommended.
ALFY Accellerator	?	AlfyAC~1.exe	??
ALG.EXE	X	iexplorer .exe	Added by the W32/DEMOTRY-B WORM!
ALG32	X	ALG32.EXE	Added by the StartPage.K TROJAN!
ALGU	X	ALGU.EXE	Added by the TROJ/CWS-I TROJAN!
Alias SketchBook Snapshot	N	ALIASS~2.EXE	Screen-capture utility for Alias Sketchbook
AlienAutopsy	N	Test_BS.exe	Alienware computer technical support software
ALiSndMgr	Y	ALiSndMg.exe	ALi AC97 Sound driver
AliUSBfix	?	GREENMK.exe	May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?
Alive SYstem	X	scchost.exe	Added by the Troj/Tofdrop-B TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Alive SYstem	X	scchostc.exe	Added by the Troj/Tofdrop-B TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
alkasr	X	��.exe	Added by the BALKART VIRUS
All Aboard Status	U	stswin.exe	All Aboard! Internet Connection Sharing status icon
All Sea screen saver	X	TaskTray.exe	"Free screensaver", installs lots of foistware. See here. Get rid of it
All Sea web link	X	FWLink.exe	"Free screensaver", installs lots of foistware. See here. Get rid of it
AllerCalc	N	AllerCalc.exe	AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually.
AllSeeingEye	U	ase.exe	All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions."
allSnap	U	allSnap.exe	"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
Alogrithm Link Queue	X	alq.exe	Added by a variant of the W32/SDBOT WORM!
Alogserv	U	Alogserv.exe	From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
ALPass	U	ALPass.exe	ALPass password manager
Alps Electric USB Server	Y	Monserv.exe	Alps Electric USB Server - required according to this article
AlpsPoint	U	Apoint.exe	Touchpad software for laptop PC\'s. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
ALServ	?	ALServ.exe	Altec Lansing AMS speaker related. What does it do and is it required?
Altnet	N	points manager.exe	Altnet TopSearch adware
Altnet Points Manager	N	points manager.exe	Altnet TopSearch adware
AltnetPointsManager	X	points manager.exe	Altnet TopSearch adware
AltoMB_service	U	AltoMBsrv.exe	Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management
ALUAlert	U	ALUNotify.exe	Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
Aluria Security Center	N	SecurityCenter.exe	Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
Aluria's Pop-Up Stopper	U	eps.exe	Aluria Pop-Stopper
Aluria's Spyware Eliminator	N	ASE.exe	Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
AlwaysOnTopMaker	U	AlwaysOnTopMaker.exe	Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop
AmazingTens	X	AmazingTens.exe	Premium rate adult content dialer
America Online . Tray Icon	N	aoltray.exe	Puts AOL icon in System Tray (. denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
AME_CSA	N	rundll32 amecsa.cpl, RUN_DLL	Loads ADSL modem Control Panel applet
AModemLockDown	U	ModemLockDown.exe start	ModemLockDown allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
Amon	Y	AMON.EXE	Monitoring part of Eset's NOD32 virus-scanner
Amonitor	Y	amon.exe	Tiny Personal Firewall
AMP WinOFF	U	winoff.exe	WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way."
AMSN	U	amsn.exe	aMSN P2P client - can be started manually
anbv32	X	nabv32.exe	Added by the TITOG.C VIRUS!
ANIWZCS2Service	Y	WZCSLDR2.exe	ALPHA_Networks wireless driver
ANIWZCSService	?	WZCSLDR.exe	D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
AnnotateCheck	?	AnnCheck.exe	Genius Wizard Pen Tablet driver related. Is it required?
Announcements	N	Annclist.exe	MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Anntext	N	Anntext.exe	Caere Pagekeeper text annotation server
Anonymizer Total Net Shield	U	AnonTns.exe	Anonymizer Total_Net_Shield
ANONYMIZER_SPYWAREKILLER	U	SpyWareKiller.exe	Anonymizer Spyware Killer; see here
ANONYMIZER_SPYWAREKILLER	U	AnonAntiSpyware.exe	Anonymizer Spyware Killer; see here
Another Internet Explorer Popup Killer	U	aiepk.exe	Another IE Popup Killer - pop-up stopper
ansjava	X	(Path to mIRC application)	Added by the W32/Randon-AN Worm!
Anskya	X	PYSKY.NET.exe	Added by the TROJ/DLOADER-MW TROJAN!
Answer Problem	X	dSAFsqs.exe	Added by the W32/SDBOT-SC WORM!
Anti	X	Isass.exe	Added by the WIN32.BROPIA.K WORM!
Anti Spam Service	X	spamsvc.exe	Added by the W32/Mytob-BK Worm!
Anti Trojan Elite	U	TJEnder.exe	Anti_Trojan_Elite trojan remover
Anti-keylogger check	U	antikey.exe	Anti-keylogger - protects against keylogger programs monitoring your keystrokes
Anti-Spyware Blocker	X	Anti-Virus.exe	Anti-Spyware Blocker by Your-Soft , bogus "Spyware remover" - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "anti-spyware blocker"
Anti-Trojan-Watch	U	ATWatch.exe	Anti-Trojan Watch - trojan detector
Anti-Virus Product Sync	X	[AN UNPRINTABLE CHARACTER][3 CHARACTERS]log.exe	Added by the W32.Kedebe.D WORM!
Anti-Virus Update Scheduler	X	[various file names]	Added by a variant of the HEPLANE or STAPREW.B TROJANS! - different file names have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
Anti-Virus Update Scheduler	X	winsp3.exe	Malware - detected by Kaspersky antivirus as TrojanProxy.Agent.fp - A Proxy Trojan is a backdoor which allows a remote hacker to connect to other systems via the compromised system.
Anti-Virus Update Scheduler V1.39.12R	X	[various file names]	Added by the HEPLANE or STAPREW.B TROJANS! - different file names have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
antidialer.co.uk	U	Dialer_Watcher.exe	Dialer_Watcher is an application that allows you to detect Dialers on your computer.
AntiPopUp	U	AntiPopUp.exe	AntiPopUp for IE - pop-up stopper
AntiVir XP	Y	AVwin.exe	AntiVir antivirus
Antivirus	X	av.exe	Added by the SINKIN VIRUS! Resets IE start page to realphx.com
Antivirus	X	maja.exe	Added by the W32.NETSKY.H WORM!
Antivirus	X	iexpl0res.exe	Added by an unidentified WORM or TROJAN!
AntiVirus	X	kaspery.exe	Added by a variant of the WIN32.RBOT WORM!
Antivirus Installer	X	(Pathname of the Trojan executable)	Added by the Troj/Badgent-A Trojan!
antivirus32	X	antivirus.exe	Added by the W32.Spybot.KAI WORM!
AntivirusGold	X	AntivirusGold.exe	Malware masquerading as an antivirus - also installs the Winnook TROJAN!
AntiVirusProtection	?	qumk.exe	??
antiware	X	elite***32.exe	Added by the Troj/Dloader-HW TROJAN!
AntiWindowsMessenger	U	AntiMsMsg.exe	Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory.
anti_troj	X	anti_troj.exe	Added by the Lodear.D TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
AnVir	Y	AnVir.exe	AnVir Task Manager - protects computer against viruses and manages running processes and startup files
anvshell	U	anvshell.exe	System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
anycom bluetooth	?	ftflauncher.exe	Associated with an Anycom bluetooth wireless card. What does it do and is it required?
AnyDVD	N	AnyDVD.exe	AnyDVD is a driver, which descrambles DVD-Movies automatically in the background. This DVD appears unprotected and region code free for all applications and the Windows operating system as well
AO Tray or AOTray	N	AOTray.Exe	System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
AOL 9.0 Optimized	X	AOLClient.exe	Added by the Backdoor.Spyboter.A TROJAN!
AOL 9.0 Optimized	X	AOLClient.exe	Added by the Backdoor.Spyboter.gen TROJAN!
AOL Broadband Check-Up	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
AOL Companion	N	companion.exe	Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use.
Aol Configuration Loader	X	aimsng.exe	Added by the W32/SDBOT-XE WORM!
AOL Fast Start	?	AOL.exe	AOL ISP software related - what does it do and is it required?
AOL Instant Messanger	X	aim.exe	Added by the W32/Sdbot-YT Worm!
AOL Instant Messengar	X	aol.exe	Added by the W32/AGOBOT-FN WORM!
AOL Instant Messenger	?	AlM.EXE	That is an L between the A and M, the start up location is wrong for AIM. what does this relate to?
Aol Instant Messenger	X	aolmsg.exe	Added by W32.Kelvir.AL WORM!
AOL Instant Messenger 7.213	X	aim9283.exe	Added by the W32/Sdbot-ZF Worm!
AOL Instant Messenger dll runtime	X	MSAOL32dll.exe	Added by the W32/Rbot-ATA WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Aol Instant Messenger Fix	X	aolfix.exe	Added by the W32/Sdbot-ABJ WORM!
AOL Messenger	X	TGRCNLUD.EXE, random file names	Unidentified worm or trojan
AOL Messenger	X	aolmsngr.exe	Added by the W32/SDBOT-JF WORM!
AOL Services Hosts	X	aolserviceshosts.exe	Added by an unidentified WORM or TROJAN!
AOL Spyware Protection	U	AOLSP Scheduler.exe	AOL's spyware protection program
AOL TopSpeedMonitor	U	aoltsmon.exe	AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up.
AolAcsDaemon1	U	Acsd.exe	AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
AolAcsDaemon1	Y	AOLACSD.EXE	AOLacsd.exe is a part of the AOL Internet Software and relates to the connection driver, essential to Internet connection. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems
AOLCC	?	ACCAgnt.exe	AOL ISP software related, file located in a "AOL Computer Check-Up" folder - what does it do and is it required?
AolCon	X	config.com	Added by the TAPLAK VIRUS!
AOLDialer	N	AOLDial.exe	AOL ISP software dialer; can be activated through a desktop shortcut
AolFix	N	AolFix.exe	Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once
Aornum	X	aornum.exe	Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware
APC UPS Status	Y	Display.exe	APC PowerChute Personal Edition status icon
APC_SERVICE	U	mainserv.exe	PowerChute� Personal Edition - "safe system shutdown software with sophisticated power management functions"
apc_tray	Y	apc_tray.exe	Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
APD123	X	APD123.exe	PacerD_Media/Pacimedia.com adware component
Api*.exe ( = random char)	X	Api*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Api*32.exe ( = random char)	X	Api*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
API32	X	api32.exe	Added by the IRCBOT-B TROJAN!
APIClass	X	lexplore_.exe	Added by the Troj/MSNOpt-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
APIMon	X	apimonx.exe	Added by the TIBSER.A downloader TROJAN!
APIMon	X	winapix.exe	Added by a variant of the TIBSER.A downloader TROJAN!
APIMon	X	msreg.exe	Added by the TROJ_DROPPER.Z TROJAN!
apisvc.exe	X	apisvc.exe	Added by a variant of the Lamebot TROJAN!
APL	U	APL.exe	Sage_Software's_ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application.
Apmsrv9x	?	APMSRV9X.EXE	Intel AnyPoint Wireless II Home Network related. What does it do and is it required?
Apoint	U	Apoint.exe	Touchpad software for laptop PC\'s. For instance it is found on the Panasonic machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
App*32.exe ( = random char)	X	App*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
App*exe ( = random char)	X	App*exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
App.EXEName	X	(path to worm)\.exe	Added by the BODIRU VIRUS!
App32dll	X	msnavc32.exe	VX2 adware related
Appcon	U	vAppCon.exe	Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established
appconn	X	appconn.exe	Added by the CARGAO trojan
AppExtender	U	AppExtCB.exe	Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received
appis.exe	X	appis.exe	Added by the AGENT-BC TROJAN!
Application	Y	mdmsetsp.exe	Aztech Labs modem driver
Application Explorer	U	Naldesk.exe	Novell Zenworks Application Explorer Executable; "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."
Application Layer Gateway Service	X	algs.exe	Added by the W32.LINKBOT.M WORM!
AppPlus	U	AppPlus.exe	AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
Apvxd or Apvxdwin	Y	APVXDWIN.EXE	Part of Panda Anti-Virus. Required to enable permanent virus protection
Apwheel	Y	Apwheel.exe	Wheel support for an Alps mouse
apyginapygin	X	simenu.exe	Added by the SDBOT.BTR WORM!
AQ3HelperStartUp	X	AQ3HEL~1.EXE	ScreenScenes "Aquatica Water Worlds" screensaver. Comes with GAIN spyware
aqadcup	X	aqadcup.exe	Backdoor.Agent.bg worm
Aqujyjax	X	aqujyjax.exe	Added by the W32/SDBOT-YC WORM!
Aqujyjax	X	[path to file]	Added by the TROJ/RANCK-CQ TROJAN!
ara-key	X		Added by the ANTINNY VIRUS! where <random> is a random program name with random characters
Archive	X	archive.exe	Adware - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Centim.a
ARCHIVE CONTROL	X	fixupdattr.exe	Added by the W32.MYTOB.GU WORM!
ARCSolo Recovery	N	N/A	Backup software by Computer Associates - no longer supported
ares	N	ares.exe	Ares is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
areslite	N	AresLite.exe	Ares Lite Edition is "a Windows program that enables peer-to-peer file-sharing on the Ares P2P network. As a member of the P2P community you can search and download any file shared by other users. You can meet new friends in Ares chatrooms while you download"
Aritima	X	aritima.exe	Added by the ARITIMA VIRUS!
Artera	U	arteraui.exe	Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance
AS00_Gear511	?	Gear511.exe	Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. is it at all required?
AS00_WPN511	?	WPN511.exe	NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?
ASDPLUGIN	X	fullgames.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	canada.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	france.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	uk_nm.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	dbaccess.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	geaccess.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	netherlands.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	belgium_nm.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	dsldbaccess.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	adult1.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	Finland.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	Austria.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	100171be.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	Xadult1.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	czech.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	100176br.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	dslgeaccess.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	mexico.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	turkey.exe	AsdPlug premium rate adult content dialer variant
ASDPLUGIN	X	temp532.exe	AsdPlug premium rate adult content dialer variant
asdx	X	xwinrpc32.exe	Added by the AGOBOT.VO WORM!
ASE Scheduler	N	ASE Scheduler.exe	Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
Ashampoo PopUpBlocker	U	PopUpKiller.exe	Ashampoo popup blocker, part of Privacy Protector Plus; see here
ashAvast	Y	ashAvast.exe	Part of Avast antivirus
ASHLT	X	Ashlt.exe	Ashlt adware
ashMaiSv	Y	ashmaisv.exe	Part of Avast! anti-virus software
AsioReg	U	regsvr32.exe ctasio.dll	ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
ASK	U	rundll32.exe [path] ASK.dll rdl	Added by the StealthKeylog surveillance software. Uninstall this software unless you put it there yourself.
asl	X	Aslru.exe	Added by the TROJ/BANCOS-CU TROJAN!
Asmw Soft Popups Burner	U	popups burner.exe	Popup blocker, part of Asmw Soft PC_Optimizer
ASP.NET State Service	X	csrss.exe	Added by the TROJ/DLOADER-QI TROJAN! NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
ASP.NET State Service	X	crsass.exe	Added by the Troj/Banload-M TROJAN! Note: This is not the legitimate Windows process crss.exe (Notice the difference in the spelling.) This trojan file (crsass.exe) is found in the Windows or Winnt folder.
ASP.NET State Service	X	servicos..exe	Added by the Troj/Dadobra-I TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
asp4tray	N	asp4tray.exe	System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
AspireTimeMachine	Y	acertmb.exe	System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
assistse	X	ASSISTSE.EXE	CnsMin (Chinese_Keywords) related
AST	X	AST	Added by the WIN32.VB.AH TROJAN!
AST	X	AST.exe	AutoStarter parasite
ASTART	U	astart.exe	ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
AStart	X	AStart	Added by the WIN32.VB.AH TROJAN!
asTray	N	Astray.exe	Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer
Astro	N	Astro.exe	Checks for updates to Quicken on a system reboot
ASUS Live Update	N	ALU.exe	ASUS Live Update utility - reportedly not required
ASUS Probe	N	AsusProb.exe	ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
ASUS SmartDoctor	U	VGAProbe.exe	ASUS video card fan/thermal monitor
ASUS TweakEnable	U	astart.exe	Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
ASUSKey	N	V38SHELL.EXE	System tray Icon for quickly changing video modes
asustweakenable	U	ATweak.exe	Asus Tweaking Utility - for fine tuning the settings of your ASUS display card
ASWDP	N	ASWDP.exe	MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
ASWnk	X	aswnk.exe	Adult content dialler
AT&T DSL Service PCA Program	?	dslpca.exe	AT&T DSL related - what does it do and is it required?
AT-Watch	U	ATWatch.exe	Anti-Trojan Watch - trojan detector
atapidrv	X	atapidrv.exe	Added by the W32/AGOBOT-SL WORM!
Athan	U	Athan.exe	Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world.
ATI CATALYST	N	CLI.exe	System Tray access to ATI's CATALYST� CONTROL CENTER. Note that this has "SystemTray" appended to CLE.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
ATI CATALYST System Tray	N	CLI.exe SystemTray	System Tray access to ATI's CATALYST� CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
Ati Control Panel	X	atiphexx.exe	Added by a SDBOT.CC worm infection
ATI DeviceDetect	N	ATIDtct.EXE	This utility was meant for future use of the ATI TV WONDER� USB 2.0 video driver and can be disabled.
ATI GART Set-up Utility	N	Atigart.exe	Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
ATI Launchpad	U	launchpd.exe	Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
ATI Rage3d Pro	X	AtiRage4dPro.exe	Added by the W32/AGOBOT-OG WORM!
ATI Remote Control	Y	ATIRW.exe	Driver for the ATI_REMOTE_WONDER_(tm) RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
ATI Remote Control	Y	ATIX10.exe	Driver for the ATI_REMOTE_WONDER_(tm) RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
ATI Scheduler	N	Atisched.exe	Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
ATI Task Application	N	Atitkad.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
ATI Task Application (Atikey)	N	Atitask.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
ATI Technology Startup	X	techstart.exe	Added by the W32/Rbot-AEU Worm!
ATI VIDEO REGKEY	X	ati2vid.exe	Added by the SDBOT.UR WORM!
Ati2cwxx	?	Ati2cwxx.exe	For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it
Ati2mdxx	N	Ati2mdxx.exe	For ATI video cards. System Tray access to display mode changing
ATICCC	N	CLI.exe	System Tray access to ATI's CATALYST� CONTROL CENTER. Note that this has "SystemTray" appended to CLE.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
ATICCC	U	cli.exe runtime	ATI's CATALYST(tm) CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. If not you can start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime
AtiCpanel	X	atiphexx.exe	Added by a AGOBOT.IL worm infection
aticpaxx.exe	X	aticpaxx.exe	Added by the W32/RBOT-XP WORM!
AtiCwd or AtiCwd32	U	AtiCwd.exe AtiCwd32.exe Ati2cwad.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
AtiDisplayDrv	X	atidrvxx.exe	Added by the W32/RBOT-VZ WORM!
atidriver	X	reaIplayer.exe	Added by W32/WarPigs-E WORM!
AtiKey	N	Atikey32.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
AtiKey	N	atiptkad.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
Atikey	N	Atitask.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
ATIModeChange	U	Ati2mdxx.exe	System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
atipatxx	X	atipatxx.exe	Added by the TROJ/SMALL-ED TROJAN!
ATIPOLAB	U	ati2evae.exe	ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
ATIPOLAB or ATIPOLL	U	ati2evxx.exe	ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
AtiPTA or AtiPTAAA or atiptaxx	U	Ati2ptxx.exe, Atiptaxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
atiptext	X	atiptext.exe	Added by the COSIAM-A TROJAN!
AtiQiPcl	U	AtiQiPcl.exe	Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
ATISmart	U	ati2s9ag.exe	ATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings
AtiSound	U	csrss.exe	Added by the WinSpy surveillance software. Uninstall this software unless you put it there yourself - NOTE - this file is placed in a %System%\ComRoot folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
atisrc2	X	windfind.exe	Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), mmxrun (msosa.exe) and RegCompres (REGCPM32.EXE), otherwise they return
ATITech	X	Active.exe	Added by the Troj/Roamer-A TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
atitray or AtiTrayTools	N	atitray.exe	ATI Tray Tool - allows quick access to ATI graphics card settings
atiupdate	X	ATIUPDATE5.EXE, msupdateQ*******.exe ( = random digit)	Added by the DEBESKI.A VIRUS!
atiupdate	X	msshed32.exe	Added by the DELF.EP downloader TROJAN!
ATIUpdater	X	atiupdxx.exe	Added by the W32/RBOT-ABX WORM!
Atiupdpl	X	atiupdpl.exe	Added by the TROJ_SMALL.AOS TROJAN!
ativopen	X	ativopen.exe	Premium rate adult material dialer
ATIX10	U	atix10.exe	ATI Remote Wonder - PC wireless remote control
Atl*.exe ( = random char)	X	Atl*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Atl*32.exe ( = random char)	X	Atl*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
ATM Control	X	adpn.exe	Added by the MMS.A VIRUS!
ATnotes	N	atnotes.exe	Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
Atomic-x27	X	Atomic-x27.exe	Added by the W32/Katomik-A WORM!
Atomic-x27C	X	AtomicpartC.exe	Added by the W32/Katomik-A WORM!
Atomic.exe	U	Atomic.exe	Atomic_Clock_Sync synchronizes your computer's time with the NIST time server.
Atomica	N	atomica.exe	Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
AtomicTime	U	ATOMICTIME.EXE	AtomicTime - utility that synchronizes your PC clock to an atomic clock
Atrack	U	atrack.exe	New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
Atray	U	Atray.exe	Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons
ATSpooler	U	AppsTraka.exe	Added by the AppsTraka surveillance software. Uninstall this software unless you put it there yourself.
ATTBroadbandUpdate	U	SAUpdate.exe	Big Brother from Quest Software. System and network monitor
ATTRedUpdate	U	AutoUpdate.exe	Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
AttuneClientEngine	X	attune_ce.exe	"Attune is a revolutionary service that provides you with targeted Intelligram messages to help you avoid common computer problems. Attune may also let you know when you need a specific product, service, or upgrade to optimise the use of your computer". Not required - treated as adware
AttuneContentUpdater	X	attune_cu.exe	Related to the above. All needed for the program to do its job properly
AttuneDiscovery	X	attune_di.exe	Related to the above. All needed for the program to do its job properly
AttuneSystray	X	attune_st.exe	Related to the above. All needed for the program to do its job properly
aTuner	N	atuner.exe	aTuner - tweak tool for GeForce based graphics cards
atwtusb	Y	atwtusb.exe	USB interface for Aiptek Graphics Tablet (USB)
AtxBrw	X	Iexplor.exe	"Pop Marketing" adware
AU Agent	U	AUagent.exe	Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
au.exe	X	au.exe	Added as the result of the BEAGLE.B WORM!
AUCBPNP	Y	aucbnpn.exe	Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
Aucompat	X	Aucompat.exe	Added by the GEMA TROJAN!
Audcntr	X	audcntr.exe	Added by the WIN32.GEMA TROJAN!
AudCtrl	?	RunDll32 AudCtrl.dll, RCMonitor	Audio control panel?
AUDIO	X	SOUND.exe	Added by the Dial/Ployb-A TROJAN!
Audiocntl	X	audiocntl.exe	Added by a Crypter.C trojan variant infection
AudioDeck	N	ADeck.exe	ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items.
Audiodrv	X	audiodrv.exe	Added by the CRYPTER-C TROJAN!
AudioHQ	N	Ahqtb.exe	For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
audioinf	X	audioinf.exe	Added by a Crypter.C trojan variant infection
AUNPS2	X	RUNDLL32 AUNPS2.DLL,_Run@16	AlwaysUpdatedNews.com parasite related - More_information
aupd	X	symcsvc.exe	Added by the ABWIZ.D TROJAN!
aupd	X	sysvcs.exe	Added by the ABWIZ.C TROJAN!
aupd	X	symcsvc.exe	Added by the Troj/Orse-H TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Aureal A3D Interactive Audio	Y	sa3dsrv.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Aureal A3D Interactive Audio Init	Y	A3dInit.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
ausvc	X	ausvc.exe	Added by the AUTOUPDER VIRUS!
Auth Starter Ident	X	startauth.exe	Added by the W32/RBOT-WP WORM!
AuthConsoleStart	U	AuthStart.exe	Security Manager - part of a ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private.
authz	X	authz.exe	unidentified virus
Auto CD-ROM Startup	X	cdaccess.exe	Added by the SPYBOT.BLA WORM!
auto repair system	X	qualityx.exe	Unidentified worm, probably a W32.SpyBot variant
Auto Switch	U	TASKBAR.exe	Related to 2-port Bitronics AutoSwitch kit from Belkin
Auto T Bar or autotbar	N	autotbar.exe	If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled
Auto updat	X	SysDebug.exe	Added by a W32/Forbot-BA worm infection
Auto updat	X	crsrs.exe	Added by the W32/FORBOT-BP WORM!
Auto Updat	X	WindowsSys32.exe	Added by a variant of the W32/FORBOT WORM!
Auto updat	X	crsrs.exe	Added by the W32/FORBOT-BP WORM!
Auto updat	X	crcss.exe	Added by the SDBOT.AAG WORM!
Auto updat, various other names	X	crsrs.exe	Added by a W32/Forbot-AK worm infection
Auto Update	X	AUP.exe	Added by an unididentified WORM or TROJAN!
Auto Update	X	svchost.exe	Added by the TROJ/DUMARDL-A TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Auto Update	X	dma.exe	Added by the W32/Rbot-AVO WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Auto Updates	X	svchost.exe	Added by the Troj/Cheuko-A TROJAN!
Auto WinUpdate	X	taskmrg.exe	Added by the W32/Rbot-AFA Worm!
Autobar	U	autobar.exe	Connect buttons on the keyboard for internet direct access, etc. on HP computers
AutoCAD Startup Accelerator	U	acstart16.exe	Preloads some libraries that are used by AutoCAD in order to make the software load faster
autoclk	Y	autoclk.exe	Sagem Modem driver. Installed and required on systems running Windows 98 or ME
AutoEA	N	Ahqrun.exe	For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
AUTOEXE	X	AUTOEXE.exe	Added by the W32/SEMAPI-A WORM
AutoInsQyule	X	QyuleInstall.exe	Added by the Troj/Dloader-ZM TROJAN!
Autoloaderaproposclient	X	Apropos_Client_Loader.exe	AproposMedia adware
Autoloaderaproposclient	X	cxtpls_loader.exe	AproposMedia adware
AutoLoaderEnvoloAutoUpdater	X	auto_update_loader.exe	Envolo/AproposMedia adware updater
AutoMate Task Service	N	automate.exe	Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs
Automatic Defrag Manager	X	defrag.exe	Added by the W32/Rbot-AKE WORM!
Automatic Microsoft Windows Updater	X	suchost.exe	Added by the W32/RBOT-EQ WORM!
Automatic Windows Updater	X	Update.exe	Added by the GAOBOT.AO WORM!
Automatically launches the United Devices Age	N	UD.EXE	The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start -> Programs
Autopdate	X	Autopdate.exe	Added by the W32/Rbot-AGL WORM!
AUTOPROP	N	REGPROP.EXE, WMPADDIN.DLL	Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
AUTOPROTECTU	X	navapq32.exe	Added by an unidentified WORM or TROJAN!
autorepair	X	dexs.exe	Added by a variant of the W32/SDBOT WORM!
AutoShutdown	?	pssvc.exe	Utility to fix vCard Export in MS Outlook 2000 - although why are these together?
AutoSizer	U	AUTOSIZER.EXE	AutoSizer - utility that automatically maximizes windows when they're opened
AutoSpell 5	N	ASWATC32.EXE	AutoSpell - spell checker
AutoTKit	N	AUTOTKIT.EXE	On HP PC\'s. Unclear what purpose it serves - but there\'s a known issue with Internet Explorer Toolbar settings not being saved with it enabled
autoupd	N	autoupd.exe	Raxco Software Auto Update utility."Used to keep your software up-to-date"
autoupd	X	autoupd.exe	VIRUS! - found in a folder of the same name
autoupdate	X	WINUP2DATE.DLL,SHStart	Unidentified adware - detected by Panda antivirus as Trj/Clicker.CY
autoupdate	X	rundll32 [path] SUPDATE.DLL,SHStart	Added by a variant of the QOOLOGIC TROJAN!
autoupdate	X	rundll32 [path] DATADX.DLL,SHStart	Added by a variant of the QOOLOGIC TROJAN!
Autoupdate Service	X	kaka.exe	Added by the TROJ/SYMPE-B TROJAN!
AutoUpdater	X	aupdate.exe	Aupdate, Tinybar variant. Spyware
AutoUpdater	X	AutoUpdate.exe	PeopleonPage foistware
autoupdatev2	X	autoupdatev2.exe	Reported by Kaspersky Anti-Virus as Clicker.Win32.Agent.fq TROJAN!
autoupdatev2	X	(Path of Executable)	Added by the Troj/Dropper-BM TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
AutoVirusProtection	X	ciscv.exe	Added by a variant of the WIN32.RBOT WORM!
auto__antiav__key	X	antiav_exe.exe	Added by the Lodav.A TROJAN!
auto__hloader__key	X	hloader_exe.exe	Added by the following TROJANS: BAGLE.AB - Troj/BagleDL-W - Troj/BagleDL-Y - Troj/BagleDl-Z
aux.exe	X	aux.exe	Added by the BACKDOOR.ZINS TROJAN!
auxAudioDevice	X	aux32.exe	Added by the W32/Zusha-C WORM!
AUXXTRAY	N	au30setp.exe	System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
AV	X	UPDATE-28062004.exe(25 blank spaces).vbs	Added by the MIDFIN WORM!
AV UpDate	X	Update.exe	Added by theTROJ/FUROOT-A TROJAN!
Avast!	Y	ashserv.exe	Avast! anti-virus software
avast!	Y	ashDisp.exe	Part of Avast! anti-virus software
avast! Web Scanner	Y	Ashwebsv.exe	Avast! antivirus
Avast32	Y	Astart32.exe	Part of Avast! anti-virus software
avc	X	avmon.exe	Added by an unidentified TROJAN!
AvconsoleEXE	U	Avconsol.exe	From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
AveoAttune	X	atmdlusr.exe	Related to AttuneClientEngine above
AvG	X	svchost323.exe	Added by the W32/RBOT-ZA WORM!
AVG Grisoft Updater	X	updater.exe	Added by the W32/AGOBOT-OT WORM!
AVG7_AMSVR	Y	Avgamsvr.exe	AVG antivirus related
AVG7_CC	Y	AVGCC.exe	AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
AVG7_EMC	Y	AVGEMC.exe	AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
AVG7_Run	Y	avgw.exe	Part of AVG Anti-Virus 7.0
avgamsvr.exe	Y	Avgamsvr.exe	AVG antivirus related
AVGCtrl	Y	AVGCTRL.EXE	Background task of the AntiVir antivirus program which scans files transparently in the background
AVGCtrl	Y	AVGNT.EXE	Background task of the AntiVir antivirus program which scans files transparently in the background
avgmsvr.exe	Y	avgmsvr.exe	Required for AVG Anti-Virus 7.0 to function
Avgserv9.exe	Y	Avgserv9.exe	Background monitoring program for AVG anti-virus
AVGuard	Y	AVGNT.EXE	Background task of the AntiVir antivirus program which scans files transparently in the background
AVGuard	Y	AVGUARD.EXE	Background task of the AntiVir antivirus program which scans files transparently in the background
AVG_CC or avgcc32	Y	avgcc32.exe	AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
AVG_EMC	Y	AVGEMC.exe	AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
AVG_RegCleaner	Y	AVGREGCL.exe	AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
avidrv	X	drvsc.exe	Detected as the Trojan-Downloader.Win32.Agent.ph TROJAN! by Kaspersky Anti-Virus. Note: No URL available at this time.
Avimgt	X	Avimgt.exe	Added by the GEMA TROJAN!
Avimgt32	X	Avimgt32.exe	Added by the GEMA TROJAN!
avinit	Y	AVINIT9X.EXE	Command antivirus related
AVK Mail Checker	Y	AVKPop.exe	eXtendia AVK AntiVirus email checker
AVKBar	Y	AVKBar.exe	GData AntiVirusKit Anti-virus
AvMaiSrv	Y	Avmaisrv.exe	Avast32 anti-virus - E-mail scanner
avnort	X	msmbw.exe	Added by the W32.Serflog.A WORM!
avnort	X	formatsys.exe	Added by the W32.Serflog.A WORM!
avnort	X	serbw.exe	Added by the W32.Serflog.A WORM!
AVP	X	(Path to trojan EXE)	Added by the Troj/Mutbo-A TROJAN!
avpcc	Y	avpcc.exe	Kaspersky Labs anti-virus
avpm	Y	avpm.exe	Kaspersky antivirus
Avpr	X	avpr.exe	Added by the W32.Mydoom.AF WORM!
Avril Lavigne - Muse	X	(random filename)	Added by the AVRIL-A VIRUS!
AVSCHED32	Y	AVSched32.exe	AntiVir anti-virus from H BDEV
AVSchedScan	Y	SCHSC9X.EXE	Command antivirus related
AvSer	X	sysup.exe	Added by the W32.Serflog.B WORM!
AvSer	X	svosm.exe	Added by the W32.Serflog.B WORM!
AvSer	X	msmpatch.exe	Added by the W32.Serflog.B WORM!
AvSer	X	dsm.exe	Added by the W32.Serflog.B WORM
avserve.exe	X	avserve.exe	Added by the SASSER VIRUS!
avserve2.exe	X	avserve2.exe	Added by the SASSER.B or SASSER.C VIRUSES!
avserve3.exe	X	avserve3.exe	Added by the SASSER.G worm
Avtray	U	Avtray.exe	Command_Antivirus tray icon - NOTE: do NOT confuse with the rogue WinAntivirus startup/process as described here
AVTray	X	AVTray.exe	WinAntivirus : a bogus, stealth installed "Spyware remover" - see the SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites - NOTE: do NOT confuse with the legitimate Command Antivirus startup/process as described here
AVWUpd32	U	AVWUPD32.EXE	AntiVir updater. Useful, but can be run manually
avx communicator	Y	xcommsur.exe	Anti-virus part of BitDefender virus scanner/firewall
Avxlive	Y	avxlive.exe	Bullguard or BitDefender antivirus
avxlni	Y	avxinit.exe	Anti-virus part of BitDefender virus scanner/firewall
AWatch	U	Awatch.exe	Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products.
awhost32	N	awhost32.exe	Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
AWMON	U	Ad-Watch.exe	Part of Lavasoft Ad-aware SE Plus and Pro - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
AWMON	U	Ad-Monitor.exe	F-Secure_Anti-Spyware
AWUSGSTA.exe	?	AWUSGSTA.exe	Reportedly related to a USB Wifi Adapter - is it required at startup?
awxDTools	U	awxDTools.dll,awxRegisterDll	AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools. (i.e.: .cue, .iso, *.ccd ...)
AxFilter	X	Rundll32 AXFILTER.DLL, Rundll32	CnsMin (Chinese_Keywords) related
azmodem	Y	azexe.exe	Aztech_Labs modem driver
a�	U	a2guard.exe	a-Squared antitrojan - can be run on demand, but necessary in Startup, if you prefer the a� 'Background Guard' real time protection feature
B'sCLiP	N	BSCLIP.exe	CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
B.Reader	N	remin.exe	Birthday Reminder 5.0 - as the name implies
b3d	X	BDEsecureinstall.exe	B3d Projector - installed along with the KaZaA file sharing utility. Causes a program called "ZUPDATE.EXE" to periodically try to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\Windows\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
b3dUpdate	X	Zupdate.exe	Same as above but not installed via KaZaA
b9	U	B9.exe	FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
b99	X	msmm.exe	ClientMan parasite variant
babeie	X	rundll32 cnbabe.dll, dllstartup	CommonName Toolbar spyware. To uninstall see here
Babylon Client	N	Babylon.exe	Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
Babylon Translator	N	Babylon.exe	"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
Back Updates	X	Uninstall.log.vbs	Added by the VBS.YPSAN.D WORM!
Backdoor.NuAgent	X	agent.exe	Added by the AGENT-DP TROJAN!
Background Intelligent Transfer Service	X	rundll32.exe	Added by the TROJ/VB-ZD TROJAN! - Note: this file is located in the C:\Windows\help folder, and is not to be confused with the legitimate rundll32.exe file!
BackgroundSwitcher	U	bgswitch.exe	Background Switcher Powertoy. Included with the last beta version of the XP Powertoys. Whenever a user right clicked his desktop and chose properties he could see a new tab which allowed him to enable a "Desktop Slide Show." This would automatically change the Windows Desktop at an interval specified by the user. Available here
Backpack UDF	N	bpudfmon.exe	Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
Backup Service	X	backup.svc	Unidentified adware
BackupExecScheduler	U	besch.exe	Veritas "Back Up My PC" software
BackupNotify	?	backupnotify.exe	HP Digital Imaging related. What does it do and is it required?
BackWeb	N	backweb.exe	Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs
Backwork	N	Backwork.exe	Backwork trojan detector
BACPI10	U	bacpi10a.exe	Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
BacsTray	N	BacsTray.exe	Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
BADDATE	X	BADDATE.EXE	Added by an unidentified VIRUS!
BagleAV	X	csrss.exe	Added by the W32.NETSKY.AB WORM! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
Bakra	X	IEHost.EXE	IEDriver adware variant
Bakra	X	IEHost.exe	Added by the Troj/Multidr-AH TROJAN!
Band-Aid	X	(path to file)	Added by the BACKDOOR.RANKY.O TROJAN!
Bandook	X	ali.exe	Added by the TROJ/EXEMAS-B TROJAN!
Banpopup by Pratik	U	Banpopup.exe	Banpopup - popup killer
Bar Ding lolt	X	Analiz.exe	Added by the RBOT-RP WORM!
bargains	X	bargains.exe, bargainbuddy.exe	Bargain Buddy - advertising spyware installed with Net2Phone & LimeWire amongst others. Some further information here
Bart Station	?	station.sbrt	Related to PeoplePC ISP. May be a dialler for dial-up accounts?
bascstray	N	BascsTray.exe	Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
Bat	X	secure2.bat	Added by the ZCREW.C VIRUS!
Batchreg1	N	N/A	Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here
BatInfEx	U	rundll32.exe	Displays battery status information on an IBM Thinkpad
Battery Scope	U	batmgr.exe	Monitors battery levels on a notebook/laptop PC
BatteryBar	U	batterybar.exe	BatteryBar - displays battery usage, and the current percentage of battery power left
BatzBack	X	BatzBack.scr	Added by the BACKZAT VIRUS!
BAUSB	U	BAUSB.exe	Boston Acoustics Audio, USB driver
bawindo	X	bawindo.exe	Added by the BEAGLE.AR WORM!
bawindo	X	bawindo.exe	Added by the W32.BEAGLE.AU WORM!
BayMgr	U	DockApp.exe	Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices
Bayswap	U	bayswap.exe	Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
Bayswap2	U	TbUpdate.exe	Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
BBC News alerts	U	skinkers.exe	BBC News Desktop Alerts service; see here - The BBC News desktop alert and breaking news e-mail services let you find out about all the latest news as it happens.
bbSysTray	N	bbSysTray.exe	Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
bbui	U	bbui.exe	AOL DSL status monitor displaying a red/green icon indicating if you have a connection
bca	U	bca.exe	BeClean Agent - registry, history, temp files, etc cleaner
BCDetect	U	bcdetect.exe	Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
BCMDMMSG	Y	bcmdmmsg.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
BCMHal	U	rundll32.exe bcmhal9x.dll, bcinit	BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
BCMSMMSG	Y	BCMSMMSG.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
bcmwltry	?	bcmwltry.exe	Broadcom Corporation Wireless Network Tray Applet.Is it required?
bcnswSX	X	(path to file)	Added by a Ranck-AJ trojan infection
BCNT	N	bcnt.exe	AWS Weatherbug related. What does it do?
BCPC	X	bcpc.exe	BroadcastPC adware variant
bcpc_c	X	bcpc_c.exe	BroadcastPC adware variant
BCTweak	U	bctweak.exe	BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
Bcvsrv32	X	bcvsrv32.exe	Added by the W32/AGOBOT-TD WORM!
BCWipeTM	N	bcwipetm.exe	BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
BD	X	dc.exe	Added by the Troj/Rasdoor-A TROJAN!
BDMCon	Y	Bdmcon.exe	Either BitDefender or BullGuard antivirus
BDNewsAgent	Y	bdnagent.exe	BitDefender antivirus - updater
BDOESRV	Y	bdoesrv.exe	Bitdefender 8 antivirus and firewall
BDSwitchAgent	Y	bdswitch.exe	Bitdefender 8 antivirus and firewall
BearShare	N	bearshare.exe	BearShare file sharing client. Versions known to include spyware - see here
BeatNik Internet Clock	U	BeatNik.exe	BeatNik_Internet_Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with the atomic clock.
Beegees Update	X	beegees.exe	Added by the W32/Sdbot-ADK WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
BeFaster	U	befaster3.exe	BeFaster internet connection optimization tool
Belkin PCMCIA WLAN Monitor	N	monitorbk.exe	Belkin USB Network Adapter Management utility - can be started manually
BelNotify	U	[path] NPBelv32.dll,RunDll32_BelNotify	BelTech enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service.
Belsta.exe	?	Belsta.exe	Configuration tool for Belkin wireless network cards. Required to change the card�s configuration. Is it required for correct operation once the confuiguration is changed?
Belt	X	Belt.exe	Transponder parasite updater/installer
Benadril Alert Tool	X	benadrilalert.exe	Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
BestPopUpKiller	N	BestPopupKiller.exe	Popup killer by Swanksoft - not recommended, see Rouge/Suspect_list
BeSys	X	[path to the adware program]	Added by BeSys ADWARE!
bg	Y	bullguard.exe	Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
BGInfo	U	Bginfo.exe	BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more.
BGNewsAgent	Y	bgnewsag.exe	BullGuard antivirus updater
bgsmsnd	N	bgsmsnd.exe	Printer driver to generate PDF files from any program
BHOCop	N	BHOCop.exe	ZDNet's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware
BHODemon 2.0	U	BHODemon.exe	BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!" If you prefer forgoing resident protection, the application can also be run on demand.
BI1HelperStartUp	U	BI1HEL~1.EXE	Beach_Islands Screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...
BIE	X	Rundll32.exe BDSrHook.dll, Rundll32	BDplugin parasite
BigDogPath	?	VM_STI.EXE	Bundled with some software for digital cameras that use a USB connection. - what does it do and is it required?
bigfix	N	BIGFIX.EXE	BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet� Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
BigPond Toolbar	U	bpumTray.exe	Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
BigPondCable	N	bpcable.exe	Telstra Bigpond Cable login software. Can be started manually.
Billminder	N	Billmind.exe	Can be setup in Quicken to remind user of due payments. Available via Start -> Programs
bin32hpu	X	ppstub.exe	PrecisionPop adware
bingdian	X	Bingdian.vbs	Added by the BINGD VIRUS!
Bingo Charm	?	charms.exe	Some kind of screen icon kind of like desk flag, but it gives you a choice of icons?
Bios	X	Bios32.exe	Added by an unidentified VIURS!
BIOS XP Loader	X	[random file name]	Added by the W32/RBOT-IC, ~http://www.sophos.com/virusinfo/analyses/w32rbotic.html WORM!
BIOS1	X	BIOS1.EXE	Added by the OPASERV.T VIRUS!
BIOVCIP	?	BIOVCIP.exe	??
BitComet	N	BitComet.exe	BitComet P2P client - can be launched from Start Menu > Programs
BitDefender Antivirus	X	BITDEFENDERX.EXE	Added by a variant of the W32.SPYBOT WORM!
BitDefender Communicator	Y	xcommsvr.exe	BitDefender antivirus
BitDefender for MSN Messenger	U	msnmon.exe	Bitdefender anti-virus for MSN Messenger. Unless you have MSN Messenger running all the time start it manually
BitDefender for Yahoo! Messenger	U	yahmon.exe	BitDefender Antivirus for Yahoo! Messenger - free AV add-on for Yahoo! Messenger
BitDefender Live! Init	Y	bdinit.exe	BitDefender antivirus
BitDefender Scan Server	Y	bdss.exe	BitDefender antivirus
BitDefender Virus Shield	Y	vsserv.exe	BitDefender antivirus
bitdefenderlive	Y	avxlive.exe	Main program of BitDefender virus scanner/firewall
BitDefender_P2P_Startup	U	BitDefender_P2P_Startup.exe	Bitdefender anti-virus for file transfers via internet messaging clients such as ICQ and MSN Messenger. Unless you have these running all the time start it manually
BitWare Print Monitor	N	bwprnmon.exe	FaxServe network fax software
BJ Printer Status Monitor	N	Cjstsr.exe	Canon BJ printer status monitor
BJ Status Monitor 5xx	N	CJSTRxx.EXE	Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
bjcfd	N	CFD.exe	BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
BlackICE PC Protection or BlackIce Utility	N	blackice.exe	Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - \'(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.\' See also LoadBlackD
blah service	X	winupdate.exe	Add by the GAOBOT.BIA WORM!
blah service	X	winsysengine.exe	Added by a W32/Rbot-KI worm infection
blah service	X	smnp.exe	Added by the RBOT.IZ WORM!
blah service	X	internet.exe	Added by a variant of the WIN32.RBOT WORM!
blah service	X	msnmsgrr.exe	Added by the RBOT.PZ WORM!
blah service	X	tazkmgr.exe	Added by the RBOT.UA WORM!
blah service	X	FaLeH.exe	Added by the W32/Rbot-AES Worm!
blah service	X	microsoft.exe	Added by a variant of the WIN32.RBOT WORM!
Blah service	X	CCAPPS32.EXE	Added by the RBOT.TV WORM!
blah service	X	evosys.exe	Added by a variant of the WIN32.RBOT WORM!
blah service	X	win32.exe	Added by the W32/Rbot-AXO WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
blahh service	X	msengine.exe	Added by a variant of the WIN32.RBOT WORM!
blahx service	X	msnjompa.exe	Added by the SDBOT.AML WORM!
BlazeChanger	N	FBZPaper.exe	Ember graphic file viewer, manager, and touch-up system
bldbubg	N	bldbubg.exe	Part of Dell Alerts which provides customers with an update on latest updates for his/her system
Bles	X	bles.exe	Added by the TROJ/BLESH-A TROJAN!
blinkx	U	blinkx.exe	Blinkx_Desktop "Smart Folders" software
BLMessagingIntegration	X	blengine.exe	BuddyLinks adware
BlockAds	U	blads.exe	A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
BlockChecker	X	Block-checker.exe	BlockChecker adware
Blocker System611 Monitoring	X	PopUpBlocker611.exe	Added by the RBOT.BLJ WORM!
BlockTracker	N	BlockTracker.exe	If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
blsloader	U	blsloader.exe	BellSouth ISP Internet_Tools
blss	X	blss.exe	Added by the Backdoor.Blarul TROJAN!
BLSTAPP	N	blstapp.exe	Puts access to Creative's BlasterControl in the System Tray
Blubster	N	Blubster.exe	Related to Blubster Music sharing service.
bluestart	X	rraut.exe	Added by the VB.GY.2 downloader TROJAN!
BlueToothAuthentication Agent	U	rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent	Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup.
BluetoothAuthenticationAgent	U	rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent	Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate.
Blueyonder Instant Support Tool	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
BMail Installation	N	FTP_back.exe	Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
BMan	X	BMan1.exe	Abcsearch.com/DealHelper adware variant
BMMGAG	U	Rundll32 PWRMONIT.DLL, StartPwrMonitor	Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
BMMLREF	U	BMMLREF.EXE	Battery Manager for IBM ThinkPad laptops
BMO MasterCard Wallet	U	EWALLET.EXE	The wallet conveniently stores billing, shipping and payment information on your PC
BMupdate	N	BMupdate.exe	Related to BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
BMZ	X	bmz.exe	nCase adware
Bndt32	X	Bndt32.exe	Added by the LACON VIRUS!
Bnexe	X	(random filename)	Added by the KITRO.D (or ARGEN.A) VIRUS!
BO1HelperStartUp	U	BO1HEL~1.EXE	ScreenScenes Butterfly_Oasis screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...
BO1HelperStartUp	U	Bo1helper.exe	ScreenScenes Butterfly_Oasis screen saver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...
Boarddata	X	[path] repcale.exe [path] palsp.exe	Added by a variant of the RANDON.AN WORM!
BOC412	Y	BOC412.exe	Version 4.12 of NSClean's BOClean anti-trojan software
BOCleanautostart	Y	Boclean.exe	NSClean's BOClean anti-trojan software
bombshel	U	BOMB32.EXE	Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
Bonzi Buddy	X	??	Spyware - read here for information and here for removal instructions
boo	X	boo.exe	Adware downloader - detected by Kaspersky antivirus as Trojan.Win32.Favadd.o
BookedSpace	X	bs2.dll,DllRun	Adware, related to the Remanent parasite
BookmarkCentral	N	BMLauncher.exe	Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"
Boost XP Service	U	bxservice.exe	Boost XP from Systweak - WinXP tweaking utility
boot	X	boot.exe	Added by the Troj/Puppet-A Trojan!
Boot Manager	X	Njgal.exe	Added by the KILO VIRUS!
Boot Manager	X	bootmng.exe	Added by a variant of the W32.SPYBOT WORM!
BootCfg	X	Install.log.vbs	Added by the VBS.YPSAN.D WORM!
BootCTRL	X	bootctrl.exe	Added by an unidentified WORM or TROJAN!
BootLoader	X	BootLoader.exe.vbs	Added by the WATERWORKS VIRUS!
bootpd.exe	X	bootpd.exe	Hijacker - recognized by Kaspersky antivirus as Trojan.Win32.StartPage.vk
bootpd.exe	X	bootpd.exe	Added by the Troj/Agent-DT Trojan!
BootsCfg	X	Date.POP.vbs	Added by the VBS.KUULLIO WORM!
BootsCfg	X	wscript.exe [path] All Users.vbs	Added by the VBS.SPILTRON WORM!
BootsCfg	X	wscript.exe [path] All Users.vbe	Added by the VBS.SPILTRON WORM!
BootsCfg	X	wscript.exe[path] Install.log.vbs	Added by the VBS.YPSAN.E WORM!
BootSkin Startup Jobs	U	BootSkin.exe	Stardock_BootSkin is a program that allows users to change their Windows 2000 and Windows XP boot screens, free for non-commercial use.
BootStatus	U	BOOTST~1.EXE	Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources
BootWarn	U	BootWarn.exe	From here : "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from �Start \ Programs \ Norton AntiVirus�. If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab � it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages."
boot_reg	X	[path to file]	Added by the TROJ/BANCBAN-CA TROJAN!
Bose Wave/PC Monitor	N	wavepcmonitor.exe	System Tray access for this system (more info on the system here). Available via Start -> Programs
BossIdea	X	winlogin.exe	Added by the TROJ/LINEAGE-I TROJAN!
Boston	?	Boston.exe	Part of the Boston Acoustics USB speaker systems. - What does it do and is it required?
Bot Loader	X	svchostt.exe	Added by the W32.GAOBOT.ALV WORM!
Bouncer RunStartup	X	bouncer.exe	VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs
Bouncer RunStartup	X	LiveUpdate.exe	VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs
boy lovers of bsd	X	ilikeboys.exe	Added by the MYTOB.LY WORM!
bpcpost.exe	U	bpcpost.exe	MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
BPCv2	X	BPCv2.exe	BroadcastPC adware
BPCv2_re	X	bpc2_re_inst.exe	BroadcastPC adware variant
BPK	U	bpk.exe, nvsr32.exe	Blazing Tools Perfect Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
BPServer	N	G6FTPSrv.exe	BulletProof FTP Server
BPT	X	bpt.exe	BroadcastPC adware
BQTray.exe	U	BQTray.exe	System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
Brasil	X	Brasil.exe	Added by the OPASERV.E VIRUS!
Brasil	X	BRASIL.PIF	Added by the OPASERV.E VIRUS!
BrasilOld	X	(worm filename)	Added by the OPASERV.P VIRUS!
Brct	X	trdb.exe	Reported as Win32.PurityScan.y TROJAN! by Kaspersky Anti-Virus. Class: Trojan-Downloader. Note: Lowers Internet Explorer security settings and downloads unwanted files.
Break_Reminder	U	BREAK REMINDER.exe	Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here
Breg	X	bcre.exe	BroadcastPC adware variant
Breg	X	breg.exe	BroadcastPC adware variant
Breg	X	bptre.exe	BroadcastPC adware variant
Bridge	X	rundll32.exe ...Bridge.dll	Flingstone.com browser hijacker
Brindys BriTray	Y	BRITRAY.EXE	Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired
BrmfRmPA	U	BrmfRmPA.exe	Brother resource manager - needed for a Brother MFC printer/copier/scanner and PC to properly communicate
Broadband Wizard	N	bbwiz.exe	Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs
Bron-Spizaetus	X	CVT.exe	Added by the W32.Rontokbro WORM! Note: This worm\trojan file is found in the Windows\PIF or Winnt\PIF folder.
Bron-Spizaetus	X	norBtok.exe	Added by the RONTOKBRO.B WORM!
Bron-Spizaetus	X	ElnorB.exe	Added by the RONTOKBRO.D WORM!
Bron-Spizaetus	X	bronstab.exe	Added by the RONTOKBRO.C WORM!
Bron-Spizaetus	X	sempalong.exe	Added by the W32/Brontok-E WORM! Note: This worm\trojan file is found in the Windows\ShellNew or Winnt\ShellNew folder.
Bron-Spizaetus	X	eksplorasi.exe	Added by the RONTOKBRO.J WORM!
Bron-Spizaetus	X	[path to file]	Added by W32/Brontok-F WORM!
BrowseProxy	N	FindService.exe	Actual Names - "It is now possible to enter a particular word or keyword phrase that is associated with your business, and immediately be directed to YOUR WEBSITE! The Actual Names technology can do this for you"
browser	X	msgaol.exe	Added by the WIN32.TACTSLAY.C TROJAN!
browser	X	s_menu.exe	Added by the WIN32.TACTSLAY.C TROJAN!
browser aid	X	browseraid.exe	BrowserAid/BrowserPal foistware
Browser Help Svc	X	BHSV.EXE	Added by the W32/Rbot-AVQ WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Browser Hijack Blaster	Y	bhblaster.exe	Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings
Browser Launcher	U	Commandr.exe	Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
Browser Pal	X	adblck.exe	BrowserAid/BrowserPal foistware
Browser Sentinel	U	BrowserSentinel.exe	Browser Sentinel. Notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page. See here
BrowserWebCheck	N	loadwc.exe	Checks to make sure that IE is still your default browser
BS Player	N	bsplayer.exe	BSplayer - A video player used to play avi, mpg, wmv and other multimedia files.
BsCLiP	N	BSCLIP.exe	CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
Bsoft lppt01	X	Bsoft.exe	New variant of the RapidBlaster parasite (in a "BelmontSoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Bsx3	X	Rundll32.exe bs3.dll, DllRun	BookedSpace parasite variant
BT	X	(Original Trojan filename)	Added by the Troj/Litebot-B TROJAN!
BT Broadband Help	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
BT00003(2 or 3 or 4)	X	hiklmnop27.exe	Added by the Troj/VB-VT TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
BT00003(5 or 6 or 7)	X	abcdefg23.exe	Added by the Troj/VB-VT TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
btinst	?	btinst.exe	Associated with an Anycom bluetooth wireless card. What does it do and is it required?
BTModemProtection	U	BTModemProtection.lnk	BT Privacy Online modem protection software, see here
BTSETBOOTKEY	?	BTSetBootKey.exe	Related to a USB Bluetooth adaptor - what does it do and is it required?
BtStart	U	btstart.exe	Broadcorp (formerly WIDCOMM) Bluetooth Connectivity Software
bttray	U	bttray.exe	System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device
BTUSRBDG	Y	BtUsrBdg.exe	Used with a Mitsumi_USB_Bluetooth adaptor (and maybe others)
BTUSRBDGF	Y	BtUsrBdg.exe	Used with a Mitsumi USB Bluetooth adaptor
BTV	X	btv.exe	BroadcastPC adware
Buddyizer	N	Buddyizer.exe	Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
bugwatcher service	U	bugwatcher.exe	Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures
BuildBU	N	bldbubg.exe	Part of Dell Alerts which provides customers with an update on latest updates for his/her system
BuildLab	X	winlogon.exe	Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process
BuildLabs	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
BuildLabs	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
Bulldog Service	U	upsd.exe	Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
BullGuard	Y	mgui.exe	Part of Bullguard antivirus
BullGuard Update	U	avxlive.exe	Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions
BullGuard XComm	Y	XCOMMSVR.EXE	Part of Bullguard antivirus
BullGuardInit	Y	AVXINIT.EXE	Part of Bullguard antivirus
BullguardoptIn	Y	bulldownload.exe	Part of Bullguard antivirus
BullsEye	X	bargains.exe	eXact Advertising BargainBuddy/Bullseye adware
BullsEye Network	X	bargains.exe	eXact Advertising BargainBuddy/Bullseye adware
BullsEye Tracker	?	BeTrack.exe	Bullseye - intelligent research assistant
Bunx	X	beagle.exe	Added by the W32/Lebreat-E WORM!
BurnQuick Queue	N	BQTray.exe	System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
Button Server	U	bttnserv.exe	Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required
ButtonKey	N	ButtonKey.exe	CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut
Buzme	N	Bmui.exe	Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
BuzMe	U	RCUI.exe	Display Client for the BuzMe Internet Call Waiting Service.
Buzof.exe	U	buzof.exe	Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"
bxsx5	X	RunDLL32.EXE bsx5.dll	BookedSpace parasite variant
bxxs5	X	RunDLL32.EXE bxxs5.dll, dllrun	BookedSpace parasite
Bymer.Scanner	X	Wininit.exe	Added by the BYMER WORM!
Bymer.Scanner	X	Msinit.exe	Added by the BYMER WORM!
c	X	c:\archiv~1\win.com	Added by the CUYDOC VIRUS!
C-Media Echo Control	U	EchoCtrl.exe	C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer
C-Media Mixer	N	Mixer.exe	C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
C2K	U	CYB2K.EXE	CYBERsitter 2000 or 2001 - anti-porn filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser
c32cs2	U	c32cs2.exe	Cyber_Sentinel Internet filtering software
C7	X	[name of worm]	Added by the W32.MEDIAKILL.A WORM!
C:\WINDOWS\IEXPLOR.EXE	X	IEXPLOR.EXE	"Pop Marketing" adware
C:\WINDOWS\VCMnet11.exe	X	VCMnet11.exe	"Windows AFA Internet Enhancement" - a browser hijacker, redirecting to adsourcecorp.com - see here
C:\WINDOWS\WinTask.exe	X	WinTask.exe	"Pop Marketing" adware
CA-AMAgent	U	amagent.exe	Unicenter_Asset_Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting.
CaAvTray	Y	CAVTray.exe	eTrust� EZ_Antivirus system tray application from Computer Associates
Cabchk	X	Cabchk.exe	Added by the GEMA TROJAN!
Cabchk32	X	Cabchk32.exe	Added by the GEMA TROJAN!
CABCInstall	X	CABCInstall.exe	CABC content delivery software
CacheBoost	U	trayicon.exe	CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"
CacheLoader	X	(path of filename)	Added by the Troj/Dloader-NZ TROJAN!
Cacheman	N	Cacheman.exe	Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up
CacheMgr	Y	CacheMgr.exe	Sophos Antivirus Remote Update
CACStarter	N	cacstart.exe	Cash A Check - check writing software
Caddais BackupOnDemand	U	BODMon.exe	Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"
Cadenza	U	CdzSvc.exe	Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices
CADS	U	cads.exe	Cyber Sentinel internet filtering software
CAgent	N	CAgent.exe	Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents
cAgOu	X	(filename).hta	Added by the KAKWORM VIRUS!
CahootWebcard	N	CahootWebcard.exe	"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed
CAISafe	Y	isafe.exe	Part of Computer Associates eTrust EZAntivirus
Cal Reminder Shortcut	N	calrem.exe	Produces a pop-up reminder of events scheduled using the MS Office Calendar
Calc Microsoft Windows	X	wincalc.exe	Added by an unidentied WORM or TROJAN!
CALC32	X	CALC32.EXE	Added by the W32/Spybot-EC WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Calendar 200X Reminder	N	calendar.exe	Calendar200X - shows holidays, reminders of various anniversaries,tasks etc
Calendarscope	U	cs.exe	Calendarscope calendar software
calk	X	calk.exe	Added by the TROJ/STARTPA-FH TROJAN!
CallBumping	?	cbpopw.exe	??
CallCenter Main Application	U	V3calmcp.exe	"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application
CallCenter Printer Interface	U	V3faxecp.exe	"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer
CallControl	N	ftctrl32.exe	FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
CamCheck	N	CamCheck.exe	NuCam camera software related
Cameno	U	Cameno.exe	Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above
Camera Detector	N	Camdetect.exe	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically.
Camera Detector	N	CAMDET~*.EXE	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically.
Camera Detector	N	DEVDET~*.EXE	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically.
Camio Viewer x	N	IXApplet.exe	Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version
CamMonitor	?	hpqcmon.exe	From HP and related to digital imaging
Canada	N	Canada.exe	Known to be a dialler - but is it maliscous or clean?
Canary	N	canary-std.exe	Canary monitoring program. Keylogger, monitors all computer activity
candy	X	command32.exe	Added by the W32/Rbot-LV WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
candynet	X	Taskmsg.exe	Added by the W32/Rbot-NA WORM!
Canon MultiPASS Status Monitor	U	monitr32.exe	Cannon Multi-Pass status monitor - your choice.
Canon PC1200 iC D600 iR1200G Status Window	?	CAPM1LAK.EXE	Cannon printer related - is it required in startup?
Canon Printer Monitor BJCxxx	N	Cjstlst.exe	Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs
CAP3ON	?	CAP3ONN.EXE	Canon driver, purpose unknown - is it required in startup?
Capfax	N	capfax.exe	PhoneTools fax software
Capon	Y	Capon.exe	Canon printer driver
Capon	Y	Caponn.exe	Canon printer driver
CaptionMgr32	X	crssr.exe	Added by the W32.ZAR.A WORM!
Capture Express 2000	N	capexp.exe	Capture Express - screen capture utility
Card Monitor	N	REGCNT09.exe	For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs
Care20	X	Care20.exe	TopMoxie adware
Care2GTU	U	Care2GTU.exe	Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it keep it
CARPserver	X	CARPserver.exe	Added by the TROJ/BANKER-AN TROJAN!
CARPservice	U	carpserv.exe	Associated with Zoltrix modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
cartao	X	[path to file]	Added by the TROJ/DLOADER-QD TROJAN!
cartao	X	conflicted.exe	Added by the TROJ/DADOBRA-DV TROJAN!
cartao	X	killing.exe	Added by the TROJ/DLOADER-QN TROJAN!
CAS Client	X	casclient.exe	CasinoClient adware
CasAgnt	U	CasAgnt.exe	Program by Extended Systems which allows you to sync your Casio PDA with your PC
Casdvqwa	X	bmqnzkg.exe	Added by the RANDEX.BE VIRUS!
caseyvideo	X	CaseyVideo.exe	malware causing p0rn popups
caseyvideo[] ( = digit)	X	caseyvideo[].exe ( = digit)	malware causing p0rn popups
CashBack	X	cashback.exe	eXact Advertising BargainBuddy/CashBack adware
CashFiesta	X	Cashfiesta.exe	CASHFIESTA.A pay-per-surf adware
Cashsurfers Cashbar Navigator	N	Cashbar.Exe	Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"
CashToolbar	X	CD_Load.exe	"CashToolbar" Downloader-MY TROJAN!
CashToolbar	X	svchost.exe	"CashToolbar" Downloader-MY TROJAN! - Note - this is NOT the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
Cassandra	X	cassandra.exe	Melkosoft_Cassandra adware - also detected as a variant of the WIN32.KREPPER TROJAN!
Cassandra and or Control handler	X	(10 to 14 random)THD.EXE	Added by the Troj/Krepper-AI Trojan!
CasStub	X	casstub.exe	Added by the Troj/Cass-A TROJAN!
CAVRID	Y	CAVRID.exe	eTrust� EZ_Antivirus Real Time Infection Report from Computer Associates
CAVS	Y	CAVS.exe	Cheyenne, ( now eTrust ) antivirus
CAZNOVAS	X	CAZNOVAS.exe	Added by the CAZNO VIRUS!
CBACK.EXE	X	CBACK.EXE	Added by the Troj/Penta-A TROJAN!
CBWAttn	U	CBWAttn.exe	Required for Bitware to answer incoming faxes, can cause sleep mode problems
CBWHost	U	CBWHost.exe	Required for Bitware to answer incoming faxes, can cause sleep mode problems
CBWUser	?	CBWDial.exe	Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop
CC2KUI	X	comet.exe	Comet Cursor - displays different mouse pointers dependent upon the site your visiting. Malware because it automatically installs. See here for more information and for the uninstall procedure
ccApp	Y	ccApp.exe	Part of Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this
ccApp	X	(random filename)	Added by the OBSORB VIRUS! Note the random filename compared to the valid Norton AntiVirus entry above
ccApp	X	WMADZ.EXE	Added by the W32/RBOT-LJ WORM!
ccApp	X	.EXE	Added by the W32/RBOT-LJ WORM!
ccApp	X	gcasServ.exe	Added by a variant of the WIN32.RBOT WORM! - do NOT confuse with the Microsoft AntiSpyware executable of the same name as described here
ccAppr	X	svcrhost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccAppr	X	outIook.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccAppr	X	expIorer.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccAppr	X	svcshost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccApps	X	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe) process
ccApps	X	winlogon.exe	Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process
ccApps	X	ccApps.exe	Added by the W32/KANGAROO-B WORM!
CCD Manager	U	DDS.EXE	Project Labs Century CD manager for their CD/DVD storage device
Ccdecode	N	rundll32.exe streamci, StreamingDeviceSetup	Part of the closed caption decdoder/MS VBI codec. Should only run once
CCDoctorLogonTesting	Y	ccdoctor.exe	Checks your system to make sure it's configured properly for running Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product
ccenter	Y	CCenter.exe	RAV AntiVirus
CcEvtMgr	Y	ccEvtMgr.exe	Part of Norton AntiVirus 2003.Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this
ccEvtMrg.exe	X	ccEvtMrg.exe	Added by the RBOT.GZ WORM!
ccExecute	X	bootcfg1.exe	Added by the W32/NEMSI-B VIRUS!
ccHelp	X	ccHelp.hta	"Searchq" adware
ccpApps	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
ccpApps	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
ccProxy	U	CCPROXY.EXE	Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage.
CcPxySvc	Y	CCPXYSVC.exe	Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall
ccreg	X	explorer.exe	Added by the ZCREW VIRUS! Note - this is not the valid explorer.exe
CcRegVfy	Y	ccRegVfy.exe	Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
ccRegVfY	X	svcrhost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccRegVfY	X	outIook.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccRegVfY	X	expIorer.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccRegVfY	X	svcshost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
ccSetMgr	Y	ccSetMgr.exe	Part of Norton AntiVirus 2004. What does it do?
ccsvit.exe	X	ccsvit.exe	Added by the Troj/StartPa-HP TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ccUpdate	X	ccUpdate.exe	Added by the AGOBOT.YS WORM!
ccWasher	U	aolwasher.exe	Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL
CCWC7a	U	ac.exe	Cache, Cookie & Windows Cleaner Ver. 7, Auto clean. Created by moleculesoft
CCWC7I	U	idxl.exe	Cache, Cookie & Windows Cleaner 7 created by moleculesoft.com
CCWC7s	U	stealth.exe	Cache, Cookie & Windows Cleaner 7, stealth mode. Created by moleculesoft
CD Storage Master	N	cdstorager.exe	CD_Storage_Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection.
cd1	X	cd1.exe	Premium rate adult content dialer
CDANTSRV	N	CDANTSRV.exe	C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually
Cdcompat	X	Cdcompat.exe	Added by the GEMA TROJAN!
cddrv32	X	cddrv32.exe	Added by a Crypter.C trojan variant infection
CDInterceptor	N	cdi.exe	CD indexer for measuring the speed of CD players
Cdrom Controller	X	cdromcntrl.exe	Added by the TROJ/BATTRY-A TROJAN!
cds	X	cds.exe	Added by the Backdoor.Spymon TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
CDTray	N	CDTray.exe	On HP PCs, this is the small CD icon next to the time
CeEKEY	?	CeEKey.exe	Toshiba Satellite E-Key related. Is it required?
CeEPOWER	U	cepmtray.exe	Toshiba\'s Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times
Ceic	?	Ceic.exe	??
Cekirge	X	(path to worm)	Added by the KERGEZ.A VIRUS!
center	X	[random name]32.exe	Added by the W32.BOFRA.A WORM!
CentralProcessor	X	taskimgr.exe	Added by the BANCOS.J VIRUS!
CEPA	?	wsot.exe	??
cesmain.dll	X	cmail.dll, Rundll32	CnsMin (Chinese_Keywords) related
CEventMgr	X	Cell.exe	Added by the Troj/Bifrose-AK TROJAN!
CFD	N	CFD.exe	BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
CFDStart	X	WinMuschi.exe	WINMUSCHI dialler
cfgboost	X	cfgboot.exe	Added by an unidentified WORM or TROJAN!
cfgintpr	Y	cfgintpr.exe	Configuration Interpreter - part of Tiny Personal Firewall V4
cfgmgr51	X	RunDLL32.EXE [path] cfgmgr51.dll,DllRun	BookedSpace adware variant
cfgmgr52	X	RunDLL32.EXE [path] cfgmgr52.dll,DllRun	BookedSpace adware variant
cfgwiz	N	cfgwiz.exe	Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
cFosDNT	?	cFosDNT.exe	cFos DSL Modem driver related. What does it do and is it required?
cFosInst_Check	?	cfosinst.exe	cFos DSL Modem driver related. What does it do and is it required?
cFosSpeed	U	cFosSpeed.exe	cFos_Software Internet acceleration program related. Note: May be necessary for the software to work properly.
cftmon32	X	taskmgr#.exe	Added by the SOWSAT.C and SOWSAT.J VIRUSES! where # is a number greater than or equal to zero
cfy	X	cfy.exe	Surfenhance.com SearchForIt adware variant
CGServer	U	cgserver.exe	Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs
Cgtask Services	X	cgtask.exe	Added by the LALA.B VIRUS!
Cgywin	X	cgywin32.exe	Added by the W32/Rbot-AEI Worm!
ChamClock	U	ChamClock.exe	Chameleon Clock - system tray clock replacement
change-me-now	X	msgfix1.exe	Added by the SDBOT.ZD WORM!
ChangeICON	U	SPMSMON.EXE	Card reader related program. Note: May cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem.
ChangeLines	?	chngline.exe	??
Chatango	N	Chatango.exe	Chatango "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately.
Chcenter	N	chcenter.exe	IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"
che32	X	che.ocx.vbs	Added by the WM97/Adenu-B VIRUS!
Cheatle	X	GigaByte.exe	Added by the SHODI.B VIRUS!
Check for One Touch Update	N	wiseupdt.exe	Checks for updates for Visioneer OneTouch scanners
Check for TWS Updates	N	WiseUpdt.exe	Interactive Brokers - check for update to their standalone Java-based trading platform
Check Messenger	U	cmesseng.exe	Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account
CheckCustomWorksUpdate	N	CheckCWupdate.exe	Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"
Checkdisk	X	mscas.exe	Added by the Troj/Vagon-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Checkdisk	X	mscas.exe	Added by the W32/VAGON.A-TR downloader TROJAN!
CheckIt	U	ToolBox.exe	CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify
CheckIt 86	U	CheckIt86.exe	CheckIt_86 popup blocker
CheckMsgPlus	Y	MsgPlusH.dll, VerifyInstallation	Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.
checkrun	X	elite**32.exe ( = random char)	EliteBar adware
checkrun	X	elitelsj32.exe	Added by the Troj/Multidr-ER TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
CheckScan32	X	regload16.exe	Added by the AEBOT.K WORM!
checktime	?	ct.exe	Found in the \HPSelect\Frontend\ directory on a HP machine. What is it's purpose and is it required?
CheckVCR	Y	IOMagic.exe	Driver for the I/OMagic Personal Video Recorder (DR-PCTV100)
CherryKeyMan	U	KeyMan.exe	Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys
china11msn	X	CHINA11MSN.EXE	Added by the W32.ENVID.O WORM!
ChineseStar	U	cstar.exe	Chinese language support software
CHIPDRIVEPinManager	U	sokscmpn.exe	ChipDrive Smartcard software
CHIPDRIVESmartcardManager	U	SCMgr.exe	ChipDrive Smartcard software
CHKADMIN	N	CHKADMIN.EXE	Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"
chkhbci	N	chkhbci.exe	Smart Card reader software for Omnikey readers
Choke	X	Choke.exe-blahh	Added by the CHOKE VIRUS!
chope	X	runlli32.exe	Added by the Troj/QQPass-U TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
chostsv	X	chostsv.exe	Added by the BANPAES.C VIRUS!
CHotKey	U	mhotkey.exe	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
CHotKey	U	zHotkey.exe	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
CHotKey	U	MK9805.EXE	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
Christmas Music Player	N	TTEST6.EXE	"Christmas Music Playerbrings the music of the Christmas Holiday to your desktop"
ChromeMark	?	keysh.exe	Related to this. Don't know what keysh.exe does though and if it's required
ChronitelInitTV	?	CHTVINIT.EXE	??
CiaBackdoor	X	msldr.com	Added by a VIRUS!
cihost.exe	X	cihost.exe	Added by the LINST VIRUS!
CIJxP2PSERVER	N	CIJxP2PS.EXE	Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7
Cisco Systems VPN Client	U	ipsecdialer.exe	The Cisco VPN_Client Lets local users gain Administrator privileges on the operating system
Cisco Systems VPN Client	U	vpngui.exe	Sets up IPSec communications for Cisco's VPN_Client
CISrvr Program	N	CISRVR.EXE	Related to internet setup on Compaq PC's
Cissi	X	Cissi.exe	Added by the CISSI.A VIRUS!
CitiUCS	U	CitiUCS.exe	Citibank Virtual_Account_Numbers
CitiVAN	N	CitiVAN.exe	Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again
CJET	X	CJet.exe	Added by the Adware.FFToolBar adware toolbar.
Cjstcom	Y	Cjstcom.exe	Canon printer BJ status language monitor
ClamWin	Y	ClamTray.exe	ClamWin antivirus
Classes	X	intl.exe	"Switch" adult content dialler
Classes	X	run_21.exe	"Switch" adult content dialler
Classes	X	int1.exe	"Switch" adult content dialler
Classes	X	srv.exe	"Switch" adult content dialler
Classes	X	srv2.exe	"Switch" adult content dialler
Classes	X	mstart.exe	"Switch" adult content dialer
Classes	X	MSTAR2.EXE	"Switch" adult content dialer
CLBOOT32	U	CLBOOT32.EXE	PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed inventory of a Client's hardware configuration. It includes information on CPUs, memory, operating systems, printers, display drivers, disk size and free space, network details and much more!". For tech support users to provide remote assistance
CLCLSet	U	CLCL.exe	CLCL clipboard caching utility
CleanEasyImg	?	cleanall.exe	??
CleanRegPath	?	CleanReg.exe	Apparently Annex A ADSL modem related - what does it do and is it required?
CleanSweep Smart Sweep- Internet Sweep	U	Csinsm32.exe	Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
CleanSweep Useage Watch	N	CSUSEM32.EXE	Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
CleanTemp	U	CLEANT~1.EXEBCleanTemp.exe	CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
Cleanup	N	ONICTASK.EXE	Internet Cleanup from Aladdin Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet
CleanUp	Y	mcappins.exe	Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled.
CleanupProgram	?	cleanup.exe	In a C:\Sonysys folder - Sony Vaio related?
clean_service	X	clean_service.cmd	Added by the W32.Refaz WORM!
clfmon.exe	X	clfmon.exe	Added by the TROJ/AGENT-BJ TROJAN!
Click Radio Tuner	N	clickr~1.exe	ClickRadio - subscription service playing radio music via the internet
Click Tray Calendar	N	ClickT~1.EXE	ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc
ClickMe	N	ClickMe.exe	ClickM "JOKE" program
Clickoff	U	Clickoff.exe	Clickoff automatically dismisses annoying dialog boxes
ClickTheButton	X	csrss.exe	"ClickTheButton" Downloader-MY TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
ClickTheButton	X	MSCStat.exe	"ClickTheButton" Downloader-MY TROJAN!
ClickTheButton	X	CTB.exe	"ClickTheButton" Downloader-MY TROJAN!
CLICONFG	X	CLICONFG.EXE	Added by the OPASERV.T VIRUS!
Client Access API Daemon	U	cwbappcd.exe	IBM iSeries Client Access, see here
Client Access Check Version	N	cwbckver.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
Client Access Express Welcome	?	cwbwlwiz.exe	Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?
Client Access Help Update	N	cwbinhlp.exe	Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
Client Access Service	N	CwbSvStr.Exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
Client Access Taskbar	U	cwbuitsk.exe	IBM iSeries Client Access taskbar, see here
Client Agent	X	(Path To random filename)	Added by the Troj/PPdoor-J TROJAN!
Client Agent	X	ipxwping.exe	Added by the Troj/PPdoor-N TROJAN!
Client Agent	X	photes.exe	Added by the Troj/PPdoor-P TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Client agent for ARCserve	?	W95AGENT.EXE	Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required?
Client for Microsoft Networks	X	msclient32.exe	Added by the W32/Sdbot-BXQ Worm!
Client Server Runtime Process	X	csrsss.exe	Added by the W32/SDBOT-LD WORM!
Client Server Runtime Process	X	csrs.exe	Added by the W32.LINKBOT.M WORM!
Client Server Runtime Process	X	smmss.exe	Backdoor TROJAN!, possible W32/Sdbot-gen variant.
Client Update	X	wup.exe	Added by a variant of the W32/OPANKI-A WORM!
ClientMan1	X	mscman.exe	Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!"
Clik Status Monitor	N	toolsclickstat.exe	Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
Clipbook Service	N	Clipsrv.exe	Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
ClipMate5x	N	ClipMt5x.exe	Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
Clipmate6	N	CLIPMT60.EXE	Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
Clipomatic	N	Clipomatic.exe	Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data
Clipsrv	N	Clipsrv.exe	Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
ClipSrv	X	clipserv.exe	Added by the W32/SDBOT-AAV and W32/Sdbot-AFE WORM!
ClipTrak	U	ClipTrak.exe	ClipTrak clipboard extender
ClipTrakker	N	ClipTrakker.exe	Cliptrakker - clipboard extender
CLMFrontPanel	U	clmpanel.exe	System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost
clnwall	?	rundll.exe setupx.dll, InstallHinfSection ..delwall.inf	??
clock	X	(various file names)	LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe
ClockSync	X	Sync.exe	ClockSynck - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available
ClockWise	U	CLOCKWISE.EXE	ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync
Clock_Manager	X	amsngr.exe	Added by the TROJ/SDBOT-XM TROJAN!
CloneCD or CloneCDTray	U	CloneCDTray.exe	System tray for CloneCD - the only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
CloneCDElbyCDFL	U	ElbyCheck.exe	From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
Clotus or greg0	?	prtStart.exe Orgprt.exe	Lotus SmartSuite related. In a Lotus\OrgReg folder. Unclear what exactly it does?
Clre	X	mmdc.exe	Added by the Troj/PurScan-AI TROJAN! Note: This trojan file is found in the Program Files\oace folder.
ClrSchLoader	X	Loader.exe	Lycos/IGetNet.ClearSearch parasite
CLSID	X	sed.exe	Adult content dialler
CLSID	X	msgplus.exe	Premium rate adult content dialer - NOTE: this is NOT the MSN Messenger 'MessengerPlus' extension, as described here
CLSID	X	com.exe	Adult content dialler
CLSID	X	dll.exe	Adult content dialler
CLSID	X	plugin.exe	Adult content dialler
CM-SmWizard	?	SmWizard.exe	SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?
cma	U	cma.exe	DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
CMAPP	X	cmappclient.exe	CasClient adware - also detected as Trojan.Cmapp
Cmaudio	N	Rundll32 cmicnfg.cpl, CMICtrlWnd	System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Cmd	X	cmd32.exe	Added by the P2P.TANKED VIRUS!
cmd32	X	configs.exe	Hijacker, also detected as the QURL-2 TROJAN!
cmdcon	X	cmdcon.exe	Added by the CRYPTER.A TROJAN!
CmdPrompt32.pif	X	CmdPrompt32.pif	Added by the W32.Assiral.B WORM!
CME	X	cme.exe	Part of Gator advertising spyware - see here for removal instructions
CmeSYS	X	CMEsys.exe	Part of Gator advertising spyware - see here for removal instructions
CmeUPD	X	CMEupd.exe	Part of Gator advertising spyware - see here for removal instructions
CMGrdian	?	CMGrdian.exe	One of the McAfee shared components. What does it do and is it required?
Cmmon32Sys	X	cmmon32.exe	Added by the Troj/Clicker-I TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
CmPCIaudio	U	RunDll32 CMICNFG3.CPL,CMICtrlWnd	Registers the Control Panel applet for a C-Media PCI sound card
CMPDPSRV	U	CMPDPSRV.EXE	Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more." Installed with some Compaq and Lexmark printers
Cmpnt	X	Devices2.exe	Added by the Troj/Tompai-D TROJAN!
Cmpnt	X	mainsv.exe	Added by the Troj/Tompai-C TROJAN!
cmrss	X	cmrss.exe	Added by the DELF.DU and Troj/Dloader-NK TROJANS!
cmrss	X	crmss.exe	Added by the DLOADER-EK TROJAN!
cmrss	X	(Path of Trojan EXE)	Added by the Troj/Dloader-QQ TROJAN!
cmrss	X	cmrss.exe	Added by Troj/BankDl-S TROJAN!
cmrst	X	cmrst.exe	Added by the PWSteal.Bancos.S TROJAN!
cmrst	X	cmrst.scr	Added by the Troj/Dloader-FP TROJAN!
cms	X	iserver.exe	Added by the Troj/Dloader-WK TROJAN!
CMSETTINGS	U	ctmn.exe	Part of NetNanny Chat_Monitor
cmsound	X	vcpdll.exe	Added by the TCXMEDI-D downloader TROJAN!
cmsound	X	vcsystem.exe	Added by the TCXMEDI-D downloader TROJAN!
cmss	X	system.exe	Added by a variant of the WIN32.RBOT WORM!
cmssapp	X	iexplore_.exe	Added by Troj/Bancban-CQ Trojan!
cmssapp	X	iexplore.exe	Added by the Troj/Bancban-GF TROJAN! Note: This is not the legitimate Windows process Iexplore.exe (Which should be found in the Program Files\Internet Explorer folder.) This worm\trojan file (iexplore.exe) is found in the Windows or Winnt folder.
cmssSystemProcess	X	csmss.exe	Added by the TROJ/AGENT-CO TROJAN!
cmssSystemProcess	X	mcsmss.exe	Added by the REPSAMO TROJAN!
cmssSystemProcess	X	csms.exe	Added by the AGENT-Y TROJAN!
CMSystem	X	CMSystem.exe	CASClient adware variant
CMS_Update	X	ms_update.exe	eBoard adware variant
cmt101	X	cmt101.exe	Added by a Crypter.C trojan variant infection
cmx32	X	cmx32.exe	Added by the W32.GEMA.D TROJAN!
Cn323	X	cnfrm33.exe	Added by the W32.MIMAIL.G WORM!
CNBABE	X	CNBABE.EXE	Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you\'re browsing
cnet	N	kontiki.exe	Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
Cnfrm32	X	cnfrm.exe	Added by the W32.MIMAIL.D WORM!
CnsMax	X	Internat.exe	Added by the POINTEX VIRUS! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) whereas this version resides in %windir%
CnsMin	X	Rundll32.exe CNSMIN.DLL, Rundll32	CnsMin (Chinese_Keywords) related
CnxAdslL	Y	CnxAdslL.exe	DLink, Zoom, or Conexant modem driver
CnxDslTaskBar	N	CnxDslTb.exe	Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems
Codename Dashboard	U	dashboard.exe	Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"
Coldlife -icmp	X	Systray.exe	Added by the IRC/FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe process
coloreal	U	coloreal.exe	Makes colours sharper and brighter, but will only work with coloreal capable monitors
Colorific Control Panel	N	Hgcctl95.exe	From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor
COM Service	X	mscom32.com	Added by the BEASTY.H VIRUS!
COM Service	X	msynvr.com	Added by the BEASTY.G VIRUS!
COM Service	X	msjclh.com	Added by the PLUX VIRUS!
COM Service	X	msdrce.com	BEASTY.I trojan
COM Service	X	msflyx.com	Added by the Troj/BeastDo-O TROJAN! Note: This trojan file is found in the msagent folder. .
com servoce
COM+ Event System	X	DRWTSN16.EXE	Added by a variant of the LOVGATE WORM!
COM+ EventSystem Services	X	ECSERVER.EXE	Added by a variant of the W32/SDBOT WORM!
Com+ Sys	X	csrs.exe	Added by the W32/FORBOT-BT WORM!
COM+ System Applications	X	lsas.exe	Added by the AGOBOT.SE WORM!
COM++ System	X	svchost.exe	Added by a variant of the LOVGATE WORM!
COM++ System	X	exploier.exe	Added by a variant of the LOVGATE WORM!
COM++ System	X	suchost.exe	Added by a variant of the LOVGATE WORM!
COM-IP	N	COMIP.EXE	COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)
ComAgent	U	ComAgent.exe	ComAgent, MDaemon's instant messaging client
combo.exe	X	combo.exe	Added by the Troj/Chimo-C TROJAN!
combop.exe	X	combop.exe	Added by the Troj/Bckdr-CSJ TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder. When run, this file together with its little friend combo.exe send spam from your machine.
combop.exe	X	combop.exe	Added by the Troj/Bowfeed-A TROJAN!
Comcast Network	X	ribiva.exe	Added by an IRC_TROJAN variant!
ComcastSUPPORT	X	tgkill.exe	Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
COMCFG	X	comcfg.exe	Added by the TOADCOM.A VIRUS!
comctl32	X	comctl32.exe	Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am
COMDRV32	U	svdhost.exe	Orvell Monitoring 2003 - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Note - asks for permission to contact the IP address of http://www.protectcom.com/
Comm Driver	U	commh32.exe	G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here . Disable/remove if you didn't install it yourself!
Command	X	system.exe	Added by the GATECRASH.A or GATECRASH.B VIRUSES!
Command	X	Gotit.exe	Added by the TITOG VIRUS!
COMMAND	X	command.exe	Added by the QQPASS.E VIRUS!
command	X	javaw.exe	Added by the W32/Agobot-LG WORM!
command32	X	command32.exe	Added by the Troj/LineaDl-A TROJAN!
CommCtr	N	commctr.exe	"Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs
Compaq Alerter	U	CPQAlert.exe	Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information
Compaq Computer Corp SCCenter Module	N	SCCENTER.EXE	For Compaq PC's. Part of Backweb
Compaq Computer Security	?	Rundll32.exe SECURE32.CPL, Service	??
Compaq DMI	N	cpqdmi.exe	Compaq version of the Desktop Management Interface
Compaq Drivers	X	F1rewalls.exe	Added by the W32/SDBOT-WD WORM!
Compaq Internet Setup	N	inetwizard.exe	For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
Compaq Jes Drivers	X	winjes.exe	Added by the W32/SDBOT-XR WORM!
Compaq Knowledge Center	U	silent.exe & matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide
Compaq Message Server	N	COMPAQ-RBA.EXE	Applies to CPQBootPerfDB below as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems
Compaq PK Daemon	U	cpqkl.exe	For Compaq laptops for programming user configurable keys. Not required unless you use them
Compaq Print Fax	X	cpqa1000.exe	Added by the W32/SDBOT-WL WORM!
Compaq Service Drivers	X	systeminfos.exe	Added by the W32/SDBOT-XC WORM!
Compaq Service Drivers	X	msnsvc.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	navapqwa.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	compq.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	wincmd.exe	Added by the RBOT.ATV WORM!
Compaq Service Drivers	X	msnt.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	wind32.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	winmsn.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	NtKernelSystem.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	amsn.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	compqs.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivers	X	ntdat32.exe	Added by the W32/Sdbot-CNW WORM!
Compaq Service Drivers 32	X	compq32.exe	Added by a variant of the W32/SDBOT WORM!
Compaq Service Drivrs	X	copq.exe	Added by a variant of the WIN32.RBOT WORM!
Compaq Sound Drivers For WINDOWS	X	sounddr.exe	Added by the W32/SDBOT-XG WORM!
Compaq Video CD Watcher	N	??	For Compaq PC's. MPEG viewer
Compaq32 Service Drivers	X	ms32.exe	Added by the SDBOT.BWH WORM!
Compaq32 Service Drivers	X	msconfig32.exe	Added by the W32/SDBOT-ADC WORM!
Compaq32 Service Drivers	X	msnt32.exe	Added by a variant of the WIN32.RBOT WORM!
CompaqHW Comp Manager	N	cpqhcm.exe	Compaq_Intelligent_Managability agent; "a solution that simplifies inventory management by automating the collection of hardware asset data for Compaq servers running in a NetWare environment".
CompaqPrinTray	N	printray.exe	Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop
Compaqs Service Drivers	X	compqs.exe	Added by a variant of the W32/SDBOT WORM!
CompaqSystray	N	cpqpscp.exe	Compaq System Tray icon
Compatibility Service Process	X	regsvs.exe	Added by the GAOBOT.YN WORM!
Compd Service Drivrs	X	codq.exe	Added by a variant of the W32/SDBOT WORM!
Computing Technologie Firewall	X	lsauth.exe	Added by the W32/SDBOT-WX WORM!
COMSMDEXE	N	comsmd.exe	3Com tray icon
ComTry Web Searcher	X	wstray.exe	Comtry MP3 Downloader related - spyware
comxt	X	comxt.exe	Added by a Comxt trojan infection
Config	X	service.exe	Added by the ISRAZ.B VIRUS!
Config Loadation	X	iEEexplore.exe	Added by the SDBOT.H WORM!
Config Loadatiorin	X	I3Explorer.exe	Added by the SDBOT.H WORM!
Config Loader	X	svchosl.exe	Added by the GAOBOT.P WORM!
Config Loader	X	sysldr32.exe	Added by the GAOBOT WORM!
Config Loader	X	scvhost.exe	Added by the GAOBOT.AE or GAOBOT.AO WORMS!
Config Loader	X	svhost.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Config Loader for Microsoft Windows	X	mwincfg32.exe	Added by the AGOBOT.BD WORM!
Config Loader2	X	explores.exe	Added by the GAOBOT.BT WORM!
Config Loadr	X	winsys32.exe	Added by the AGOBOT-HN WORM!
Config33.exe	X	Config33.exe	Added by the SDBOT.T backdoor TROJAN!
ConfiggLoader	X	cart322.exe	Added by the GAOBOT.DJ WORM!
ConfigSafe	U	CFGSAFE.EXE, AUTOCHK.EXE	ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
ConfigServices	N	Config.exe	Part of initial setup on a Compaq PC
configsetup	X	configsetup32.exe	Added by the W32/AGOBOT-AFP WORM!
Configuration	X	(different file names)	Added by the W32/SDBOT-ML WORM!
Configuration	X	ntsys32.exe	Added by the W32/SDBOT-LN WORM!
configuration	X	apphost.exe	Added by the W32/SDBOT-VP WORM!
Configuration Default	X	Wuxat.exe	Added by the W32/SPYBOT-CA WORM!
Configuration File	X	Winset32.exe	Added by the BackDoor.Flux.101 TROJAN!
Configuration Loaded	X	wupdated.exe	Added by the MOEGA or MOEGA.AG or MOEGA.AP VIRUSES!
Configuration Loaded	X	lssas.exe	Added by a variant of the W32/SDBOT WORM!
Configuration Loader	X	aim95.exe	Added by the LOADCFG or SDBOT TROJANS
Configuration Loader	X	service5.exe	Added by the GAOBOT.AF WORM!
Configuration Loader	?	lfass.exe	??
Configuration Loader	X	sycfg34.exe	Added by the GAOBOT.AN WORM!
Configuration Loader	X	wincrt32.exe	Added by the GAOBOT.BF WORM!
Configuration Loader	X	windex.exe	Added by the GAOBOT.BM WORM!
Configuration Loader	X	windex.exe	Added by the GAOBOT.BZ WORM!
Configuration Loader	X	dosrun32.exe	Added by the GAOBOT.AO WORM!
Configuration Loader	X	Service.exe	Added by the GAOBOT.AO WORM!
Configuration Loader	X	Servicess.exe	Added by the GAOBOT.AO WORM!
Configuration Loader	X	sw32.exe	Added by the AGOBOT.BQ WORM!
Configuration Loader	X	System.exe	Added by the GAOBOT.AO WORM!
Configuration Loader	X	Winreg.exe	Added by the GAOBOT.AO WORM!
Configuration Loader	X	sysinfo.exe	Added by the GAOBOT.FQ WORM!
Configuration Loader	X	microsoft.exe	Added by the GAOBOT.JB WORM!
Configuration Loader	X	confgldr.exe	Added by the POLYBOT VIRUS!
configuration loader	X	winicfg32.exe	Added by the GAOBOT.GEN!POLY WORM!
Configuration Loader	X	svhst.exe	Added by the GAOBOT.YC WORM!
Configuration Loader	X	syscfg32.exe	Added by the SDBOT.B WORM!
Configuration Loader	X	msgcfgsrv.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Configuration Loader	X	msnss.exe	GAOBOT.AUS worm
Configuration Loader	X	msgfix.exe	Added by the W32/SDBOT-QG and W32/Sdbot-BTE WORMS!
Configuration Loader	X	systemry.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Configuration Loader	X	ccSort.exe	Added by the AGOBOT.SR WORM!
Configuration Loader	X	wincffg.exe	Added by the AGOBOT.A3 WORM!
Configuration Loader	X	smss32.exe	Added by the AGOBOT.MB WORM!
Configuration Loader	X	cmd32.exe	Added by the LOADCFG or SDBOT TROJAN!. Note - "iexplore.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "iexplore.exe" (IE) resides in C:\Program Files
Configuration Loader	X	IEXPL0RE.EXE	Added by the LOADCFG or SDBOT TROJAN!. Note - "iexplore.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "iexplore.exe" (IE) resides in C:\Program Files
Configuration Loader	X	MSTasks.exe	Added by the LOADCFG or SDBOT TROJAN!. Note - "iexplore.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "iexplore.exe" (IE) resides in C:\Program Files
Configuration Loader	X	seru32.exe	Added by the W32/SDBOT-VR WORM!
Configuration Loader	X	botss.exe	Added by the W32/SDBOT-XS WORM!
Configuration Loader	X	ldasp.exe	Added by the AGOBOT.BH WORM!
Configuration Loader	X	smsai.exe	Added by the W32/SDBOT-YE WORM!
Configuration Loader	X	svupdate.exe	Added by the W32.RANDEX.DXP WORM!
Configuration Loader	X	svchost2.exe	Added by the AGOBOT.JR WORM!
Configuration Loader	X	crcss.exe	Added by the AGOBOT.ADG WORM!
Configuration Loader	X	scvhost.exe	Added by the W32/AGOBOT-AAE and Backdoor.Sdbot.AR WORMS!
Configuration Loader	X	svchost.exe	Added by the W32/ParaDrop-A WORM!
Configuration Loader	X	lexplore.exe	Added by the W32/RBOT-AGX WORM!
Configuration Loader	X	dezi.exe	Added by the W32/SDBOT-OB WORM!
Configuration Loader	X	WinHelper.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Configuration Loader	X	mouse.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Configuration Loader	X	msg.exe	Added by the SDBOT.BT WORM!
Configuration Loader	X	extrac.exe	Added by the W32/Sdbot-AFP WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Configuration Loader Service	X	Winsys32.exe	Added by the W32/RBOT-YV WORM!
Configuration Loader Service	X	devl32.exe	Added by the W32/SDBOT-XY WORM!
Configuration Loader Service	X	winsys32.exe	Added by the W32/RBOT-YV WORM!
Configuration Loader10	X	ip7.exe	Added by the W32/AGOBOT-ANZ WORM!
Configuration Loading	X	svchos1.exe	Added by the GAOBOT.DK WORM!
Configuration Loading	X	configldr.exe	Added by the AGOBOT-EC WORM!
Configuration Loading Service	X	wscel.exe	Added by the W32/SDBOT-WJ WORM!
Configuration Manager	X	CNFGLD32.EXE, Cnfgldr.exe	Added by the SDBOT WORM!
Configuration Service	X	suchost.exe	Added by the Troj/Daemoni-R TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Configuration Services	X	mswords.exe	Added by the W32/SDBOT-YM WORM!
Configuration Utility	N	CONFIG.EXE	Controls linksys wireless connection. Available from the Desktop
Configuration Utility	U	wlanutil.exe	NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)
Configuration Wizard	N	Cfgwiz32.exe	Added by a variation of the HACKTACK VIRUS! Not to be confused with the valid MS "ISDN Configuration Wizard" (Cfgwiz32.exe) in C:\Windows\System
Configuration32 Loader32	X	winamp32.exe	Added by the W32/Sdbot-BIC WORM!
ConfLoader	X	sysconf16.exe	Added by the TROJ/SDBOT-FB TROJAN!
Conmgr	N	conmgr.exe	Starts Winfax pro at startup
ConMgr.exe	U	conmgr.exe	Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut
Connect2Party	X	connect2party.exe	Adult content dialler
Connection Manager	N	CManager.exe	SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service
Connectivity Tool	X	(Path to Trojan file)	Added by the Troj/Litebot-E TROJAN! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Connector	X	SYS.EXE	Added by the Dialer.Nunci premium dialer.
Connector	X	sms.EXE	Added by the Dial/ExDial-B Dialer! Note: Dial/ExDial-B is a premium rate porn dialer.
Cons	X	consol32.exe	Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed
conscorr	X	conscorr.exe	Transponder parasite updater/installer
Console de Gerenciamento Microsoft	X	csrss.exe	Added by the Troj/Bancban-ET TROJAN! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Contacte	?	contacte.exe	Some kind of driver?
ContentDownload	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
ContentService	X	winservn.exe	Homepage hijacker
ContinueInstall	X	bpsinstall.exe	BrowserAid parasite
Control	X	rundll32.exe ctrlpan.dll, Restore ControlPanel	CoolWebSearch parasite related
Control handler	X	**********.exe ( = random char)	CoolWebSearch parasite variant
Control handler	X	ahjinst.exe	CoolWebSearch parasite variant
control panel	N	smctrlw.exe	System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card
Control Panel	X	System.exe	Added by the DANI VIRUS!
Controladores	X	(path to Trojan)	Added by the Troj/Telefo-A Trojan!
ControlCenter2.0	N	brctrcen.exe	Brother scanner 'Control Center' application; can be started manually
ControlCentreTray	N	XWCTray.exe	System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc
Controlled Resource System Service	X	crss.exe	Added by a variant of the AGOBOT.GEN WORM! **Note - this is NOT the legitimate crss.exe process, which should NOT figure in Msconfig/Startup!
Controller	N	WFXCTL32.EXE	From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
ControlPanel	X	rundll32 internat.dll, LoadKeyboardProfile, [path] twink64.exe internat.dll,LoadKeyboardProfile	CoolWebSearch parasite related
ControlPanel	X	host32.exe internat.dll,LoadKeyboardProfile	Added by a DELF.DW Downloader TROJAN variant!
ControlPanel	X	[path] cmd32.exe internat.dll,LoadKeyboardProfile	Awmcash.biz foistware
ControlPanel	X	systemctrl.exe internet.dll,LoadNetworkProfile	Browser hijacker, also detected as TROJ/STARTPA-FX
ControlPanel	X	popcorn72.exe rundll.dll,LoadMouseProfile	Added by the TROJ/DLOADER-RA TROJAN!
ControlPanel	X	internat.dll,LoadKeyboardProfile	Added by the Troj/Bizves-A TROJAN!
ControlPanel	X	popcorn64.exe rundll.dll,LoadMouseProfile	Added by the Troj/Dloader-OI TROJAN!
ControlPanel	X	popcorn.exe internat.dll,LoadKeyboardProfile	Added by the Troj/Bizves-B Trojan!
ControlPanel	X	svcc.exe	WorldSearch adware
ControlPanel	X	popcorn320.exe rundll.dll,LoadMouseProfile	Added by a variant of the TROJ/DLOADER-RA TROJAN!
ControlServiceMgr	X	csmsv.exe	Added by the TROJ/AGENT-XC TROJAN!
Cookie Cop 2	U	CookieCop.exe	Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Cookie Pal	U	CPBRWTCH.EXE	Kookaburra Softwares Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
CookieJar	U	Cookiejar.exe	Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
CookiePatrol	U	CookiePatrol.exe	CookiePatrol - PestPatrol's cookie interceptor stopping spyware cookies
CookieWall	U	cookie.exe	CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Cool Desk	U	cdesk.exe	Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you
CoolDownloads	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
CoolMP3	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
CoolSwitch	U	taskswitch.exe	ALT TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
Coolwallpaper	N	cwm_tray.exe	Cool_Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers
coolwebprogram	X	clrssn.exe	CoolWebSearch parasite related
Copernic Desktop Search	U	CopernicDesktopSearch.exe	Copernic Desktop_Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures."
CopernicPerUserTaskMgr	U	CopernicPerUserTaskMgr.exe	Automatic tasking feature of Copernic Pro multi-search engine tool
Copy handler	U	Copy Handler.exe	Copy_Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes.
Copyright	N	mwcpyrt.exe	Displays copyright information on IBM ThinkPads
Corel Colleagues & Contacts Reminders	N	cffrem.exe	Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of Corel Print Office
Corel Desktop Application Director	N	dadx.exe	The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs
Corel Family & Friends reminders	N	CFFREM.EXE	Corel Family & Friends - all-in-one calender, address book and list manager. Part of Corel Print House Magic
Corel Registration or Corel Registration Remi	N	Remind32.exe	If you don\'t want to register Corel products and be reminded about it every 2 weeks disable it
Corel Reminder	N	NAVBROWSER.EXE	If you don't want to register Corel products and be reminded about it every 2 weeks disable it
CorelCENTRAL 10	N	I_26dadCC.exe	CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs
CorelDraw Toolbox	X	CorelDraw.exe	Added by the W32/SDBOT-VZ WORM!
CorelMedia FoldersIndexer8	N	MFindexer.exe MFINDE~1.EXE	Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office
CoreSrv	X	coresrv.exe	Some IRC trojans/worms use this - see here for more information
CORESYS	?	coresys.exe	??
CorrectConnect	N	CConnect.exe	Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available
cosine	X	cosine.exe	Added by the W32/RBOT-SW WORM!
CostAware	U	niIPCApp.exe	NetInternals CostAware - download quota measuring tool
CountrySelection or Country Select	N	pctptt.exe	Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you\'ve set the modem up to the chosen country it\'s not required
Coupon Offers	?	??	??
couponica	X	couponica.exe	Adware - see here
CP	?	CopyProtectionNotifier.exe	Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition
CP32NOT	U	CP32BTN.EXE	For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons
CP4HPOT	U	OneTouch.EXE	One Touch keyboard driver. Required if you use the additional keys
CPA9P2PSERVER	?	CPA9P2PS.exe	Found on a Compaq Presario but what is it?
CPATR10	U	CPATR10.EXE	Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast
CPBrWtch	U	CPBrWtch.exe	Kookaburra Softwares Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
CPD_EXE	Y	CPD.EXE	Firewall bundled with McAfee VirusScan 6.*
cpl	X	deamon.exe	Added by the WIN32.TACTSLAY.C TROJAN!
cpl	X	msgaol.exe	Added by the WIN32.TACTSLAY.C TROJAN!
cpl	X	s_menu.exe	Added by the WIN32.TACTSLAY.C TROJAN!
CplBTQ00	N	CplBTQ00.EXE	Related to the EZbutton quick launcher
CPLDBL10	N	CPLDBL10.exe	Related to the EZbutton quick launcher
cpntmgc	X	wincomp.exe, winmgts.exe	Remote-control trojan from Electronic Group - see here
cpntmgc	X	simcss.exe, navpmc.exe	MagicControl downloader trojan variant
CPortPatch	?	cppatch.exe	CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?
CPQAcDc	Y	CPQAcDc.exe	Compaq PowerCon power management software for laptops
CPQAlert	U	CPQAlert.exe	Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information
CPQBootPerfDB	N	CPQBootPerfDB.EXE	See the entry for Compaq Message Server
CPQCalib	Y	CPQCalib.exe	Compaq PowerCon power management software for laptops
CPQDFWAG	N	CpqDfwAg.exe	For Compaq PC's. Runs Compaq diagnostics on every boot
CPQEASYACC	U	cpqeadm.exe	For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
CPQEASYACC	U	StartEAK.exe	For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
cpqeaui	U	cpqeaui.exe	For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
cpqek	U	kcpqek.exe	For Compaq PC's. Easy Access button support for the keyboard
CPQHotkeys	X	hotkeysvc.exe	Added by the W32.Kelvir.A or W32.Kelvir.B WORM!
CPQInet Runtime Service	U	CpqInet.exe	For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers
CPQINKAGENT	N	cpqinkag.exe	That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)
cpqns	U	cpqnpcss.exe	Related to Compaq.Net - not required if you don't use that
Cpqset	N	Cpqset.exe	Default settings software in Hewlett Packard notebook
CPQSTUTFIX	Y	stutfix.exe	For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton
cpr	X	cpr	Adroar.com adware downloader
CPU Manager	X	cpumgr.exe	Added by the PANDEM.B VIRUS!
CPU Temp Control	X	wuitgurd.exe	Added by the W32/RBOT-AHV WORM!
CPU Watcher	X	rundll32.exe [path] cpu.dll,load	Added by the TROJ/DLOADER-LO TROJAN!
CPU Windows Status	X	cpustats.exe	Added by a variant of the WIN32.RBOT WORM!
CPUcool	U	Cpucool.exe	Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel
Cpusave	X	Cpusave.exe	Added by the GEMA TROJAN!
Cpusave32	X	Cpusave32.exe	Added by the GEMA TROJAN!
cpyt	X	hidep.exe	Added by the Troj/Mirjack-A Trojan!
cqlyg	X	world_cup_.bat	Added by the WCUP VIRUS!
CQSCP2P SERVER	?	??	"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed
Cr*.exe ( = random char)	X	Cr*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Cr*32.exe ( = random char)	X	Cr*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
cracked_windows1	U	cracked_windows1.exe	Cracked Windows popup killer
CrazyTalk Serve	N	rundll32.exe CrazyTalk.dll, DIIServeMediaFile	CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS
CRC Value Verifier	X	crsss32.exe	Added by a variant of the WIN32.RBOT WORM!
CRC Value Verifier	X	Crsss64.exe	Added by the W32/Rbot-NY WORM!
CRC Value Verifier	X	svchost32.exe	Added by the W32/RBOT-OA WORM!
CRC Value Verifier	X	crsss.exe	Added by the SPYBOT.UK WORM!
Crc32stats Dependencies	X	Crc32stats.exe	Added by the W32.MYTOB.GT WORM!
Creata Mail	U	JMSrvr.exe	Creata_Mail . Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express.
Create A Monster	X	createAMonster.exe	Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related
CreateCD	N	Createcd.exe	Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs
CreateCD50	N	Createcd50.exe	Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs
Creative AGP Wizard	N	agpwiz.exe	Part of Creative's BlasterControl
Creative Launcher	N	CTLauncher.exe	For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
Creative MediaSource Go	N	CTCMSGo.exe	"Creative MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats"
Creative PCI Audio Configuration Utility	N	starter.exe	System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer
Creative Service for CDROM Access	N	Ctsvccda.exe	Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs
Creative WebCam Tray	N	Camtray.exe	Creative WebCam tray control; can be started manually.
Creative.exe	X	Creative.exe	Added by the PROLIN VIRUS!
CreativeDiscNotifier	N	CTNOTIFY.EXE	For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel
CreativeMixer	U	CTMIX32.EXE	Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon
Critical Update Check	X	battlenet.exe	Added by the Troj/Delf-LB TROJAN!
CriticalUpdate	N	Wucrtupd.exe	MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site
CriticalUpdate	X	wucrtupd.exe	Added by the W32/NOALA.B WORM! - NOTE: this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described here
Crnsava	X	scrnsave.pif	Added by the W32/Sdbot-ZV WORM!
cronos	X	MARCO!.SCR	Added by the OPASERV.G VIRUS!
CrossMenu	U	CrossMenu	Toshiba CrossMenu Utility - allows the user to create their own menus
crs	X	crs.exe	Added by the W32/Agobot-TJ WORM! Note: This worm\trojan file is found in the Root folder. Example: ( C:\ )
Crusty	X	dmcpl.exe	Added as the result of the RUSTY VIRUS!
cryptdlg	X	cryptdlg.exe	Added by an unidentified TROJAN!
Cryptographic Service	X	*****.exe ( = random char)	Win32.Korgo.AB worm
Crystal 3D Audio Control	?	CWD3DSND.EXE	Crystal 3D Audio sound driver. Is it required?
csaRem	N	spqmdmui.exe	Compaq modem country selection
CSAV_CheckViruses	Y	vchk.exe	Part of Command AntiVirus
csc	?	csc.exe	??
CSCRS Value	X	cscrs.exe	Added by the W32/RBOT-AAA WORM!
CSCRS Value Check	X	MsPMSPSd.exe	Added by a variant of the W32/SDBOT WORM!
CSINJECT.EXE	U	CSINJECT.EXE	Part of Quarterdeck/Norton CleanSweep. For a full description see here. An excerpt - "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes."
csm Win Updates	X	csm.exe	Added by the W32/ZOTOB.B WORM!
csoftok	X	softok.exe	Added by the TROJAN.PWS.QQPASS.G TROJAN!
csrsc	X	csrsc.exe	Added by an unidentified VIRUS!
csrse.exe	X	csrse.exe	Added by the Backdoor.Hesive TROJAN! Note: This trojan file is found in the Windows\temp or Winnt\temp folder.
CSRSS	X	CSRSS.EXE	Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling
Csrss	X	csrss.exe	Added by the W32.Chod WORM! Note - This will be installed in a random folder and is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
Csrss	X	csrss.exe	Added by the W32.CHOD.B WORM! - Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, and which should NOT figure in Msconfig!
csrss	U	csrss.exe	Added by the Spyware.BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. - NOTE - this file is placed in the Program Files\Supremtec folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
csrss	X	csrss.exe	Added by W32/Chode-J WORM! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
csrss	X	nwiz.exe /installquiet	Added by W32/Chode-J WORM!
csrss	X	msmsgs.exe	Added by W32/Chode-J WORM!
csrss	X	csrss.exe	Added by the Troj/Keylog-AQ KEYLOGGER! NOTE - This file is placed in the Windows (95/98/ME/XP) or WINNT (NT/2000) directory and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process always located in the Winnt\System32 or Windows\System32 folder.
CSRSS Loader	X	csrsss.exe	Added by the AGOBOT.TX WORM!
csrssLevel4	X	csrss.exe	Unidentified malware - NOTE - this file is placed in a C:\Windows\System\Level4 folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
CSRSSU	X	CSRSSU.exe	CoolWebSearch parasite related - hijacking to Slawsearch.com. Also see here
CSRSSW	X	CSRSSW.EXE	Added by the TROJ/CWS-F TROJAN!
CSRSWIN	X	(trojan filename)	Added by the WINSHELL.50 VIRUS!
CSRSX	X	(trojan filename)	Added by the WINSHELL.50.B VIRUS!
CSS Server	U	CSSServer.exe	Added by the ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself.
CSScheduleCheck	Y	SCHWIZEX.EXE	Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
cssrs	X	cssrs.exe	Added by the Troj/Bancban-DW TROJAN!
csss	X	Csss.exe	Added by the BALICK VIRUS!
CSS_Central	U	CSS_1631.EXE	CSS Communication Agent (95 Host) from Command Software Systems"CSS Central� provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console."
CSV10P70	X	CSv10P070.exe	ClearSearch adware related
CSV7P26	X	CSV7P26.exe	ClearSearch adware related
CSV7P70	X	CSV7P070.exe	ClearSearch adware related
CSV7P91	X	CSV7P91.exe	ClearSearch adware related
csvdea	U	csvdea.exe	Added by the SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself.
ct	Y	ct.exe	ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it
CT Control Settings	X	CTSVCCD.EXE	Added by the W32/RBOT-YS WORM!
CTAVTray	N	CTAvTray.exe	For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ
CTCMonitor	U	CTCMonitor.exe	Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required
CTDVDDet	N	CTDVDDet.exe, CTDetect.exe	Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
ctflog manager	X	ctflog.exe	Added by the DONBOMB.A TROJAN!
CTFM0N.exe	X	CTFM0N.exe	Added by the STARTPAGE.P TROJAN!
ctfmon	X	taskmgr32#.exe	Added by the SOWSAT.B VIRUS! where # is a number from 0 to 9
ctfmon	X	cftmon.exe	Added by the TROJ/DELIVE-A TROJAN!
ctfmon	X	ctfmon.exe	Added by Troj/SDBot-06 Trojan!
ctfmon	X	WinConst.exe	Added by the Troj/Assasin-G Trojan!
ctfmon	X	mIRC.dll	Added by the Troj/Delbot-E Trojan!
ctfmon	X	ctfmon.exe	Adware responsible for tenmonkey.com popups - file located in the Winnt or Windows folder - NOTE: do not confuse with the MS Office file of the same name as described here \|
ctfmon	X	msnmsgr.exe	Added by the Troj/Bdoor-JV TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
CTFMon	U	ctfmon.exe	Family_Keylogger is a program that lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Remember if you did not put this on your computer then someone else did! This Keylogging file is found in the System\CTF (95/98/ME) or System32\CTF (NT/2000/XP) folder.
ctfmon.exe	U	ctfmon.exe	CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don\'t need these features. For more info on ctfmon see here;en-us;282599 . CTFMON can be disabled from Control Panel, Text & Speech Services. NOTE: The file will always be located in the System32 folder. If it is located elsewhere, it will likely be a worm or trojan!
Ctfmon.exe	X	ctfmon32.exe	CoolWebSearch parasite related
ctfmon.exe	X	ctfmon.exe	Added by the PWSteal.Raidys TROJAN!
ctfmon.exe	X	msupdate32.exe	Spy Sheriff/SpywareNO malware component, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
CTFMON32	X	CTFMON32.EXE	CoolWebSearch parasite related - also detected as the TROJ/CWS-E TROJAN!
CTFMONSS	X	CTFMONSS.EXE	Added by the TROJ/CWS-F TROJAN!
ctfnom	X	rundIl32.exe	Added by the Troj/LegMir-AW TROJAN! Note: This is not the legitimate Windows process rundll32.exe (Notice the difference in the spelling). This trojan file (rundIl32.exe) is also located in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
ctfnom.exe	X	SVOHOST.exe	Added by the Troj/Digidor-A or Troj/StartPa-HA TROJAN!
ctfnom.exe	X	OSRSS.exe	Added by the Troj/Lewor-H TROJAN! Note: This trojan file (OSRSS.exe) is found in the Windows or Winnt folder.
cthelp	X	cthelp.exe	Added by the SDBOT TROJAN!
CTHELPER	N	CTHELPER.EXE	CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative�s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
CTHelper	X	cthelper.exe	Added by the W32/RBOT-XB WORM! - NOTE - do NOT confuse with the Creative application of the same name described here
CTime	X	(path to trojan)	CoolWebSearch parasite related
CTin10	X	CTin10.exe	Added by the BANCOS.E VIRUS!
CTPDPSRV	?	CTPDPSRV.EXE	Printer driver (in the WINDOWS\System32\spool\DRIVERS\W32X86 folder). Is it required?
CTRegRun	N	CTRegRun.exe	For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
CtrlVol	U	CtrlVol.exe	Acer's on screen volume control using the Fn key
CTStartup	N	CTEaxSpl.exe	Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
CTsysVol	U	CTSYSVOL.exe	Creative sound card volume controls
cttdpsrv	?	cttdpsrv.exe	??
CTUpdate	X	ctupdclt.exe	Added by the W32/RBOT-ABG WORM!
Ctykd	X	[path to file]	TSPY_SMALL.SN spyware
cuagentExe	Y	Cuagent.exe	Command Antivirus related
CUCore Agent	U	ConfAgent.exe	First Virtual Communications, Inc., Now RADVISION Ltd Click_to_Meet videoconferencing software
cuo	X	cuo.exe	Added by the BUGBEAR VIRUS!
Current Security Config	X	csecure.exe	Added by the W32/Rbot-AMO WORM! Note: This trojan/worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
cursor	N	Screendragon_VS_Taskbar.exe	ScreenDragon video player
CursorXP	N	CursorXP.exe	CursorXP from Stardock - tool for creating mouse cursors
CurtainsSysSvc	U	AuthSL.exe	Security Manager - part of a ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private.
Customizer2000	U	logon.exe	Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"
CuteMX	N	CuteMX.EXE	File sharing utility
cvmonitor.exe	X	cvmonitor.exe	WORM_SDBOT.BV
CVPND	Y	cvpnd.exe	Sub-system used by Cisco VPN client for making a connection to a remote IPSec server
CW	U	cw4.exe	Chat_Watch "is a monitoring and logging software for online chat and instant messaging programs"
CWatch	U	cw.exe	ChatWatch - chat monitoring tool
cwbckver	N	cwbckver.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
cwbinhlp	N	cwbinhlp.exe	Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
cwbsvstr	N	cwbsvstr.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
cwbwlwiz	?	cwbwlwiz.exe	Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?
Cwcdschk.exe	?	Cwcdschk.exe	IBM Thinkpad related?
cwupdate	U	cwupdate.exe	ContentProtect, from ContentWatch - http://www.contentwatch.com/products/contentprotect.phpinternet filter
CXMon	N	Hpi_Monitor.exe	Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs
Cyber	N	cyberchk.exe	Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed
Cyber Trio	U	showmode.exe	From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs
Cyber-Defender 2003	U	uwcdsvr.exe	Cyber Defender 2003
cyberfree.exe	X	***.dat ( = random char)	Unidentified adware
CyberLat Ram Cleaner	U	CLRamCleaner.exe	CyberLat RAM Cleaner is a program that Frees, Optimizes and Defrags your system\'s wasted memory (RAM). Some users swear by programs such as this but I suggest you read this article and make up your own mind
CyberMedia Agent	N	CMAGENT.EXE	Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled
CyberWolf	X	CyberWolf.exe	Added by the KICKIN.A (or CYDOG.C) VIRUS!
CyDoor or CydoorUpdate	X	CD_Load.exe	Adware. Check here for information about Cy-Door and here for a program that can remove it
CyphTray	N	CyphTray.exe	Cypherus - encryption software
D SYSTEM	X	dd.exe	Added by the W32/Mytob-FN WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
D-Link Air USB Utility	Y	AirCFG.exe	D-Link wireless PCI adapter related
D-Link Air Utility	Y	AirCFG.exe	D-Link wireless PCI adapter related
D-Link AirPlus DWL-650+ Utility	N	WLANMON.exe	D-Link Air Plus Wireless PC modem connection monitor
D-Link AirPlus G	Y	AirGCFG.exe	D-Link Airplus Wireless Router driver
D066UUtility	N	D066UUTY.EXE	TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
D3*.exe ( = random char)	X	D3*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
D3*32.exe ( = random char)	X	D3*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
d3dupdate.exe	X	bbeagle.exe	Added by the BEAGLE.A WORM!
D4	U	D4.exe	Dimension 4 - network time synchronization software
DACONFIGEXE	N	daconfig.exe	3Com NIC Diagnostics. Available via Start -> Programs
DadApp	Y	dadapp.exe	"DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell
Daemon	N	DAEMON32.EXE	Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs
Daemon	X	daemon.exe c daemon2.exe	Added by the W32.Selotima.A WORM!
Daemon or DAEMON Tools-1033	U	Daemon.exe	Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
Daily Planner	N	dayplan.exe	Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them
Daily Weather Forecast	X	weather.exe	Added by the DLOADER-IP TROJAN!
DamedWare Services	X	dwdrce.exe	Added by the W32/Rbot-AOJ WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Dancer	U	DncLE.exe	Part of Microsoft Plus! Digital Media Edition - see here
Danton	X	(random filename)	Added by the DANTON VIRUS!
Dap	N	DAP.exe	Download Accelerator Plus from SpeedBit - download manager/accelerator
dark	X	imgst.scr	Added by the PWSTEAL.BANCOS.U TROJAN!
dark	X	imgrt.scr	Added by the Troj/Bancban-FH TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
dark	X	csrs.scr	Added by TROJ/BANCBAN-GT or TROJ/BANCBAN-GU TROJAN!
DarkDevil.Grasiele.BR	X	Grasiele.VBS	Added by the LEMBRA VIRUS!
DarKNesS LsasS	X	LsasS23.exe	Added by an unidentified WORM or TROJAN!
DashIE	?	dashIE.exe systray	Could be related to "Dash Power Shopping" tool bar in IE?
dasxdads	X	fsdqd.exe	Add by the GAOBOT.BIQ WORM!
Data	X	System.dat.vbs	Added by the BISCUIT.A VIRUS!
data	X	msngs.exe	Added by the W32/RBOT-ADQ WORM!
Data LifeGuard	N	BACKWE~1.EXE	Data LifeGuard diagnostic tools for Western Digital\'s series of hard drives
Data LifeGuard LifeLine Lite installer	N	DLGLI.EXE	Backweb installer - see here
Data Restore Service	X	prq8.exe	Added by the W32.Kelvir.AI WORM!
Data789	X	Regedit.exe ....data789.tmp	Homepage hijacker
DATABASE MySql	X	[path] repcale.exe [path] beird.exe	Added by a variant of the RANDON.AN WORM!
DataCaching	N	FlashKsk.exe	SmartMedia Card management from the installation of a SanDisk reader for a camera\'s SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon
DataLayer	U	DataLayer.exe	Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
DataViz Inc Messenger	U	DvzIncMsgr.exe	Installed with DataViz "Documents to Go" software
DataViz Messenger	N	DvzMsgr.exe	DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"
Datcheck	X	datcheck.exe	Added by the KEYPANIC VIRUS!
Date Manager	X	datemanager.exe	DateManager - calendar program. Contains Gain adware
Datechecker	?	N/A	Could be related to this?
DateMakerIntl	X	DateMakerIntl.exe	Premium rate dialler also referred to as the PORNSPA.F VIRUS!
Daudi	X	daudi.exe	Malware, as yet unidentified
DAupdate	X	DAupdate.exe	NavEnhance adware
DAW9532.exe	?	DAW9532.EXE	Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required?
DayToday	U	DAYTODAY.EXE	DayToday from RoboMagic Software Corp. Displays the date on the taskbar
DAZEL Delivery Agent	U	DcDaemon.exe	Control and send documents, etc, to any destination - see here
dbserv	N	dbserv.exe	Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled
DBTMON	N	dbtmon.exe	Dell button monitor for 9XX series printer most commonly associated with 922. Can safely be turned off does not hamper printer operations. Can be accessed from the start menu
DCE Manager	X	dcemgr.exe	Added by the TUMAG.A TROJAN!
DCfssvc or dcfssve	U	dcfssvc.exe	Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example
Dcom System Patch	X	Microsoft.exe	Added by the RANDEX.MS WORM!
DDCActiveMenu	U	DDCActiveMenu.exe	Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
DDCM or DDCMan	X	DDCMan.exe	Digital Distribution Channel from Wild Tangent - adware
ddeproc	X	ddeproc.exe	Associated with Webcelerator - spyware. Read eAcceleration's privacy statement here
DDialler	X	DDialler.exe	Adult content dialler
DDT	?	N/A	??
de32gen	X	de32gen.exe	Added by a CRYPTER.C trojan variant infection
DeadAIM	N	rundll32.exe DeadAIM.ocm, ExportedCheckODLs	DeadAIM - feature enhancing product for AOL\'s Instant Messenger program
DealHelperBrwsr	X	dhbrwsr.exe	DealHelper adware
DealHelperDown	X	download.exe	DealHelper adware
DealHelperUpdate	X	DHUpdt.exe	DealHelper adware
Debug	X	DebugW32.exe	Added by the GUBED VIRUS!
DebugMonitor	X	debugmonitor.exe	Added by the W32.Mydoom.BG WORM!
DeeEnEs	U	DeeEnEs.exe	DeeEnEs - automatically updates a dynamic IP address when it changes.
deejay	X	forboo.exe	Added as result of a Forbot-AY worm infection
Default	X	explore.vbs	Added by the VBS.Allem WORM!
Default	X	mtask.vbe	Added by the VBS.Allem WORM!
default	X	shell32.exe	Added by the Backdoor.Binghe TROJAN!
Default System Research	X	vhchost.exe	Added by the TARNO.I VIRUS!
Default web browser	X	IexpIore.exe	Added by the OBLIVION.B VIRUS! Note - don not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"
Default_Page_URL	X	http://find.naupoint.com	Naupoint browser hijacker
Default_Search_URL	X	http://find.naupoint.com	Naupoint browser hijacker
defragm_check	X	defragment.exe	CoolWebSearch parasite related
defwatch	U	defwatch.exe	Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis
Delay or Delayrun	U	delayrun.exe	On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
Delete Me	X	worm.exe	Added as the result of the DOOMHUNTER VIRUS!
Dell AIO Printer A* (* = model)	N	dlbabmgr.exe	Dell AIO Printer A940 related. Not Required at Startup
Dell AIO Printer A920	?	dlbkbmgr.exe	Button manager for the Dell AIO Printer A920?
Dell AIO Printer A960	?	dlbfbmgr.exe	Dell A960 All-In-One Printer related - what does it do and is it required?
Dell Alert	N	DAMon.exe	"Dell Alert" utility, that's supposed to make interaction with Support easier
Dell Photo AIO Printer 922	?	dlbtbmgr.exe	Dell Photo AIO Printer related - what does it do and is it required?
Dell Photo AIO Printer 962	?	dlbxmon.exe	DellPhoto AIO Printer 962 Device Monitor - is it required?
Dell QuickSet	N	quickset.exe	ell taskbar icon allowing you to quickly change settings
DellDMI	?	delldmi.exe	Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?
DELLMMKB or DellTouch	U	DELLMMKB.EXE	Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
DellSC	N	dellsc.exe	Dell Solution Center - web-based troubleshooting tools and educational offerings
DellSupport	U	DSAgnt.exe	Dell Support Agent offers additional support and update features for your Dell computer or laptop.
DellTouch	U	MMKeybd.exe	Dell multimedia keyboard manager. Required if you use the additional keys
delmsbb	X	delmsbb.exe	nCase adware
delsaap	X	delsaap.exe	nCase adware
delstart	?	delstart.exe	Reportedly part of BT ISP software - what does it do and is it required in startup?
delsubmit	X	rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe	CoolWebSearch parasite related
DelTmp	?	DelTemp.exe	Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete?
DeltTray	N	deltray.exe	System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel
demon	?	demon.exe	Part of the French Wanadoo ADSL extense pack. What does it do and is it required?
Deneca	X	Virus salvado	Added by the W97M.DELUZ VIRUS!
DepFrez	U	frzstate.exe	Deep Freeze from Hyper Technologies. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example
Description of Shortcuts	?	*.exe	* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)
Desire	X	desires.exe	Adult content dialler
desk-top-service	?	desk-top-service.exe	??
DeskAd Service	X	DeskAdServ.exe	DeskAd.Service adware
DeskColor	N	DESKCOLOR.EXE	Provides transparent icon text backgrounds and coloured icon text
Deskflag	N	Deskflag.exe	DeskFlag - animated USA flag on the desktop
DeskMateAutoUpdate	N	DeskMateAutoUpdate.exe	DeskMates: Virtual scantily clad girls enhance your desktop - according to PestPatrol BargainBuddy adware related
DeskMateAutoUpdate	X	DeskMateAutoUpdate.exe	DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related
Desksite CMA	U	cma.exe	DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
Desktop	X	rundll32.exe msconfd.dll, Restore ControlPanel	Added by the BOOKMARKER VIRUS!
desktop	X	desktop.exe	Added by the SDBOT.MD WORM!
desktop	X	desktop.exe	Added by the W32.Kobot.L WORM!
Desktop Architect	N	DATRAY.EXE	Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc
Desktop Plant	N	AZARE10S.PLT	Vritual plant from here - this version is an Azalea, there are others so the filename may be different
Desktop Search	X	desktop.exe	iSearch "Desktop Search" hijacker
Desktop Service Centre	?	DSC.exe	OptusNet DSL or Dial-Up connection software - is it required?
Desktop Weather	N	THE WEATHER CHANNEL.exe	Desktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etc
Desktop Weather 3	N	THE WEATHER CHANNEL.exe or THEWEA~1.EXE	Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc
desktopmgr	N	desktopmgr.exe	Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry"
DesktopUpdate	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
DesktopX	U	DESKTOPX.EXE	A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking
deskup	N	deskup.exe	Adds Iomega Zip drive icons to the desktop
destroyb11	X	destroyb11.exe	Added by the Troj/Delf-KO TROJAN!
detect	U	idetect.exe	iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled
detect	?	turbodetect.exe	??
Detector	N	detector.exe	USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software
DEventAgent	U	eventagt.exe	DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this
Device Configuration Loader	X	msdvc32.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Device Detector	U	DevDetect.exe	Watches for external digital imaging products being connected from ACD Systems
Device Detector 2	N	DevDtct2.exe	Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources
DeviceDiscovery	U	hpotdd01.exe	Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products
DevicePath	X	Proyecto1.exeRoot.exe	Added by the GRUEL VIRUS!
Devices	U	olesvr.exe	Salfeld Child Control 2003 - parental control software
Devicewin	X	(Path to trojan)	Added by the Troj/Banker-AEV TROJAN!
devldr16.exe	U	devldr16.exe	Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
Devlog	?	devlog.exe	Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required
dgtstart	X	dgtstart.exe	DigitalNames.g adware
dguard	N	dguard.exe	eAcceleration Stop-Sign related; not recommended; see note
DHCP Server	X	regsvr.exe	Added by the W32/RBOT-PR WORM!
dhcpagnt	Y	dhcpagnt.exe	Intel DSL modem driver - leave enabled or you'll have to re-install the drivers
diagent	N	diagent.exe	System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs
Diagnostic	X	diagnostic.exe	Added by the Troj/Alpha-C TROJAN!
Dial22 or Dial33	X	dlm.exe	Adult content dialler
Dialer	X	rundll32.exe msa32chk.dll	Unidentfied malware
Dialer Control	U	dc.exe	Dialer-Control . Detects and protects from premium rate p0rn dialers
Dialer Detect	U	dd.exe	DialerDetect detects stealth installed premium rate dialers, and sounds the alarm when such a connection is being installed without you knowing it.
Dialgo SDK	U	PhoneAnswer.exe	Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"
DialNet	X	mxt32.exe	Adult content dialler
Dialog Box Assistant	N	OSDEx.exe	Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders
Dialog Helper	N	PDDLGHLP.EXE	Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs
DialUp Network Application	X	Rnaap.exe	Added by a variant of the W32/SDBOT WORM!
Diamondview	?	Diamondview.exe	Manulife Financial Insurance program. Note: This file is legitimate. It is not known if it needs to run at startup.
DIECOX	X	csrss.exe	Added by a BackDoor-ATM.gen trojan variant
Diesel	X	Recalculate.exe /reloadenterpice	Added by the Lazar TROJAN!
DietK	U	DietK.exe	DietK - add-on for Kazaa Media Desktop; "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results."
DigiD	X	DigitalSound.exe	Adware downloader
DigiGuide	N	CLIENT.EXEclient01.exe	TV guide and reminder
Digital Dashboard	N	devgulp.exe	For Compaq PC's. Loads Digital Dashboard options
Digital Dashboard	N	CPQMLDET.exe	For Compaq PC's. Loads Digital Dashboard options
Digital Line Detect	N	DLG.exe	Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems
Digital River eBot	N	downlo~1.exe	Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here
DigitalNames	X	DigitalNamesStart.exe	DigitalNames spyware variant
DigitalWizard	N	ISWizard.exe	InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
DigitalWizard Monitor	N	dwMon.exe	InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
DIGServices	U	DIGServices	Created by Disney but licensed to ESPN for watching videos.
DIGStream	N	digstream.exe	DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically
Dimension	U	Dimension.exe	Dimension, a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol.
Dimension4	U	d4.exe	Atomic clock synchronisation freeware - starts-up, adjusts the system clock, then shuts down
Dino3	X	dino3.exe	Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result
Dinst	X	dinst.exe	IMIServer/IEPlugin adware component
Dir1	X	caKe	Added by the CAKE VIRUS!
Direct settings	X	sdchost.exe	Added by the TROJ/DAEMONI-I TROJAN!
Direct Update	U	DUControl.exe	DirectUpdate dynamic DNS updater
Direct X Direct3D	X	dxd3d.exe	Added by a variant of the W32/SDBOT WORM!
Direct X Opengl	X	dxopengl.exe	Added by a variant of the W32/RBOT-CJ WORM!
direct3d.exe	X	direct3d.exe	Added by the TROJ/CERTIF-F TROJAN!
DirectCD	N	DirectCD.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
directs.exe	X	directs.exe	Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!
DIRECTVDSL	U	Directvdsl.exe	Starts DirectTV DSL modem at boot up. Can also be started manually
DirectX	X	ddhelp32.exe	Added by the BIONET.318 VIRUS! Note - not the DirectX helper which is ddhelp.exe
directx	X	Directx.exeSqlexploit.exeNTCmd.exePipeCmd.exe	Added by the SDBOT.D WORM!
DirectX	X	DirectX.exe	Added by the BLAXE or LOGPOLE VIRUSES!
DirectX	X	directx32.exe	Added by the AGOBOT.CG WORM!
DirectX 32	X	directx32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
DirectX for Microsoft Windows	X	dtxservice.exe	Added by the PROGENT TROJAN!
DirectX for Microsoft Windows	X	Fservice.exe	Added by the PRORAT TROJAN!
DirectX for Microsoft Windows	X	Sservice.exe	Added by the PRORAT TROJAN!
DirectX For Microsoft� Windows	X	fservice.exe	Added by the Troj/Prorat-P TROJAN!
DirectX shell driver	X	(Path of the Trojan exe)	Added by the Troj/MarktMan-B TROJAN!
DirectX Video Driver	X	dxterm5.exe	Added by the W32/WILAB-A TROJAN!
DirectX64	X	DirectXset.exe	Added by the BROWNEY.A VIRUS!
DirectX9 Diag	X	dx9diag.exe	Added by the W32/RBOT-ALT WORM!
Dirkey	U	Dirkey.exe	Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl Alt 1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl 1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders
Disable EHCI	?	nousb20.exe	??
Disc Detector	N	CtNotify.exe	For Creative sound cards. Detects when you insert a CD, DVD, etc
disc detector	?	qnetquestnotifty.exe	??
discoveg	?	discoveg.exe	??
DiscoverDeskshop	N	Deskshop.exe	Discover Deskshop - single use "virtual" credit card
Disk Keeper	X	SECURITY.EXE	Daosearch adware
Disk Keeper	X	keep.exe	Mslware - recognized by Kaspersky antivirus as Trojan-Dropper.Win32.Small.ve
Disk Manager	X	diskver.exe	Added by the RBOT.AQT WORM!
Disk Master	X	(trojan name)	Added by the DISTER VIRUS! - a spam relayer
DiskCheck	X	msdarkend.exe	Added by an unidentified WORM or TROJAN!
DiskeeperSystray	N	DkIcon.exe	DisKeeper defragmentation software - can be started manually.
diskinf	X	diskinf.exe	Added by a CRYPTER.A trojan infection
DISKMON.EXE	?	DISKMON.EXE	??
Disknag	N	disknag.exe	Dell program that reminds you to make your backup diskettes
Diskstart	X	Code.exehit.exeSnt.exe	Adult content dialler
Diskstart	X	cat.exe	MS-Connect dialler
Disk_Monitor	U	Disk_Monitor.exe	Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader
display	U	The_Eye.exe	Added by the ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself.
Display Drivers	X	cssrs.exe	Added by the AGOBOT.FX WORM!
Display Settings	N	hptasks.exe	Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers.
DisplayTrayIcon	N	TrayIcon.exe	System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display
Disspy	U	disspy.exe	Disspy spyware detection and removal software
Distiller Assistant 3.01	N	DISTASST.EXE	From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs
Distributed File System	X	Dfsvc.exe	Added by the MYFIP.A or MYFIP.K WORMS!
Distributed File System	X	kernel32dll.exe	Added by the W32.MYFIP-C or W32.MYFIP.K or W32.Myfip.T WORMS!
Distributed File System	X	blade.exe	Added by the W32.MYFIP.AC WORM!
Distributed File System	X	win.exe	Added by the W32.MYFIP.AB WORM!
distributed.net client	U	DNETC.EXE	Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses
Dit	Y	dit.exe	"Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found
Dit	X	dit.exe	Added by the Troj/Lazar-A TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
DiTask.exe	N	DiTask.exe	Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs
Divamon.exe	?	Divamon.exe	Associated with an Eicon_Networks Diva ISDN or ADSL modem - what does it do and is it required?
divx	X	divxenc.exe	Added by the Trojan.Spbot.C TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Divx	X	codll.exe	Added by Troj/Gravebot-A TROJAN!
DivX MediaPlayer 7.0	X	Dr.DivX.exe	Added by the ALADINZ.G VIRUS!
DivX Player	X	DivXPlayer.exe	Added by a variant of the WIN32.RBOT WORM!
DivX Updater	X	DivX.Exe	Added by the NALDEM or MASTAK VIRUSES!
Divx4 codec	X	devldr32.exe	Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file
DJREGFIX	N	regedit /s c:\hpdjregfix.reg	DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers
DJSNetCN	?	DJSNetCN.exe	"Symantec Licensing Detect Internet Connection", part of Norton antivirus - what does it do and is it required?
DkService	Y	DkService.exe	From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. Used to schedule defragmenting on a regular basis and not required if you do so manually.
DKTime	X	dktime.exe	Added by a Downloader.Lunii trojan infection
Dkware lptt01 or Dkware ml097e	X	dkware.exe	Variant of the RapidBlaster parasite (in a "DonkeySoft" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
dkzzixm	?	dkzzixm.exe	??
dla	Y	tfswctrl.exe	Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
DlaTray	N	Dlatray.exe	System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
dlbcserv	?	dlbcserv.exe	Related to a Dell Photo Printer - what does it do and is it required?
dlder	X	dlder.exe	Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see here). Reported in the past as a virus
DlDir1	X	caKe	Added by the CAKE VIRUS!
DLForcerExe	?	DLForcerEXE.exe	??
DLF_00000B00	N	Vcdlf.exe	Known to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknown
DLG	N	DLGCHBW.exe	Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates
DLHelperEXE	N	WATCH.exe	Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished
DLHelperEXE.exe	X	N/A	Downloader for Microgaming/Casino software - stealth installed
dlhost	X	dlhost.exe	Added by the Troj/ExpHook-A TROJAN!
Dlite	X	dllmanager.exe	Added by the WOOTBOT.DN WORM!
Dll Boot Loader on Startup (do not remove this)	X	[various file names]	Added by an unidentified TROJAN!
DLL Manager	X	dllmngr32.exe	Added by a variant of the WIN32.RBOT WORM!
DLL Service Manager	X	(path to worm)	Added by the RPCBOT.F VIRUS!
DLL32	X	dllmem32.exe	Added by the KWBOT.E VIRUS!
DLL32	X	dllhost.dll	Added by the LOVELETER.A WORM!
DLL32	X	dllhost.dll	Added by the W32.Suclove.A WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder, be sure to check the link on this one, copies it's self under four different file names in three diffrerent folder locations.
DllCacherv2	X	dllcachev2.exe	Added by the BACKDOOR.LATEDA TROJAN!
dlldmt	X	dlldmt.exe	Added by a CRYPTER.C trojan variant infection
DllExecutable	X	[path to file]	Added by the W32/VB-SP WORM!
dllhelp	X	dllhelp.exe	Added by a W32/Startpage.DQ hijacker infection
dllhelp	X	dllhlp.exe	Added by the Downloader-HI TROJAN!
dllhostxp.exe	X	dllhostxp.exe	browser hijacker and adware downloader
DllLoader	X	lssas.exe	Added by the TROJ/BDOOR-JE WORM!
Dlload	X	killer.exe	Added by the Troj/KillAV-FK TROJAN!
dllreg	X	dllreg.exe	Added by a CRYPTER.A trojan infection
DLLService32	X	dllsvc32.exe	Added by the AGOBOT.VX WORM!
dlsp2mx	X	dlsp2mx.exe	Added by the Dial/MPB-B Dialer. Note: The dialer provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as dlsp2mx.
DLT	?	dlt.exe	??
dluca	X	dluca.exe	Adult content dialler - see here
dluca	X	dluca.exe	Added by the DLUCA.C VIRUS!
dluxde	X	dluxde.exe	All-In-One-Telcom (adult content dialler) variant
Dluxjp	X	cnfrm.exe	Added by the DLUCA.D VIRUS!
DM mgr	X	dm_mgr.exe	Added by the JITTAR VIRUS!
dm**.exe ( = random character)	X	dm**.exe ( = random character)	Malware, presumably related to a new WareOut variant - detected by Ewido_Security_Suite as "trojan small.fb". Examples of filenames spotted include for example dmmnh.exe, dmsqg.exe, dmnib.exe and so on.
DMC	X	dmc.exe	Added by Trojan-Downloader.Win32.Dluca.bv TROJAN!
DMILDR	N	dmildr.exe	Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs
DMISL	N	DMISL.EXE	DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information
DMISLAPP	N	DMISLAPP.exe	DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information
Dmsvc32	X	Dmsvc32.exe	Added by the AGOBOT.ABU WORM!
dmtdll	X	dmtdll.exe	Added by a Crypter.C trojan variant infection
DMXLauncher	U	DMXLauncher.exe	Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files.
DM_server	X	dmserver.exe	Comet Cursor adware
dm_service	X	[path to file]	Added by the MITGLIEDER.P TROJAN!
Dnar	X	Dnar.exe	Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see here
DNE Binding Watchdog	Y	rundll dnes.dll, DnDneCheckBindings	Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
DNE DUN Watchdog	Y	rundll dnes.dll, DnDneCheckDUN13	Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
DNS	X	mc-58-12-0000093.exe	Nail/Aurora related malware
DNS	X	mc-58-12-0000080.exe	"Shorty" adware component, also detected as the AGENT.FD TROJAN!
DNS	X	mc-110-12-0000079.exe	Added by the TrojanDownloader.Agent.rv TROJAN!
DNS	X	mc-58-12-0000120.exe	"Shorty" adware component, also detected as the AGENT.FD TROJAN!
DNS	X	mc-58-12-0000140.exe	"Shorty" adware component, also detected as the AGENT.FD TROJAN!
DNS	X	services.exe	Added by the W32/Bckdr-CQG WORM! Note: This is not the legitimate Windows process services.exe (Which is always found in the System32 folder). The legitimate Windows process should not be seen in Msconfig or as a Startup item. This worm file is found in the Common Files folder.
Dns Resolver	X	dnsrslve.exe	Added by the W32/RBOT-WS WORM!
DNS Service	X	dnsresolver.exe	Added by the W32/RBOT-PQ WORM!
DNS2GoClient	?	dns2goclient.exe	DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required?
DNSCacheBoost	X	dnsping.exe	Added by the TROJ/DNSBUST-A TROJAN!
dnscleaner	X	dnscleaner.exe	CoolWebSearch parasite related
DNXVC	?	dnxvc.exe	??
DocTor	X	Doctor.exe	Added by the DOTOR VIRUS!
DocuMagix Init	N	PWATCH.EXE	PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed
Doggy Style	X	MsPMSPSd.exe	Added by the W32/Sdbot-AAP WORM!
DOGStart	X	GSDOGST.EXE	Added by an unidentified VIRUS! A possibility is a trojan known as PENIS
Doing	?	doing.exe	??
doit.exe	X	doit.exe	Added by the W32/FORBOT-EK WORM!
Don't Panic	U	dontpanicdemodp.exe	30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."
Don't Panic Pop-Up Stopper	U	dpps2.exe	Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
dos	X	dos64.exe	adware downloader trojan
Dos Prompt Loader	X	cygwin.exe	Added by the W32/SDBOT-VV WORM!
Dosbat	?	??	??
Dot.net Networking	X	Snss32.exe	Added by a variant of the IRC_TROJAN !
DoUWantIt	N	duwi.exe	DoUWantIt - online shopping assistant. Start it manually
down	X	hlp32.exe	Added by the TROJ_DLOADER.BG TROJAN!
down	X	(Original Trojan filename)	Added by the Troj/Small-QJ TROJAN!
Download Accelerator Plus 5.0	N	DAP.exe	Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is "adware" based
Download Plus	X	DownloadPlus.exe	DownloadPlus parasite - opens pop-up adverts
Download Wonder	N	DownloadWonder.exe	Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features
DownloadAccelerator	N	DAP.EXE	Download_Accelerator_Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
DownloadLegalMusic	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
DownloadWare	X	dw.exe	DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent
DownloadWare Engine	X	Dwe.exe	DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent
Downxz	X	Downxz.bat	Added by the W32.Mydoom.W WORM!
DPAgnt	N	DPAgnt.exe	digitalPersona fingerprint scanner
Dpcnav	Y	dpcnav.exe	DirecWay from DirectTV satellite based high-speed internet access
DPConfig	N	DPConfig.exe	Compuware DevPartner Studio Configuration Utility, a tool for software developers - system tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed.
dpcproxy	X	dpcproxy.exe	Added by a Troj/GoldenP-A trojan infection
DPCProxyLoadOnStartup	Y	dpcstart.exe	DirecWay from DirectTV satellite based high-speed internet access
Dpcstart	Y	dpcstart.exe	DirecWay from DirectTV satellite based high-speed internet access. Proxy software
Dpcstart	U	dpcstart.exe	Startup program for Direcway 2-way satellite internet service. Loads DirecWay\'s Navigator, tray icon, etc
dpi	X	dpi.exe	Delfin_Media_Viewer or "Promulgate" adware
dpnsvr32	X	dpnsvr32.exe -quiet	Added by Troj/AOLPass-B TROJAN!
dpps2	U	dpps2.exe	Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
dps	X	dps.exe	SmartestSearch parasite -poses as a foistware, bogus adware/spyware remover called "scumware-remover"
Drag'n'Drop_Autolaunch	N	Autolaunch.exe	Iomega HotBurn - CD-RW burning software
DragDrop	?	DragDrop.exe	??
DragnDrop_Autolaunch	N	Autolaunch.exe	Iomega_HotBurn - CD-RW burning software
DrCache	X	MSTDC.EXE	Added by the Troj/Bdoor-JM TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
DrefIW	X	SysDrefIWv2.exe	Added by the W32/DREF-C WORM!
DrefIW	X	SysDref.exe	Added by the W32/Dref-D WORM!
dregfix	?	ph_finder.exe	??
DrgToDsc	N	DrgToDsc.exe	Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
dried.exe	?	dried.exe	??
DriveLED	N	OODLed.exe	O&O DriveLED - displays your HDD LED on your monitor. Start manually
Driver	X	gbot.exe	Added by the JUNTADOR.K VIRUS!
Driver32	X	Scam32.exe	Added by the SIRCAM VIRUS!
DriverCheck	X	svchost.exe	Added by the TROJ/DELF-KR TROJAN! - NOTE - this file is placed in a C:\DriverLoad folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
DriverDB	X	svcmdx32.exe	Added by the BACKDOOR.BERPI TROJAN!
DriverLoad	X	svchost.exe	Added by the TROJ/DELF-KR TROJAN! - NOTE - this file is placed in a C:\DriverLoad folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
DriveSelect	N	driveselect.exe	DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs
dRMON SmartAgent	U	SmartAgt.exe	Part of the network monitoring program group for 3Com NIC cards. See here for more info
drmu	X	W95Mm.exe	Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise. See this thread
drocher	X	d.exe	Premium rate adult content dialer
Drvddll_exe	X	drvddll.exe	Added by the BEAGLE.X WORM!
DrvListnr	?	DrvListnr.exe	Analog Devices SoundMAX soundcard related. What does it do and is it required?
drvlsnr	U	drvlsnr.exe	Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly
drvnetw	X	drvnetw.exe	Troj/Brogger-B is an information stealing TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
drvr32h	X	drvr32h.exe	Added by an unidentified VIRUS!
drvrmanager	X	drvrquery32.exe	Added by the BOOHOO VIRUS!
drvsys.exe	X	drvsys.exe	Added by the BEAGLE.W WORM!
drvupd	X	rundll32 ..drvupd.inf	Hijacker - drvupd.inf file installs a "searchforge.com" hijack
DrWatson	X	drwatson_.exe	Added by the TROJ/LOHAV-S TROJAN!
DrWatson	X	drwatson_32.exe	Added by the TROJ/LOHAV-S TROJAN!
DrWeb Antivirus	X	DRWEBAV.EXE	Added by an unidentified WORM or TROJAN!
Drwebscheduler	Y	Drwebscd.exe	Dr. Web antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem
DR_S	X	DR_S.exe	AdShooter adware
ds	X	ds.exe	Added by the Backdoor.Spymon TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
DS Clock	U	dsclock.exe	Digital desktop clock including synchronization with atomic servers - see here
dsa	X	dsa.exe	Homepage hijacker - redirecting to downseek.com
DSAcass	X	(path to file)	Added by the RANKY.M backdoor TROJAN!
DSB	X	DSB.exe	EnergyPlugin adware
DSentry	N	DSentry.exe	Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
Dsi	X	dp-******.exe	Added by unidentified adware where ****** are random characters
Dsi	X	dp-him.exe	Added by the Troj/Multidr-AH TROJAN!
Dskcompat	X	Dskcompat.exe	Added by the GEMA TROJAN!
DSL Monitor	N	spdstrm.exe	Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
DSLagentexe	U	DSLagent.exe	Enables the Media Center software on a Media Center PC to be lauched via the button on the remote. Required if you prefer not to double-click the desktop icon first
dslmon	Y	dslmon.exe	Sagem DSL modem related. Apparently needed to detect the modem.
DSLSTATEXE	U	dslstat.exe	System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)
DsmSer	X	dsm.exe	Added by the W32.Serflog.B WORM
DsmSer	X	msmpatch.exe	Added by the W32.Serflog.B WORM
DsmSer	X	svosm.exe	Added by the W32.Serflog.B WORM
DsmSer	X	sysup.exe	Added by the W32.Serflog.B WORM
DSS	X	dssagent.exe	DSSAgent by Br�derbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info
DSS	X	(Trojan filename)	Added by the Troj/DSSDoor-C TROJAN!
DSService	X	dmrss.exe	Added by the W32/AGOBOT-XX WORM!
DSSSGENS	?	dssagens.exe	??
dstray	X	dstray.exe	Added by the Troj/CmjSpy-AA TROJAN!
DU Meter	N	DUMETER.EXE	Hagel Technologies internet bandwidth monitor
duck	X	duck.exe	Added by the W32/Agobot-AVG Worm!
Dumeter Services	X	dumeter.exe	Added by W32/Sdbot-AEQ WORM!
dumprep 0 -kordumprep 0 -u	N	dumprep 0 -kdumprep 0 -u	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
DUN_SERVICES3	X	dun3.exe	Added by the Trojan.Sokiron TROJAN!
Duweculey	X	yujixit.exe	Added by the SDBOT.BRP WORM!
dvd43	N	DVD43_Tray.exe	DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies."
DVD43	U	DVD43.exe	DVD43 is a small tool that overrides CSS copy-protection found on DVD movies.
dvd98	X	windvd98.exe	Added by the CULT.P VIRUS!
DVDBitSet	U	DVDBitSet.exe	DVD RW Drive/Disc Compatibility Setting. Installed with HP DVD RW drives to enhance compatibility with existing readers. You can also set a DVD RW default drive write mode which is always used
Dvdcompat	X	Dvdcompat.exe	Added by the GEMA TROJAN!
DVDLauncher	U	DVDLauncher.exe	A process belonging to the Cyberlink PowerCinema video viewing software which allows you to play DVDs upon insertion. Non-essential process - and is installed for ease of use
DVDSentry	N	DSentry.exe	Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
DVDTray	?	DVDTray.exe	HP CD/DVD Tray icon - what exactly does it do, and is it required?
DVDUpgrade	?	DVDUpgrd.exe	??
Dvp95	Y	Dvp95.exe	Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine
dvpapi9x	Y	DVPAPI9X.exe	Command AntiVirus for Windows 95/98/Me
DvpInitExe	Y	Dvpinit.exe	Command Antivirus related
dvprpt	Y	Dvprpt.exe	Command Antivirus real time protection
dvraudio	X	dvraudio.exe	Added by a Crypter.C trojan variant infection
dvsfss	X	fbsfsdrs.exe	Added by a W32/Sdbot-QA worm infection
DVSync	U	dvsync.exe	DVSync is the program that allows you to synchronize your daVinci�s PDA's data with your Personal Information Manager on the PC
Dvx	X	wsxsvc.exe	Delfin_Media_Viewer or "Promulgate" adware variant
dw	X	dw.exe	DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks, Medialoads and PAgent
DW4	U	Weather.exe	Desktop_Weather
DWHeartbeatMonitor	U	DWHeartbeatMonitor.exe	DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference
DwlClient	N	support.exe	Download manager for Dell support alerts
dwStart	Y	FireWall.exe	The_Shield Firewall
Dx	X	sys#.exe	Added by the DEXTER.A VIRUS! where # is a random number
Dx8compat	X	Dx8compat.exe	Added by the GEMA TROJAN!
dxdiags.exe	X	dxdiags.exe	Added by the Troj/Certif-G and Troj/Certif-K TROJANS! Note: These trojan files are found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
dxdll32	X	ntxdll.exe	Added by the W32.Gaobot.CPX WORM!
DXDllRegExe	N	dxdllreg.exe	Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it
DxLoad	X	DX3DRndr.exe	Added by the GIBE.B VIRUS!
DXM6Patch_981116	N	p_981116.exe	Win32 cabinet self extractor. More info here
dxmsrv	X	dxmsrv.exe	Added by an unidentified WORM or TROJAN!
Dxsty	X	Dxsty.exe	Added by the GEMA TROJAN!
Dxupdate.exe	X	Dxupdate.exe	Added by the MAFEG VIRUS!
dxvid	X	dxvid.exe	Added by Trojan-Downloader.Win32.Dluca.by TROJAN!
DyFuCA	X	optimize.exe	Adult content dialler - see here
DyFuCA Active Alert	X	actalert.exe	Adult content dialler - see here
Dynamic Dns Binary	X	dynitora.exe	Added by the W32/RBOT-WT WORM!
Dynamic Dns Binary	X	winxp34.exe	Added by a variant of the WIN32.RBOT WORM!
Dynamic Dns Binary	X	CMD16.EXE	Added by the W32/RBOT-XM WORM!
Dynamic Dns Binary	X	WinHelpcfn.exe	Added by a variant of the WIN32.RBOT WORM!
Dynamic Link Library loader	X	Loader32.exe	Added by the BACKDOOR.KOL TROJAN!
DynDNS Updater	U	DynDNS.exe	Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org.
DynDNS-Updater Traytool	N	ddutray.exe	DynDNS updater tray icon; allows easy configuration of the Dynamic DNSSM service.; can be run manually
DynHttp Dns Binary	X	dynizari.exe	Added by a variant of the WIN32.RBOT WORM!
DynSite	U	DynSite.exe	DynSite is a dynamic DNS client, also called an automatic IP updater.
Dynu Basic Client	U	dynubas.exe	Dynu online dynamic IP update client. Useful when using a dial up modem.
DZKillMe	?	DZSAVEME.EXE	??
E-Card	X	ecard.exe	Added by the YODI VIRUS!
E-color	U	IconMgr.Exe	Sets the colour of your monitor when running games that recognise E-Color so that you get \'what the game designer intended\' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program
E6TaskPanel	N	TaskPanl.exe	Earthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-space
eabconfg.cpl	U	EabServr.exe	Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Eac Download	X	download.exe	Associated with Webcelerator - spyware. Read eAcceleration's privacy statement here
EACLEAN	U	eaclean.exe	For Compaq PC's. Easy Access button support for the keyboard
Eac_Cnry	X	canary.exe	Added by the CANARY VIRUS!
Eac_rnvdl	?	ANTIVIRUS_INSTALL.EXE	??
EanthologyApp	N	EANTHO~1.EXE	eAcceleration Stop-Sign related; not recommended; see note
EanthologyApp	N	eanthology.exe	eAcceleration Stop-Sign related; not recommended; see note
eanthology_install.exe	N	eanthology_install.exe	eAcceleration Stop-Sign related; not recommended - see note
eanth_critical_update_alert	N	sys_alert.exe	eAcceleration Stop-Sign related; not recommended; see note
eanth_system_patcher	N	sys_alert.exe	eAcceleration Stop-Sign related; not recommended; see note
Eapcisetup	N	sbsetup.exe	Rockwell RipTide soundcard application software. Sound works without it
EAPCISETUP	N	wizard.exe	Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
EarthLink ToolBar 5.0	N	etoolbar.exe	EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time
Easy Start Button	N	esb.exe	Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
Easy-PrintToolBox	U	BJPSMAIN.EXE	A utility to launch the applications that are bundled with a Canon bubblejet printer
EasyAV	X	EasyAV.exe	Added by the W32.NETSKY.S or W32.NETSKY.T WORM!
EasyDates	X	EasyDates.exe	Premium rate adult content dialer
EasyDates_nl	X	EasyDates_nl.exe	Adult content dialler
EasyKey or Easy Key	U	easykey.exe	For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
EasyKeyboardLogger	U	epl.exe	EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!
EasyMessage	U	em2.exe	Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See here
EasySearchBar	X	ESBUpdate.exe	EasySearchBar adware downloader
easyServ	X	Server.exe	Added by the EASYSERV VIRUS!
EasySync Pro	U	XCPCMenu.exe	EasySync Pro is a Lotus program for synchronizing a PDA with Lotus Notes
EasyTuneIII	U	EasyTune.exe	Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
EasyTuneIV	U	ET4Tray.exe	Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
easywww	X	easywww.exe, easywww2.exe, iewwwint.exe	EasyWWW adware
EbatesMoeMoneyMaker	X	wjview ...Code	Ebates adware
EbatesMoeMoneyMaker0	X	EbatesMoeMoneyMaker0.exe	Ebates adware
eBay Toolbar	X	EBAYTBAR.EXE	eBay Toolbar - reportes as spyware as it "phones home"
eBayToolbar	U	eBayTBDaemon.exe	eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites.
eBoard or eMachines eBoard	U	Eboard.exe	eMachines multimedia keyboard manager. Required if you use the extra keys
eBot	N	DownloadWizard.exe	eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs
eCopy Desktop Printer Service	U	mrmlnc32.exe	eCopy Suite software connects your Canon imageRUNNER or document scanner to your company�s e-mail and other networked enterprise applications for easy, instantaneous distribution and management of scanned documents.
ecpe	?	ECPE.EXE	??
edexter	N	edexter.exe	eDexter supplements Internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser.
editpad	X	editpad.exe	CoolWebSearch parasite related
editpad	X	editpad.exe	Added by a Consper-B trojan infection
EDLoader	N	DTLoader.exe	Effective Desktop from MiniStars Software - desktop management software no longer being supported
EDRestore	U	??	Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"
educational writer	X	(filename).exe	Added by a W32/Rbot-LZ worm infection
Edwizard	U	Edwizard.exe	SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
eFax DllCmd	U	J2GDllCmd.exe	eFax_Messenger fax software
eFax Tray Menu	U	J2GTray.exe	eFax_Messenger fax software tray menu
eFax.com Tray Menu	N	HotTray.exe	eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here
efaxs lptt01 or efaxs ml097e	X	efaxs.exe	Variant of the RapidBlaster parasite (in an "efaxs" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
EFI Job Monitor	U	[path] efjm.dll,run	Ricoh Imagio Printer/Scanner driver status monitor
Efpap.exe	U	Efpap.exe	Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching
ehTray	U	ehtray.exe	Windows XP Media_Center_Edition 2005. Enables the user to access Windows Messenger from within Media Center
ei10.exe	X	ei10.exe	Added by the AGOBOT-NK WORM!
Eicon NetworksLAN_DAEMON or Eicon TechnologyL	U	watch.exe	Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
eixfi	X	china.bat	Added by the WCUP VIRUS!
ekor.exe	X	igamatu	Added by the BACKDOOR.SDBOT.AQ TROJAN!
Elbycheck	U	ElbyCheck.exe	From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
Electron Microscope	U	EMIII.exe	Electron Microscope, or EM , is a program used to track Stanford�s distributed computing program client called Folding at Home, FAH It will monitor up to 50 clients and give you the details about each client�s progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues.
Element	X	Element.txt	Added by the ELEM TROJAN!
element furth	X	[path] repcale.exe [path] palsp.exe	Added by a variant of the RANDON.AN WORM!
elm	N	Elmenv.exe	ViaTech eLicense for securing, distributing and selling music online
ELNKProxy	X	smproxy.exe	Surfmonkey adware
ELSA WINman Suite	U	Winmsuit.exe	Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU
ElsaCapiCtl	Y	Rcapi.exe	Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem
ELSAChipGuard	U	elsavect.exe	ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking
ELSBLaunch	U	ELSBLaunch.exe	EarthLink SpamBlocker
EMA.exe	N	EMA.EXE	Time management system which helps you to manage your time and appointments
eMailEncryption	N	velozsys.exe	eAcceleration Stop-Sign related; not recommended; see note
eMakeSV	X	EMAKESV.EXE	Switch premium rate adult content dialer variant
eMakeSV	X	EMAKE2B.EXE	Switch premium rate adult content dialer variant
eMCryT Sh3ars Panagers	X	(Path to worm random filename)	Added by the W32/Rbot-AWI WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
emoc0re	X	emo.exe	Added by the W32/AGOBOT-AGE WORM!
empin	X	e121307.Stub.exe	Adware downloader/installer, Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!
empin	X	e121307.exe	Adware downloader/installer, Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!
emsw.exe	X	emsw.exe	Believed to be spyware - made by a company called Alset. Also known as "HelpExpress". Will install itself if you have previously had Attune by Aveo installed as they're by the same company. Uninstall via Add/Remove programs
emule	X	emule.exe	Added by the W32/Rbot-ALZ WORM! Note: This trojan/worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
eMusicClient Systray	N	eMusicClient.exe	eMusic MP3 download software
EM_EXEC	U	EM_EXEC.EXE	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
EN4060C Taskbar	N	en4060ct.exe	Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
enBrowser	X	[name of file]	WINBO adware component
encapsulated command tool	?	wintr.com	??
Encarta Dictionary Quickshelf	N	QSHLFED.EXE	Provides quick access to Encarta's Dictionary features?
ENCMONITOR	N	monitor.exe	The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it
Encoder Agent	N	WMENCAGT.EXE	MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed
Encompass_ENCMONTR	U	ENCMONTR.EXE	Optional simple browser from Yahoo (Encompass)
ENCSurf	?	surfboard.exe	??
Energizer FileSaver	U	Energizer FileSaver.exe	Energizer FileSaver - UPS back-up utility for Energizer UPS products
EnergyPlugIn	X	EnergyPlugin.exe	EnergyPlugin adware variant
enginecs2	U	enginecs2.exe	Cyber_Sentinel Internet filtering software
EngUtil	Y	EngUtil.exe	Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
Enh Win Updt	X	enhupdt.exe	Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.OneClickNetSearch.h
enhance32	X	enhance32.exe	Added by a CRYPTER.A trojan infection
EnigmaPopupStop	N	EnigmaPopupStop.exe	Part of Enigma SpyHunter - not recommended, see note
ENSApServer2_0	?	APSERVER.EXE	Intel AnyPoint Wireless II Home Network related. What does it do and is it required?
ENSMIX32.EXE	?	ENSMIX32.EXE	Sound card driver. Is it required?
EnsoniqMixer	U	starter.exe	Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility
Enumerate Service	X	wsys.exe	Added by the MANIFEST VIRUS!
EnvyHFCPL	Y	EnMixCPL.exe	VIA Envy24 PCI Audio Controller driver
eonemng	U	eOneMng.exe	eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC
EPoXUSDM	N	USDM.EXE	EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc
ePrint 4.0 Service	N	EPRINT4.EXE	A component of the LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more! - Can be started manually.
ePrompter	U	ePrompter.exe	ePrompter - E-mail notification software
EPS	N	e_srcv03.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
EPS	N	e_srcv02.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
EPSON Background Monitor	N	STMS.EXE	Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
EPSON CardMonitor	U	EPSON CardMonitor1.0.exe	Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint
EPSON Status Monitor 3 Environment Check	N	e_srcv02.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
EPSON Status Monitor 3 Environment Check	N	e_srcv03.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
EPSON Stylus C44 Series	U	E_S10IC2.EXE	Epson Stylus C44 Series printer monitor - for checking ink levels, etc.
EPSON Stylus C46 Series	U	E_S4I0T1.EXE	Epson Stylus C46 Series printer monitor - for checking ink levels, etc.
Epson Stylus C62 Series	U	E-S0BIC1.EXE	Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
Epson Stylus C82 Series	U	e_s0hic1.EXE	Required for an interface to some versions of MS Word to ensure that some fonts are printed correctly. Start it manually if required
EPSON Stylus Photo R300 Series	U	E_S4I2F1.EXE	Epson Status Monitor - gets installed with many Epson printers and gives you a progress of your print jobs as they are printing.
EpsonPhotoStarter	U	EPSON_PhotoStarter.exe	Only needed if you want to make full use of the capabilities of an Epson printer that included this
Equipmen	?	Equipmen.exe	??
Eraser	U	eraser.exe -hide	Eraser allows for complete removal of data from your hard drive
eRecoveryService	U	check.exe	Acer Notebook related - Acer eRecovery allows the user to restore the operating system or backup the current system profile, thus ensuring system integrity.
EReg	N	reg32.exe	EReg is a software registration tool incorporated on products such as those by Br�derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it
erfgddfk	X	wind2ll2.exe	Added by the W32.Beagle.CQ WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
erghgjhgdr	X	windlhhl.exe	Added by the W32.Beagle.BG or W32.Beagle.BH or W32.Beagle.BI or W32.Beagle.BJ WORM!
erm	?	erm.exe	??
Eror Nuker	N	ErrorNuker.exe	ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required.
eros.exe	X	eros.exe	Adult content dailler
ErrorGuard	X	ErrorGuard.exe	Spyware remover of dubious repute - see here
erthegdr	X	windll2.exe	Added by the W32.Beagle.CG WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
erthgdr	X	windll.exe	Added by the BAGLE.BD WORM!
erthgdr	X	svc.exe	Added by the W32.Beagle.BK WORM!
erthgdr	X	svc.exe	Added by the W32.BEAGLE.BN or W32.Beagle.BP WORM!
erthgdr2	X	svc23.exe	Added by the BAGLE.CG WORM!
ERUNT AutoBackup	U	AUTOBACK.EXE	ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored if desired.
eSafe Protect	Y	ESPWatch.exe	eSafe from Aladdin - internet security for gateway and E-mail servers
ESB	U	esb.exe	Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
eScan Monitor	Y	AVKWCTL9X.EXE	eScan antivirus
eScan Scheduler	U	avkserv.exe	eScan antivirus scheduler
eScan Updater	U	Trayicos.exe	eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads
EScorcher	X	escorcher.exe	Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
ESFTP	N	esftp.exe	ESftp - FTP client for transfering files between a local PC and another remote computer
Esoh	X	Esoh123.exe	Added by the AGOBOT.FF WORM!
Especial	X	Deneca.bat	Added by the W97M.DELUZ VIRUS!
ESPN BottomLine	N	bline.exe	ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."
ESS Daemon	?	Essd.exe	Related to an ESS based soundacard. Is it required?
essapm	?	essapm.exe	ESS Solo soundcard driver. Is it required?
Essdc	Y	essdc.exe	Related to an ESS Solo soundcard. Seems as though it's required
ESSNDSYS	?	ESSNDSYS.EXE	Related to an ESS based soundacard. Is it required?
ESSOLO	Y	ESSOLO.exe	Sound card driver that re-instates itself every time it's removed
esspk	Y	esspk.exe	ESS Technology modem speaker driver file. Required to get on-line with this modem
EssSpkPhone	U	essspk.exe	ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets
eSupInit	?	eSupCmd.exe	Related to SupportSoft "Real-Time Service Management software" - what exactly does it do and is it required?
ETB Tester	X	etbtest.exe	Added by the W32/RBOT-ABR WORM!
etbrun	X	elite**32.exe ( = random char)	EliteBar adware variant
Ethernet	N	tcaudiag.exe	3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
ethernet	X	airftp.exe	Added by a variant of the W32/SDBOT WORM!
ethernet	X	msnger.exe	Added by a variant of the W32/SDBOT WORM!
ethernet	X	msftp.exe	Added by the SDBOT.BXJ WORM!
Ethernet Drivers	X	smrrs.exe	Added by the W32/RBOT-AAK WORM!
Ethernet Drivers	X	ethernet.exe	Added by the W32.GAOBOT.CEZ WORM!
Etraffic	X	JavaRun.exe	Marketing software from TopMoxie
eTrust EZ Firewall	Y	efpeadm.exe	eTrust EZ Firewall
eTrust PestPatrol Active Protection	U	PPActiveDetection.exe	PestPatrol real-time protection feature. "Stops spyware before it infects your system"
eTrustCIPE	Y	ezdsmain.exe	eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
eTunnel	X	winfw.exe	Added by an unidentified TROJAN!
EuroGlot	U	EuroGlot.exe	Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"
Event Log	?	eventlog.exe	??
Event Planner Reminders	N	PLNRnote.exe	Sierra Event Planner tray icon
Event Reminder	N	pmremind.exe	A calendar/alarm program that installs with Br�derbund Printmaster
EVENTLISTENER	U	EvLstnr.exe	Used with a Nikon digital camera to recognize when the camera is plugged in
eventmgr	N	eventmgr.exe	Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs
Evidence Cleaner	U	ecleaner.exe	Evidence_Cleaner cleans up tracks left by your PC and Internet activities
Evidence Eliminator	N	ee.exe	Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
Evil	X	Evil.exe	Added by the W32.Mytob.JM WORM! Note: This worm file may be found in the Windows or Winnt folder.
evntsvc	N	evntsc.exe	Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required - see here for more information, including how to disable it
EVOLOSTA	U	EVOLOSTA.EXE	Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it
EvtHtm	X	evthtm.exe	Premium rate adult material dialer
EW Message Server	U	msg32.exe	Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
eWare Startup	N	iWareStart.exe	eWare iWare task bar. Not required
ewupdater	X	ewupdater.exe	EasyWebSearch adware updater
Excite Platform	N	Exlaunch.exe	Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
Excite Private Messenger Pipe	?	x8impipe.exe	??
ExciteAssistantEXE	N	ASSISTANT.EXE	With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open
exe lptt01 or exe ml097e	X	exe.exe	Variant of the RapidBlaster parasite (in an "Exe" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
execfg4	X	execfg4.exe	Added by the ELECTRON VIRUS!
Execute	?	delfolders.exe	??
ExeName32	X	Warm.scr	Added by the SCOLD VIRUS!
exgiwsl	?	exgiwsl.exe	??
Exif Launcher	U	Exiflaquickdcr.exe, QuickDCF.exe	USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
ExitKiller	U	Ekiller.exe	Exit Killer - automatically closes pop-up windows in your browser
exmon	?	hpimoniter.exe	Some kind of hp digital camera maybe or a photo smart connection probe?
exp.exe	X	exp.exe	Added by a variant of the SMALL.ABD downloader TROJAN!
EXPL0RE.EXE	X	EXPL0RE.EXE	Added by the Troj/Popno-A TROJAN! Note: Notice that (EXPL0RE.EXE) is spelled using the number 0 instead of the letter O. This trojan is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Expl0rer soft	X	expl0rer.pif	Added by the W32/RBOT-AQR WORM!
expler	X	Updadv.exe	Added by the Troj/QQPass-N TROJAN!
Explkw	X	expup.exe	Keywords hijacker
explore	X	explore.exe	Added by the W32.Hawawi WORM!
Explore	X	Explorer.exe	Added by the IRC.FLOOD.G VIRUS! Note - this is not the valid Windows "explorer.exe"
Explore	X	explore.exe	Adult content dialler
explore manager	X	explore.exe	Added by the DONBOMB.A TROJAN!
explore.exe	X	Explore.exe	Added by the GRAYBIRD.G VIRUS!
exploreff.exe	X	exploreff.exe	Added by the Finfanse or Troj/LegMir-BH TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
explorer	U	explorer.exe	Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a WORM! such as PE_BISTRO or DVLDR or MYDOOM.B or Troj/Torpig-A . Note that it is also not the explorer.exe task/service you'll see when via CTRL ALT DEL
explorer	X	wscript.exe	Sneaky way to start any VBS script. Many viruses use VBS files
Explorer	X	shellexpl.exe	Added by the GPIX and SHELDOR VIRUSES!
explorer	X	expl32.exe	Added by the RATSOU VIRUS!
Explorer	X	(path to worm)	Added by the AUTEX VIRUS!
Explorer	X	shellexp.exe	Added by a variant of the Backdoor.Sheldor TROJAN!
EXPLORER	X	EXPL0RER.EXE	Added by the Troj/BeastDo-Y TROJAN!
explorer	X	explorer.exe	Added by the PWS.ZAYA TROJAN! - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is installed in a C:\Windows\System\Service folder. Moreover, the valid explorer.exe will only figure among the startups if you intentionally placed it there!
EXPLORER	X	sys.exe	Added by the TROJ/SILLYFDC-A TROJAN!
Explorer	X	config_.com	Added by the W32/Floppy-D WORM!
Explorer	X	drv.exe	Added by the Troj/Small-FD TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
explorer	X	[path to trojan]	Added by Troj/Agent-EU TROJAN!
Explorer Loader	X	explr32.exe	Added by the AGOBOT.N WORM!
Explorer Loader	X	explorerl.exe	Added by the W32/Sdbot-ADI WORM! Note: This is not the legitimate Windows Process Explorer.exe (Notice the difference in the spelling.) This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Explorer lptt01 or Explorer ml097e	X	explorer.exe	Variant of the RapidBlaster parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Windows Explorer which has the same executable name
EXPLORER MICROSOFT SYSTEM	X	explore.exe	Added by a variant of the WIN32.RBOT WORM!
Explorer soft	X	explorer.pif	Added by the W32/Rbot-APK WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Explorer soft	X	explorer.com	Added by the W32/RBOT-ARM WORM!
Explorer Updater	X	IEXPLORE.exe	Added by a W32/Sdbot-WO worm infection
explorer.exe	X	explorer.exe	Added by the Troj/Agent-EW TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Also, do not confuse this with the valid "explorer.exe" which is located in C:\Windows or C:\Winnt.
Explorer32	X	Expl32.exe	Added by the HACKTACK VIRUS!
Explorer32	X	explorer6s4.exe	Added by the Downloader.Win32.Small.biq TROJAN!
Explorer32	X	efsdfgxg.exe	Added by the Troj/Clicker-AA TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Explorer64	X	efsdfgxg.exe	Added by the Troj/Clicker-AA TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
exporet	X	winset.exe	Added by the TROJ/QQPASS-I TROJAN!
Exshow95	U	EXSHOW95.exe	Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices
External Dependencies	X	External.exe	Added by the W32.Mytob.EC WORM!
ExtraDNS	U	ExtraDNS.exe	ExtraDNS - DNS configuration tool
Extranet AutoDial	?	AutoExt.exe	Nortel Networks Contivity Extranet Switching Software
Extreme Messenger for AIM	U	ExtremeMessenger.exe	Extreme_Messenger - an extension for the AIM Instant Messenger client
ExxtremeHelperDemon	?	exxdemon.exe	Creative Exxtreme graphics card related ?
Eye Tide Launcher	N	oneeyetideone.exe	Nascar wallpaper
EZ Firewall	Y	ca.exe	eTrust EZ_Armor Internet Security
ezagent	N	ezagent.exe	EzVCR recording software for the ASUS TV FM card. Available via Start -> Programs
EzButton	N	EzButton.EXE	EZbutton is a quick launcher for the Media player app that comes with certain laptops. Typically installed in a C:\Program Files\EzButton folder
EZDesk	N	EZDESK.EXE	Utility that remembers icon locations for each user and resolution. Available here
EzEjMnAp	N	EzEjMnAp.exe	For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs
eZmmod	X	mmod.exe	eZula TopText adware
EZNORUN	?	EZNORUN.EXE	Easy Internet related?
ezShieldProtector for PxorezPS_Px	Y	ezSP_Px.exe, ezSP_PxEngine.exe	Engine that allows PrimoDVD from Veritas (was Prassi) and Drag\'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
EZSMART App	U	ezsmart.exe	EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported
ezula	X	eZmmod.exe	eZula TopText adware
eZulaMain	X	eZulaMain.exe	eZula TopText adware
eZuluMain	X	eZuluMain.exe	Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work
eZWO	X	wo.exe	eZula TopText adware
E_S10IC2	U	E_S10IC2.exe	Epson Stylus printer monitor - for checking ink levels, etc.
E_S23	U	E_SICN03.exe	Epson printer status monitor - for checking ink levels, etc.
E_S4I2G1	?	E_S4I2G1.EXE	Related to the Epson Stylus CX5400 printer/scanner/copier. What does it do and is it required?
E_SOEIC1	U	E_SOEIC1.exe	Epson Stylus printer monitor - for checking ink levels, etc.
F-Secure 2006	Y	fspex.exe	F-Secure Anti-Virus automatic updater
F-Secure Management Agent	U	FSMA32.EXE	F-Secure Antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products
F-Secure Manager	Y	FSM32.EXE	F-Secure Antivirus - carry out scheduled virus scans automatically
F-Secure Startup Wizard	Y	FSSW.EXE	F-Secure antivirus
F-Secure TNB	Y	TNBUtil.exe	F-Secure antivirus
F-StopW	Y	F-StopW.exe	F-Prot anti-virus background scanner by F-Risk Software
f1Tray.exe	U	F1TRAY.EXE	System Tray icon for FusionOne�s MightyPhone software. MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer.
f607	X	f607.exe	Added by the URAT.B VIRUS!
f73cdc8ee94e	X	btsendto.exe	Associated with mysearchnow.com/searchbar.html
FamilyKeyLogger	U	cisvc.exe	"Family Keylogger - is your best choice, if you want to know what other users on your machine are typing". Note! - this is not the cisvc.exe service.
Fantasia injector	X	wincfg.exe	Added by the AGOBOT.US WORM!
fapmon	?	fapmon.exe	Fair Access Policy monitor for DirecPC/DirecWay internet access
farmmext	X	farmmext.exe	Transponder parasite updater/installer
Fash	X	Fash.exe	Ibis toolbar adware related
Fast	N	fast.exe	Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
FAST Defrag	N	FAST2.EXE	FastDefrag defragmenting software
Fast Home	X	svcnvt.exe	Reported by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Delf.ks This file may be found in the System folder on 9X machines, however as of this writing it has only been seen in the System32 folder.
Fast Search	X	svcnv.exe	Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf
Fast start	X	Ntut.exe	Added by unidentified adware - recognized by Kaspersky antivirus as Trojan.Win32.Favadd.i
Fast start	X	svcnt.exe	Added by unidentified adware - recognized by Kaspersky antivirus as a variant of the Win32.Favadd TROJAN!
FastCache	U	fc.exe	FastCache from AnalogX - speeds up browsing by resolving DNS requests locally
FastStart	X	ntnut32.exe	Added by the StartPage.L TROJAN!
FastStart	X	svcnut.exe	Browser hijacker - a variant of the STARTPAGE.L TROJAN!
FastStart	X	svcnut32.exe	Browser hijacker - a variant of the STARTPAGE.L TROJAN!
FastTrack Accelerator	N	SPEED UP.EXE	FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus
FastUser	N	fast.exe	Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
FatPipe	U	DHCP	Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
Fatpipe Dialer	U	fpdialer.exe	Dialler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
fatrecov	X	fatrecov.exe	Added by the TrojanSpy.SCKeyLog.j keylogger - A keylogger or keyboard logger is a type of surveillance software that has the capability to record every keystroke you make to a log file, which can then be sent to a specified receiver.
FaxCenterServer	U	fm3032.exe	FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others.
FBDirect	U	FBDirect.exe	Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
FBI	?	FBISM.exe	Compaq related but what does it do?
fc	X	runfc.exe	Added by the CAMPURF VIRUS!
FCEngine	X	FCEngine.exe	CASClient adware variant
FDD SYSTEM	X	Fdd.exe	Added by the W32/Mytob-FO WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Fdr Command Module	X	sp2.exe	Added by the SDBOT.WP WORM!
FD_SAP	U	FD.exe	Reported to be the autopassword program from the Sony Microvault thumb drive.
feelalright	X	mirc.exe	Added by the W32/IRCFlood-M WORM!
FEELitDeviceManager	U	feelitdm.exe	Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)
fegoze	X	SVCH0ST.EXE	Added by the GRAYBIRD.D VIRUS! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
Fellowes Proxy	U	R3proxy.exe	Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice
Fen Startups	X	fensvc32.exe	Added by the W32.RANDEX.CCF WORM!
FerrariWallPaper	U	FerrariWP.exe	Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com
ffis	X	ffisearch.exe	iSearch "Desktop Search" hijacker
FG1_00	U	frntgate.exe	FrontGate MX - e-mail spam blocker
fGQEGqHOME	X	gwwgtp.exe	Added by the BACKDOOR.RANKY.J TROJAN!
Fhtisxk	U	fhtisxk.exe	XtraKeys - keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove via Spybot S&D (for example)
FieldForms Sync	U	SyncService.exe	Resco FieldForms . A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well.
FiendlyType	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
FILE	X	abcdefg.exe	Added by the W32.Kelvir.DD Worm!
file indexing service	?	msfindfile.exe	New version of MS FindFast and still a resource hog?
file laoder configuration	X	rnd32.exe	Added by the RBOT.BQJ WORM!
File System	X	taskmqrs.exe	Added by a variant of the WIN32.TOXBOT/CODBOT WORM!
File System Service	X	wmiprvsc.exe	Added by the AGOBOT-HZ TROJAN!
File0_0	X	MD1.exe	Added by the Troj/Dloader-OR Trojan!
File1	X	Dia Claro.htm	Added by the Troj/Dloader-OR Trojan!
FileFreedom_Plugin	N	wtm.exe	FileFreedom peer-to-peer sharing program
FileManager32	X	Wscript.exe ..ChkMgr32.vbs	Added by the NOTUP.A VIRUS!
FileSoft	X	Wscript.exe UpdataFiles.vbs	Added by the SST.B VIRUS!
filit	X	(Path of the trojan exe)	Added by the Troj/Perda-F or Troj/Perda-G TROJAN!
FilterGate	U	filtergate.exe	Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items
Filterguard	U	Filtrgrd.exe	An icon located in the lower left of the screen and looks like a lifesaver. This icon is a �short-cut� to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by �right-clicking� on the icon
Find	X	find.exe	Added by the W32.OPANKI WORM!
Find Fast	X	Findfast.exe	Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier
Find Virus Launch Program	Y	fvlaunch.exe	Part of Dr. Solomon's Antivirus
FindHack	X	(Pathname of the Trojan exe)	Added by the W32/Kelvir-BA TROJAN!
FinePrint Dispatcher vx	N	FPDISPxA.EXE	FinePrint - virtual printer for use with any printer. Search for "dispatcher" here for more information. If removed, it will re-install when program is run - hence the Y recommendation
FineReader7NewsReaderPro	N	AbbyyNewsReader.exe	ABBYY FineReader OCR software
FireFox	X	firefox.exe	Added by W32/Rbot-ATP WORM!
FireFox Service Drivers	X	ssmss.exe	Added by a variant of the W32/SDBOT WORM! Note: This trojan file ssmss.exe (Notice the extra s) is not the legitimate Windows Process. The legitimate Windows Process (smss.exe) should not be seen in Msconfig or as a Startup item.
Firewall	X	wmlaunch .exe	Added by the W32.ELIPTER.A or W32.ELIPTER.B or W32.ELIPTER.D WORM!
Firewall	X	SP2 UPDATE.exe	Added by the W32.ELITPER.E WORM!
Firewall	X	Firewall.bat	Added by the VBS.Ypsan.G WORM!
firewall	X	fw_304.exe /i	Added by Troj/Bdoor-JQ TROJAN!
Firewall Client Connectivity Monitor	Y	ISATRAY.EXE	MS Internet Security and Acceleration Server - see here
Firewall Sp2 system	X	sys32Conf.exe	Added by the W32/Rbot-ABT WORM!
Firewall Update System1	X	WinedowsUpdater1.exe	Added by the W32/RBOT-ARU WORM!
Firewall Updater	X	msnupdateit.exe	Added by the W32/RBOT-AAQ WORM!
FirewallStartup	U	Firewallstartup.exe	Innovative Solutions The user can choose whether or not to monitor installs when loaded.
FirewallSvr	X	FirewallSvr.exe	Added by the W32.NETSKY.X or W32.NETSKY.Y WORM!
firewall_anti	X	firewall_anti.exe	Added by the Trojan.Fantibag.A or Troj/Netdeny-B TROJAN!
FireWire Driver	X	samx.exe	Added by the BACKDOOR.SDBOT.AE WORM!
FireWire Service	X	nvscv32.exe	Added by a variant of the W32/SDBOT WORM!
FireWire Services	X	nvcsv32.exe	Added by a variant of the W32.SPYBOT WORM!
First Home Page	X	http://find.naupoint.com	Naupoint browser hijacker
FIX =	X	WinFIX1.0.vbs	Added by the VBS/Gormlez-A Worm!
Fix-it	Y	mxtask.exe	Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required
Fix-it AV	Y	memcheck.exe	Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources
Fixnice	X	vcvw.exe	Added by the SDBOT TROJAN!
FjMenu	U	FjMenu.exe	From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, Organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable.
fkSysMon	N	fksysmon.exe	fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"
FlaCPY	X	flacpy.exe	FlashEnhancer adware variant
FLASH32	?	-flash32.exe	??
FlashEnc	U	FlashEnc.exe	Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission. which is a pain. No need for it if you do not want these features
Flashget Download Manager	X	Flashget.exe	Added by the W32/RBOT-AGZ WORM!
FlashPath Status or FlashPath Monitor	N	SDSTAT.EXE FLSHSTAT.EXE	System Tray icon that you can\'t get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
FlenCPY	X	flencpy.exe	FlashEnhancer Adware variant
Flexicd	U	Flexicd.exe	CD player - part of the Win95 Power Toys
FLMK08KB	U	MMKEYBD.EXE	Multimedia keyboard manager. Required if you use the additional keys
FLMOFFICE4DMOUSE	U	moffice.exe	Mouse properties for Logytech Typhoon Office Mouse
FLMTRUSTKB	?	KbdAp32A.exe	Keyboard utility for a Trust brand keyboard. What does it do and is it required?
FLMTRUSTMOUSE	?	mouse32a.exe	Mouse utility for a Trust brand mouse. What does it do and is it required?
FlnCPY	X	flncpy.exe	FlashEnhancer adware variant
FLooDNeT	X	FLooDeR.exe	Added by the FLOODNET VIRUS!
Floppy Master	X	(Path of the Trojan exe)	Added by the Troj/Zonit-F TROJAN!
Flow Go TV	?	flogotv.exe	??
flps	X	flps.vbs	Added by the BYRON VIRUS!
flpycntl	X	flpycntl.exe	Added by a CRYPTER.C trojan infection
FltProcess	Y	msinet.exe	Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done
FlyswatDesktop	X	flydesk.exe	Advertising spyware
FmctrlTray	U	Fmctrl.EXE	Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)
fmnwebassist	X	fmnwebassist.exe	Adware popup generator
FMStart	U	Fmstart.exe	GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop
fmsz	X	fmsz.exe	Added by the FMSZ trojan
fnmwebassist	X	fnmwebassist.exe	WinPL adware
Focus	?	Focus.exe	ISDN configuration wizard?
Folder Service	X	wssdtu.exe	Added by the MANIFEST VIRUS!
Folder View	U	folderview.exe	Folder_View enhances the Windows file Explorer by making all folders you need available in a single click.
Folding@home	N	WINFAH.EXE	Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs
FoneSyncSystemTray	N	FoneSyncSystemTray.exe	System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required
FontFix	X	fontfix.exe	Added by an unidentified VIRUS!
FontsLoader	X	ldfnt32.hta	Unidentified malware
FONTVIEW	X	FONTVIEW.EXE	Added by the OPASERV.T VIRUS!
foobin lptt01 or foobin ml097e	X	adaware.exe	Variant of the RapidBlaster parasite (in a "foo1" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
FoolProof	Y	fpwinldr.exe	FoolProof Security PC security software from SmartStuff
FoolProofSweep	Y	??	Part of FoolProof Security PC security software from SmartStuff
Forbes	N	ForbesAlerts.exe	Forbes Business News Alerts - displays business news headlines in a little window on the screen
ForceShow	X	rundll32.exe QaBar.dll, ForceShowBar	AdultLinks/QAbar parasite related
Forget Me Not	N	AGRemind.exe	Calendar reminder part of American Greetings� CreataCard�
Fortis Secure Layer Config	U	cseinst.exe	Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information.
FotoStation Easy AutoLaunch	N	FotoStation Easy AutoLaunch.exe	Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
Foul PX	U	FoulPX.exe	Foul PX, Optusnet usage stat checker
FourthDay	U	FourthDay.exe	The Fourth Day - "astronomical clock and almanac for your system tray"
foxdh	X	foxdhend.exe	Added by the PWSteal.Menghuan TROJAN!
foxdh	X	foxdh.exe	Added by the Troj/GWGhost-Q TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
foxrxjh	X	foxrxjh.exe	Added by the TROJ/GWGHOST-T TROJAN!
foxwudy9912	X	service.exe	Added by the TROJ/BANCOS-BT TROJAN!
FP Loader	Y	loadfp.exe	FoolProof Security - PC security software from SmartStuff
FPWGMWZD	?	FPWGMWZD.exe	??
Fpx	N	mnmsrvc.exe	Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
France	X	svchost.exe	Added by a variant of W32.MIMAIL.C WORM! **Note this is not the valid svchost.exe as described for Win2K or WinXP
Fraps	N	fraps.exe	Fraps Real-Time Video Capture software
Free Download Manager	U	fdm.exe	"Free Download Manager" See here
Free Downloads Monitor	?	fdcmon.exe	??
Free Ram Optimizer	U	fro.exe	Free_Ram_Optimizer monitors your memory, and frees up ram if it falls below a certain minimum.
Freedom	Y	Freedom.exe	Zero Knowledge Freedom - Anti-Virus, Personal Firewall and Parental Control, it also blocks ads, safeguards your personal information, encrypts your passwords, and much more
FreeMem Pro	U	FMEMPRO.EXE	Some users swear by memory management utilities such as FreeMem Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind
FreeMemVn2	U	FreeMem.exe	Some users swear by memory management utilities such as FreeMem but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind
FreeMP3download	X	rundll32.exe MSA64CHK.DLL, DllMostrar	MatrixDialer related
FreeRAM XP	U	FreeRAM XP Pro x.exe	Some users swear by memory management utilities such as FreeRAM XP Pro but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind. "x" indicates the version number
FreeRAM XP	U	FREERAM XP PRO 1.40.EXE	FreeRAM_XP is a freeware application to free and defragment your computer�s RAM
freestyle	X	lockx.exe	Added by the W32.Loxbot.A WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Read the link, rootkit type stealth involved.
freesurfer	U	fs20.exe	EMS Free Surfer mk II - pop-up stopper
Fresh Desktop	U	freshdesktop.exe	Fresh_Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals.
FridaysInHellInstaller	?	FridaysInHellInstaller.exe	??
FriendlyType	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
FriendlyTypeName	X	Services.exe	Added by NEVEG.A or NEVEG.B WORM! - Note - this is not the valid Windows Service Controller services.exe process
FriendlyTypeName	X	winlogon.exe	Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
FriendlyWebQuick-Launch	N	SELFCERT.EXE	selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
FRISK FP-Scheduler	U	F-Sched.exe	Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis
FRITZ!DSL Startcenter	?	StCenter.exe	FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required?
FRITZ!webProtect	U	FwebProt.exe	Firewall included in FRITZ! ISP DSL software
Fromine WinPopup	N	winpopup.exe	Instant Messenger program
Frsk	X	frsk.exe	Unidentified adware downloader trojan
FRW_EXE	Y	FRW.EXE	ConSeal Signal9 firewall - now McAfee Personal firewall
frxmxins	Y	frxmxins.exe	ATI 3D Studio MAX/VIZ driver
FS Agent	X	fagent.exe	Added by the TROJ/VOLVER-B TROJAN!
fsaa	Y	fsaa.exe	F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers
FSCBoss	N	FSCBoss.exe	Free_Store_Club shop online software
FSDPSRV	?	FSDPSRV.exe	??
FSH	X	svcnva.exe	Malware, detected by Ewido_Security_Suite as TrojanDownloader.Delf.ks
fsp	U	fsp.exe	Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents
fspr	Y	FolderShield.exe	Folder Shield - hide personal files and folders
FSScrCtl	N	FSScrCtl.exe	Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver"
fsserv	U	fserv.exe	Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time
FSW	X	FSW.exe	FreeScratchAndWin parasite
FSWebServer	U	fsws.exe	Easy_File_Sharing_Web_Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services.
FtkCPY	X	ftkcpy.exe	FlashEnhancer adware variant
FTMSFLT(USB)	U	FTMSFLTU.EXE	Fujitsu\'s Touch Panel Message Notifier
FTP FOR WINDOWS	X	ftpwin32.exe	Added by a variant of the WIN32.RBOT WORM!
FTPGraber	X	FTPGraber.exe	Added by the DLOADER-DT TROJAN!
FTPManager	N	FTPDM.ex	Robust_FTP is a Windows-based file transfer client application that transfers files between a user�s local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (With upload transfer resume and download transfer resume) - can be started manually.
Ftpqueue	U	Ftpsched.exe	Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers
Fujitsu Menu	U	FjMnuIco.exe	From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, Organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable.
fukerservice	X	fukerz.exe	Win32.Rbot worm variant
FUKLBAR	X	bar.exe	Adware related downloader, detected as TrojanDropper.Win32.PurityScan.g
fvek	X	fvek.exe	Added by the Troj/Drivol-A TROJAN!
FWDMON.EXE	X	fwdmon.exe	Added by the Troj/Proxy-S TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
fwenc.exe	Y	fwenc.exe	Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"
Fwr Command Module	X	fwr.exe	Added by a W32/Sdbot-PP worm infection
fwrastrc	N	fwrastrc.exe	Dial-up software for Friendly Technologies/1NationOnLine free ISP
fwservice	N	fwservice	eAcceleration Stop-Sign related; not recommended; see note
FX	X	ieloader.exe	Added by the WIN32.SMALL.RR downloader TROJAN!
fxredir	U	fxredir.exe	Canon MultiPASS fax redirector
f~a	X	ra32.exe	Added by the BackDoor-CAY TROJAN!
g.exe	X	g.exe	Added by the Backdoor.Graybird.Q TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
G00123	X	(worm filename)	Added by the BUGBROS VIRUS!
G0mez =	X	G0mez.vbs	Added by the VBS/Gormlez-A Worm!
G3	X	GSMedia3.exe	Malware downloader - detected by Kaspersky antivirus as Trojan.Win32.VB.ux
Gadu-Gadu	N	gg.exe	Polish language Instant Messaging client
Gadwin PrintScreen	N	PrintScreen.exe	Gadwin PrintScreen - utility to capture, print or save the current window
GAELICUM.EXE	X	GAELICUM.EXE	Added by the Troj/Penta-A TROJAN!
gah95on6	X	gah95on6.exe	ShopAtHome/SAHagent adware
gaim	U	gaim.exe	Gaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks.
Gainward	U	TBPanel.exe	Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
game	X	shit.exe	Added by the Netclap Gold backdoor TROJAN!
Game Device	N	JOYUPDRV.EXE	Genius game controller profile activator
Games Acceleration	X	svshost.exe	EasySearch adware
Games Acceleration	X	(Path to EXE)	Added by the Troj/SmutSrch-A Trojan!
Games toolbar	X	rundll32.exe [path] tbGame.dll" DllShowTB	Topconverting.com/180Search "Games Toolbar" adware
GameSpot	N	kontiki.exe	Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
gameutil.exe	U	gameutil.exe	Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
GammaHotKeys	U	setgamma.exe	Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop
gAnonymousPE	U	GetAnonymousP.exe	GetAnonymous will prevent any attempt of private information becoming observed by anyone on the internet.
gaSrv	X	gaSrv.exe	Adware downloader, identified by Panda antivirus as Trojan.Downloader.ALQ
gaSrve	X	gaSrve.exe	Adware downloader, identified by Panda antivirus as Trj/Downloader.ALQ
Gate Personal Firewall	X	Systpl.exe	Added by the RBOT.ADC WORM
Gate Personal Firewall	X	Systpl.exe	Added by the RBOT.ADC WORM
Gator	X	gator.exe	Spyware - see here for removal instructions
Gator eWallet	X	gator.exe	Gator eWallet - also see here
Gay_Sexy_**	X	Gay_Sexy_**.exe	Premium rate adult content dialer (where * is a random char)
GazelDisplay	U	gsyno.exe	BT Digital Access USB - Gazel ISDN installation System Tray icon
GBTray or GoBack	U	GBTray.exe	System Tray icon access to Roxio\'s (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
gcasDtServ	X	gcasDtServ.exe	Added by an unidentified WORM or TROJAN. - Note - there IS in fact also a Microsoft Antispyware process bearing the same name, but it will not figure among the startup items!
gcasServ	U	gcasServ.exe	Microsoft, formerly Giant AntiSpyware
gcasServ	X	realsched.exe	Added by a variant of the WIN32.TACTSLAY.A TROJAN! - NOTE - do NOT confuse with the Real Player executable as described here
GCC Reminder	?	gccrem.exe	Associated with AcraMax Greeting Card Creator. Is it a registration reminder?
GCS	N	GrabClipSave.exe	GrabClipSave screen capture tool
GDAX	X	(path to file)	Added by the BACKDOOR.RANKY.K TROJAN!
gdien32	X	gdien32.exe	Added by the Troj/Singu-P Trojan!
GDMgr.exe	U	gdmgr.exe	GuardMon is a commercial spyware program designed to monitor all forms of user activity on a computer
GDrive	N	GDriver.exe	Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager
Gearbox	N	confsvr.exe	NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here
GEARsec	N	gearsec.exe	Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player
GEDZAC	X	GEDZAC.exe	Added by the GEMEL VIRUS!
GemStRmW	N	GemStRmW.exe	For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually
gencroot	X	gencroot.exe	Added by the Troj/HacDef-X TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Gene USB Monitor	U	USBMonit.exe	Monitors USB ports for insertion of Sandisk USB flashdrives.
general lptt01 or general ml097e	X	general.exe	Variant of the RapidBlaster parasite (in a "General" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Generic host proccess for windows	X	SVCHOSTS.EXE	Added by the W32/SPYBOT-GQ WORM!
Generic Host Process	X	SCHOST.EXE	Added by the W32/RBOT-NC WORM!
Generic Host Process	X	svchost.exe	Added by the Troj/Dloader-NX Trojan!
Generic Host Process for Win32 Services	X	ntspcv.exe	Added by the SDBOT.S WORM!
Generic Host Process for Win32 Services	X	intspvc.exe	Added by the DINFOR.D VIRUS!
Generic Host Process for Win32 Services	X	winsvc.exe	Added by a W32/Sdbot-O worm infection
Generic Host Process for Win32 Services	X	bazzi.exe	Added by the W32.AHKER.E WORM!
Generic Host Process for Win32 Services	X	winsvc32.exe	Added by the W32/SDBOT-P WORM!
Generic Host Process326a System Backup	X	scvhost326a.exe	Added by a variant of the W32/SDBOT WORM!
Generic Host Service	X	lshost.exe	Added by a RBOT.LU worm infection
Generic Service Process	X	regsvc32.exe	Added by the GAOBOT.UJ or GAOBOT.UL WORMS!
Generic Service Process	X	regsvc32.exe	Added by the W32.GAOBOT.UJ WORM!
Generic Service Process	X	serv1ces.exe	Added by the W32/Agobot-JK WORM!
Generic Service Process	X	nvsvc.exe	Added by the AGOBOT.BY WORM! - NOTE - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described here
Generic Services Process	X	regsvc32.exe	Added by the W32.Gaobot.SY worm
Genie USB Monitor	Y	USBmonitor.exe	Port monitor for an external USB hard drive. Required to enable access to the drive
Geography TX 1.0 NT	X	CompuSpeed.vbs	Added by the VBS/NEWLEY-A WORM!
Gerenciamento de arquivos do Windows	X	Winmod32.exe	Added by the Troj/Dloader-WG TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Gestionnaire de disques universel	X	sysoobe.exe	Added by the Troj/Toader-A TROJAN! Note: This trojan file is found in the System\oobe (95/98/Me) or System32\oobe (Nt/2000/XP) folder.
Get Smile	N	getsmile.exe	Puts smilie faces in your E-mail. Run manually when required
GetRight Tray Icon	N	GETRIGHT.EXE	GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs
GetTheMusic	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
GhostStartService	N	GhostStartService.exe	Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard
GhostStartTrayApp	N	GhostStartTrayApp.exe	System Tray access to Norton Ghost - added from the 2003 version
GhostSurfDelSatellite	?	DeleteSatellite.exe	SpyCatcher spyware remover related - what does it do and is it required?
gigabit.exe	X	gigabit.exe	Added by the BEAGLE.U WORM!
GigaByte	X	Cheatle.exe	Added by the SHODI.B VIRUS!
Gilat SOM Enumerator	Y	dllhost.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
GilatFTC	Y	ftc.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
GinaDll	X	ntgina.dll	Added by a ANIG.A worm infection
GisdnLog	?	gisdnlog.exe	BT Digital Access USB
Glass2k	U	Glass2k.exe	"Glass2k is a small little program that allows Win2K/XP users to make any window transparent"
GLF Network Lan Monitor	X	NPFMNTOR.exe	Added by the W32/RBOT-AGY WORM!
Glide	Y	Glidew32.exe	Cirque touchpad driver
GLSetIT32	X	msiexec16.exe	Added by the OPTIX PRO series of VIRUSES!
GLSetIT32	X	isass.exe	Added by a variant of the OPTIX PRO series of VIRUSES!
GLSetT32	X	smsiexec.exe	Added by the TROJ/OPTIX-D TROJAN!
gluon	?	gluon.exe	In a gluon/bin sub-directory
glv	X	glv.exe	Added by the DLOADER-NG TROJAN!
GMedia2	X	GSM2.exe	Malware downloader - detected by Kaspersky antivirus as Trojan.Win32.VB.ux
GMedia2	X	GSMedia3.exe	Malware downloader - detected by Kaspersky antivirus as Trojan.Win32.VB.ux
Gmouse	Y	Gmouse.exe	Amouse mouse driver - required if you use non-standard Windows driver features
Gnetmous	U	gnetmous.exe	Genius NetScroll mouse driver - required if you use non-standard Windows driver features
GNP Generic Host Process	X	svchost.exe	Added by the Troj/Zapchas-R NOTE - This file is placed in the C:\Winnt\System or C:\Windows\System folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
GNP Generic Host Process	X	svchost.exe	Added by the Troj/Zapchas-AA TROJAN! Note: This one replaces svchost.exe in the System32 folder with a copy of Mirc on (NT/2000/XP) systems and just adds svchost.exe to the System folder on (95/98/ME) systems.
Go!Zilla	X	gozilla.exe	Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
Go!Zilla Monster Downloads	X	Go.exe	Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
GoBack	U	GBMenu.exe	Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
GoBack Polling Service	U	GBPoll.exe	Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
GoBack Tray Icon	U	GBTray.exe	System Tray icon access to GoBack (above)
GOG	X	GOG.exe	Added by the PHILIS.B VIRUS!
goidr	X	goidr.exe	Goidr adware
Goldensoft_MndlSvr	U	MndlSvr.exe	Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
Golum	X	services.exe	Added by the GOLUM.A TROJAN! - Note - this services.exe file is placed in a Winnt\System32\Golum or Windows\System32\Golum subdirectory, and should NOT be confused with the legitimate Windows services.exe process, located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
golumm	X	services.exe	CoolWebSearch parasite variant. Note - this is NOT the legitimate Windows services.exe process, which should NOT figure in Msconfig/Startup!
google	X	google.exe	Added by the W32/Rbot-AMW WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Google Desktop Search	U	GoogleDesktop.exe	Google_Desktop_Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks."
Google Earth Viewer	N	GOOGLEMAPS.EXE	Google_Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips."
google Intrenet Explorer	X	google.pif	Added by the W32/RBOT-ARA WORM!
google toolbar	X	ggtb32.exe	Added by the W32/AGOBOT-RR WORM!
GoogleDCClient	N	GoogleDCC.exe	Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing"
googletalk	U	googletalk.exe	Google_Talk "enables you to call or send instant messages to your friends for free�anytime, anywhere in the world". Can be launched manually.
GoToMyPC	U	g2svc.exe	ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser
GotSmiley	X	GotSmiley.exe	Gator GotSmiley - adware based, also see here
gouday.exe	X	readme.exe	Added by the BEAGLE.C WORM!
GRA	N	gra.exe	Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility
gramdate	?	2Stop.exe	??
Graphic Driver	X	smss32.exe	Added by a variant of the WIN32.RBOT WORM!
Graphic Loader	X	ntvdm32.exe	Added by a variant of the WIN32.RBOT WORM!
Gravis Appawareloader	U	dbserver.exe	Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them
Gravis Xperience Driver Support	U	Grxp4exe.exe	Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used
GrayPigeonServer2.0	X	G_Server2.0.exe	Added by the Troj/Feutel-AD TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
GrdSys32	?	GrdSys32.exe	X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?
Greetings Workshop	N	GWREMIND.EXE	You really want to be reminded about somebody's birthday at the expense of resources?
gremier	X	wscript.exe gpremier.vbs	Added by the GPREMIER VIRUS!
Gremlin	X	intrenat.exe	Added by the DOOMJUICE VIRUS!
Grokster	N	Grokster.exe	Groster Peer-To-Peer File Sharing program
GrpConv	Y	grpconv.exe	Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article,
GsAds	X	gms2.exe	PacerD_Media/Pacimedia.com adware component
Gscbc	?	Gscbc.exe	??
gshp	X	zzgshp.vbs	Homepage hi-jacker
Gsiconexe	N	Gsicon.exe	ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities
GsiFinal	?	rundll32 gspndll.dll,postInstall final	USB DSL modem related - [what does it do and is it required in startup?
GSISETUP	?	[path] GsiInst.exe INSTALL [path] V205Res 13	BT Voyager ADSL modem related - what does it do and is it required?
GSOrganizer	N	GSOrganizer.exe	GoldenSection Organizer - personal information manager
gssomatic	X	gssomatic.exe	Searchcentrix hijacker
GStartup	X	GMT.exe	Gator spyware component - see here
gsv	X	gsv.exe	Added by the ROBAL 1.0 backdoor TROJAN!
Gtwatch	N	gtwatch.exe	Associated with a Mustec scanner and not required
Guardian	N	CMGrdian.exe	McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
guarnset	X	guarnset.exe	Adlogix adware
GuruNet	U	GuruNet.exe	GuruNet lets you click on any word on your screen to get the relevant information you want.
GustavVED	X	(random filename)	Added by the OPASERV.H VIRUS!
gvagfxj	X	rundll32 ...gvagfxj.dll	Unidentified adware, spyware or virus
gw port controller	Y	PORTCT95.EXE	From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung
GWInkMonitor	N	GWInkMonitor.exe	Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!
GWMDMMSG	N	GWMDMMSG.exe	Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
GWMDMpi	U	GWMDMpi.exe	Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information
gwum	U	gwum.exe	Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers"
gyy	?	gyy.exe	Possibly Gator (and therefore spyware) related?
G_Server.exe	X	G_Server.exe	Added by the TROJ/FEUTEL-C and Troj/Feutel-J TROJANS!
G_Server1.2.exe	X	G_Server1.2.exe	Added by the Troj/GrayBird-Z TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
H/PC Connection Agent	U	WCESCOMM.EXE	Active sync for use with Windows CE based palm PC
h4te Service Drivers	X	h4te.exe	Added by a variant of the WIN32.RBOT WORM!
hachimitsu-lemon	X	hachimitsu-lemon.exe	Added by the HACHILEM TROJAN!
hagent	X	avp.exe	Added by the "Herman Agent" remote access TROJAN!
HalifaxHowardCluster	U	skinkers.exe	Howard_the_Weatherman desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages
HaMFrontPanel	U	hampanel.exe	Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless
Handy Backup 3.9	U	hbagent.exe	Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers
Hardware Doctor	U	Hwdoctor.exe	Winbond Hardware Doctor - as included on some motherboard using Winbond\'s hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you\'re concerned about your system temperature - typically for "overclocked" systems
Hardware Monitor Service	X	mshms.exe	Added by the Troj/Wollf-A TROJAN!
Hardware Profile	X	hxdef.exe	Added by a variant of the LOVGATE WORM!
Hardware Sensors Monitor	U	hmonitor.exe	Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems
Hare	U	hare.exe	Hare - improve and optimize performance of desktop/laptop PCs
HATAPE	X	(Pathname of the Trojan exe)	Added by the Troj/Banker-QF TROJAN!
HawkEye	U	HAWK_95.EXE	Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
HawkEye IV Control Panel	U	HAWK_32.EXE	Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
Hawking HWU54G Utility	U	HWU54G.exe	Related to Hawking Technologies HWU54G Mini Wireless-G USB Adapter
Hbinst	X	Hbinst.exe	Hotbar enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see here
HC Reminder	N	hc.exe	For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed
HCDetect	N	HCDetect.exe	MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem
hcenter	U	tgcmd.exe	See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
hclean32.exe	X	hclean32.exe	TROJAN downloader/installer! - assumed to be associated with Wareout, malware masquerading as a spyware and dialer remover, see here
Hcontrol	U	hcontrol.exe	Hotkeys on an ASUS Notebook. Only required if you use the additional keys
HDAudio Driver 1.0	X	(random).exe	Added by the Troj/Teadoor-D TROJAN!
HDAudio Driver 2.0	X	(random).exe	Added by the Troj/Teadoor-E TROJAN!
HDDHealth	U	hddhealth.exe	HDD_Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure."
HDDlife	U	HDDlife.exe	HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks.
HDhelp	?	tbhdhelp.exe	Associated with Philips Edge series soundcards. Is it required?
HDtray	N	HDtray.exe	Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel
he3bbcff	X	rundll32.exe (path) he3bbcff.dll,EnableRunDLL32	LZIO.com adware downloader
he3e3fc4	X	rundll32.exe (path) he3e3fc4.dll,EnableRunDLL32	LZIO.com adware downloader
HELLBOT TEST	X	1hellbot.exe	Added by the W32.MYDOOM.BO WORM!
hellodolly	X	shost.exe	Added by the YODO VIRUS!
helloworld	X	nb32ext2.exe	Added by the W32/MYDOOM.BV WORM!
helloworld	X	nb32ext3.exe	Added by the MYTOB.JT WORM!
Help	?	helpext.exe	??
Help Temp Files	X	netreg.exe	Added by the W32/FORBOT-EM WORM!
helpctl.exe	X	helpctl.exe	Added by the GASLIDE VIRUS!
Helper	X	eschlp.exe	Added by the BLASTER.T VIRUS!
HELPER	X	Netherlands.exe	AsdPlug premium rate adult content dialer variant
HELPER	X	greece_nm.exe	AsdPlug premium rate adult content dialer variant
HELPER	X	new_zealand.exe	AsdPlug premium rate adult content dialer variant
HELPER	X	sweden.exe	AsdPlug premium rate adult content dialer variant
HELPER	X	france.exe	AsdPlug premium rate adult content dialer variant
HELPER	X	canada.exe	AsdPlug premium rate adult content dialer variant
HELPER	X	temp532.exe	AsdPlug premium rate adult content dialer variant
helper.dll	X	[path] rundll32.exe [path] helper.dll	CnsMin (Chinese_Keywords) related
HelpExp.exe	X	HelpExp.exe	Attune HelpExpress. Disable - see here
helpmanager	X	spoler.exe	Added by the RANDEX.J VIRUS!
helpw	X	helpw.exe	adware downloader
hen	Y		Added by the TARNO.G VIRUS!
heomstool	X	heomstool.exe	Added by the Heoms TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Creates multiple files.
hErcUnes	X	softhost.exe	Added by the W32.GARROCH WORM!
Hermes Messenger	U	DGDRHE~1.EXE	A LAN messenger alternative to WinPopUp - Digital Dreams Software
Hewlett Packard Manager	X	hpmanager.exe	Added by the W32.Mytob.KE WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Hewlett Packard Recorder	N	Remind32.exe	HP multifunction registration
Hf	U	Hf.exe	Hide Folders - hide your folders so only you can view them
HF Security	X	hfsecure.exe	Added by the W32/AGOBOT-TI WORM!
hffsrv	U	hffsrv.exe	Hide_Files_&_Folders is a password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching.
hfxp	U	hfxp.exe	Hide Folders XP - hide your folders so only you can view them
hgqhp.exe	X	hgqhp.exe	Added by the Troj/DNSBust-C TROJAN! or the Trojan.Flush.F TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Troj/DNSBust-C injects its code into EXPLORER.EXE and IEXPLORE.EXE.
HGTXPEI	N	FirstReboot.exe	Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel
HiberMonitor	?	HCount.exe	??
Hibernation	U	hib32.exe	Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly
Hid.exe	X	hid.exe	Added by the RATSOU.B VIRUS!
hiden	X	hiden.exe	Added by the AGENT-IW TROJAN!
HideOE	U	HideOE.exe	HideOE - allows you to 'hide' Outlook Express or minimize it to the sytem tray.
HideRun.exe	X	Hiderun.exe and svhost.exe and pro.gif	Added by the BOOHOO VIRUS!
hidserv	U	hidserv.exe	This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards
High Definition Audio Property Page Shortcut	N	HDAudPropShortcut.exe	Realtek audio card related; probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required.
HijackThis startup scan	U	HijackThis.exe	HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you always should consult with knowledgable folks before deleting anything. Required if you'd like Hijack This to run a scan at startup, and show the results when new items are found (if so, check the appropriate box in the "Config" section")
HijSrv32	X	hijsrv.exe	Added by the Troj/Bankgerm-D TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
HistoryKill	N	histkill.exe	HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs
HitwarePKLite	U	HITWAR~1.EXE	Hitware Popup Killer Lite
HIV	X	HIV.exe	Added by the HIVA VIRUS!
hk	U	hk.exe	KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself!
hkcmd	U	hkcmd.exe	Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl Alt F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via the Display Properties in Control Panel
HKEYok	X	runlli32.exe	Added by the Troj/QQPass-U TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run	X	windowsupdate.exe	Added by the W32/Forbot-BJ WORM!
HKSERV.EXE	U	HKserv.exe	Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS
hkss	U	hkss.exe	Compaq HotKey Support - multimedia keyboard support
HLcleanup	X	hlsetup2.exe	LinkReplacer/FFinder adware component
hlhtxo.exe	X	hlhtxo.exe	Added by the QLOWZONES-27 TROJAN!
hlinstaller1	X	hlinstaller1.exe	Identified by Kasperksy_Labs as Trojan.Win32.SecondThought.aa
HLL Data Parameter	X	hllcxpa.exe	Added by the RBOT.AFG WORM!
HMI PowerSystem	X	hmisvc32.exe	Added by the W32.RANDEX.CZZ WORM!
HML PowerSource	X	hmlsvc32.exe	Added by the W32/SDBOT-XL WORM!
Hmonitor	U	Hmonitor.exe	Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status
HMV PowerSource	X	hmusvc32.exe	Added by the W32/Sdbot-YW Worm!
HOI Services	X	holsvc32.exe	Added by the W32/AGOBOT-SF WORM!
Holiday Lights	N	Holiday Lights.exe	Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs
Hollaback	X	slvhosts.exe	Added by the SDBOT.BMO WORM!
Home Theater SchSvr	N	SchSvr.exe	WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
HomeAlarm	U	HomeAlarm.exe	Chameleon Clock - system tray clock replacement
HomeCentre WakeUp	?	LGWAKEUP.EXE	Associated with the no longer supported Xerox HomeCentre printer/scanner
Homeland Network	X	HomelandNetwork.exe	Homeland_Network Notifier - Pops ads, see their privacy_policy
Honor	?	honor.exe	??
Hook99startup	U	hk2re.exe	"Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"
HookSys	U	HookSys.exe	SurfinGuard Pro - protects against all malicious code delivered through executables, scripting files, ActiveX and Java
HorngTech4D	Y	bally4d.exe	HorngTech 4D mouse driver
Host	X	N/A	Added by the POPDIS VIRUS!
Host Process	X	mame.exe	Added by the W32/Rbot-APO WORM!
hostdll.exe	X	hostdll.exe	Added by the BANKER-BO TROJAN!
HostManager	?	AOLHostManager.exe	In a Program Files\Common Files\AOL folder - what does it do, and is it required?
Hostren.exe	X	Hostren.exe	Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN!
hostserv	X	hostserv.exe	Added by the RBOT.BPZ WORM!
hostserv	X	wiz98.exe	Added by a variant of the W32/SDBOT WORM!
HostSrv	X	sachostx.exe	Added by the LOOKSKY.A WORM!
HostSVC syse	X	HostSVC.exe	Added by the W32/RBOT-ANZ WORM!
Hot Corners	U	Hotc.exe	Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"
Hot Key Kbd 2690 Daemon	U	SK9910DM.exe	Multimedia keyboard manager - required if you use any special keys
Hot Key Keybd 9910 Daemon	U	SK9910DM.exe	Multimedia keyboard manager - required if you use any special keys
Hot Party 22	?	hotpart22.exe	??
HotAction_hr	X	hotaction_hr.exe	Added by the Dial/SiteIcon-B Dialer. Note: Dial/SiteIcon-B provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr
Hotbar	X	Hbinst.exe	Hotbar enhances the surfing experience offering a variety of innovative and fresh skins to the browser while providing users worldwide with access to various services of added value and fun. Also regarded as adware/spyware due to it's adds and browsing habits information gathering - see here
Hotbar	X	HbOEAddOn.exe	Hotbar adware
Hotfix Updat	X	svdhost32.exe	Added by the GAOBOT.ZW WORM!
HotIDE	U	hotide.exe	HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks
HotkeyApp	U	HotkeyApp.exe	Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
HotKeysCmds	U	hkcmd.exe	Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl Alt F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via Control Panel -> Display Properties
HotPix	X	hotpix.exe	Adult content dialler
hotplug	X	hotplug.exe	Trojan.Downloader.Agent.AM
HotSurprise	X	HotSurprise.exe	Premium rate adult content dialer
HotSync Manager	N	hotsync.exe	Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs
hotwetlove	X	hotwetlove.exe	Adult content dialler. Will not uninstall - components have to be manually deleted
Hot_Kiss	X	Hot_Kiss.exe	Adult content dialler
Hot_Tarts	X	Hot_Tarts.exe	adult material dialer
Hot_Tarts_**	X	Hot_Tarts_**	Premium rate adult content dialer (where * is a random char)
Hot_Tarts_mc	X	Hot_Tarts_mc.exe	Wink/HotTarts premium rate adult content dialer
HoverDesk	U	HoverDesk.exe	HoverDesk - desktop replacement software
hp 1000 firmware	?	fwdl.exe	HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)?
HP AutoIndexer	U	hppautoindexer.exe	Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
HP CD-DVD or HP CD Writer	N	hpcdtray.exe	System Tray access to a HP CD-Writer\'s functions. Available via Start -> Programs
hp center	X	BACKWEB-137903.exe	Based upon HP's own description from here - "With the My HP Center, consumers have access directly from the desktop to Internet sites featuring special offers for HP customers ranging from personal finance and shopping to digital imaging and music" I have classified this as adware. The number may change - if yours is different let me know
hp center UI	X	ShadowBar.exe	User Interface for HP Center
HP Component Manager	N	hpcmpmgr.exe	Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can\'t shutdown the computer because hpcmpmgr.exe can\'t be ended"
HP Deskjet	X	HP_DeskJet_500.exe	Added by the W32/FORBOT-DA WORM!
HP Digital Imaging Monitor	U	hpqtra08.exe	System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos from a camera, for example
HP Display Settings	U	hpdisply.exe	Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message
HP IDScheduler	?	HPIDSCHD.exe	HP Instant Delivery Scheduler
HP Image Zone Fast Start	N	hpqthb08.exe	Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time
HP Info Express	N	??	On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
HP Instant Support	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide
HP Internet Center	N	SURFBRD.EXE	Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
HP JetDiscovery	N	HPJETDSC.EXE	HP JetAdmin software which monitors printing jobs on a network environment
HP JetSpeed Autostart	N	AUTOSTART.EXE	Autostart executable for the old multiplayer game HP Jetspeed
HP Laser Jet Director	U	hppdirector.exe	System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc
HP Network Registry Agent	N	hpnra.exe	Hewlett-Packard Network Registry Agent background task installed by the drivers for many of HP�s printers since 2002. See here under "hpnra.exe"
HP OfficeJet Series xxx Startup	?	HPOSTR03.EXEHPOstr05.exe	xxx represents the series number - such as 700. What does it do and it it required?
HP Parallel Port Test	N	hppt.exe	Associated with a HP ScanJet scanner
HP Photo Manager	X	HPPhotoManager.exe	Added by the SDBOT.AXU WORM!
HP Port Resolver	?	hpbpro.exe	??
HP Precision Scan	N	hpmdlbwx.exe	HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
HP Presentation Ready	N	PresRdy.exe	HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"
hp psc 2000 Series	U	hpobnz08.exe	System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start
HP RecordNow	U	??	From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used."
HP ScanPatch	U	HPScanFix.exe	Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting
HP ScanPicture	N	hpsplmwa.exe	HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
HP SchedIndexer	U	hppschedindexer.exe	Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
HP Service Drivers	X	hdsys.exe	Added by the W32/Sdbot-ZE Worm!
hp Silent Service	?	HpSrvUI.exe	HP related
HP Simple Trax	N	Hpcron.exe	Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon
HP software update	N	HPWuSchd.exe	HP software updates. If a shortcut doesn't exist, create your own and run it manually
HP software update	N	HPWuSchd2.exe	HP software updates. If a shortcut doesn't exist, create your own and run it manually
HP Status	N	hpstatus.exe	HP Printer Status and Alerts
HP Status Server	?	hpboid.exe	??
HP TV Now	U	HpTvNow.exe	Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts) - user's choice!
HP Updates	N	??	On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
HP Visualize Init	?	HpVisIni.exe	HP Visualize software related. What does it do and is it required?
HP-Aio Flight	N	Remind32.exe	HP multifunction registration
hpaiodevice	N	hpodev07.exe	Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
HPAiODevice(hp officejet g series)	?	hpoavn07.exe	HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall - is it required?
HPAiODevice(hp psc 900 series) -1	N	hpobrt07.exe	Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry
HPAIO_PrintFolderMgr	N	hpoopm07.exe	Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
hpcmpmgr	N	hpcmpmgr.exe	Checks the internet for updated drivers/utilities for your HP product - update manually. Also, disabling will obviously get rid of the more or less common error message: "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
HPDJ Taskbar Utility	U	hpztsbol.exe, hpztsd0.exe, hpztsb0.exe (* = digit)	(1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language - see here for more info or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer
hpfsched	N	hpfsched.exe	HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
HPGamesActiveMenu	U	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
hpgs2wnd	N	hpgs2wnd.exe	"HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites."Available via Start -> Programs
Hpha1mon	U	Hpha1mon.exe	Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature.
HPHAxMON	U	HPHAxMON.EXE	Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature and known to cause system crashes in some cases. "x" can be 1, 2 or 3 and depends upon driver version. Replaced by HPHmon (where is the version number) from version 4 onwards
HPHmon**	U	HPHMON**.EXE	Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn\'t inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don\'t use the reader
HPHmon04	U	hphmon04.exe	Media card reader for some HP series printers allowing them to read digital camera memory cards directly. Only needed if you use this feature
hphmon05	?	hphmon05.exe	?
HPHmon06	U	hphmon06.exe	Related to the Hewlett Packard software HP Photosmart printer, it provides easy access to flash card reading functions. This program is not essential to the running of the system. Your choice.
Hphome	X	hphome.js	Homepage hijacker
HPHUPD**	N	hphupd**.exe	HP software update checker and wizard launcher. ** represents the version number. Available via Start -> Programs
hphupd04	N	hphupd04.exe	HP Photosmart software update checker and wizard launcher. Available via Start -> Programs
HPHUPD05	?	hphupd05.exe	?
HPHUPD06	N	hphupd06.exe	Belongs to the HP Photosmart application and is responsible for keeping this software upto date. This program is not essential to the running of the system
hpjsiroute	?	hpjsira.exe	Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2"
HPl Services	X	hmlsvc32.exe	Added by the W32/AGOBOT-SI or W32/Agobot-SM or W32/Agobot-SN and W32/Agobot-ATK WORMS!
HpLamp	Y	HPLAMP.EXE	HP Scanner Utility that controls your scanner�s light bulb. Needed if it's switched on. Also refer here for troubleshooting
hplampc	U	hplampc.exe	HP Scanner Lamp Utility. Fixes an issue with the scanner lamp not going off.
HPLaptopGamesActiveMenu	U	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
HPLogiFinder	U	hp_finder.exe	HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used
HpMmKbd	U	HpMmKbd.exe	HP�s multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard
HPNT	X	hpdll.exe	Malware - detected by Kaspersky antivirus as Trojan-Downloader.Win32.VB.ku
hpodblia	N	hpodblia.exe	HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
hpodlb08	N	hpodlb08.exe	HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
hpotdd01.exe	Y	hpotdd01.exe	hpotdd01.exe is installed alongside HP Multimedia products and is responsible for digital imaging. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems."
hpppta	Y	HPPPTA.exe	HP parallel port driver for certain hardware
HpPrinter	X	hpserver.exe	Added by the Troj/CmjSpy-W Trojan!
HPPROPTY	N	HPPROPTY.EXE	HP LaserJet Toolbox
HPPWRSAV	U	HPPWRSAV.EXE	Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch
hpqcmon	?	hpqcmon.exe	From HP and related to digital imaging
HPSCANMonitor	U	hpsjvxd.exe	HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner
hpScannerFirstBoot	?	scannerfb.exe	HP scanner related
hpsjbmgr	N	hpsjbmgr.exe	HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment
HPStart	N	hpstart.wsf	This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot
hpsysconf1	X	(random file name)	VIVIA.A trojan variant
hpsysdrv	U	hpsysdrv.exe	This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working
HPU	N	ProvenTactics.exe	Proven Internet Marketing software
hpWirelessAssistant	U	HP Wireless Assistant.exe	The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices.
HPZTS04	N	hpzts04.exe	Hewlett Packard printer toolbox shortcut that resides in the system tray
HP_dla	N	dlatray.exe	On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD
HQI Services	X	hqlsvc32.exe	Added by the W32/AGOBOT-RP WORM!
HQI Services	X	hqisvc32.exe	Added by the W32/AGOBOT-RO WORM!
HR	U	Hr.exe	HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it.
HREF.OCX	Y	regsvr32.exe ....HREF.OCX	HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller
Hrn_qtv	X	hrnsvc32.exe	Added by the W32/Sdbot-AET WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
hsim	X	toolbar.exe	Unidentified Malware
hsim	X	sexgame.exe	Unidentified Malware
hsim	X	isearch.exe	Unidentified Malware
HSLAB Logger	U	logger.exe	HSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it.
Hti	U	npdor.exe	Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required
HTML Help System	X	hhs.pif	Added by the W32/Rbot-ATB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
HTML32 Help System	X	hhs32.pif	Added by the W32/Rbot-ATE WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
HTpatch	U	htpatch.exe	HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
HtProtect	X	AVprotect.exe	Added by the W32.NETSKY.L WORM!
http://www.lienvandekelder.be	X	LienVandeKelder.exe	Added by the W32/MYTOB-AZ WORM!
http://www.lienvandekelder.be	X	Lien Van de Kelder.exe	Added by the W32/Mytob-CP or W32/Mytob-CO or W32.Mytob.GK WORMS!
http://www.lienvandekelder.be	X	Lien vd Kelder.exe	Added by the W32/Mytob-M Worm!
http://www.lienvandekelder.be	X	Lien.exe	Added by the W32/Mytob-CZ Worm!
http://www.lienvandekelder.be	X	Lientjeuh.exe	Added by the W32/Mytob-P Worm!
http://www.lienvandekelder.be	X	We Love Lien Van de Kelder.exe	Added by the W32/Mytob-CV Worm!
http://www.lienvandekelder.be	X	LienVdK.exe	Added by the W32/MYTOB-U WORM!
http://www.lienvandekelder.be	X	Van de Kelder Lien.exe	Added by the W32/Mytob-BF Worm!
http://www.lienvandekelder.be	X	Lien Vande Kelder.exe	Added by the W32/Mytob-AQ Worm!
http://www.lienvandekelder.com	X	Lien Van de Kelder.exe	Added by the W32/Mytob-EQ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
http://www.lienvandekelder.com/	X	LienVandeKelder.exe	Added by the W32/Mytob-EO WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
httpd	X	c_pan.exe	Added by an infection by a Troj/Delf-A trojan variant!
httpd	X	deamon.exe	Added by the WIN32.TACTSLAY.C TROJAN!
httpd	X	msgaol.exe	Added by the WIN32.TACTSLAY.C TROJAN!
httpd	X	s_menu.exe	Added by the WIN32.TACTSLAY.C TROJAN!
https-ssl	X	https.exe	Added by the MOEGA.D VIRUS!
huhdir	?	huhdir.exe	??
huigezi	X	HgzServer.exe	Added by the GRAYBIRD.C VIRUS!
Hvid	X	Hvid.exe	Added by the GEMA TROJAN!
HWINFO*	X	HWINFO*	Added by the PUROL VIRUS! where * is a random character
HWinst	Y	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Hwp	X	system_wc.exe	Added by Eziin adware
hxadsec	X	(pathname of the Trojan executable)	Added by the Troj/AdClick-AP TROJAN!
HXDL.EXE or HXIUL.EXE	X	HXDL.EXE HXIUL.EXE	Believed to be spyware - made by a company called Alset. Also known as "HelpExpress". Will install itself if you have previously had Attune by Aveo installed as they\'re by the same company. Uninstall via Add/Remove programs
HydarVisionDesktopManager	U	desk95.exe	ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this_one . HydraVision can be uninstalled through Add/Remove Programs.
HydarVisionViewport	U	viewport.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
HydraVisionDesktopManager	U	desk98.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
HydraVisionViewport	U	viewport.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
Hyper Start	X	instantmsgrs.exe	Added by the W32/RBOT-NH WORM!
I am not Ranky. I am eTunnel!	X	winsys.exe	Added by an unidentified WORM or TROJAN!
I am not Ranky. I am eTunnel!	X	msyervice.exe	Added by an unidentified WORM or TROJAN!
I am not Ranky. I am eTunnel!	X	disney.exe	Added by an unidentified WORM or TROJAN!
I-Worm.GiGu	X	uGiG.eXe	Added by the GINK VIRUS!
I/O Controllers	X	svcnet.exe	Added by the TROJ/TIBIK-B TROJAN!
I386	X	I386.exe	Added by the MYPOWER VIRUS!
I81SHELL	?	I81SHELL.exe	Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard
i8kfangui	U	i8kfangui.exe	Graphical interface for fan speed control
IAAnotif	U	iaanotif.exe	IAA Event Monitor User Notification Tool - part of Intel� Application Accelerator - "a performance software package for desktop PCs using select Intel� chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it\'s required to notify you if a RAID 1 disk has failed
iamapp	Y	iamapp.exe	AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well
Iamnacho On Irc.MusIrc.com Is a Homosexual!	X	XBox64.exe	Added by the RANDEX.Y VIRUS!
Iap	?	iap.exe	Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?
ias	U	ias.exe	InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!
IASHLPR	X	IASHLPR.EXE	Added by the OPASERV.T VIRUS!
ibin	X	(Pathname of the Trojan executable)	Added by the Troj/Perda-C Trojan!
ibm	X	ibm.exe	Added by the Troj/LegMir-AH Trojan!
ibmmessages	N	ibmmessages.exe	Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport"
Ibmmon.exe	?	Ibmmon.exe	??
Ibmpmsvc	U	ibmpmsvc.exe	Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes
IBMUltraBayHotSwapCPLLoader	U	IBMBAY2N.EXE	Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
IBMUltraBayHotSwapSound	?	IBMBAYSN.EXE	Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?
IBWin Background process	U	IBackground.exe	IBackup for Windows
IBWin Monitor	U	IBMonitor.exe	IBackup for Windows
icasServ	X	icasServ.exe	Browser hijacker, redirecting to Searchforfree.info, also detected as TROJ/ICASERV-A
ICcontrol	X	iccontrol.exe	Added by the ICcontrol premium rate adult content dialer
icdd7ee6	X	rundll32.exe (path) icdd7ee6.dll,EnableRunDLL32	LZIO.com adware downloader
icddefff	X	rundll32.exe (path) icddefff.dll,EnableRunDLL32	LZIO.com adware downloader
ICH Synth	N	eusexe.exe	Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices
icifati	X	yujixit.exe	Added by the SDBOT.ZZH WORM!
iClean	U	iClean.exe	IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"
iCn	N	NAG.EXE	iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist
ICO	N	ICO.EXE	Found on a Sony Vaio laptop and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
Icon Animation	N	HDE.EXE	Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons
Icon Hearit 95	N	hearit95.exe	Audio desktop customization utility from Moon Valley Software. Resource hog
Icon Hearit 98	N	hearit98.exe	Audio desktop customization utility from Moon Valley Software. Resource hog
Icon lptt01 or Icon ml097e	X	icon.exe	Variant of the RapidBlaster parasite (in an "Icon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
ICONCLNT	Y	iconclnt.exe	APC PowerChute Tray Icon. Associated with the UPS listing
ICONDESK	U	ICONDESK.EXE	Small utility which will allow you the option of hiding or showing your desktop icons
Iconfig.exe	N	Iconfig.exe	Icon for LS-120 "Superdisk"
iConfigLoader	X	DIIhost.exe	Added by the GAOBOT.AO WORM!
Iconoid	N	Iconoid.exe	Iconoid is a desktop icon manager
Iconsaver	N	Iconsaver.exe	IconSaver is a desktop icon manager
ICQ =	X	ICQNET.vbs	Added by the VBS/Gormlez-A Worm!
ICQ Center	X	consoles.exe	Added by the RANDIN VIRUS!
ICQ Chat Service	X	icqjdhs.exe	Added by a variant of the WIN32.RBOT WORM!
ICQ Hacking Pro	X	ICQpro.exe	Added by a version of the NETSPY VIRUS!
ICQ Lite	N	ICQLite.exe	ICQ Lite - compact version of the popular messaging program
ICQ Lite Messenger	X	ICQLITE.EXE, random file names	Unidentified worm or trojan. Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or Winnt\System32 directory.
ICQ Messenger 2002	X	ICQ2002.exe	Added by the W32/Sdbot-ABL WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
ICQ Net	X	winlogon.exe	Added by the W32.NETSKY.C or W32.NETSKY.D or W32.NETSKY.E or W32.NETSKY.K WORM! **Note - this is NOT the legitimate Windows winlogon.exe process
ICQ Net	X	winlogon.exe	Added by the Win32.Netsky.D WORM! - Note - this is NOT the legitimate Windows winlogon.exe process, which should NOT figure in Msconfig/Startup!
ICQ Plus	N	vplus.exe	ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs
IcqBeta	X	webcamupdate.exe	Added by an unidentified TROJAN!
ICQNet	X	winlogon.exe	Added by the W32/NETSKY-C WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows winlogon.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
icrosof Avps32 Control	X	av32.pif	Added by the W32/Rbot-AVC WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
icrosoft Windows DLL Services Configuration	X	poker3.exe	Added by the W32/Sdbot-AER WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ICSDCLT	U	rundll32.exe Icsdclt.dll, ICSClient	Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines
ICServer	N	Icserver.exe	Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
ICSMGR	Y	ICSMGR.EXE	Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you�re sharing the internet on various computers
IC_KEY_3	N	spvic.exe	Instant Chess related
ID Commander	N	IDCom.exe	Caller ID utility for identifying incoming telephone numbers
ID8525	X	ID8525.exeid85255.exe	ID8525 VIRUS and homepage hijacker!
IDA	?	IDA.EXE	HP related - in a Program Files\Hewlett-Packard\PC COE folder
IDE	X	ide.exe	Added by the ASSASIN.F VIRUS!
IDE Loader	X	IDElibr32.exe	Added by the XILON VIRUS!. Related to the game "Diablo II"
idecntl	X	idecntl.exe	Added by a Crypter.C trojan variant infection
iDesktop	U	idesktop.exe	Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse
IDMan	N	IDMan.exe	Internet Download Manager - download files faster, schedule and resume
IDW Logging Tool	N	idwlog.exe	Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems
IE configure	X	explorer.exe	Added by the Troj/Lineage-C TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the Windows or Winnt folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
IE Doctor	U	IEDoctor.exe	IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"
IE Java Update	X	iejava.exe	Added by the Troj/Agent-HD TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
IE Menu Extension toolbar	X	rundll32.exe [path] tbextn.dll DllShowTB	Topconverting.com/180Search "IEMenuExtension" toolbar
IE New Window Maximizer	U	iemaximizer.exe	IE New Window Maximizer, see here - automatically maximize new Internet Explorer and Outlook Express windows.
IE Runtime	X	wini.exe	Added by the W32.Picrate.B WORM!
IE Runtime	X	wini.exe	Added by the W32/RBOT-ABK and W32/Rbot-ADM WORMS!
IE Runtimes	X	winis.exe	Added by W32/Rbot-ADZ Trojan!
IE*.exe ( = random char)	X	IE*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
IE*32.exe ( = random char)	X	IE*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
IE6	X	wkstmg.exe	Added by a variant of the W32/SDBOT WORM!
IE6	X	ssmss.exe	Added by the W32.Gaobot.DXO WORM! Note: This trojan file ssmss.exe (Notice the extra s) is not the legitimate Windows Process. The legitimate Windows Process (smss.exe) should not be seen in Msconfig or as a Startup item.
IE6	X	porn.pif	Added by the W32/Rbot-ATF WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
IEACCESS	X	temp532.exe	AsdPlug premium rate adult content dialer variant
IEACCESS	X	surfya.exe	IEAccess premium rate adult content dialer variant
IECheck	X	MSDTCs.exe	Added by the W32/TIRBOT-D WORM!
IECheck	X	xpssl.exe	Added by the W32/TIRBOT-E WORM!
IECheck	X	mssvp.exe	Added by the W32/Tirbot-G Worm!
iecheck.exe	N	iecheck.exe	Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2
IECleanAux	U	Ieboot6.exe	IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup
iedll	X	iedll.exe	Homepage hijacker, redirecting to coolwwwsearch.com
IEDriver	X	IEDriver.exe	Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze
IEDriver	X	TD.exe	IEDriver adware variant
IEDriver	X	xplore.exe	IEDriver adware variant
IEengine	X	IEeng.exe	TROJ_STARTPAG.AI hijacker
ieexec.exe	X	ieexec.exe	Added by the TROJ/MULTIDR-DY TROJAN!
IEFeatures	X	IEFeatures.exeInternetfeatures.exe	Added by the POPMON.A VIRUS! - also known as PopMonster adware
IefxTray	X	IefxTray.exe	Added by the RILER-H TROJAN!
ieharv.exe	X	ieharv.exe	Added by the Troj/Banker-HH TROJAN!
Iehelper	X	syslaunch.exe	Outwar adware downloader
iel2cde8	X	rundll32.exe (path) iel2cde8.dll,EnableRunDLL32	LZIO.com adware downloader
ielcaabe	X	rundll32.exe (path) ielcaabe.dll,EnableRunDLL32	LZIO.com adware downloader
IELoader32	X	iexplore32.exe	Added by the W32.Spex or W32.Spex.B WORM!
Iesar	X	Iesar.exe	Browser hijacker - redirecting to an adult web page
Iesearch.exe	X	Iesearch.exe	LookNSearch adware
iestart	X	iexp1orer.exe	Added by the NEMOG.C VIRUS!
ietsr	N	ietsr.exe	IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc
ieupdate	X	MCP****.exe	Added by the ASOXY VIRUS! where **** are random characters
ieupdate	X	mcpdll32.exe	Adware downloader trojan
IEXPL0RER	X	IEXPL0RER.EXE	Added by the W32/AGOBOT-QL WORM!
iexpl0res	X	iexpl0res.exe	Added by the RBOT.AEX WORM! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot
Iexploit	X	Iexploit.html	Added by the VBS.Inker.B WORM! Note: This worm file is found in the Windows or Winnt folder.
Iexplore	X	iexplore.exe	Added by the BOXER VIRUS!. This iexplore.exe file is located eleswhere rather than in the default Program Files\Internet Explorer folder
IEXPLORE	X	iexplore.exe	Added by the APHEXDOOR VIRUS! Note - "iexplore.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) wheras the valid "iexplore.exe" (IE) resides in C:\Program Files
IExplore	X	IEXPLORE.EXE	Added by the Troj/Dloader-YZ TROJAN! Note: The infected file resides in the "C:\Program Files\Internet Explorer\Custom" folder.
Iexplore Services	X	iexplore.exe	Added by an unidentified VIRUS!. This iexplore.exe file is located eleswhere rather than in the default Program Files\Internet Explorer folder
IExplorer	X	IExplorer.EXE	Added by the BANCOS-CH and Troj/Bancos-CW TROJANS!
IExplorer	X	Iexplor32.exe	Added by the TROJ/BDOOR-BY TROJAN!
IEXPLORER	X	msiecfg.exe	Added by Troj/Bdoor-JU TROJAN!
iexplorer lptt01 or iexplorer ml097e	X	iexplorer.exe	Variant of the RapidBlaster parasite (in an "iexplorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - iexplorer.exe is not to be confused with Internet Explorer (iexplore.exe)
Iexplorer.exe	X	Iexplorer.exe	Added by the TROJ/BANCBAN-EN TROJAN!
IExplorer32 Java Scripting	X	IExplore32b.exe	Added by the RBOT.ABO WORM!
IExplorer32c Java Scripting	X	IExplore32cb.exe	Added by the RBOT.ABN WORM!
IExplorer6 Java Scripting	X	IExplore326.exe	Added by a variant of the W32/SDBOT WORM!
IExplorer7 Java Scripting	X	IExplore327.exe	Added by a variant of the W32/SDBOT WORM!
IFSplash.exe	U	IFSplash.exe	I-FORCE driver for force feedback steering wheel
igamatu	X	atecaca.exe	Added by the IRCBOT.R WORM!
igfxtray	N	igfxtray.exe	Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
igsex2x	X	igsex2x.exe	NewDial premium rate adult content dialler
iHP-100	?	iHPDetect.exe	Drive Letter Searcher , iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time?
iilc	X	IILC.EXE	Homepage hijacker
Iinl	X	iptl.exe	PurityScan/Clickspring adware
iisvers	X	iisvers.exe	Added by an unidentified TROJAN or adware
iIWiper	N	Systemwiper.exe	System Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis
IJ75P2PSERVER	Y	IJ75P2PS.EXE	Printer utility which is required in order to make the printer work correctly
IKE Service 95	Y	IKEService.exe	Associated with PGP. The PGP Tray can bedisabled, but without IKESERVICE you won\'t be able to de- or encrypt anything
iKeyWorks	U	IKEYMAIN.EXE	A4Tech wireless keyboard driver and utility
iLLeGaL or iLLeGaL.exe	X	Mplayer.exe	Added by the HOLAR.C (or GALIL@MM) VIRUS! Note - this should not be comfused with Windows Media Player which has the same filename
ILO_Office_Manager	?	IntEdReg.exe /OFFMAN	Intense Educational Ltd - Language Office Software. Is it required?
iLyric	U	iLyric.exe	iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button
iM Start Center	N	iM_Tray.exe	Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner
Image	X	rundll32 (path) image.dll, Install, rundll32 (path)sdkqh32.dll,Install	CoolWebSearch parasite related
Image & Restore	Y	IMAGE32.exe	Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run
Image Transfer	N	SonyTray.exe	Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually.
Imagefox	U	imagefox.exe	ImageFox 2.0 is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes
Imagemgt32	X	Imagemgt32.exe	Added by the GEMA TROJAN!
ImagePath	X	taskbarmngr.exe	Added by the W32/SDBOT-XB WORM!
IMAPI	X	load.exe	Added by the Troj/Downdel-A TROJAN! Note: This trojan file is found in the Windows or Winnt \Microsoft\Protect\S-1-5-18\User\svchost folder.
IMClass	X	Svhosl.exe	Added by an unidentified WORM od TROJAN!
imekrig	N	imekrig.exe	Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
IMEKRMIG6.1	N	IMEKRMIG.EXE	Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
Imesh	N	??	Imesh is a file sharing system
Imesh Auto Update	N	??	Update check for the Imesh, http://www.imesh.com file sharing system. Turn the update off under "options"
IMEvtMgr.exe	X	IMEvtMgr.exe	Added by the Troj/Keylog-AR TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ImgIcon	U	ImgIcon.exe	Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
imgit	X	[path to file]	Added by the BANKER-EM TROJAN!
ImgStart	N	ImgStart.exe	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
imjpmig or Imjpmig8.1	N	IMJPMIG.EXE	Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese)
immcheck.exe	?	immcheck.exe	Related to I-FORCE driver for force feedback steering wheel?
IMOL	U	IMOLApp.exe	IncrediMail for Office Outlook_Add-On
Imonitor	N	Plguni.exe	McAfee QuickClean 3.0 - removes internet clutter and unwanted programs
IMONTRAY	U	imontray.exe	System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
IMStart	U	IMStart.exe	InterMute security software related
IMwire	X	imwireup.exe	SafeSurfing parasite variant
InCD	Y	incd.exe	Ahead_InCD packet writing software. Similar to DirectCD. - For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. - For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows.
IncMail	N	IncMail.exe	"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
InControl Desktop Manager	N	DMHKEY.EXE	For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs
Incredimail	N	incredimail.exe	"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
Incredimail	N	IncMail.exe	"IncrediMail" is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
Index Service	X	dllhost32.exe	Added by the AGOBOT.CH WORM!
Index Washer	U	WashIdx.exe	Windows_Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Indexindicator	X	Indexindicator.exe /check	Added by the Lazar TROJAN!
IndexSearch	N	IndexSearch.exe	Associated with PaperPort scanner software from ScanSoft
ine	X	svchosts.exe	Added by the WIN32.RBOT.BNL WORM!
Inet DataBase	X	Inetdbs.exe	Added by the W32.QEDS WORM!
Inet Delivery	X	inetdl.exe	Inet_Delivery adware
Inet Delivery	X	inetdl_2.exe	Inet_Delivery adware
Inetapi	X	Netapi.exe	Added by the NETDEVIL.14 (NetDevil 1.4) VIRUS!
inetcntrl	U	inetcntrl.exe	Bsafe Online - internet filter
InetConf	?	inetconf.exe	??
Inetd	U	INETD32.EXE	Windows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation
inetinfo.exe	U	inetinfo.exe	Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code ( more)
inetinfomon manager	X	inetinfomon.exe	Added by the DONBOMB.A TROJAN!
inetmgr	X	inetmgr.exe	Actual Names (AdvSearch) Internet Keywords parasite
InetMSN	X	msnet.exe	Added by a variant of the SDBOT WORM!
InetServices	X	wsock32.exe	Added by the Backdoor.Win32.Delf.ej or TROJ/WOCK32-A TROJAN!
inetsys	X	(Path to Executable)	Added by the Troj/Delf-NV TROJAN!
Info Select	U	is.exe	Info Select from Micro Logic - personal information manager
Info32x	X	Info32x.exe	Added by the GEMA TROJAN!
InfoPenMSN	U	InfoPenIM.exe	InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand
Infoplay.exe	?	Infoplay.exe	Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed?
Information Update	X	iu.exe	Reported by Kaspersky Anti-Virus as Downloader.Win32.Centim.ch TROJAN! Note: The Malware file associated with this is located in the Program Files\Information Update folder.
Infra-red Monitor	U	IRMON.EXE	System Tray access to infra-red devices. Not required unless you use infra-red devices
infus	X	infus.exe	Adult content dialler
Infuzer	U	Infuzer.exe	Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"
infwin	X	infwin.exe	Msview parasite variant
Init32	X	Init32.exe	Added by the W32.WINEX.A TROJAN!
Initial Page	X	install.exe	"EasySearch" browser hijack installer
Initialize8x8	Y	8x8_init.exe	Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay
injob	X	injobs.exe	Added by the Trojan.Binjo TROJAN!
Ink Monitor	N	InkMonitor.exe	Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
InkWatch	N	InkWatch.exe	Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
InoRPC	Y	InoRpc.exe	Associated with eTrust Antivirus/InoculateIT
InoRT	Y	InoRT9x.exe	Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage - see here
InoTask	U	InoTask.exe	Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates - see here
insCOA5	?	insCOA5.exe	??
InstaFinderK	X	InstaFinderK_inst.exe	InstaFinder adware
Install	X	Install.exe	Added by the Troj/Bancban-HG TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Install Pending Files	?	sifxinst.exe	Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required?
InstallAurealDemos	N	InstallAurealDemos.js	Used to initialize the Aureal A3D demos InstallShield wizard
InstallBuddy	U	Ibtna.exe	InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync
Installed shell32.dll	X	Office.exe...	Added by a variant of the LOVGATE WORM!
Installer	X	dial.exe	Malware - detected by Kaspersky antivirus as trojan-dropper.win32.agent.mm
InstallNAIProduct	?	SETUP.EXE	Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?
Installs SP2	X	[path] repcale.exe [path] palsp.exe	Added by a variant of the RANDON.AN WORM!
Instance 001	X	(Path of the worm executable)	Added by the W32/Alasrou-A WORM!
Instant Access	X	rundll32.exe EGDACCESS_****.dll, InstantAccess	Electronic_Group/InstantAccess premium rate adult content dialer variant
Instant Access	X	rundll32.exe p2esocks_****.dll, InstantAccess	Electronic_Group/InstantAccess premium rate adult content dialer variant
Instant Access	X	rundll32.exe EGCOMSERVICE_****.dll, InstantAccess	Electronic_Group/InstantAccess premium rate adult content dialer variant
Instant Access	X	rundll32.exe EGDHTML_****.dll, InstantAccess	Electronic_Group/InstantAccess premium rate adult content dialer variant
Instant Access	X	rundll32.exe eg_auth_****.dll, InstantAccess	Electronic_Group/InstantAccess premium rate adult content dialer variant
Instant Access	X	rundll32.exe EGCOMLIB_****.dll, InstantAccess	Electronic_Group/InstantAccess premium rate adult content dialer variant
Instant Buzz Daemon	X	IBDaemon.exe	Instant_Buzz adware
Instant Update Center	N	reminder.exe	From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner
Instant Wireless Configuration Utility	U	WUSB11cfg.exe	Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Instant Wireless Configuration Utility	U	WPC11Cfg.exe	Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
InstantAccess	N	INSTAN~1.EXE	From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs
InstantDrive	U	InstantDrive.exe	Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer�s hard drive. Part of InstantCD/DVD burning software
InstantPleasure	X	instantpleasure.exe	Adult content dialler
InstantPleasureXXX	X	instantpleasurexxx.exe	Adult content dialler
InstantTray	N	PCLETray.exe	Pinnacle_InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually..
instit	X	instit.bat	Added by the OPASERV.H VIRUS!
instit	X	INSTIT.BAT	Added by the OPASERV.K VIRUS!
InstUtlR.exe	?	InstUtlR.exe	??
intdctrr	X	idctup20.exe	SafeSurfing parasite variant
Intec Service Drivers	X	msmsgrs.exe	Added by the W32/Sdbot-ADN WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
Intel Active Monitor	U	imontray.exe	System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
Intel File Transfer	U	xfr.exe	Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
Intel PDS	U	pds.exe	Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled
Intel Product Number Utility	U	IntelProcNumUtility.exe	Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here
Intel PROSet Tray Icon	N	promon.exe	System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Intel system tool	X	winnook.exe	Added by the Troj/Spyre-C Trojan! A.K.A WIN32.TOPANTISPYWARE.L
Intel system tool	X	hookdump.exe	Topantispyware adware - also detected as the SPYRE-H TROJAN!
Intel system works	X	iis.exe	Added by the RBOT.QGA WORM!
intel32.exe	X	intel32.exe	Added by the SmitFraud alias FakeAle or SPYJACK-B TROJAN!
IntelAPMClient	U	amclient.exe	LANDesk Management_Suite software component.
InteliSys	X	smss.exe	Advertisingvision adware - file is located in C:\Windows or C:\Winnt, and not in it's System32 subdirectory, as is the case with the legitimate Smss.exe system file which would normally NOT figure in Msconfig/Startup!
intell32.exe	X	intell32.exe	Added by the SmitFraud alias Desktophijack.C TROJAN!
IntelliPoint	U	point32.exe	Microsoft_Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Intellitype	U	type32.exe	For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them
IntelMem	U	IntelMem.exe	Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line
IntelProcNumUtility	U	cpunumber.exe	Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here
IntelWireless	Y	ifrmewrk.exe	Associated with the Intel PRO/Set Wireless software.
Intel� Common User Interface	N	igfxtray.exe	Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
Intense Registry Service	?	IntEdReg.exe /CHECK	Intense Educational Ltd - Language Office Software. Is it required?
InterCheck Monitor	Y	Icmon.exe	Part of Sophos ant-virus sofware
Interdll	X	Interdll.exe	Added by the DELF family of VIRUSES!
Internal	X	(trojan filename)	Added by the SMOTHER & TRANSLAT VIRUSES!
Internal	X	regedit.exe /s %windir%c:\	Added by the FORTNIGHT.D VIRUS!
InternalSystray	X	Kazza.exe	Added by the OPTIXPRO.12.C VIRUS! Note - unlike the valid KaZaA executable, this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP)
Internat	X	systray.exe	Added by the IRC.ALADINZ.P TROJAN! ** Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
internat	X	internat.exe	Added by the TROJ/LYDRA-F TROJAN!
Internat	X	msgsrv32.exe	Added by the TROJ/NYRUBOT-A WORM!
internat	X	internat.exe	Added by the Troj/Lydra-B Trojan!
Internat Conf	X	bootconf.exe	Homepage hijacker, redirecting to coolwwwsearch.com; see for example here
internat.exe	N	internat.exe	Language selection icon in system tray
Internat.exe	X	internat.exe	Added by the NETSNAKE VIRUS! Note - the real internat.exe resides in %windir%\system (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon
Internat32	X	internat32.exe	Added by a Octa-B trojan infection
internct	X	WinSocks5.exe	Added by the GRAYBIRD.F VIRUS!
internet	X	smss.exe	Added by the Troj/Mifeng-K TROJAN!
Internet	X	recruit.exe	Added by the W32/Rbot-AJG WORM!
Internet	X	Internet.exe	Added by the Troj/PWS-CS TROJAN!
Internet Answering Machine	U	IAMNET~1.EXE	From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
Internet Answering Machine	U	IAM.exe	From Callwave It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
Internet Config	X	svchosts.exe	Added by the SDBOT WORM!
Internet Connection Wizard	X	stisvsq.exe	EasySearch adware
Internet Connection Wizard	X	(Path to EXE)	Added by the Troj/SmutSrch-A Trojan!
Internet Content Publisher	X	ICP.EXE	Added by the W32/RBOT-UD WORM!
Internet Download Accelerator	U	ida.exe	Internet_Download_Accelerator download manager
Internet Exploere Services	X	urlmon32.dll.exe	Added by the EVIAN.C VIRUS!
Internet Explore Microsoft	X	lEXPLORE.EXE	Added by the W32/RBOT-AOF WORM! - NOTE: the legitimate Internet Explorer executable of the same name will always be located in the Program Files\Internet Explorer folder, while this imposter is located in the System or System32 directory.
Internet Explorer	X	iexplorer.exe	Added by the LORSIS VIRUS! Note - the valid Internet Explorer would not normally run at startup unless added manually by the user and would not run from the registry "RunServices" key as this does
Internet Explorer	X	IEXPLORE.EXE	Added by a Rbot-EY worm infection
Internet Explorer	X	IExplorer.exe	Added by the Troj/Nethief-O Trojan!
Internet Explorer	X	http.exe	Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed.
Internet Explorer	X	IEXPLORE.EXE	Added by Troj/Cosdoor-A TROJAN!
Internet Explorer Security	X	iexplore.pif	Added by the W32/Rbot-ALQ WORM!
Internet Explorer Updater	X	lexbac.exe	Added by the DOWNLOAD VIRUS!
Internet Explorer Updater	X	iexplorer.exe	Added by the REUR.B VIRUS! Note - iexplorer.exe is not to be confused with Internet Explorer (iexplore.exe)
Internet History Eraser	U	HERASER.exe	Internet History Eraser - deletes your browsing tracks
Internet Loader1	X	MSInstall61.exe	Added by the KWBOT.B VIRUS!
Internet Mail and News	X	msqdevl.exe	EasySearch adware
Internet Mail and News	X	(Path to EXE)	Added by the Troj/SmutSrch-A Trojan!
Internet Optimizer	X	optimize.exe	Internet_Optimizer parasite
Internet Protocol Configuration Loader	X	ipcl32.exe	Added by the SDBOT TROJAN!
Internet Send	X	More log.exe	Unidentfied adware
Internet Service	X	intersvc.exe	Added by the W32/SPYBOT-DE WORM!
internet service	X	syscfg32.exe	Added by the W32/RBOT-QS WORM!
internet service	X	ssvhost.exe	Added by a variant of the WIN32.RBOT WORM!
Internet Services	X	systemdev.exe	Added by the W32/Sdbot-PW WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Internet Services	X	internet.exe	Added by the W32.Mytob.LM WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Internet Services	X	interserv.exe	Added by the RBOT.BNT WORM!
INTERNET SERVISES	X	winz32.exe	Added by the KWBOT.Z VIRUS!
Internet Sharing Server	Y	iss_srvr.exe	Intel AnyPoint internet sharing software
Internet Suspention	X	story.exe	Added by the WOOTBOT.HV WORM!
Internet Sweeper	N	Sweeper.exe	Internet Sweeper - removes unnecessart left over files after browsing the internet
Internet Timer	U	ITIMER.exe	Shareware dial-up connection call cost calculator from Ratsoft
Internet.exe	X	Internet.exe	Added by the MAGICCALL VIRUS!
internet.exe	X	yinyin3345.vbs	Added by the XM97/YINI-A macro VIRUS!
Internet2 Optimizer	X	wkfix.exe	Added by a variant of the WIN32.RBOT WORM!
InternetWasherPro or Internet Washer Pro	X	iw.exe	Internet Washer manages temporary browser files, cookies, etc - a \'trial\' Internet Washer Pro seems to have been widely stealth-installed around March 2003
INTERNET_SERVISES	X	winz32.exe	Added by the SDBOT.Q WORM!
InternodeUsage	U	mum.exe	Australian ISP's free monthly download meter
Internt	X	Internt.exe	Added by the PEEPER or CARUFAX.A VIRUSES!
Intersoft Msngr	X	intersoftmsngr.exe	Added by the W32/AGOBOT-NW WORM!
InterTrust Quick Start	N	it_cpq~1.exe	InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business
InterU	X	WINDRV.EXE	Added by the IRCINTER.A VIRUS!
Intervideo WinCinema Manager	N	WinCinemaMgr.exe	WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
Intervideo WinScheduler	N	WinScheduler.exeSchSvr.exe	WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
InterWARN	U	interwarn.exe	InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs
Intespention	X	IEXPLORE.exe	Added by the W32/Forbot-FL WORM! Note: This is not the legitimate Windows Process IExplore.exe (Which is found in the Internet Explorer folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item unless you put it there. This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Intmgr	X	Intmgr.exe	Added by the GEMA TROJAN!
intranet	X	SYS32CFG.EXE	Added by the W32/Spybot-DW WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Intrenat	X	Intrenat.exe	Added by the LEMIR.E VIRUS!
Introducing Media Manager	N	SPLASHA.EXE	MS Media Manager tour. Not required
Introduction-Registration	N	??	For Compaq PC's. Should only run first time, PC Introduction & Compaq registration
IntruderAlert	X	ia99.exe	Intruder Alert '99 from Bonzi - spyware
Inventory Scan	U	LDISCN32.EXE	LANDesk Management_Suite software component.
Ioadqm	X	Media Player.exe	Added by the HAWAWI VIRUS!
iolo Task Agent	U	Task_Agent.exe	iOlo System Mechanic Task Agent. Scheduled maintenance
iolo Utility Bar	N	SMUtilityBar.exe	Iolo "System Mechanic" Utility_Bar - can be launched manually.
Iomega Automatic Backup or Iomega Automatic B	U	ibackup.exe	Iomega Automatic Backup - automatic backups for use with Iomega portable HDD
Iomega Backup Scheduler	N	dtiom98.exe	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
Iomega Disk Icons or Iomega Drive Icons	U	IMGICON.EXE	Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
Iomega ImIconXP	U	imiconxp.exe	Iomega REV_System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks.
Iomega QuickSync	?	Quicksync.exe	??
Iomega Startup Options	N	IMGSTART.EXE	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
Iomega Watch	N	IOWATCH.EXE	Used by Iomega drives. Available via Start -> Programs
IomegaWare	N	COMMANDER.EXE	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
Iomon98.exe	U	Iomon98.exe	PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang
IP Stack	X	ipstack.exe	Added by the AGOBOT.CW WORM!
IP*.exe ( = random char)	X	IP*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
IP*32.exe ( = random char)	X	IP*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
iPalm	N	mon.exe	Installed with a Panasonic iPalm digital camera. Used to uploaded photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded
IPC Connection	X	ipcconn.exe	Added by the W32/Rbot-AEG Worm!
IPC Spool Manager	X	wnmgre.exe	Added by the W32/SDBOT-ZC WORM!
IPC Spool Manager	X	winspec.exe	Added by the W32/SDBOT-BLU WORM!
ipcfg.exe	X	ipcfg.exe	Adware - recognized by McAfee antivirus as a variant of the AdClicker-BM trojan
IPConfig	X	svcxnv32.exe	Added by the HACARMY.E TROJAN!
IPConfig	X	svcxnw32.exe	Added by a variant of the HACARMY.E TROJAN!
IpCtrl	X	ipcon32.exe	Added by an unidentified WORM or TROJAN!
IPFW	X	ipwf.exe	Added by the Troj/Dloader-YF TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
IPInSightLAN 01	N	ipclient.exe	Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resources.
IPInSightMonitor 01	N	ipmon32.exe	Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information
IPinst	Y	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
ipmon.exe	X	ipmon.exe	Added by the RECERV or R3C.B VIRUSES!
Ipnuker	X	Ipnuker.vbs	Added by the VBS.Inker.B WORM! Note: This worm file is found in the Windows or Winnt folder.
iPOD USB Driver	X	IPODUSB.EXE	Added by a variant of the WIN32.RBOT WORM!
iPod USB Service	X	iPODService.exe	Added by a variant of the WIN32.RBOT WORM! - Do NOT confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the Program Files\iPod\bin folder, and is implemented as a system service, thus NOT listed in Msconfig/Startup!
iPodManager	U	iPodManager.exe	Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods
iPodWatcher	?	iPodWatcher.exe	Associated with Apple\'s iPod MP3 player. Detects when the iPod is connected?
IPOT Service Drivers	X	compaq.exe	Added by a variant of the FUROOTKIT TROJAN!
IPOT USB Service DRIVER	X	hpsebc087.exe	Added by the W32/SDBOT-WA WORM!
IPOT USB Service DRV32	X	hpsebc08.exe	Added by the W32/SDBOT-WH WORM!
ipreg	X	ipreg.exe	Added by the Troj/Zagaban-H TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
iPrint Tray	N	iprntctl.exe	Novell� iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net.
iProtectYou	U	ip.exe	iProtectYou - internet filtering/parental control and network monitoring software
iprun	X	\iPY.exe -h	Added by iProtectYou SPYWARE!
ipsecdialer	U	ipsecdialer.exe	The Cisco VPN_Client lets local users gain Administrator privileges on the operating system
ipsecdialer	U	IPSECD~1.EXE -run_only_if_connected -auto_initiation	The Cisco VPN_Client lets local users gain Administrator privileges on the operating system
IPSecMon	Y	IPSecMon.exe	Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
IPTable Configuration	X	Winipcfgs.exe	Added by a variant of the WIN32.RBOT WORM!
IPv6 Helper Driver	X	csass.exe	Added by the AGOBOT.TC WORM!
IPv6 STUN Service	X	netstun.exe	Added by a variant of the W32/SDBOT WORM!
IPW	?	IPW.exe	??
ipwf	X	ipwf.exe	Added by the Trojan.Schoeberl TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
IQES.exe	?	iqes.exe	??
irc session	X	sessionmgr.exe	Added by the W32/SDBOT-ACE WORM!
IREIKE	Y	IreIKE.exe	Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
irfk	X	NITEAIM.EXE	Added by the W32/Sdbot-AEJ WORM!
iRis Active Monitor	N	winmon32.exe	Iris Antivirus - discontinued, replace with good alternative
iRiS AntiVirus Active Monitor	N	WIMMUN32.exe	Iris Antivirus - discontinued, replace with good alternative
iRiver AutoDB	U	MLService.exe	Associated with the iRiver Music Manager
iRiver Updater	N	Updater.exe	Updates for the iRiver Music Manager - used with their digital music players
IrMon	U	IRMON.EXE	System Tray access to infra-red devices. Not required unless you use infra-red devices
IRPMonitor	?	itcnmon.exe	??
Irwftp	X	"(The full path of the running Trojan)"	Added by a BANCOS.CR trojan infection
irwftp	X	iexplorer.exe	Added by the TROJ/BANKER-AN TROJAN!
irwftp	X	ftpmon.exe	Added by the TROJ/BANCBAN-BO TROJAN!
IrXfer	U	IrXfer.exe	Microsoft Infrared Transfer application
ir_ftp	X	ir_ftp.exe	Added by the IRFTP VIRUS!
ir_ftp	X	irwftp.exe	Added by the BANCOS.H VIRUS!
IS CfgWiz	N	cfgwiz.exe	Norton Internet Security configuration wizard
Isass	X	Isass.exe	Added by the BACKDOOR.FUTRO TROJAN!
ISBMgr.exe	?	ISBMgr.exe	Belongs to Sony's ISB Utility. what does it do and is it required?
isdbdc	N	isdbdc.exe	For Compaq PC's. May install properties in dial-up networking when you register with an ISP
isDeleteMe	U	isDel.bat	Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product.
ISDN Monitor	N	Linksts.exe	Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
ISDNwatch	U	IWatch.exe	FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"
ISHelp	U	help.exe	ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it.
iShield	U	iShield.exe	GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser
ISLP2STA	N	ISLP2STA.EXE	Possibly a left over from Windows Update for wireless NIC (maybe Linksys) drivers? Not required though
islp2sta	Y	islp2sta.exe	A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers.
ISP.COM High Speed	U	slipgui.exe	Sliptstream Web Accelerator
iSpyNOW	U	ispynow.exe	iSpyNOW - remote monitoring and surveillance software
Israfel	X	Israfel.vbs	Added by the GAGGLE.D VIRUS!
IsReminder	N	ISPopup.exe	Related to GuardWare iShield - this is the registration reminder for the trial version, so not required in startup.
issEnc32Svr	X	issEnc32.exe	Added by a variant of the WIN32.RBOT WORM!
ISStart	U	ISStart.exe	LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
ISSVC	Y	ISSVC.exe	Part of Norton Internet Security Suite
IST Service	X	istsvc.exe	ISTBar foistware
ist service uninstall	X	HIDES.EXE, mstasks2.exe, wow.exe, simple1.exe, random file names	ISTBar parasite related
istinstall_zazzer.exe	X	istinstall_zazzer.exe	Unidentified adware downloader/installer
ISUSPM Startup	N	ISUSPM.exe	InstallShield Update Service related; Automatically searches for and performs any updates to the software. Not required.
ISUSScheduler	N	issch.exe	InstallShield Update Service Scheduler; automatically searches for and performs any updates to the software so you�re always working with the most current version. Not required.
isystem	X	isystem.exe	Added by the Troj/Chorus-A TROJAN! Searchforfree Browser hijacker.
Itk	U	Itk.exe	In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
iTouch	U	iTouch.exe	iTouch loads the iTouch configuration program for Logitech keyboards. It�s needed if your keyboard has shortcut buttons and if you use them. It�s also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock
ItsDeductiblePopUp	N	ItsDeductible.exe	ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip
ITUNES	X	itune.exe	Added by the W32/RBOT-ZU WORM!
ITUNES	X	itunes.exe	Added by the W32/OSCABOT-L WORM!
Itunes	X	dials.exe	Detected as Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus. Note: A Url is not available at this time.
iTunesHelper	Y	iTunesHelper.exe	Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
ItweakU	U	Clear.exe	Related to ItweakU
Iusage	N	netdet.exe	Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up
IVPServiceMgr	N	ivpsvmgr.exe	Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba�s equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates. Not required.
IW ControlCenter	U	iwctrl.exe	Pinnacle_Systems InstantWrite - enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM.
iwctrl	U	iwctrl.exe	Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
ixplore	X	ixplore.exe	Added by an unidentified WORM or TROJAN! - NOTE: although this file is placed in the Internet Explorer folder in Program Files, it is most certainly malware, and not to be confused with the legitimate IE executable, which is spelled iExplore.exe!
ixproxy	X	(Path to Trojan)	Added by the Troj/Xorpix-A TROJAN!
iyelejiv	X	yujixit.exe	Added by the SDBOT.BJK WORM!
IZE	?	N/A	??
j2 Tray Menu	N	HotTray.exe	eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here
JA Cfg Util v2	X	jacfg2.exe	Added by the W32/RBOT-AL WORM!
Jammer	U	jammer.exe	Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"
Jammer2nd	X	JAMMER2ND.EXE	Added by the W32.NETSKY.Z WORM!
Jammer2nd	X	Jammer2nd.exe	Added by the W32.Netsky.Z WORM!
Java applet	X	javaup.exe	Added by the W32/Sdbot-ACF WORM!
Java Auto Update	X	ujm.exe	Added by the W32/SDBOT-ADH WORM!
Java Runtimes	X	iexplore.exe	Added by the KILLAV.B VIRUS! Note - this is not the valid IE (iexplore.exe) file as it's located in C:\Winnt\Java\Java rather than C:\Program Files\Internet Explorer
Java Virtual Machine	X	javaw.exe	Added by a variant of the WIN32.RBOT WORM!
Java*.exe ( = random char)	X	Java*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Java*32.exe ( = random char)	X	Java*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
JavaScript Debugging Service	X	JsDbgMan.exe	Added by the W32.Derdero.E WORM!
JavaUpdate0.07	X	******.exe ( = random char)	Added by the BACKDOOR.JUPDATE TROJAN!
JavaUpdateSched	X	jusched32.exe	Added by the Troj/Bckdr-CKB TROJAN!
JavaVM	X	java.exe	Added by the W32.MYDOOM.M or W32.MYDOOM.N or W32.MYDOOM.BB WORM! **Note - This is not the valid Windows "java.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt
jawa32	X	jawa32.exe	Backdoor.Agent.bg trojan
Jawa322	X	jawa32.exe	Added by a variant of the Backdoor.Agent.bg trojan
JB	N	Jiffybar.exe	"Get Paid As You surf" application
Jet Detection	N	ADGJDet.exe	Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
JetAdmin Discovery Indicator	Y	HPJETDSC.EXE	HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator
jete	X	yujixit.exe	Added by the SDBOT.BRT WORM!
jijbl	X	ezlwy.bat	Added by the REDDW VIRUS!
Job-oversigt	U	taskmon.exe	Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
JobHisInit	U	JobHisInit.exe	Used by Ricoh network printers to enable network printing from the client
JogServ2 or Jog Serve	U	JogServ2.exe	"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
jotl	?	millenzje.exe	??
Jreg	X	Jreg2b.exe	BroadcastPC adware variant
Jufualt	X	winxp2.exe	Added by the W32/SDBOT-AAB WORM!
Jufualt	X	svhost.exe	Added by the W32/Sdbot-ADJ WORM! Note: This (svhost.exe) is not the legitimate Windows Process. (Notice the difference in the spelling.) The legitimate Windows Process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
jusched	N	jusched.exe	Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
jushed32.exe	X	jushed32.exe	CoolWebSearch parasite related
jutsu	X	jutsu.exe	Added by the W32/RBOT-LS WORM!
jv16 PT TempFileTool	U	TempTool.exe	jv16 PowerTools' temporary file remover
jv16PT - Privacy Protector	U	Task.jvb	jv16 PowerTools 2005 - Privacy_Protector allows you to protect your privacy by clearing the unwanted history items and cookies from you computer every time you startup your computer.
Jv16pt Network Resident	U	jv16pt_network.exe	jv16 PowerTools' network resident program. Only needed if you are using the program's network features
jvdnlssn	X	fljzsshc.exe	Flingstone.com adware - and its Golden Palace Casino program
JVM0.12	X	[random file name]	Added by the TEADOOR-A TROJAN!
JVM0.14	X	[random file name]	Added by the TROJ/TEADOOR-B TROJAN!
jxef1104	X	jxef1104.exe	Added by the W32/XIPI-A WORM!
Jzi16	?	jzi16.exe	??
K2ps_full.task	X	K2ps_full.exe	Added by the JUNTADOR.K VIRUS!
K6CPU.EXE	N	K6CPU.EXE	Authenticates CPU as K6 in system properties
Kadoc	X	[random file name].exe	Added by the Staprew TROJAN!
Kadoc	X	[random filename].exe	Added by the Staprew TROJAN!
kak	X	kak.hta	Added by the KAKWORM VIRUS!
Kalibump	U	Kalibump.exe	Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy
kalvsys	X	kalv**32.exe ( = random char)	EliteBar/SearchMiracle adware
Kana Reminder	N	Reminder.exe	Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time
Karen's Once-A-Day II	U	PTOAD.exe	Karen's_Once-A-Day_II is a scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time Windows starts each day, or the first time a particular user logs on each day.
KASP	U	OESpamTest.exe	Kaspersky_Anti-Spam
Kasper Antivirus	X	KASPERANTIVIRUS.EXE	Added by the SPYBOTER.GEN TROJAN!
Kasper Antivirus	X	KASPERANTIVIRUS.EXE	Added by a variant of the W32.SPYBOT WORM!
Kaspersky Anti-Hacker	Y	KAVPF.exe	Kaspersky Anti-Hacker firewall
Kaspersky Antivirus	X	KasperskyAV.exe	Added by a variant of the WIN32.RBOT WORM!
KasperskyAv	X	kaspersky.exe	Added by the W32.MIMAIL.T WORM! **Note - This has nothing to do with Kaspersky AntiVirus
KasperskyAVEng	X	Kasperskyaveng.exe	Added by the W32.NETSKY.V WORM!
KAVFOX	X	win1ogoin.exe	Added by Troj/GWGhost-M TROJAN!
KAVPersonal	X	svchost.exe	Added by the Troj/Lineage-V TROJAN! Note:This is NOT the legitimate Windows svchost.exe process, which should NOT figure in Startup!
KAVPersonal50	Y	Kav.exe	Kaspersky Anti-Virus Personal 5.0
KAVPersonal90	X	wscntfy.exe	Added by the Troj/Banker-FZ or Troj/Banker-GD TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
KavPFW	Y	KavPFW.exe	KingSoft Personal Firewall
KavRuns	X	Windll.exe	Added by the TRYNOMA VIRUS!
KavStart	Y	KAVStart.exe	KingSoft Personal Firewall
kavsvc	Y	kavsvc.exe	Kaspersky antivirus
kavsvc	X	[random 6 char file name]	Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe)
KavSvc	X	*****.exe reg_run ( = random char)	Added by the QOOLOGIC TROJAN!
KAVutil	X	(worm filename)	Added by the WINTOO.B VIRUS!
KAZAA	N	kazaa.exe	KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it
Kazaa Download Accelerator Updater	X	regsvr32 [path] kdpupd.dll	SafeguardProtect/Veevo
Kazaa Download Accelerator Updater (required)	X	regsvr32 [path] kdp***.dll (= random char)	SafeguardProtect/Veevo
Kazaa lptt01 or Kazaa ml097e	X	kazaa.exe	Variant of the RapidBlaster parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name
KAZAACuf	X	9	Added by the KITRO.D (or ARGEN.A) VIRUS!
kazaalite	N	kazaalite.exe	Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms
KaZooM	N	KaZooM.Exe	KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"
KB891711	Y	KB891711.exe	Installed by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup.
KBD	U	KBD.EXE	Multimedia keyboard manager. Required if you use the multimedia keys
KBD MediaCenter	U	MEDIACTR.EXE	Multimedia keyboard manager. Required if you use the multimedia keys
kbddrv32	X	kbddrv32.exe	Added by a CRYPTER.A trojan infection
kbddrvinf	X	kbddrvinf.exe	Added by a CRYPTER.A trojan infection
KCeasy	N	KCeasy.exe	KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella.
KClient	U	kstatus.exe	KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet.
kdx	N	KHost.exe	KonTiki Secure Delivery Plug In related. "The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers"
KE9801	U	DriBat32.exe	KE-9801 multimedia keyboard - required if you use the multimedia keys
Keenvalue	X	Keenvalue.exe	eUniverse/KeenValue adware
KEMailKb	U	KEMailKb.EXE	Controls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down
Kemet	?	kemet.exe	??
Kerio VPN Client	U	kvpnclient.exe	Kerio VPN Client
kern64dll	X	(filename)	Added by a PWSteal.Tarno.J trojan infection.
Kernal Fault Check	X	ntosrkl.exe	Added by a variant of the W32/SDBOT WORM!
kernctl32	X	rundll32 kctl32.dll,initialize	Added by a Trojan.Proxy.Agent.AT infection
Kernel	X	bboy.exe	Added by the MUMU.B VIRUS!
Kernel	X	services.exe	Added by Troj/Fooz-A or Troj/VBbot-D TROJAN!
KERNEL 32	X	SKERNEL32.com	Added by the W32/SEMAPI-A WORM
Kernel Faults	X	ftphost.exe	Added by the RBOT.BHU WORM!
Kernel Loader	X	ntkrnl.exe	Added by the CERVIVEC.A VIRUS!
Kernel Manager	X	krnlmgr.exe	Added by the TROJ_JUNY.A TROJAN!
Kernel Services	X	service32.exe	Added by the TROJ/PRX-B TROJAN!
kernel system daemon	X	ACTIVAT0R.exe	Added by the RANDEX.AW VIRUS!
kernel12.exe	X	kernel12.exe	Added by an unidentified WORM or TROJAN!
kernel32	X	kern32.exe	Added by the BADTRANS.A VIRUS!
kernel32	X	kernel32.exe	Added by the W32/Chode-I WORM! Note: Do not confuse this with the Windows Kernel32.dll fle. This worm\trojan file is found in the System\(randomly named) folder (95/98/Me) or System32\(randomly named) folder (Nt/2000/XP).
kernel32	X	kernel.dli	Added by the NETDEVIL.B VIRUS!
Kernel32	X	Kernel.dll	Added by the REDLOF.M VIRUS!
kernel32	X	kernel32.dlI	Added by the NETDEVIL.15 VIRUS!
Kernel32	X	krnl32.exe	Added by the EPON VIRUS!
Kernel32	X	Kernel32.win	Added by the GAGGLE.D VIRUS!
Kernel32	X	kernel32s.exe	Added by the W32/SDBOT-PU TROJAN!
kernel32dll	X	guardpc.exe	Added by the W32/FORBOT-CU WORM!
KernelCheck	X	sys***.exe ( = digit)	Added by an unidentified TROJAN!
kernelfaultcheck	N	dumprep 0 -u	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
KernelFaultCheck	N	dumprep 0 -k	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
KernelFaultChk	X	sms.exe	Added by the DEADHAT VIRUS! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"
Kernell	X	systems.exe	Added by the TARNO.C VIRUS!
Kernell32	X	Kernell.dll	Added by the DESTINY VIRUS!
KernellApps	X	svshosti.exe	Added by a Bancban-V trojan infection
KernellApps	X	csrss.exe	Added by the BANCBAN-AC TROJAN!
KernellApps	X	lexplore.exe	Added by the Troj/Bancban-BS TROJAN!
KernellApps32	X	smss.exe	Added by the Troj/Bancban-AN TROJAN! Note: This is not the legitimate Windows process smss.exe (Which is always found in the System32 folder) This trojan file is found in the System\Systens (95/98/ME) or System32\Systens (NT/2000/XP) folder.
Kernelw	X	Kernelw32.exe	Added by the INDOR.E VIRUS!
Kernel_check	X	wmiprvse.exe	Added by the W32/SONEBOT-B WORM!
key	X	sysxp.exe	Added by the BEAGLE.AB WORM!
key	X	sys_xp.exe	Added by the BEAGLE.AC WORM!
key	X	winxp.exe	Added by the BEAGLE.AG WORM!
Key Logger	X	csrss.exe	Added by the W32.Buchon.A worm.
Key1	X	Rlid.exe	Added by the LIXY VIRUS!
Key2	?	serve.exe	??
KeyAccess	Y	keyacc32.exe	KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"
Keybdcntl	X	keybdcntl.exe	Added by a Crypter.C trojan variant infection
Keyboard Manager	U	MMKeybd.exe	Multimedia keyboard manager. Required if you use the additional keys. Can also be listed as MULTIMEDIA KEYBOARD
Keyboard Preload Check	Y	Preload.exe	Millenium Multi-Function Keyboard driver
keyboard_enum	X	keyboard_enum.exe	Added by the TROJ/BDOOR-GP TROJAN!
KeyMaestro	U	kmaestro.exe	Multimedia keyboard manager. Required if you use the multimedia keys
keymap	U	keymap.exe	System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game
keymgrldr	X	rundll32 setupapi, InstallHinfSection... keymgr3.inf	CoolWebSearch parasite related
KeyPatrol	U	KeyPatrol.exe	KeyPatrol - detects Key Loggers ("keyboard loggers" or "keyloggers") using both behavioral and pattern-matching algorithms
keystroke	U	keystroke	QuickLaunch is a spyware program that logs keystrokes and captures screenshots. If you didn't install this yourself remove it.
KeyText	N	KeyText.exe	Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs
KeyWallet	U	KWallet.exe	"KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"
kfienq	X	masbl.bat	Added by the KIFER VIRUS!
kgjdi27	X	kgjdie27.exe	Added by the Sdbot.AP WORM!
khooker	N	khooker.exe	SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
KICKMON.EXE	U	KICKMON.EXE	KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required
Kill Popup	U	KillPopup.exe	KillPopup Pop-up stopper
kimochiz.exe	X	kimochiz.exe	Added by the TROJ/MDROP-BB TROJAN!
Kinberlink	N	Kinberlink.exe	Kinberlink network messaging. Available via Start -> Programs
KK Loader	U	loadkk.exe	KeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."
KKM Service	X	kkm.exe	Added by the W32/Nanpy-I WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
KLog	U	Keyspy.exe	Added by the Hacktool.KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself!
klop	X	[path to file]	Added by the TROJ/AGENT-WQ TROJAN!
klop	X	(Ranom).tmp	Found with Trojan.Win32.StartPage.aw. Possibly a variant of the Troj/Agent-WQ TROJAN!
klp	U	run32dll.exe	PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online
klp	U	explorer.exe	ComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in a C:\WINDOWS\System\PAL\CSS folder (Win 98/ME) or in the C:\Winnt\System\PAL\CSS or C:\Windows\System\PAL\CSS subfolder (Windows 2000 and Win XP)
KM9801U	U	MMHotKey.exe	Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
kmw_run.exe	U	kmw_run.exe	Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
kmw_show.exe	U	kmw_show.exe	Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
Kodak Batch Transfer	N	pezdow1.exe	Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC
Kodak EasyShare software	U	EasyShare.exe	Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually.
Kodak Picture Easy . Batch Transfer	N	PezDownload.exe	Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. . represents the version
Kodak Picture Transfer Software	N	pts.exe	Looks for Kodak camera connection and media insertion. Available via Start -> Programs
Kodak Software Updater	N	backweb*****.exe	Software updater for Kodak Easyshare digital cameras
KodakCCS	Y	KodakCCS.exe	Kodak DC File System Driver
Komunikator	U	tlen.exe	Tlen - a Polish language Instant Messaging client
Konni Symbol Autostart	N	KonniSymbol.exe	Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5
kontiki	N	kontiki.exe	Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
KPDrv4XP	Y	KPDrv4XP.exe	MediaKey USB Keypad Driver
KREC32	U	krec32.exe	StarrCommander Pro Keystroke logging software
Krnlcheck	X	csrss.exe	Added by the BACKDOOR.BOTNACHALA TROJAN! - Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, and which should NOT figure in Msconfig!
Krnlmod	U	Krnlmod.exe	Keylogger - see here. Given a "U" recommendation because it depends if you intentionally installed it. If you didn't, treat it as "X" and uninstall or remove via Spybot S&D (for example)
Ksrv32	X	Ksrv32.exe	Added by the W32/Agobot-PI WORM! Note: This trojan/worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
KTAX Auto Loader	X	ktax.exe	Added by the W32/SdBot-MZ WORM!
ktchnsnk	U	ktchnsnk.exe	HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted
KV2005	X	word.EXE	Added by the TROJ/VB-IW TROJAN!
kv3000	X	lover.vbe	Added by the ZSYANG.B VIRUS!
kvern16.dll	X	regsvr32.exe [path] kvern16.dll	DailyWinner adware
KV_HOST	X	cxjx.exe	Added by the Troj/LegMir-BB TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
kw3eef76	X	rundll32.exe (path) kw3eef76.dll,EnableRunDLL32	LZIO.com adware downloader
kX Mixer	N	kxmixer.exe	Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards.
KX509	U	kx509_kfwk5.exe	Kerberos Secure Authentication for Windows
KYE_Showicon	?	shwicon.exe	USB Card Reader tray icon. Shows when the device is plugged in - is it required?
KYK Control Settings	X	KYSVCXD.EXE	Added by a variant of the WIN32.RBOT WORM!
KYM Control Settings	X	phqghum.exe	Added by the RBOT.BQD WORM!
L4r1$$a	X	L4r1$$a.pif	Added by the W32/ASSIRAL-C WORM!
laltin	X	L90112201.Stub.exe	Adware downloader/installer, Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!
LAN Driver	X	landriver32.exe	Added by the RBOT.BT WORM!
lanbrup	X	lanbrup.exe	SafeSurfing adware
LanguageMonitor	U	Oplmsb01.exe	OKI Printer language support monitor
LanGuard	X	languard.exe	Adware downloader - also detected as the TROJ/SECONDT-C TROJAN!
LanGuard	X	(Pathname of the Trojan executable)	Added by the Troj/Dloader-VO TROJAN!
LanSpeed2	U	LanSpeed2.exe	Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)
laokey.exe	U	LaoKey.exe	Lao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications.
LapLink scheduler	U	Llsched.exe	Utility that automatically performs file transfers as unattended background operations
Lar	X	Llass.exe	Added by the INOR-A VIRUS!
lar	X	(trojan filename)	Added by the ROXY.C VIRUS!
LARISSA ANTI VIRUS	X	LARISSA_ANTI_VIRUS.exe	Added by the Klassir TROJAN!
Lasb	?	ewat.exe	??
LasErma	X	Ermasys32.exe	Added by the W32/Lerma-A http://www.sophos.com/virusinfo/analyses/w32lermaa.html WORM! Note: This worm file is found in the Windows or Winnt folder. Makes multiple copies of it's self in the Windows and Windows System folders.
LAsIAf32	X	RePEAtLD.exe	Added by the REPEATLD VIRUS!
LASTinst	Y	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Later	?	later.exe	??
LaunApp	U	LaunApp.exe	Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
Launcg	?	launcg.exe	??
Launch Ai Booster	U	OverClk.exe	The ASUS Ai_Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup.
Launch Norton AntiVirus 2000	X	jorgf.exe	Added by W32/Rbot-AUI WORM!
Launch YahooPOPs! at Windows startup	N	YAHOOPOPS.EXE	YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs
LaunchAp	U	LaunchAp.exe	Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
LaunchApp	U	Alaunch.exe	Acer Launch tool utility on laptops
Launchboard	U	lnchbrd.exe	"LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
Launcher	X	launcher.exe	Spyware component related to DownloadWare and found in Program FilesKFH
Launcher	N	relaunch.exe	Audio Applications Launcher for the Philips Rythmiic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs
Lavasoft Ad-Aware	X	Ad-Aware.exe	Added by the W32/RBOT-SO WORM! - NOTE: this is NOT the popular spyware remover, as described here
Lavasoft Adwatch	U	Ad-watch.exe	Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
laxmsp32.exe	Y	laxmsp32.exe	Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work
Laz	X	Kernn.exe	Added by the TROJ/BANCOS-LN WORM!
LCDC	U	LCDC.exe	LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins
LCDPlayer	Y	LCDPlyer.exe	Related to SuperAdBlocker
lcfep	N	lcfep.exe	Tivoli �TME� System Tray icon - "\'lcfep\' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
LClock	U	lclock.exe	LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock.
lcvga	X	lcvga.exe	Added by the Hostol-A TROJAN!
ld	X	ld.exe	CoolWebSearch parasite variant
LDM	N	backweb-8876480.exe, ldmconf.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech. Also listed under Logitech Desktop Messenger
ldriver	X	ldriver.exe	Added by the Troj/Chorus-A TROJAN! Searchforfree Browser hijacker.
LED TRAY	U	LEDTRAY.EXE	Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work
ledpointer	U	CNYHKey.exe	Chicony Electronics Multimedia Keyboard Hotkey Driver
LeechGet	N	LeechGet.exe	LeechGet download manager
leeman	X	leeman.exe	Added by the Troj/Cosiam-D TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
LetsSearch	X	LetsSearch.exe	BrowserAid/BrowserPal foistware variant
Lexmark **** series	U	lxbtbmgr.exe	Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Lexmark **** Series	U	lxbkbmgr.exe	Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Lexmark **** Series	U	lxbmbmgr.exe	Lexmark System Tray application (where "****" is the model) that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Lexmark 2200 Series Button Manager	Y	lxbvbmgr.exe	Lexmark printer button manager. Required for correct operation
Lexmark 3100 Series	Y	lxbrbmgr.exe	Lexmark printer button manager. Required for correct operation.
Lexmark X** Button Manager	Y	AcBtnMgr_X**.exe	Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
Lexmark X5100 Series	U	lxbabmgr.exe	System Tray application that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Lexmark X6100 Series	Y	lxbfbmgr.exe	Lexmark X6100 printer button manager - required for correct operation
Lexmark X74-X75	U	lxbabmgr.exe	System Tray application that enables scan or fax functions to run directly from the printer via the buttons. Can be launched from a desktop shortcut
Lexmark Xxx Button Monitor	Y	ACMonitor_Xxx.exe	Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
LexmarkPrinTray	N	printray.exe	Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray
lexplore	X	lexplore.exe	Added by the W32.BROPIA WORM! - NOTE: this process is spelled "LEXPLORE.exe" (with an "L"), not Iexplore.exe like the familar Internet Explorer executable!
lexpps	N	lexpps.exe	For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges
LexStart	U	lexstart.exe	Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance
Lfh	X	Lfh.exe	Added by the TROJ/ZAURGA-A TROJAN!
Lfsndmng	U	lfsndmng.exe	LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"
lhttseng	N	rundll32.exe ..lhttseng.inf, RemoveCabinet	Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine
li-multi****	X	li-multi****.exe	Adult web-dialler - **** is random
li-speed****	X	dlres.exe	Adult web-dialler - **** is random
li-thund****	X	li-thund****.exe	Adult web-dialler - **** is random
li-vita****	X	li-vita****.exe	Adult web-dialler - **** is random
li01f948	X	rundll32.exe (path) li01f948.dll,EnableRunDLL32	LZIO.com adware downloader
LicCrtl	N	runservice.exe	Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
LicCtrl	U	rundll32.exe [path] MMFS.DLL,Service	Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
LidPolicy	U	pwrschem.exe	A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery.
Life FireWall Update1	X	FireWall-Update1.exe	Added by the W32/RBOT-ARS WORM!
LifeScape Media Detector	N	PicasaMediaDetector.exe	Media detector for Picasa's automatic photo organizer
lify	X	yujixit.exe	Added by a variant of the W32/SDBOT WORM!
Lightning Download	U	Lightning.exe	Lightning_Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer
Limewire	X	LimeWire.exe	Added by the W32/Rbot-AGH WORM!
LimeWire x.x	N	LimeWire.exe	LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware
Limpet	X	explorer16.exe	Added by the W32/Rbot-AJD WORM!
Line Speed Meter V3.0	N	LineSpeedMeter.exe	LineSpeedMeter - detect the download and upload speed of your internet connection
Linksts	N	linksts.exe	Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Linksts	X	linksts.exe	Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
Linux	X	Linux.vbs	Added by the LOVELETTER.AS VIRUS!
LiquidView	U	lviewj.exe	"Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display\'s native resolution. The software lets you increase the size of items that are hard to read on your monitor"
Lisa	X	Lisa.exe	Added by the DIAL/SCOM-D premium rate adult content dialer.
List checker 32 BIT	X	list32.exe	Added by the W32/Rbot-AHO WORM!
Litebot	X	(Path to Trojan EXE)	Added by the Troj/Litebot-A TROJAN!
LIU	N	Rubicon.exe	Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
LIU	N	LIU.exe	Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
Live Menu	N	Dllcmd32.exe	eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here
LiveMonitor	N	LMonitor.exe	MSI Live Update2 - auto-detects and suggests the latest BIOS/Driver/Utilities information
LiveNote	N	Livenote.exe	Asus graphics card driver live update feature
LiveSexCams	X	LiveSexCams.exe	Premium rate adult content dialer
LiveUpdate	U	LiveUpdate.exe	Web-update utility as used by various types of software - see http://liveupdate.openwares.org/
Livre	X	Dibane.bat	Added by the W97M.BANEDI VIRUS!
LLMODCL2	?	rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF	??
llsass	X	llsass.exe	Added by the TROJ/PROXY-GG TROJAN! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
LM Status	N	LMSTATUS.EXE	Xerox WorkCenter XE - language monitor status application
LMA Manager	X	lmamanager.exe	Added by the W32/Tilebot-AD WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
LManager	U	QtZgAcer.EXE	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
LManager	U	QtZpAcer.exe	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
LManager	U	HotkeyApp.exe	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
lMAPl	X	lMAPl.exe	Added by the W32/AGOBOT-RE WORM!
LMgrOSD	U	OSDCtrl.exe	OSD (on-screen-display) utility - Part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language - User's choice!
LMonitor	N	LMonitor.exe	Lmonitor utility comes with MSI\'s LiveUpdate Version 3 - periodically checks for updated drivers and utilities
lmpdpsrv	?	lmpdpsrv.exe	Related to a Lexmark printer/scanner. Printer sharing server? Is it required?
lmrt	X	lmrt.exe	Unidentified adware
LMSTATUS	N	LMSTATUS.EXE	Xerox WorkCenter XE - language monitor status application
lmu	X	LMU.exe	Downloader trojan, recognized by Kaspersky antivirus as Backdoor.Win32.Agent.bg
lnternet Explorer	X	AMSNDMGR.EXE	Added by the KWBOT.R VIRUS! Note that the "l" is a lower case "L" and not an upper case "I"
Load	X	mdm.exe	Added by the Backdoor.Binghe TROJAN!
load	X	msgsr32.exe	Added by the W32/SDBOT-QR WORM!
load	X	[file path to the worm]	Added by the W32.Kelvir.AI WORM!
Load	X	MyGame.exe	Added by the W32/LameYear-A Worm!
load	X	svhost32.exe	Added by the PWSteal.Wowcraft TROJAN!
load	X	Internat.exe	Added by the PWSteal.Wowcraft TROJAN!
load	X	rundll32.exe	Added by the PWSteal.Wowcraft TROJAN!
load	X	_Kerne1.exe	Added by the Troj/Lineage-AN TROJAN!
load	X	svchsot.exe	Added by the Troj/GWGhost-O TROJAN! Note: (svchsot.exe) is not the legitimate Windows Process. (Notice the difference in the spelling.) The legitimate Windows Process (svchost.exe) should not be seen in Msconfig or as a Startup item. This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
load	X	Kerne14.exe	Added by the Troj/Lineage-BA TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
load	X	dll.exe	Added by the Troj/Bdoor-LX TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
LOAD WB	U	LOADWB.EXE	Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it
Load-Guard	X	LGuarg.exe.vbs	Added by the VBS.YENO.C WORM!
LOAD32	X	Lorena.exe	Added by the W32.Mapson.C WORM!
load32	X	load32.exe	Added by the W32.DUMARU WORM!
load32	X	l32x.exe	Added by the W32.DUMARU.Z W32.DUMARU.Y or DUMARU.AD WORM!
load32	X	1111a.exe	Added by the W32.Dumaru.AH WORM!
load32	X	load32.exe	Added by the NIBU or W32.Bambo TROJAN!
load32	X	swchost.exe	Added by the TURTA.A WORM!
load32	X	netda.exe	Added by the NIBU.E TROJAN!
load32	X	swchost.exe	Added by the NIBU.I TROJAN! and the W32/Dumaru-AK WORM!
load32	X	winldra.exe	Added by the BACKDOOR.NIBU.J or DUMARU-BI and Troj/Dumaru-N TROJANS! Note: Also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this KeyLogger. For more information Click_Here
load=	X	dapdll.exe	Added by the W32.ATAK.E WORM!
load=	N	adw30.exe	After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95
load=	U	asistat.exe	Status monitor for an NEC SuperScript printer
load=	?	cfgsys32.exe	??
load=	U	esspk.exe	Speakerphone capability through a soundcard for an ESS modem
load=	Y	hotkey.exe	Solo 5300 display driver for Win2K on some Gateway laptops
load=	N	HPWHRC.EXE	Loads the Status Window software for the HP Laserjet printers
load=	?	WPSLOAD.EXE	Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk
load=	N	vi_grm.exe	Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings
load=	?	WINOSCFG.EXE	Could it be something to do with configuring Windows on a new PC from an OEM supplier?
load=	Y	wpshrc.exe	Required to prevent configuration errors on a Compaq LBP-660 parallel port laser printer (and maybe others)
load=	Y	Bfrecv.exe	Bitware modem driver
load=	X	msater.exe	Added by the RETSAM VIRUS!
load=	X	shambl3r.exe	Added by the REMABL VIRUS!
load=	X	Spoolsv.exe	Added by the CIADOOR.B VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Load=	?	wtfeat.exe	Associated with the Wintab Digitizer
load=	Y	AICLIENT.EXE	Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system
load=	X	hint.exe	Added by the W32.ATAK WORM!
load=	X	a1g.exe	Added by the ATAK.B WORM!
load=	X	svhost32.exe	Added by the TROJ/LINEAGE-AB TROJAN!
load=	Y	[path] 01comm32.exe	Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those.
load=	X	inetinfo.exe	Added by the TROJ/PROXY-GG TROJAN!
Loadab1	X	explorer.exe	Added by the Troj/Lineage-AJ TROJAN!
LoadBlackD	Y	blackd.exe	This is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)
LoadBtnHnd	?	BtnHnd.exe	Fujitsu LifeBook related
LoadDBackUp	X	BcTool.exe	Added by the GIBE VIRUS!
loaddll	X	loaddll.exe	Added by Winvest SPYWARE!
LoadDvpApi9x	?	DVPAPI9X.exe	Part of Command AntiVirus for Windows 95/98/Me. Is it needed?
loader	X	loader.exe	Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe
loader	X	WMPLAYER.EXE	Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn\'t load at startup
loader32	X	sys***.exe [*** = random digit]	Added by the Domcom TROJAN!
loader32	X	Loader32.exe	Added by an unidentified TROJAN!
Loaders	X	HeIp.exe	Added by the W32/Sdbot-ADB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
loadfax	X	loadfax.exe	Added by the Troj/Winflux-C TROJAN!
LoadFonts	X	LoadFonts.vbs, Tahoma.vbs	Homepage hijacker that changes your homepage to an adult content site
LoadGolfCourses	X	LoadGolfCourses.exe	PlayMiniGolf.com foistware - stealth installed!
LoadHTML	X	rundll32.exe mshtmpre.dll, MShtmpre	Mshtmpre adware
LoadingAgent	X	ZipLoader32.exe	Added by the OBLIVION TROJAN!
LoadingAgent	X	msload32.exe	Added by the OBLIVION TROJAN!
LoadManager	X	msload.exe	Added by the OPASERV.T VIRUS!
loadMecq0	X	explorer.exe	Added by the MUMUBOU.C TROJAN! ** Note - this is not the legitimate Windows Explorer (explorer.exe) which would only be in startups if you added it manually
loadMecq3	X	rundll32.exe	Added by the Troj/LegMir-AS TROJAN!
loadMect1	X	explorer.exe	Added by the TROJ/LINEAGE-L TROJAN! - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in the C:\Program Files folder! Note: The LINEAGE-AD variant will drop the ct1dll.dll file in the system folder.
loadMefs	X	rundll32.exe	Added by the TROJ/LEGMIR-JA TROJAN! - NOTE: this file is found in the C:\Windows\help folder, and is not to be confused with the legitimate rundll32.exe file, always located in the Windows folder on Win 98 and ME systems, and in the Winnt\System32 or Windows\System32 folder in Windows XP and NT!
loadMefs	X	smss32.exe	Added by the TROJ/FLOOD-EL TROJAN!
loadMefs	X	rundll32.exe	Added by the Troj/LegMir-JB TROJAN! Note: This is not the legitimate Windows Process rundll32.exe, Which is found in the Windows folder(98\ME) or the System32 folder(NT\2000\XP). This trojan file is found in the Windows\inf or Winnt\inf folder.
LoadMSvcmm	N	msvcmm32.exe	Auto-update for Movielink - internet movie rental System Tray access
LoadOrderVerification	X	*.exe	Added by the TRON VIRUS! * is a random file name, possibly Pthymvfr.exe
Loadout Manager	U	nost_LM.exe	Manager for the Belkin Nostromo n50 SpeedPad game controller - see here
LoadPFW	X	wmimgr.exe	Added by the W32/Qeds-B Worm!
LoadPowerProfile	X	ASDAPI.EXE	Added by the CABRO VIRUS! Not to be confused with the valid entry below
LoadPowerProfile	U	Rundll32.exe powrprof.dll	Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings
LoadPowerProfile	X	Rundll.exe powerprof.dll	Added by the LOXOSCAM TROJAN! **Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"
LoadPowerProfile	X	rundl.exe	Added by the TOFAZZOL VIRUS! Note - do not confuse with the valid LoadPowerProfile entry above!
LoadPowerProfile	X	Rundll32.exe	Added by the MIROOT VIRUS! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line
LoadPowerScheme	X	rundll32.exe powerprof.dll CheckPowerProfile	Ulubione adult content dialer
LoadQM	U	loadqm.exe	Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it
loads.exe	X	loads.exe	MediaMotor/Popuppers adware downloader
loads.exe	X	medload.exe	MediaMotor/Popuppers adware downloader
loads.exe	X	suploads.exe	MediaMotor/Popuppers adware downloader
LoadService	X	Rest In Peace	Added by the W32/KANGAROO-A WORM!
LoadService	X	Virus	Added by the CAGER.A WORM!
LoadService	X	Maaf, tempatmu bukan di sin	Added by the Troj/Kagen-A TROJAN!
LoadSIPS	X	rundll32.exe [path] SIPSPI32.dll,SIPSPI32	123Mania adware
LoadWatcher	?	Test.exe	Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?
loadwin	X	winset.exe	Added by the TROJ/QQPASS-I TROJAN!
loadwin	X	winsys.exe	Added by the TROJ/QQPASS-J TROJAN!
LoadWindowsFile	X	(filename)	Added by the DELF.B VIRUS! where <filename> is the infected file
Local Area Network	X	OpenGL.exe	Added by a variant of the WIN32.RBOT WORM!
Local Internet Connection	X	LIC.exe	Added by the W32/SDBOT-YA WORM!
LOCAL INTERNET WEB DRIVERS FOR WIN32	X	phqghume.exe	Added by a variant of the WIN32.RBOT WORM!
Local Page	X	http://find.naupoint.com	Naupoint browser hijacker
Local runole service	X	srvc32.exe	Added by the TROJ/SMALL-DP TROJAN!
Local Security Authority Service	X	lssas.exe	Added by the W32/POEBOT-J WORM!
Local Security Authority Service	X	Isass.exe	Added by the W32.LINKBOT.M WORM!
Local Service	X	Intenat.exe	Added by the Troj/Nuclear-J TROJAN! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Local-Settings-of-[User Name]	X	[User Name].exe	Added by the W32.Gavgent.A WORM!
Lock My PC	U	lockpc.exe	Lock_My_PC . A tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse.
Login	U	winlog.exe	Salfeld Child Control 2003 - parental control software
Login Screen Saver	X	login.scr	Added by the W32/Rbot-AVN WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Login Service	X	(path to file)	Added by the MIGMAF VIRUS!
LoginPassport	X	Lgnpsp32.exe	Added by the REDIST.C VIRUS!
Logitech	X	Logitech.exe	Added by the RBOT.BJH WORM!
Logitech Camera	X	Soundcane.exe	Added by the SDBOT.MUC WORM!
Logitech Desktop	X	IPCONN.EXE	Added by the W32/SDBOT-WE WORM!
Logitech Desktop	X	ApPache.exe	Added by the W32/RBOT-YP WORM!
Logitech Desktop Controller	X	wrcam.exe	Added by a variant of the WIN32.RBOT WORM!
Logitech Desktop Messenger	N	backweb-8876480.exe, ldmconf.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
Logitech Hardware Abstraction Layer	?	Khalmnpr.exe	Logitech Bluetooth mouse Hardware Abstraction layer. A "hardware abstraction layer" is an interface that enables adding support for new devices and new ways of connecting devices to the computer, without modifying every application that uses the device. Not sure whether required.
Logitech SetPoint	U	KEM.exe	Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
Logitech SetPoint	U	SetPoint.exe	Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
Logitech Utility	U	Logi_MwX.exe	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
Logitech Utility	U	Logi_MwX.Exe	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
Logitech Wakeup	N	lgwakeup.exe	Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images
Logitech Wireless	X	logitechwls.exe	Added by the W32/Mytob-BS Worm!
LogitechGalleryRepair	U	ISStart.exe	LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
LogitechImageStudioTray	N	LogiTray.exe	Logitech Image Studio - installed with Logitech QuickCams
Logitechs	X	Logitechs.exe	Added by the SDBOT.BWE WORM!
LogitechSoftwareUpdate	?	ManifestEngine.exe	Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras. Probably not required.
LogitechVideoRepair	U	ISStart.exe	LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
LogitechVideoTray	N	LogiTray.exe	Logitech Image Studio - installed with Logitech QuickCams
LogiTray	N	LogiTray.exe	Logitech Image Studio - installed with Logitech QuickCams
Logi_Mwx	U	Logi_MwX.exe	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
Logi_Mwx	U	Logi_MwX.Exe	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
LogMeIn GUI	U	ragui.exe	RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone.
LogMeIn GUI	U	LogMeInSystray.exe	RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone.
Logo	X	(path of the Trojan EXE)	Added by the Troj/Dloader-RH TROJAN!
Logon Loader	U	LogonLoader.exe	Logon_Loader - customize Boot & Login Screens
Logon Loader Random	U	LogonLoader.exe	Logon_Loader - customize Boot & Login Screens
Logon.exe	X	logon.exe	Added by the BKDR_ZINS.A TROJAN!
logon.exe	X	logon.exe	Added by the Zins.B TROJAN!
LogonStudio	U	logonstudio.exe	WinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"
LogService	X	wincalc.exe	Added by the BACKDOOR.PAPROXY TROJAN!
LogService	X	lsass.exe	Added by the Troj/Bdoor-IU TROJAN! Note:This is NOT the legitimate Windows lsass.exe process, which should NOT figure in Startup!
LogWatch	U	logwat95.exe	Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll - see here. Not required if you already have a newer version or the patch has been applied
longos	X	WIWT.EXE	Added by the BANKER-CD TROJAN!
Look 'n' Stop	Y	looknstop.exe	Look 'n' Stop personal firewall
LookNMeet	U	Agent.exe	LooknMeet dating service
Lookup_Sys	X	lookupsys.exe	P04n trojan
Lotus Organizer EasyClip	N	easyclip.exe	"The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs
Lotus QuickStart	N	smartctr.exe	Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs
Lotus SuiteStart	U	suitest.exe	Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs
LowVersionSupport	X	(random filename)	Added by the LASTRAS VIRUS! where <filename> is the name of the file dropped by the virus
Lpr	X	Lpr123.exe	Added by the REMPSTEAL password stealer TROJAN!
LPS	U	Lps.exe	Local Port Scanner - "With LPS you're able to check your computer for open or listening ports"
LPtask	U	lptask.exe	Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted
LRBZ Utility 32	X	lrbz32.exe	Added by the W32/AGOBOT-JQ WORM!
LS120 Superdisk	N	??	Supposed to accelerate transfer rate on LS-120, contributes to system lockups
LSA	X	wfdmgr.exe	Added by the W32.Mytob.C WORM!
LSA	X	lsa.exe	Added by the W32/SDBOT-YV WORM!
LSA Service	X	LSASS.exe	Added by the W32.Ahker.G WORM! **Note - this is NOT the legitimate Windows lsass.exe process, which should NOT figure in Msconfig/Startup!
lsa Services	X	lsa2srv.exe	Added by the W32/Tame-C WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
LSA Shell (Export Version)	X	LSASS.exe	Added by several variants of the AHKER WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows lsass.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
lsass	X	lsasrv.exe	Added by the W32.Mydoom.AU WORM!
lsass	X	lsass.exe	Added by the RATSU.B VIRUS! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!
lsass	X	start.bat	Added by the ZCREW VIRUS!
lsass	X	(path to lsass.exe)	Added by the ALADINZ.F VIRUS! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!
lsass	X	lsasrv.exe	Added by the SAVAGE.A WORM!
lsass	X	lsasrv.exe	Added by the W32.Mydoom.AS WORM!
Lsass	X	woekd.exe	Added by an unidentified WORM or TROJAN!
Lsass	X	kavmm.exe	Added by an unidentified WORM or TROJAN! - NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here . Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program Files.
lsass	X	elite***32.exe	EliteBar adware variant
LSASS 32	X	ISASS32.pif	Added by the W32/ASSIRAL-C WORM!
LSASS Authority	X	lshosts32.exe	Added by the SDBOT-UY TROJAN!
LSASS Authority	X	lsvhosts.exe	Added by the SDBOT.BCE WORM!
LSASS Daemon	X	LSASSd.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
lsass service	X	lsass2.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
lsass2k Update	X	lsass2k.exe	Added by a variant of the WIN32.RBOT WORM!
LSASS32	X	Isass32.exe	Added by the W32.KELVIR.M WORM!
lsass32	X	lsass32.exe	Added by the Troj/Lydra-B Trojan!
lsass64BiT.exe	X	lsass64BiT.exe	Added by the W32/FORBOT-CK WORM!
lsassig	X	lsassig.exe	Added by the Troj/Bancos-EC TROJAN! Note: This trojan file is found in the System\drivers (95/98/Me) or System32\drivers (Nt/2000/XP) folder.
lsasss	X	lsasss.exe	Added by the Troj/Geekmy-A TROJAN! Note: lsasss.exe (notice the extra s) is not the legitimate Windows Process. (lsass.exe) The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
lsasss.exe	X	lsasss.exe	Sasser.E worm
lsburnwatcher	N	lsburnwatcher.exe	Used for automatically updating HP programs
lsess	X	lsess.exe	Added by the WURMARK.S or W32.SINNAKA.A WORM
lsmss.exe	X	lsmss.exe	Added by the TROJ/PROXY-GG TROJAN!
LSPFix	N	LSPmonitor.exe	eAcceleration Stop-Sign related - not recommended, see note
LSPmonitor	N	LSPmonitor.exe	eAcceleration Stop-Sign related - not recommended, see note
lssass	X	lssas.exe	Added by the AGOBOT.RL WORM!
LSvr	X	LSvr.exe	PowerStrip foistware
LT DAEMON	Y	ltdaemon.exe	Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used
LTDMgr	X	LTDMgr.exe	PowerStrip foistware
LTM2	X	MSGSRV32.EXE	Added by a LITMUS VIRUS variant! (Note: MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:\Windows\System)
LTM2	X	bible.exe	Added by a LITMUS VIRUS Variant!
LTM2	X	winupdate.exe	Added by a LITMUS VIRUS Variant!
LTM2	X	MSGSRV320.EXE	Added by a LITMUS VIRUS Variant!
LTM2	X	MPGSRV32.EXE	Added by a LITMUS VIRUS variant!
LTM2	X	winscan.exe	Added by the TROJ/LITMUS-B TROJAN!
LtMoh	U	Ltmoh.exe	Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
LTMSG	Y	ltmsg.exe	One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
LTSMMSG	N	LTSMMSG.exe	Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too
LTSMSG	X	Shell32.exe	Added by the PWSteal.Lemir.B TROJAN!
LTWinModem1	Y	ltmsg.exe	One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
ltwob	X	formatsys.exe	Added by the W32.Serflog.A WORM!
ltwob	X	serbw.exe	Added by the W32.Serflog.A WORM!
ltwob	X	msmbw.exe	Added by the W32.Serflog.A WORM!
LUGuard	U	LUGuard.exe	PC-Duo Remote_Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet.
Lusetup	Y	LUSetup.exe	Symantec, LiveUpdate_installer , required to install a new version of the application - will only run once, and the entry is automatically deleted after a reboot.
LVComs	U	lvcoms.exe	Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera
LVCOMSX	U	LVCOMSX.EXE	It provides extra functionality for Logitech multimedia webcam devices. It is non-essential to the running of the system, but should not be terminated unless suspected to be causing problems.
LWBMOUSE	U	lwbwheel.exe, MOUSE32A.EXE	Mouse driver - required if you use non-standard Windows driver features
Lwinst Run Profiler	N	lwtest.exe	Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
lxamsp32	?	lxamsp32.exe	Associated with a Lexmark Printer - is it required?
LXBLKsk	?	LXBLKsk.exe	Lexmark related, not sure whether required
lxbrbmgr	Y	lxbrbmgr.exe	Lexmark printer button manager. Required for correct operation.
LXBRKsk	?	LXBRKsk.exe	Lexmark printer related - what does it do and is it required?
LXBTCATS	?	rundll32 [path] LXBTtime.dll,_RunDLLEntry@16	Lexmark printer related - what does it do and is it required?
LXSUPMON	N	LXSUPMON.EXE	Lexmark Printer. The printer should work fine without it
lycosInside	?	Lyc_SysTray.exe	Lycos_eMail related - what does it do and is it required?
LzioMediaUpdater	X	LzioMediaUpdater.exe	LZIO.com adware downloader
M Player Post Installer	?	postinstallm.exe	??
M-soft Office	X	M-soft Office.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
M1cr0s0ft S3rcurity	X	systemconfig.exe	Added by the RBOT.BKB WORM!
M1cr0s0ft Upd4t4zS	X	update32.exe	Added by the W32/RBOT-MI WORM!
m32info	X	m32info.exe	Added by a CRYPTER.A trojan infection
M3Tray	N	m3tray.exe	Movielink - internet movie rental System Tray access
m4n70s Personal Firewall	X	m4n70s.exe	Added by a variant of the W32.SPYBOT WORM!
Macfee Security Patch	X	Mpfsheild.exe	Added by the W32/RBOT-NP WORM!
Machine Debug Manager	U	mdm.exe	Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See here to disable
Machine Debug Manager	X	msdn.exe	Added by a variant of the WIN32.RBOT WORM!
Machine Update Soft	X	wusas.exe	Added by an unidfentified WORM!
MacLic	N	MacLic.exe	Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks
MacName	N	MacName.exe	Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks
Macromedia Critical Updater	X	rarww.exe	Added by a variant of the WIN32.RBOT WORM!
Macromedia Dreamweaver XM	X	macdwXM.exe	Added by the W32/AGOBOT-RI WORM!
Macromedia Drive	X	Iexplor32.exe	Added by a variant of the WIN32.RBOT WORM!
Macromedia Flash Update	X	scvhost.exe	Added by a variant of the WIN32.RBOT WORM!
MAD.EXE	Y	MAD.EXE	MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?
MadExe	N	LaunchRA.exe	Dell Resolution Assistant
MAFWTaskbarApp	U	MAFWTray.exe	Drivers for the M-Audio Firewire Audiophile - Interface
MagicDsk	U	MAGICDSK.EXE	Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons
MagicLinker3	U	MagicLnk.exe	ThaiSoftware Thai Dictionary
Magitime	N	Magitime.exe	Magitime - connection tracking utility which monitors online time, expense, data transfer
Mail.com	?	mcalert.exe	Mail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived?
MailBell	U	mailbell.exe	MailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
Mailbox Verifier	U	mboxvrfy.exe	Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
MailCleaner	N	MAILCLEANER.EXE	MailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh" - not recommended as it bundles Gator/Gain/Claria adware
mailman.exe	X	mailman.exe	Added by the CERTIF-E TROJAN!
MailScan Dispatcher	Y	Launch.exe	MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned
MailSkinner	X	mailskinner.exe	MailSkinner - an application by Electronic_Group , notorious for its premium rate "drive by" installed porn dialers
Mail_Check	X	Mail_Check.exe	Added by the PANOIL.C VIRUS!
MAIN	U	main.exe	SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
Main Executable (HP)	?	HP05T0R5.exe	HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?
main16	X	main16.exe	Added by a CRYPTER.A trojan infection
main32	X	main32.exe	Added by a CRYPTER.A trojan infection
MainStart	X	svcmfte32.exe	Added by the Troj/Stinx-A Trojan!
mainviewex	X	mainviewex.exe	Added by the W32.GEMA.D TROJAN!
Major Microsoft Windows Driver Boot loader	X	bpool.exe	Added by the W32.MYTOB.AJ WORM!
ManageProtocolCtrl	X	csmsv.exe	Added by the W32.Looksky.B or Troj/Stinx-B TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Mania Win Restore	N	RESWIN.EXE	Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
Mantis	X	(filename)	Added by the MANTIBE VIRUS! where <filename> is the filename
MapiDrv	X	mpisvc.exe	Added by the MIPSIV VIRUS!
mapisvc32	X	mapisvc32.exe	Added by the KX VIRUS and also recognised by Symantec as FPAI adware
mark the service	X	xxtra32.exe	Added by the SDBOT.APP WORM!
Martini	X	pinmart.exe	Added by a variant of the W32/SDBOT WORM!
Mascro soft SDK updates2	X	SDKrepair2.exe	Added by the SDBOT.BXM WORM!
Mascro soft SDK updates2	X	SDKrepair2.exe	Added by a variant of the W32/SDBOT.W WORM!
masqform.exe	N	masqform.exe	PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms
Mass storage check registry	N	rundll32.exe MSDServ.dll, check registry	Used with a USB based smartmedia card reader
Master Volume Spy	U	MASTERVOLUMESPY.EXE	Volume control for the Gateway Destination "DestiVu" media interface
Matador	U	mlfbuddy.exe	MailFrontier - anti-spam application
Matador	U	mantispm.exe	MailFrontier_Desktop (Matador) email spam blocker software
MatrixScreen	X	[filename]	Added by the MATRIXSCREEN TROJAN!
MatrixScreenSaver	X	mss.exe	Malware, see here
Matrox Color Control	N	hgcctl95.exe	For Matrox video cards. Quick access to changing colors
Matrox Control Center	N	mgactrl.exe	For Matrox video cards. Quick access to settings
Matrox Diagnostic	N	mgadiag.exe	For Matrox video cards. Quick access to diagnostics
Matrox Powerdesk	N	PDesk.exe	For Matrox video cards. Quick access to tweak your card to your liking
Matrox QuickDesk	N	mgaqdesk.exe	For Matrox video cards. Quick access to tweak your card to your liking
MaxAlerts	X	max.exe	Bonzi MaxALERT - spyware
MaxtorCombo	Y	ComboButton.exe	Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)
MaxtorOneTouch	U	OneTouch.exe	Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup software
MaxtorReg	U	AUTOREG.EXE	Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
MayaPan	Y	MayaPan.Exe	Audiotrak Maya soundcard driver
MBM 4	U	MBM4.exe	Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
MBM 5	U	MBM5.exe	Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
MBNet	U	mbnet.exe	MBNet (Portugal) Credit Card Processing software
MBProbe	U	mbrpobe.exe	MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
MC	X	wintrims.exe	Added by the WINTRIM VIRUS!
mc or SMC Service or SmcServices	Y	smc.exe spfsmc.exe	Sygate Firewall
McAfee	X	McAffeAv.exe	Added by the NETSKY.AL WORM!
McAfee	X	McAffeAv.exe	Added by the W32.Netsky.AN WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
MCafee	X	WinNT.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
Mcafee Anti Scan	X	NortonScn.exe	Win32.Rbot worm variant
McAfee Antivirus	X	McAfeeAV.exe	Added by a variant of the WIN32.RBOT WORM!
McAfee Antivirus 32	X	MCAFEEAV32.EXE	Added by the W32/Spybot-EH WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Mcafee Antivirus Monitoring System326	X	VSStatmn326.exe	Added by a variant of the W32/SDBOT WORM!
Mcafee Antivirus Monitoring System32mn	X	VSStatmn32.exe	Added by a variant of the WIN32.RBOT WORM!
McAfee Antivirus Protection	X	mcafeeAV.exe	Added by a variant of the WIN32.RBOT WORM!
Mcafee Auto Protect	X	mcafeshield.exe	Added by the W32/RBOT-UH WORM!
McAfee Firewall	Y	CPD.EXE	Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE
McAfee Guardian	N	CMGRDIAN.EXE	McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
McAfee QuickClean Imonitor	N	Plguni.exe	McAfee_QuickClean_3.0 - removes internet clutter and unwanted programs
mcafee Software Intrenet	X	mcafee.exe	Added by W32/Rbot-ATR WORM!
MCafee Update	X	WinNT.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
McAfee Windows Protection	X	mcafee32.exe	Added by a variant of the W32.SPYBOT WORM!
McAfee Winguage	N	??	Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
McAfee.InstantUpdate.Monitor	U	RuLaunch.exe	Instant Updater for McAfee\'s VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
McAfeeScanPlus	X	McAfeeScanPlus.exe	Added by the Backdoor.Mepcod TROJAN! Note: This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder.
McAfeeUpdaterUI	Y	UpdaterUI.exe	Associated with McAfee Enterprise 7.0.0. - background process
McAfeeVirusScanService	Y	Avsynmgr.exe	From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
McAfeeWebscanX	Y	WebScanX.exe	From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
Mcaffe Antivirus	X	Mcafeescn.exe	W32.SpyBot worm variant
McAgentExe	U	mcagent.exe	From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed
Mcappins.exe	Y	mcappins.exe	Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled.
MChanger	N	MChanger.exe	Media Changer - utility that allows you to change wallpapers, sounds, themes, etc
MCM3	X	mcm3.exe	ShopAtHome/SAHagent adware variant
McRegWiz	?	mcregwiz.exe	McAfee antivirus related. What does it do and is it required?
Mcrosoftr Update	X	Mcrosoftr.exe	Added by a variant of the WIN32.RBOT WORM!
McUpdateExe	U	mcupdate.exe	From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions
MCUpdateExe	X	mcagent.exe	Added by the TROJ/ANTIMCA-A TROJAN! - do NOT confuse with the McAfee VirusScan executable as described here
mcupdmgr.exe	Y	MCUPDMGR.EXE	McAfee antivirus SecurityCenter Update Manager
McVsRte	Y	mcvsrte.exe	Part of McAfee's SecurityCenter. Must remain checked but one user reports Windows glitches with no response from McAfee as to why
mcvsshld	Y	mcvsshld.exe	McAfee VirusScan On-line. See also McAgentExe entry.
MCX Update	X	wisp.exe	Added by the W32/Rbot-AQH WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MCX Updte	X	scorti.exe	Added by the W32/RBOT-ARP WORM!
MD IE Plugin	X	md.exe	Marketdart spyware
MD IE Plugin	X	winy.exe	Adware
mdac_runonce	N	runonce.exe	Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".
MDDiskProtect.exe	N	MDDiskProtect.exe	MediaFour MacDrive for Windows - easily open, edit and save files from Mac-formatted disks, format Mac disks and burn Mac CDs and DVDs!
mdetect	X	(path to trojan)	Added by the SPABOT VIRUS!
Mdm	X	Mdm.vbs	Added by the WHITEHO or TRAPPY VIRUSES!
MDM7	U	mdm.exe	Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See here to disable
Mdmdll	X	mdmdll.exe	Added by the WIN32.CRYPTER downloader TROJAN!
Mdmdll32	X	mdmdll32.exe	Added by a Crypter.C trojan variant infection
MDN	X	MDNS.exe	Added by the W32.Spybot.JPB WORM!
MDN	X	MDNZ.exe	Added by the RBOT.AQD WORM!
MDN	X	MDN.exe	Added by the RBOT.AOA WORM!
mds.exe	X	mds.exe	Added by the TROJ/MADS-A TROJAN!
mdwmdmsp	X	mdwmdmsp.exe	Adware - recognized by Kaspersky antivirus and others as TrojanDownloader.Win32.Agent.am
MECA	N	Meca.exe	Meca instant messenging client
MedGS	X	MEDGS1.exe	PacerD_Media/Pacimedia.com adware component
Media Access	X	MediaAccK.exe	Windupdates MEDIAPAS.A adware
Media Access	X	MediaAccK.exe	Added by the Troj/Podrop-C TROJAN! Note: This file is found in the Program Files\Media Access folder. Read the link, rootkit type stealth involved.
Media Gateway	X	MediaGateway.exe	180Solutions Windupdates adware variant - also see here
Media Load	X	msn32.exe	Unidentified backdoor trojan
Media Manager Indexer	U	AIRSVCU.EXE	Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database. For more information see here
Media Pass	X	MediaPassK.exe	MediaPass adware
Media Pass	X	MediaPass.exe	WindUpdates MediaPass adware
Media Player	X	media.exe	Added by the FLDMEDIA-A VIRUS!
Media Player	X	wmplayer.exe	Added by the W32/Agobot-BM WORM!
Media Player	X	Sysdll.exe	Added by the TROJ/BANKER-BR TROJAN!
Media Player	X	Sysnet.exe	Added by the BANKER.MW WORM!
Media Player Update	X	xpsp1mfh.exe	Added by a variant of the WIN32.RBOT WORM!
Media Plug x.1.2	X	msdm.exe	Added by the MULDROP.352 VIRUS!
Media service	X	msnmsgxr.exe	WORM_SDBOT.TF
Media Service	X	msn64.exe	Added by a SPYBOT.EV worm infection
Media service	X	SYSTEM64.EXE	Added by a RBOT.QV worm infection
Media service	X	notpad.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Media Software UPdater	X	sscs.exe	Added by the W32/RBOT-ABE WORM!
Media X Services	X	MSNGRx.exe	Added by the RBOT.AUL WORM!
Media-XP-Service-Pack3	X	msnzx.exe	Added by the W32/Sdbot-ACW WORM!
MEDIA32	X	(pathname of the Trojan executable)	Added by the Troj/PurScan-Z Trojan!
MediaFace Integration	N	Sethook.exe	Fellowes Neato� cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
Mediafour Mac Volume Notifications	U	Macvntfy.exe	Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
Mediafour XPlay Tray Notification Icon	U	Xptryicn.exe	Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
MediaKey	U	MediaKey.exe	Multimedia keyboard manager. Required if you use the multimedia keys
MediaLoads or MediaLoads Installer	X	dw.exe	Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See here for more information
MediaMonitor	N	Mediam~1.exe	Installed by Smartdisk MVP CD burning software. Software will work fine without it
mediamotor.exe	X	mmups.exe	MediaMotor/Popuppers adware
MediaPath	X	Proyecto1.exe, Root.exe	Added by the GRUEL VIRUS!
mediapluscash.exe	X	mediapluscash.exe	MediaMotor/Popuppers adware component
MediaRing Talk	N	mrtalk.exe	Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs
MediaXPServicePack	X	mxpsp.exe	Added by a variant of the WIN32.RBOT WORM!
media_driver	X	media_driver.exe	Added by the TUPEG VIRUS! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
media_manager	X	mediaman.exe	Mini-Player, IMESH related foistware, see here
media_stub	X	stub.exe	Mini-Player, IMESH related foistware, see here
Meeting Connection	X	comsutil.exe	Added by the PPDOOR-E TROJAN!
Meeting Connection	X	wowdache.exe	Added by the TROJ/PPDOOR-D TROJAN!
Members area	X	*****.exe ( = random digit)	Premium rate adult content dialer
MemConfig	X	SetupIE.com	Added by the TAPLAK VIRUS!
MemMonster	U	memmnstr.exe	MemMonster is a memory manager which enables your computer to work more efficiently.
MemoKit	U	MK.EXE	Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
memory	X	outlookrem.exe	Added by the W32.Nopir.C Worm!
Memory Check	X	memore.exe	Added by the KILLAV.C VIRUS!
Memory Stick Monitor	N	MSTAT.exe	Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer
Memory Stick Monitor	U	MSstat.exe	Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
Memory Watcher	X	MemoryWatcher.exe	MemoryWatcher spyware
Memory+	U	tfimemsr.exe	Memory optimizer. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
MemoryMeter	X	MemoryMeter.exe	Autoinstalling spyware by Total Velocity
memreader.exe	X	memreader.exe	Added by W32/Agobot-TY WORM!
MEMreaload	X	MEMreaload.exe /checkmouse /updateration	Added by the Lazar TROJAN!
MemScanner	N	MemScanner.exe	SpyHunter - spyware remover of somewhat dubious repute; see note
MemTurbo	U	memturbo.exe	MemTurbo memory optimizer. MS professionals recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
MenuSnap	N	MenuSnap.exe	MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe
Message Queuing	X	msmqs.exe	Added by the FREEFORS VIRUS!
MessagerStarter Freeserve	N	StartMessager.exe	Freeserve Messenger
Message_Blocker	U	messageblock.exe	Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"
Messanger	X	trillian.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Messanger	X	deamon.exe	Added by the WIN32.TACTSLAY.C TROJAN!
Messanger	X	msgaol.exe	Added by the WIN32.TACTSLAY.C TROJAN!
Messanger	X	s_menu.exe	Added by the WIN32.TACTSLAY.C TROJAN!
Messenger	X	messenger.exe	Added by the KUTEX VIRUS!
Messenger	X	ntsubsys.exe	Added by the SDBOT.BGE WORM!
Messenger	X	Wmsngr.exe	Added by a variant of the WIN32.RBOT WORM!
Messenger Block	X	msngrblock.exe	Added by the PATOO VIRUS!
Messenger Protocol	X	netsender.exe	Added by the W32/Sdbot-ACC WORM!
Messenger Service	X	msmsgs.exe	Added by the W32/SDBOT-ZB WORM!
Messenger Service	X	nvhost.exe	Added by the MYTOB.IF WORM!
Messenger Service Updater	X	svshost.exe	Added by the MYTOB.GC WORM!
Messenger start-up	X	Msgran.exe	Added by the GRAMOS VIRUS!
Messenger6	X	command.pif	Added by the W32.INZAE.B WORM!
MessengerDiscovery	U	MessengerDiscovery.exe	MessengerDiscovery is a MSN Messenger add-on, adding over 70 new features.
MessengerPlus, MessengerPlus2, MessengerPlus3	N	MsgPlus.exe	MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware; the software does offer you a choice during setup: make sure to install MessengerPlus WITHOUT that "sponsor program"!
messnger	X	(worm filename)	Added by the DELODER VIRUS! where <filename> is the worm name
messnger	X	Dvldr32.exe	Added by the DELODER.A VIRUS!
MeTaLRoCk (irc.musirc.com) has sex with printers	X	metalrock-is-gay.exe	Added by the RANDEX.Q WORM!
MeuPrograma	X	accwizz.exe	Added by the W32.Ruland.A WORM!
Mfc*.exe ( = random char)	X	Mfc*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Mfc*32.exe ( = random char)	X	Mfc*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
mfgboot	?	??	??
mfin32	X	mfin32.exe	MyFreeInternetUpdate - adware downloader
MGA Hook	?	Mgahook.exe	MATROX Graphics card related. What does it do and is it required?
MGA Quickdesk	N	MGAQDESK.EXE	For Matrox video cards. Quick access to tweak your card to your liking
Mgabg	?	Mgabg.exe	Matrox BIOS Guard. What does it do and is it required?
mgavctrl or mgavrtclexe	Y	mgavrtcl.exe mgavrte.exe	McAfee\'s Virus Scan Online
MGA_CD_Install	N	mgasetup.exe	Matrox Millennium video driver. Not required once drivers installed
mgmtapi	X	mgmtapi.exe	Unidentified malware
MHDOGStart	X	mhdogst.EXE	Added by an unidentified VIRUS! A possibility is a trojan known as PENIS
MHINIT	N	MHINIT.EXE	Part of the Cybermedia Clean Sweep package
Micr Update	X	soundblaster.exe	WORM_SDBOT.NP
Micr0s0ft Ms D0s	X	msdx.exe	Added by the W32/Rbot-AON WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Micr0s0ft Upd4t4z	X	svchost32.exe	Added by a variant of the WIN32.RBOT WORM!
Micrcoft Exploerer	X	spoolsal.exe	Added by the W32/Rbot-AKK WORM!
Micrcoft Exploerer	X	svchose.exe	Added by W32/Rbot-ASL WORM!
Micrcoft Updat	X	spoolsae.exe	Added by the W32/Rbot-AIB WORM!
Micrcoft Updat	X	spoolsaex.exe	Added by the W32/Rbot-AJM WORM!
Micrcoft Updat	X	Internet.exe	Added by the W32/Rbot-ANA WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Micro Process	X	appconf.exe	Added by an unidentified WORM or TROJAN!
Micro Update	X	dailin.exe	Added by the W32/RBOT-ER WORM!
Microangelo Desktop	U	Muamgr.exe	Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut\'s text to a color you want. Very useful, if you have a wallpaper. Available via Start -> Programs
microAttuneDownload	N	atmdlusr.exe	USR (US Robotics) modem auto updater. May be a sub-set of Attune
MicroCQ0	X	explorer.exe	Added by the Troj/Lineage-AK Note: This trojan file (explorer.exe) is found in the Program Files folder and is not the legitimate Windows file (explorer.exe) that is found in the Windows folder.
MicroDialler	U	atdialler1.exe	Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered
MicroedSoft Toolbar	X	Smoked.exe	Added by the W32/RBOT-ALN WORM!
Microfinder lptt01 or Microfinder ml097e	X	mcf.exe	Variant of the RapidBlaster parasite (in a "mcf" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Microfot Update	X	winldx32.exe	Added by a variant of the WIN32.RBOT WORM!
Microft Exploerer	X	spoolsac.exe	Added by the W32/Rbot-AMD WORM! Note: This is not the legitimate Windows Process spoolsv.exe. (Notice the difference in the spelling) The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Microft Update 32	X	winssx.exe	Added by the W32/Rbot-AQS or W32/Rbot-ATV WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MicroLoad	X	(random filename)	Added by the DARBY VIRUS!
Micromedia Flash Update	X	wdfmrg.exe	Added by a variant of the W32/SDBOT WORM!
Microoft Timing	X	pupdate.exe	Added by a variant of the WIN32.RBOT WORM!
MICROSFT ANTIVIRUS UPDATE SUPPORT	X	MSGUPDATED.EXE	Added by the W32/Rbot-APZ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MICROSFT ANTIVIRUS UPDATE SUPPORT	X	(Random 10-letter filename).EXE	Added by the W32/Rbot-AQA WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsft Confige 32	X	msaconfigurez.exe	Added by the RBOT.CLC WORM!
MICROSFT MX UPDATE SUPPORT	X	taskmngrs.exe	Added by the W32/Rbot-AUZ WORM!
MICROSFT RAMA UPDATE SUPPORT	X	(Random filename)	Added by the W32/Rbot-ASM or W32/Rbot-AUW WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MICROSFT RAMA UPDATE SUPPORT	X	mtakthmyn.EXE	Added by W32/Rbot-AUJ WORM!
MICROSFT RAMA UPDATE SUPPORT	X	MSN32.EXE	Added by the W32/Rbot-AWJ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MICROSFT RAMA UPDATE SUPPORT	X	MSED32.EXE	Added by the W32/Rbot-AWR TROJAN!Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
microsft windows updates	X	mwupdate32.exe	Added by a variant of the WIN32.TOXBOT/CODBOT WORM!
Microsof Value	X	nmatt.exe	Added by a variant of the WIN32.RBOT WORM!
Microsof Windows Host	X	svhost32.exe	Added by the RBOT.ADY WORM!
Microsof Winlog Host	X	wilogon32.exe	Added by the RBOT.XC WORM!
Microsofot x386 System Monitor	X	system32.exe	WORM_WOOTBOT.M
microsoft	X	svchost.exe	Added by the ASTEF or RESPAN VIRUSES! Note - this is not the valid svchost.exe as described here
microsoft	X	microsoft.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Microsoft	X	win32.exe	Added by the BACKDOOR.DARKMOON TROJAN!
Microsoft	X	iexplore.exe	Added by the Troj/QQRob-R TROJAN! Note: This is not the legitimate Windows process iexplore.exe. (Which is found in the Program Files\Internet Explorer folder.) This trojan file (iexplore.exe) is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft (C) HTML Application host	X	[random file name]	Added by the W32/Rbot-YB WORM!
Microsoft .NET Confingurator	X	msnconf.exe	Added by an unidentified VIRUS!
Microsoft 16Bit Update	X	wuapdate16.exe	WORM_RBOT.CZ
Microsoft 64 Bit Runtime Updater	X	wupdt64.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft ActiveX Debugger NT	X	(Path of the Trojan EXE)	Added by the Troj/Bancos-DO TROJAN!
Microsoft ADservice	X	adservice.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft ADservice	X	[random file name]	Added by a variant of the WIN32.RBOT WORM!
Microsoft Agent	X	mdss32.exe	Added by the KEYLOG-AG TROJAN!
Microsoft ALG32 Protocol	X	alg32.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Announcement Listener	N	Annclist.exe	MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Microsoft Ansti Update	X	msie.exe	Added by a W32/Rbot-LE worm infection
Microsoft AntiSpyware	X	Bazzi.exe	Added by the AHKER.J WORM!
Microsoft AOL Instant Messenger	X	MSAOL32.exe	Added by the W32/RBOT-AAI WORM!
Microsoft AOL32 Protocol	X	aol32.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Application Center	X	mappc.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Application Manager	X	msapl32.exe	Added by the TROJ/BROPIA-AE TROJAN!
Microsoft Associates, Inc.	X	iexplorer.exe	Added by a variant of the LOVGATE WORM!
Microsoft AUT Update	X	MSlti32.exe	W32/Rbot-X worm
Microsoft AUT Update	X	MSlti16.exe	Added by the RBOT.EB WORM!
Microsoft Authority Service	X	lsass.exe	Added by the W32/Kalel-D WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the System folder.
Microsoft auto update	X	winupdate.exe	Added by the BMBOT VIRUS!
Microsoft Automatic Update Serivce	X	msautou.exe	Added by the W32/Rbot-AOB WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Automatic Updater	X	Explorer.exe	Added by the W32/RBOT-SG WORM!
Microsoft AutoUpdater	X	svhost.exe	Added by a RBOT.QG worm infection
Microsoft Bool Value	X	MV2.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft boot system cfg32	X	actboost.exe	Added by the W32.Bropia.R WORM!
Microsoft Broadband Networking	U	MSBNTray.exe	Microsoft Broadband Networking Tray Application
Microsoft Cab Manager	X	exec.exe	Affilred.B adware
Microsoft checker	X	MsPMSPTv.exe	Added by a variant of the W32/SDBOT WORM! - do not confuse with the Microsoft's Digital Rights Management file described here
Microsoft Client	X	mshost.exe	Added by the W32/Rbot-AND WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Client Pc	X	spoolsrv.exe	Added by the W32/RBOT-AQM WORM!
Microsoft Client/Server Runtime Server Subsystem	X	csrs.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Microsoft Client/Server Runtime Server Subsystem	X	csrssa.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Microsoft Command Line	X	wincmd.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Compiler Pack	X	DSDEV.EXE	Added by a variant of the W32.SPYBOT WORM!
Microsoft Conf Ldr	X	sysconf.exe	Added by a variant of the SDBOT WORM!
Microsoft ConfgKeys	X	wurmgrd32.exe	Added by the W32/RBOT-ARX WORM!
Microsoft Config	X	msconf.exe	Added by the RBOT.PV WORM!
Microsoft Config	X	MSCONF.EXE	Added by the RBOT-LG WORM!
Microsoft Config 32bit	X	mscnfg32.exe	Added by the W32/RBOT-Z WORM!
Microsoft Config File	X	config.exe	Added by the Win32.KillFiles.gr TROJAN! - This is malware that will attempt to delete all system dlls!
Microsoft Configuration Utility	X	msconf.exe	Added by the W32/RBOT-AFX WORM!
Microsoft Connection Manager Monitor	X	cmmon.pif	Added by the W32/Rbot-AKV WORM!
Microsoft Control Center	X	crtl.exe	Added by the W32/RBOT-VX WORM!
Microsoft Core Support	X	MSxUP32.exe	Added by the W32/Rbot-ANR WORM!
Microsoft Corp Updates	X	"wupdates.exe"	Added by W32/Rbot-AUU WORM!
Microsoft Corporation	X	(random filename)	Added by various VIRUSES such as VISAGES, BABYBEAR and TOFACED
Microsoft Corporation	X	jview.exe	Added by the W32/Rbot-AOD WORM! Note: This is not the legitimate Visual J viewer. This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft CronD Service	X	MSCRON.EXE	Unidentified AIM-based worm/trojan
Microsoft Crs Fix Serv	X	wincrs.exe	Added by the SDBOT.BWF WORM!
Microsoft CSRSS32 Protocol	X	csrss32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Microsoft CSRSS386 Protocol	X	csrss386.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Cvrt	X	mscvrt32.exe	Added by a unidentified VIRUS!. Named almost, but not exactly like the legitimate msvcrt or msvcrt20.dll
Microsoft Data Helper	X	cihost.exe	Malware, possibly a Linst trojan variant
Microsoft Data Machine	X	csdata32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Database Handler	X	mssql32.exe	Added by the RANDEX.AX VIRUS!
Microsoft Datalog Application	X	msdata.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft DDE Control	X	wupades.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft DDEs Control	X	Erun.pif	Added by the W32/Rbot-AMU WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Debug Service	X	dbgbgr.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Decryption Technology	X	Msfenoe.exe	Added by the W32/SPYBOT-DG WORM!
Microsoft Desktop Manager	X	msdesk32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Dev	X	iexplorer32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Microsoft Development Debugger	X	msdev.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Device Manager	X	msdevmgr32.exe	Added by the LATEDA.B TROJAN!
Microsoft Diagnostic	X	.exe	Added by the ACEBOT VIRUS! The <filename>.exe will be random and must be deleted after the virus has been removed. Not to be confused with the DOS based MSD.EXE
Microsoft Diagnostic	X	msdiag32.exe	Added by the W32/RBOT-UC WORM!
Microsoft Digital Clock	X	msclock.exe	Added by a W32/Nackbot-D worm infection
Microsoft DirectX	X	Spoolserv.exe	Added by the DINFOR VIRUS!
Microsoft DirectX	X	rasmngr.exe	Win32.Rbot worm variant
Microsoft DirectX	X	PDSched.exe	Added by the SDBOT.CN WORM!
Microsoft DirectX	X	wuamgrd.exe	Added by the SDBOT.MY WORM!
Microsoft DirectX	X	time123.exe	Added by the SDBOT.MD WORM!
Microsoft DLL	X	fumeta.exe	Added by W32/Rbot-AUG WORM!
Microsoft DLL Extensions	X	SystemDll.exe	Added by the W32/Rbot-ADV or W32/Rbot-AJR WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Dll Management	X	windll.exe	Added by the W32/RBOT-MT WORM!
Microsoft Dll Printer Manager	X	dllpt.exe	Added by the SDBOT.BIH WORM!
Microsoft DLL Verifier	X	file.exe	Added by the W32/Rbot-AED Worm!
Microsoft DLL Verifier	X	chkfile.exe	Added by the W32/Rbot-APP WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft DLL Verifier	X	csrssv.exe	Added by W32/Rbot-ATK WORM!
Microsoft DLLSet32	X	dllset32.exe	Added by the RBOT.OZ WORM!
Microsoft DNS Query	X	msdns.exe	Added by a variant of the W32/WOOTBOT WORM!
Microsoft Document	X	krisp.exe	Added by the W32/SDBOT-RQ WORM!
Microsoft Driver	X	faet.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Driver Manager	X	mswindrv.exe	Added by the W32/FORBOT-EZ WORM!
Microsoft driver update	X	Mshome.exe	Added by the SDBOT.BL WORM!
Microsoft Drivers	X	WSconf.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft ErgoPack	X	wserb32.exe	Added by the W32/RBOT-RI WORM!
Microsoft EV32 Service	X	MSev32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Excel	X	msexcel.exe	Added by the W32/RBOT-TQ WORM!
Microsoft Excell	X	wuamngr32.exe	Added by the W32/RBOT-QH WORM!
Microsoft Executing	X	microsoft.exe	Added by the AGOBOT.UV WORM!
Microsoft Explorer	X	svapache.exe	Added by the W32/RBOT-VR WORM!
Microsoft Explorer	X	explorer.scr	Added by the W32/Rbot-ADH Worm!
Microsoft Explorer	X	explorer.pif	Added by the W32/Sdbot-ACX WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Explorer2	X	bitchbot.exe	Added by the SDBOT.EV WORM!
Microsoft Explorer2	X	nome.exe	Added by the RANDEX.AA WORM!
Microsoft Explorer2	X	system.exe	Added by the BKDR_IRCBOT.BS TROJAN!
Microsoft EXPLOREXP Protocol	X	explorexp.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Features	X	ms32cfg.exe	WORM_RBOT.HO
Microsoft Features	X	msie.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft File Demand Manager	X	wmgrdf.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Find Fast	X	Findfast.exe	Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier
Microsoft Firewall	X	firewallsp2.exe	Added by a W32/Rbot-MC worm infection
MICROSOFT FIREWALL CLIENT	Y	ISATRAY.EXE	MS Internet Security and Acceleration Server - see here
Microsoft Games	X	gamemanager.exe	Added by the SPYBOT.AHQ WORM!
Microsoft Generic Update Manager	X	wupdate.exe	Added by the W32/Rbot-AWC TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Gina V Encryption	X	MSGINAV.EXE	Unidentified worm or trojan
Microsoft Greetings Reminder	N	MHPRMINF.EXE	You really want to be reminded about somebody's birthday at the expense of resources?
Microsoft Greetings Reminders	U	MHPRMIND.EXE	Microsoft Home Publishing greetings reminder
Microsoft Greetings Workshop Reminder	N	Gwremind.exe	You really want to be reminded about somebody's birthday at the expense of resources?
Microsoft Help	X	svh0st.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Help SVC	X	msnmngr.exe	Added by a W32/Sdbot-PQ worm infection
Microsoft Help System	X	mshelp32.exe	Added by a CoolWebSearch parasite variant
Microsoft Host Protocol	X	svhost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Host Service	X	mswinexect.exe	Added by the RBOT.ZU WORM!
Microsoft Hosting Service	X	WINHOSTING.EXE	Added by the RBOT.AEV WORM!
Microsoft Hosts Service	X	Isass.exe	Added by a variant of the WIN32.RBOT WORM!
microsoft hotmail monitor	U	mshotmon.exe	Added by the MYTOB.LY WORM!
Microsoft IDCN	X	mshe1p.exe	Added by an unidentified TROJAN!
Microsoft IE	X	Iexplore.exe	Added by a W32/Forbot-AG worm infection
Microsoft IE Execute shell	X	IEExec.exe	Added by the ALADINZ.N VIRUS!
MicroSoft IE Sasser	X	ISASS.EXE	Added by the SDBOT.MX WORM!
Microsoft IIS	X	syshost.exe	Added by the FRANCETTE VIRUS!
Microsoft IIS	X	(filename)	Added by the W32/Francette-S Worm!
Microsoft Inc.	X	iexplorer.exe	Added by a variant of the LOVGATE WORM!
Microsoft Incroporate	X	mfs.exe	Added by the W32/RBOT-ANF WORM!
Microsoft Inet Xp..	X	teekids.exe	Added by the BLASTER.C VIRUS!
Microsoft Instant Messenger	X	msngmsngr32.exe	Added by the Win32.Spyboter.gen TROJAN!
Microsoft Int Service	X	MsIntSrv.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Intellitype Pro	U	speedkey.exe	Additional keyboard shortcuts on MS programmable keyboard
Microsoft Internal AntiVirus Systems	X	dIlhost.exe	Added by the W32/Rbot-AEV Worm!
Microsoft Internet	X	expl0rer.exe	W32.SpyBot worm variant
Microsoft Internet	X	windows32.exe	Added by a W32/SdBot-F worm infection
Microsoft Internet	X	msnm.exe	W32/Sdbot worm variant
Microsoft Internet	X	wincfg16.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Internet Acceleration Utility	X	iau.exe	EasySearch adware
Microsoft Internet Acceleration Utility	X	[path to file]	Added by the TROJ/AGENT-CX TROJAN!
Microsoft Internet Acceleration Utility	X	(Path to EXE)	Added by the Troj/SmutSrch-A Trojan!
Microsoft Internet Exp	X	iiexplorer.exe	Added by a W32/Rbot-KX worm infection
Microsoft Internet Explorer	X	svchosts.exe	Added by a Bancban-U trojan infection
Microsoft Internet Explorer	X	msngrt.exe	Added by a W32/SdBot-GU worm infection
Microsoft Internet Explorer	X	iexplorer.exe	Added by the W32/SDBOT-XN WORM!
Microsoft Internet Explorer	X	iexplore.exe	Added by the W32/POEBOT-J or W32/Mytob-CW or W32/Poebot-P WORM! - NOTE - This file is installed in the Windows\System32 or Winnt\System32 folders and is NOT to be confused with the Internet Explorer executable, which will always be located in the Internet Explorer folder in Program Files!
Microsoft Internet Explorer	X	smiissm.exe	Added by the TROJ/DLOADER-JQ TROJAN!
Microsoft Internet Explorer	X	movies.exe	Added by the Troj/Bancos-DZ TROJAN!
Microsoft Internet Explorer	X	svzhost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Internet Explorer	X	crsys32.exe	Added by the RBOT.UZ WORM!
Microsoft Internet Explorer	X	mccagent.exe	Added by the TROJ/DLOADER-UD TROJAN!
Microsoft Internet Explorer	X	sysini.exe	Added by the Troj/Delf-LN TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
Microsoft Internet Firewall Manager	X	GMT16.exe	Added by the RANDEX.AT VIRUS!
Microsoft Internet Services	X	Smss32.exe	WORM_RBOT.MS
Microsoft Internet, varying file names	X	dmsvc32.exe	Added by a W32/Sdbot-AZ worm infection
Microsoft Intrenet Explorer	X	Soundsyst.exe	Added by the W32/RBOT-AQU WORM!
Microsoft Intrenet Explorer	X	goaw.pif	Added by the W32/Rbot-API WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Intrenet Explorer	X	cnsg.pif	Added by the W32/RBOT-ARO WORM!
Microsoft Intrenet Explorer	X	wcumrg.exe	Added by the W32/Sdbot-AFD WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft IPC	X	system.exe	Added by the NULLBOT VIRUS!
Microsoft IPC	X	svshost.exe	Added by an unidentified VIRUS!
Microsoft IT Update	X	winn43.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft IT Update	X	IEserv.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft IT Update	X	msupdate.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft IT Update	X	random files names	Added by a variant of the Win32.Rbot WORM!
Microsoft IT Update	X	svchsst.exe	Added by the W32/RBOT-DH WORM!
Microsoft IT Update	X	win43.exe	Added by the SPYBOT.BI WORM!
Microsoft IT Update	X	winsyst32.exe	Added by the W32/RBOT-FC WORM!
Microsoft Java Virtual Machine	X	winscr32.exe	Added by a variant of the W32/WOOTBOT WORM!
Microsoft Java Virtual Machine	X	MsConfiG.exe	Added by the W32/FORBOT-DV WORM!
Microsoft Java Virtual Machine	X	msvmjava.exe	Added by the RBOT.ER WORM!
Microsoft Java Virtual Machine	X	javavm.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Java Virtual Machine	X	msjvm.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Java Windows Update	X	(random filenames)	Added by the W32/RBOT-DZ WORM!
Microsoft JavaVM	X	msjarun.exe	W32/Rbot-JW worm
Microsoft Kernel	X	Windows_kernel32.exe	Added by the W32.NETSKY.AE WORM!
Microsoft LAN32 Protocol	X	lanXp.exe	Added by the W32/RBOT-SS WORM!
Microsoft Legacy Device	X	trass.exe	Added by the W32/Rbot-AIX WORM!
Microsoft Lmhosting Service	X	lmhosts.exe	Added by the W32/RBOT-RC WORM!
Microsoft Locals 332	X	sywrscds.exe, random file names	Added by a W32/Rbot-KU worm infection
Microsoft Login	X	winlogin.exe	Added by the W32/Rbot-AJP WORM!
Microsoft LSA layer	X	MSLSA32.exe	Added by the W32/Rbot-AKZ WORM!
Microsoft LSASS386 Protocol	X	scvhost32.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft LV	X	[path to file]	Added by the TROJ/BDOOR-BDL TROJAN!
Microsoft Machine	X	winjava.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Microsoft Macro Protection SubSsy	X	msacroprots386.exe	Added by a W32/Rbot-KE worm infection
Microsoft Macro Protection Subsystems	X	msmacroprotxz.exe	W32.SpyBot worm variant
Microsoft Macro Protection Subsystems	X	Msmacroprot32.exe	Added by the RBOT.KN WORM!
Microsoft Management	X	lmas.exe	Added by the W32/FORBOT-CZ WORM!
Microsoft Management Console	X	lssas.exe	EasySearch adware
Microsoft Management Console	X	(Path to EXE)	Added by the Troj/SmutSrch-A Trojan!
Microsoft Manager	X	msmanager.exe	Added by the MYTOB.LF WORM!
Microsoft Map PC	X	mappc.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Mapped PC	X	mappedpc.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft media	X	winmplayers.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Media player 9	X	msmedia32.exe	Added by the W32/RBOT-ADO WORM!
Microsoft media services	X	Iassd.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Microsoft media services	X	winmplayer.exe	Added by a RBOT.ZO worm infection
Microsoft MediaScope	X	winmes.exe	Added by the W32/RBOT-XU WORM!
Microsoft Message Machine	X	msmesg32.exe	Added by the SPYBOT.BI WORM!
Microsoft Messenger Management Controls	X	msmgmctl.exe	Added by the W32/Rbot-APA WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Messenger Service	X	msmsg32.exe	Added by the RBOT.BOK WORM!
Microsoft Messenger XP	X	MSMSN32.exe	Added by the W32/RBOT-ZP WORM!
Microsoft MicroP Protocol	X	wdgmr32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Ming Service	X	ming.exe	Added by the W32/Rbot-AWS WORM!
Microsoft Movie Maker	X	Mmaker.exe	Added by the IRCBOT.C VIRUS! Note that this is not a valid Microsoft program
Microsoft MSGPLUS32 Protocol	X	msgplus32.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft MSNGR32 Protocol	X	msngr32.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft msnseru	X	msnseru.exe	Added by the W32/Rbot-APB WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft MsnST	X	msnst32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft MSUPDATE	X	SpoolSvc.exe	Added by the SXTB-A VIRUS!
Microsoft Neser Experience	X	nese.exe	Added by the W32/RBOT-YH WORM!
Microsoft NetMeeting Associates, Inc.	X	NetMeeting.exe	Added by a variant of the LOVGATE WORM!
Microsoft Netview	X	gesfm32.exe	Added by the RANDEX.C VIRUS!
Microsoft Netview	X	mssvc32.exe	Added by an unidentified VIRUS!
Microsoft Netview Component v5.1	X	msnv32.exe	Added by the RANDEX.F VIRUS!
Microsoft Network	X	msnet.exe	Added by the MOCKBOT.A VIRUS!
Microsoft Network	X	Networksystem.exe	Added by the W32/SDBOT-AAI WORM!
Microsoft Network Daemon for Win32	X	Netd32.exe	Added by the SDBOT.R WORM!
Microsoft Network Host	X	svc0host.exe	Added by W32/Sdbot-AEN WORM!
Microsoft Network Services Controller	X	mmsvc32.exe	Added by the W32/NANPY-A WORM!
Microsoft Networking Agent For SP2	X	msnac32.exe	Added by the W32.SPYBOT.PEN WORM!
Microsoft NotePad	X	notepad.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft NT Update	X	winexec32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Office	X	MSMSGR.exe	Added by the GAOBOT.BB WORM!
Microsoft Office	N	Msoffice.exe	Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it, but a better way is to create Desktop Shortcuts if you want access these programs quickly.
Microsoft Office	X	lserv.exe	Added by the W32/Rbot-ATM WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Office	X	Microsoft Office.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Microsoft Office	X	msoicons.exe	Added by the W32/RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here . The latter wil not be listed among your startups!
Microsoft Office	X	svxhost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Office	X	nxcxtpr.exe	Added by the W32/RBOT-YG WORM!
Microsoft Office	X	Nxcao.exe	Added by the W32/RBOT-ZE WORM!
Microsoft Office	X	msoffice32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Office Fast Cache	N	Fastboot.exe	Part of MS Office 95 (v7.0). According to this;en-us;Q132755 it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled
Microsoft Office OneNote 2003 Quick Launch	U	ONENOTEM.EXE	ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work.
Microsoft Office or Microsoft Office Startup	N	Osa.exe, Osa9.exe	Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.
Microsoft Office Shortcut Bar	N	Msoffice.exe	Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it, but a better way is to create Desktop Shortcuts if you want access these programs quickly.
Microsoft Office Start	X	winupdates.exe	Added by the GAOBOT.BC WORM!
Microsoft Office Studio	X	scvhvst.exe	Added by the W32.Randex.CST WORM!
Microsoft OfficeXP	X	officeXP.exe	Added by the KILLAV.MA WORM!
Microsoft Opeions	X	IEXwe.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Outlook Express Protocol	X	svchst.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft PC Health Remote Assistance File Open & Save controls	X	sfrcdlg32.exe	Added by the W32/Rbot-AVY WORM!
Microsoft PCHealth32	X	[path to file]	Added by the TROJ/NICE-A TROJAN!
Microsoft PCHealth32	X	NDDENB.exe	Added by the Troj/PWSYahoo-A TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
Microsoft PCI Manager	X	mspci.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Personal Firewalls	X	bakw.exe	Added by a W32/Rbot-KS worm infection
Microsoft Proc Driver32	X	msprc.exe	Added by a variant of the W32/WOOTBOT WORM!
Microsoft Procedure Call	X	MSPCALL.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft PSTCP32 Data	X	pstcp32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft QMGR	X	msnqmgr.exe	Added by the TROJ/IRCBOT-S TROJAN!
Microsoft RDLL	X	sysconf32.exe	Added by a variant of the SDBOT WORM!
Microsoft Redirect	X	[path to file]	Added by the BANKER-FW TROJAN!
Microsoft Redirect	X	systen.exe	Added by the Troj/Bancos-FO TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Microsoft Registro	X	svchostt.exe	Added by the TROJ/BANCOS-DH TROJAN!
Microsoft Registry	X	csrse.exe	Added by the W32/RBOT-PC WORM!
MicroSoft Remote Secure Service	X	MSRSS.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Restore	X	scrgrd.exe	Added by the SPYBOT.BR WORM!
Microsoft Rundll	X	windos.exe	Added by the W32/SDBOT-WF WORM!
Microsoft Runtime	X	CfgDll32.exe	Added by the RANDEX.BD VIRUS!
Microsoft Scanreg	X	microsoftscanreg.exe	Added by the FRANRIV.A VIRUS!
Microsoft SCVHOST32 Protocol	X	scvhost32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft sddcE Contol	X	taskmnegr.exe	Added by W32/Rbot-AUM WORM!
Microsoft sdDDE Control	X	taskmnegr.exe	Added by the W32/Rbot-AVU WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft sdk temp	X	sdktemp.exe	Added by the W32/Rbot-ANP WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft SDKP3	X	mswinsdq.exe	Added by the W32/RBOT-ARY WORM!
Microsoft Secure Messenger.NET Service	X	securitychk.exe	WORM_SDBOT.VT
Microsoft Security	X	winService.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Security Center	X	savservices.exe	Added by the W32/RBOT-ANU WORM!
Microsoft Security Controlers	X	fxsecues.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Security GManagers	X	[random file name]	Added by a variant of the W32/SDBOT WORM!
Microsoft Security Hot Fix Update	X	mshotfix.exe	Affilred adware
Microsoft Security Management	X	winserv.exe	Added by the W32/Rbot-MJ WORM!
Microsoft Security Management	X	msisrv32.exe	Added by a W32/Rbot-ML worm infection
Microsoft Security Management	X	winnt.exe	Added by the W32/RBOT-MQ WORM!
Microsoft Security Management	X	winamp.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Security Management	X	wuauct1.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Security Manager	X	winamp.exe	Added by the RBOT.TU WORM! NOTE - this is NOT the Winamp Media Player executable (WinAmpa.exe)
Microsoft Security Panager	X	[name of file]	Added by the W32/RBOT-ANL WORM!
Microsoft Security Panagers	X	[random file name]	Added by the W32/RBOT-AIG WORM!
Microsoft Security Panagers	X	zzoboony.exe	Added by the W32/Rbot-AOI WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Server Applacations	X	msnmsg.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Server Applacations	X	wuauct1.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Server Applacations	X	lsasss.exe	Added by the W32/RBOT-AQQ WORM!
Microsoft Server Application	X	Sound.exe	Added by the W32/RBOT-NE WORM!
microsoft server base	X	lass.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Service	X	microhost.exe	Added by a W32/Rbot-LC worm infection
Microsoft Service	X	winsvc.exe	Added by a W32/Spybot-DB worm infection
Microsoft Service	X	rundll.exe	Added by the W32/Popo-A WORM! Note: This worm file is found in the Windows or Winnt folder.
Microsoft Service Controller	X	services.exe	Added by the W32/Kalel-D WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the System folder.
Microsoft Service Drivers	X	VSADNIM.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Service Drivers	X	System.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Service Host Process	X	svchost.exe	Added by the KRYNOS.B WORM! - Note - this is NOT the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
Microsoft Service Pack	X	WindowsSP.exe	Added by the W32/RBOT-RF WORM!
Microsoft Service Pack2.1	X	svchost2.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Services	X	lsrv.exe	W32/Rbot-BK worm
Microsoft Services	X	lssrv.exe	WORM_RBOT.CW
Microsoft Services	X	services.exe	Added by the ALETS VIRUS! Note - this is not the valid Windows Service Controller (services.exe) process
Microsoft Services	X	svshost.exe	Added by the BACKDOOR.ALETS.B TROJAN!
Microsoft Services	X	bsc32.exe	Added by the BDOOR-AW TROJAN!
Microsoft Services	X	svssshost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Services	X	Smss32.exe	Added by the W32/RBOT-AD WORM!
Microsoft Services Unitd	X	MSU32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Servicez Manager	X	servicemgrz.exe	Added by the W32/Rbot-ASN WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Session Manager Subsystem	X	smss.exe	Added by the W32/Kalel-D WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the System folder.
Microsoft Sidewinder Game Controller Software	N	SWTRAY.EXE	MS SideWinder game controller system tray icon. Available via Start -> Programs
Microsoft Sinsup	X	odjiwjf.exe	Added by the W32/RBOT-DN WORM!
Microsoft Software	X	sysinfo33.exe	Added by a RBOT.LS worm infection
Microsoft software	X	cdaccess.exe	Added by the RBOT.ABK WORM!
microsoft software	X	****.exe	Added by an unidentified WORM or TROJAN! (where * stands for a random character)
Microsoft Software Update	X	nmon.exe	Added by a RBOT.HZ worm infection
Microsoft Sound Driver	X	sound32.exe	W32.SpyBot worm variant
Microsoft Sound Technology	X	winsound.exe	Added by the W32/Rbot-AGG WORM!
Microsoft Sound Volume Tool	N	mssvol.exe	This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
Microsoft SourceSafe	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
Microsoft SpA Service	X	msapps.exe	Added by the W32/RBOT-VI WORM!
Microsoft SpA Service	X	win32.exe	Added by the RBOT.ATS WORM!
Microsoft SpA Service	X	Winupd32.exe	Added by the RBOT.LT WORM!
Microsoft Special offer	X	infoebay.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Spool Server for Win32	X	spoolsrv.exe	Added by the RANDEX.H VIRUS!
Microsoft SSISVRI32 Protocol	X	ssisvri.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Standard Executions Library	X	win32lib.exe	Added by W32/Rbot-AUK WORM!
Microsoft standard protector	X	winsocks5.exe	Added by a variant of the TROJ/STOX-B TROJAN!
Microsoft standard protector	X	(Path to trojan)	Added by the Troj/Stox-C TROJAN!
Microsoft Sum32	X	sum32.exe	Added by the W32/RBOT-YW TROJAN!
Microsoft Sum32	X	sum32.exe	Added by the W32/RBOT-YW WORM!
Microsoft Support	X	sys32ms.exe	Added by the W32/RBOT-AHI WORM!
Microsoft Synchronization Manager	X	bot.exe	Added by a SDBOT.IH worm infection
Microsoft Synchronization Manager	X	asgard.exe	Added by a SDBOT.PH worm infection
Microsoft Synchronization Manager	X	xXx.exe	Added by a W32/Sdbot-KZ worm infection
Microsoft Synchronization Manager	X	WinLoginnn.exe	Added by a SPYBOT.FO worm infection
Microsoft Synchronization Manager	X	netscape.exe	Added by a RANDEX.AE worm infection
Microsoft Synchronization Manager	X	winupdate.exe	Added by a SDBOT.ER worm infection
Microsoft Synchronization Manager	X	svhost.exe	Added by a W32/Sdbot-PY And W32/Sdbot-YR WORMS!
Microsoft Synchronization Manager	X	slhost.exe	Added by a SDBOT.YH worm infection
Microsoft Synchronization Manager	X	al.exe	Added by the OPTXPRO.132 TROJAN!
Microsoft Synchronization Manager	X	___synmgr.exe	Added by the W32.MASLAN.C WORM!
Microsoft Synchronization Manager	X	win.exe	Added by the SDBOT.AK WORM!
Microsoft Synchronization Manager	X	svchosts.exe	Added by the W32/SDBOT-LM WORM!
Microsoft Synchronization Manager	X	java.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Synchronization Manager	X	winlogon32.exe	Added by the SDBOT.AEU WORM!
Microsoft Synchronization Manager	X	wincfg32.exe	Added by the SDBOT.DO WORM!
Microsoft Synchronization Manager	X	svxhost.exe	Added by the W32/Sdbot-ZU WORM!
Microsoft Synchronization Manager	X	screen.exe	Added by the W32/SDBOT-ACO WORM!
Microsoft Synchronization Manager	X	devldr32.exe	Added by a variant of the WIN32.RBOT WORM! - Note - do NOT confuse with the legitimate Creative Labs devldr32.exe file
Microsoft Synchronization Manager	X	explorer.exe	Added by the W32/Sdbot-AEA WORM! Note: This is not the legitimate Windows process explorer.exe (Which is always found in the Windows or Winnt folder.) This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Synchronization Manager	X	firewire.exe	Added by the W32/Sdbot-AFC WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft System	X	msupdtm.exe	Added by the W32.Spybot.PKC Worm!
Microsoft System Backup	X	(RANDOM NAME).exe	Added by the W32/Rbot-AGM WORM!
Microsoft System Checkup	X	Cool.exe	Added by the W32.HLLW.Donk.B WORM!
Microsoft System Checkup	X	Wnetlib.exe	Added by the W32.HLLW.Donk.C WORM!
Microsoft System Checkup	X	dbnetlib.exe	Added by the W32.HLLW.Donk.L WORM!
Microsoft System Checkup	X	Keymgr.exe	Added by the W32.HLLW.Donk.M WORM!
Microsoft System Checkup	X	inetman.exe	Added by the W32.HLLW.Donk.O WORM!
Microsoft System Checkup	X	ntsysmgr.exe	Added by the W32.Donk.S WORM!
Microsoft System Checkup	X	ntsysman.exe	Added by the W32/SDBOT-QW WORM!
Microsoft System Checkup	X	libsysmgr.exe	Added by the W32/SDBOT-CAF WORM!
Microsoft System Checkup	X	sysmgr.exe	Added by the SDBOT-OO TROJAN!
Microsoft System Checkup	X	netapi32.exe	Added by the W32/DONK-E WORM!
Microsoft System Checkup	X	wnetmgr.exe	Added by the W32.DONK.Q WORM!
Microsoft System Checkup	X	libsys32.exe	Added by the W32/SDBOT-ACK WORM!
Microsoft System Debug	X	services32.exe	Added by the RBOT.AKH WORM!
Microsoft System DLL Services Configuration	X	windir32.exe	Added by the following WORMS! W32/Sdbot-ACY - W32/Sdbot-AEK - W32/Sdbot-AEL - W32/Sdbot-AEW - W32/Opanki-L Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder
Microsoft System NT	X	svhost.exe	Added by the IRC/SDBOT.COU WORM!
Microsoft System Restore Configuration	X	CBRSS.EXE	Added by a variant of the SPYBOT VIRUS!
Microsoft System Services	X	msnmgsr.exe	Added by the W32.KELVIR.K WORM!
Microsoft System Services	X	msmsgr.exe	Added by the W32/RBOT-ZH WORM!
Microsoft System Update	X	sysupdate.exe	Added by the SDBOT.DG WORM!
Microsoft Taskmanager Updater	X	keyboard.exe	Added by the W32/RBOT-ALU WORM!
Microsoft Telecom Center	X	tellecom.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Telecoma Center	X	tellcoma.exe	Added by the W32/Rbot-AWX WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Time Manager	X	dveldr.exe	W32/Rbot-HQ worm
MicroSoft Toolbar	X	key.exe	Added by the W32/Rbot-AEW Worm!
Microsoft Transfer File Server	X	mtfs.exe	Added by the RBOT.AFE WORM!
Microsoft Tray	X	(random filename)	Added by the DELF.BZ VIRUS!
Microsoft U	X	wuamkopxp.exe	Added by the W32/RBOT-AHC WORM!
Microsoft UMA Update	X	MSuma32.exe	Added by the RBOT.FS WORM!
MICROSOFT UNPACCKER SYSTEM	X	unpak32.exe	Added by a variant of the WIN32.RBOT WORM!
MICROSOFT UNPACK SYSTEM	X	winrarx.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Updat3	X	mswkst32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	msiwin84.exe	Added by the GAOBOT.AFJ WORM!
Microsoft Update	X	mssmgrd.exe	Added by the SDBOT.JT WORM!
Microsoft Update	X	wserv32.exe	Added by the RBOT.AF WORM!
Microsoft Update	X	muamgrd.exe	Added by a variant of the AGOBOT.GEN WORM!
Microsoft Update	X	winsys32.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update	X	navmgrd.exe	Added by the BKDR_SDBOT.DP TROJAN!
Microsoft Update	X	Microsoftx.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update	X	Smss32.exe	Added by the W32/Rbot-CB WORM!
Microsoft Update	X	wudmate.exe	Added by the RBOT.AP WORM!
Microsoft Update	X	Isac.exe	Added by the W32/Rbot-AU WORM!
Microsoft Update	X	VPC32.EXE	Added by the AGOBOT.XM WORM!
Microsoft Update	X	automgr32.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update	X	mvsc.exe	Added by a variant of the W32.Spybot.DAZ WORM!
Microsoft Update	X	ascdl.exe	Added by the W32.Gaobot.SY WORM!
Microsoft Update	X	sys32cfg.exe	Added by the RBOT.DR WORM!
Microsoft Update	X	wuammgr32.exe	Added by a variant of the W32/Rbot-AW WORM!
Microsoft Update	X	Mslti32.exe	Added by the W32/Rbot-LX WORM!
Microsoft Update	X	mediap.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update	X	msconfg.exe	Added by the Win32.Rbot.H WORM!
Microsoft Update	X	webm.exe	Added by the SDBOT.WK WORM!
Microsoft Update	X	wuamgrd32.exe	Added by the RBOT.ZB WORM!
Microsoft Update	X	Microsoft.exe	Added by the GAOBOT.AFJ WORM!
Microsoft Update	X	msawindows.exe	Added by the GAOBOT.AFJ WORM!
Microsoft Update	X	xpupdate.exe	Added by the W32/RBOT-QE WORM!
Microsoft Update	X	systemi32.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Update	X	NAV.exe	Added by the W32/RBOT-IV WORM!
Microsoft Update	X	wuagrd.exe	Added by the W32/RBOT-FK WORM!
Microsoft Update	X	wauguard.exe	Added by the RBOT.AEE WORM!
Microsoft Update	X	prowind32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Microsoft Update	X	lsac.exe	Added by the GAOBOT.XW WORM!
Microsoft Update	X	snlogsvc.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	winscv.exe	Added by the W32/RBOT-BH WORM!
Microsoft Update	X	svhost.exe	Added by the W32/RBOT-PI WORM!
Microsoft Update	X	wuampd.exe	Added by the W32/RBOT-UT WORM!
Microsoft Update	U	phqghumea.exe	Identified as unknown malware W32/Backdoor by Norman
Microsoft Update	X	wkfix.exe	Added by the W32/RBOT-ABZ WORM!
Microsoft Update	X	wuagmrd.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	wssvr.exe	Added by the W32/RBOT-OD WORM!
Microsoft Update	X	windows24.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	Botnet.exe	Added by the RBOT.AFL WORM!
Microsoft Update	X	update_w.exe	Added by the W32/RBOT-EW WORM!
Microsoft Update	X	wuamagr32.exe	Added by the SPYBOT.CG WORM!
Microsoft Update	X	wingrd32.exe	Added by the W32/RBOT-DW WORM!
Microsoft Update	X	wingrd32.exe	Added by the W32/RBOT-DW WORM!
Microsoft Update	X	aaupdt.exe	Added by the W32/RBOT-RQ WORM!
Microsoft Update	X	sghost.exe	Added by the SDBOT.AKV WORM!
Microsoft Update	X	msupdate32.exe	Added by the SPYBOT.LZ WORM!
Microsoft Update	X	WinUpdate32.exe	Added by the W32/RBOT-TI WORM!
Microsoft Update	X	winsys.exe	Added by the W32/RBOT-GV WORM!
Microsoft Update	X	wumgrd.exe	Added by the W32/SDBOT-KY WORM!
Microsoft Update	X	wuamgrd.exe	Added by the W32/RBOT-YI WORM!
Microsoft Update	X	wtm32.exe	Added by the W32/RBOT-AQ WORM!
Microsoft Update	X	mcupdate.exe	Added by a variant of the WIN32.RBOT WORM! - NOTE - this file is located in the Windows\System32 or Winnt\System32 folder, and must NOT be confused with the McAfee antivirus executable as described here
Microsoft Update	X	scvhost.exe	Added by the W32/Rbot-AEM Worm!
Microsoft Update	X	win-mang.exe	Added by the W32/Rbot-AFK Worm!
Microsoft Update	X	wuamkop.exe	Added by the W32/Rbot-AFI Worm!
Microsoft Update	X	up2dat5.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Update	X	wuamkop32.exe	Added by the RBOT.BGU WORM!
Microsoft Update	X	wuamk0032.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	wuampkd.exe	Added by the SDBOT.BBX WORM!
Microsoft Update	X	wuamk032.exe	Added by the W32/RBOT-AHD WORM!
Microsoft Update	X	Kkk.exe	Added by the W32/RBOT-AHL WORM!
Microsoft Update	X	sys.exe	Added by the W32/RBOT-AJ WORM!
Microsoft Update	X	svghost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	wuamk0p32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	winamp.exe	Added by a variant of the WIN32.RBOT WORM! NOTE - this is NOT the Winamp Media Player executable (WinAmpa.exe)
Microsoft Update	X	winupdater.exe	Added by the RBOT.BIN WORM!
Microsoft Update	X	Msnmsngr.exe	Added by the RBOT.BQS WORM!
Microsoft Update	X	Micr0s0ft.exe	Added by the AGOBOT.AAR WORM!
Microsoft Update	X	msupdate.exe	Added by the TROJ/BOROBOT-I TROJAN!
Microsoft Update	X	mixer.exe	Added by the W32/Rbot-AIR WORM!
Microsoft Update	X	devmks32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft update	X	winupdate.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	win32.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Update	X	svzhost.exe	Added by the RBOT.OX WORM!
Microsoft Update	X	wininit.exe	Added by the W32/Rbot-AKR WORM!
Microsoft Update	X	Wudates.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update	X	wuamgrd3.exe	Added by the W32/Rbot-AMC WORM!
Microsoft Update	X	ms.exe	Added by the BKDR_SDBOT.CC WORM!
Microsoft Update	X	wuagmsd.exe	Added by the W32/RBOT-AX WORM!
Microsoft Update	X	cmss.exe	Added by W32/Rbot-ATQ WORM!
Microsoft Update	X	bling.exe	Added by the W32/Rbot-AVK WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Update 23	X	NtKernelSystem.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update 23	X	spoolvs.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update 32	X	explore32.exe	Added by the W32.Spybot.CYM WORM!
Microsoft Update 32	X	MSupdate32.exe	Added by a variant of the Win32.SpyBot WORM!
Microsoft Update 32	X	wininit32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update 32	X	wininit.exe	Added by the W32/RBOT-ANY WORM!
Microsoft Update 32	X	(original filename)	Added by the W32/Rbot-AJJ WORM!
Microsoft Update 32	X	winitXP32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update 32	X	mscnfg.exe	Added by the W32/Rbot-ALM WORM!
Microsoft Update 32	X	servic.exe	Added by the W32/Rbot-AXN WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Update 32	X	wiit.exe	Added by the W32/Rbot-AMS WORM!
Microsoft Update 32	X	mssetup32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update 32	X	winnit.exe	Added by the W32/Rbot-AOM WORM!
Microsoft Update 32	X	om4r.exe	Added by the W32/RBOT-AQP WORM!
Microsoft Update 32	X	explorer.exe	Added by the W32/Rbot-ARF WORM! Note: This is not the legitimate Windows process explorer.exe (Which is always found in the Windows or Winnt folder.)The legitimate Windows process should not be seen in Msconfig or as a Startup item. This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. folder.
Microsoft Update 32	X	winin.exe	Added by the W32/RBOT-ARR WORM!
Microsoft Update 32	X	network.exe	Added by the W32/RBOT-ARZ WORM!
Microsoft Update 32	X	wuinit.exe	Added by the W32/Agobot-UE WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Update 33	X	init.exe	Added by W32/Rbot-ATT WORM!
Microsoft Update 64 BIT	X	wininit32.exe	Added by the W32/RBOT-AHE or W32/RBOT-ATO or W32/Rbot-AST WORM!
Microsoft Update 64 BIT	X	winman32.exe	Added by the W32/Rbot-AKI WORM!
Microsoft Update 64 BIT	X	schvost.exe	Added by the RBOT.CAU WORM!
Microsoft Update 64 BIT	X	winl32xe.exe	Added by the W32/RBOT-AQO WORM!
MICROSOFT UPDATE CONFIGURATION	X	WIN32SNC.exe	Added by the W32/Rbot-AI WORM!
Microsoft Update Control	X	Ms64.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Debugger	X	wincfg32.exe	Added by the SPYBOT.ZC WORM!
Microsoft Update DLL	X	rxxhost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Emulator	X	kern-mxe.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Loader	X	(random file name)	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Loaders 2005	X	winusers.exe	Added by the W32/RBOT-AIQ WORM!
Microsoft Update Loaders 2006	X	winusersystem32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Microsoft Update Machine	X	expl0rer.exe	Added by a variant of the SDBOT.OK WORM!
Microsoft Update Machine	X	wuamgrd.exe	WindUpdates SyncroAd adware
Microsoft Update Machine	X	rxhost.exe	Added by the RBOT.FC WORM!
Microsoft Update Machine	X	servicz.exe	Added by the W32/Rbot-HU WORM!
Microsoft Update Machine	X	winxpini.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Machine	X	wininigo.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Machine	X	SP2.exe	Added by the SPYBOT.FP WORM!
Microsoft Update Machine	X	xvshost.exe	Added by the RBOT.QP WORM!
Microsoft Update Machine	X	winini.exe	Added by the W32/Rbot-KV WORM!
Microsoft Update Machine	X	winmgr.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Machine	X	ntce.exe	Added by the W32/RBOT-FA WORM!
Microsoft Update Machine	X	wuawx.exe	Added by the W32/RBOT-CE WORM!
Microsoft Update Machine	X	zonealarm.exe	Added by the W32/RBOT-BZ WORM! - NOTE: this is not the valid Zone Labs firewall program!
Microsoft Update Machine	X	system03.exe	Added by the W32/RBOT-NM WORM!
Microsoft Update Machine	X	memstat.exe	Added by the W32/RBOT-OM WORM!
Microsoft Update Machine	X	winupdt.exe	Added by the W32/RBOT-FP WORM!
Microsoft Update Machine	X	systemll.exe	Added by the W32/RBOT-JT WORM!
Microsoft Update Machine	X	svshost.exe	Added by the RBOT.AK WORM!
Microsoft Update Machine	X	wupdt32x.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Update Machine	X	wuamgd.exe	Added by the SDBOT.HQ WORM!
Microsoft Update Machine	X	random file names	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Machine	X	linux.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Machine	X	windowsu.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Machine	X	lmrss.exe	Added by a variant of the Win32.Rbot WORM!
Microsoft Update Machine	X	Winregs32.exe	Added by the RBOT.DN WORM!
Microsoft Update Machine	X	Winmsixp32.exe	Added by the RBOT.DN WORM!
Microsoft Update Machine	X	wuagrd.exe	Added by the W32/RBOT-GF WORM!
Microsoft Update Machine	X	winss.exe	Added by the RBOT.JU WORM!
Microsoft Update Machine	X	MSOICONS.EXE	Added by a variant of the WIN32.RBOT WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here . The latter wil not be listed among your startups!
Microsoft Update Machine	X	wupdate32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Machine	X	servicez.exe	Added by the SPYBOT.BI WORM!
Microsoft Update Machine	X	qwerty.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Machine	X	lsasse.exe	Added by the W32/RBOT-DI WORM!
Microsoft Update Machine	X	Systemnt.exe	Added by the RBOT.DA WORM!
Microsoft Update Machine	X	systemse.exe	Added by the W32/RBOT-BD WORM!
Microsoft Update Machine	X	taskmngrs.exe	Added by the W32/RBOT-CR WORM!
Microsoft Update Machine	X	spoolserv.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Machine	X	windowsup.exe	Added by the W32/RBOT-FV WORM!
Microsoft Update Machine	X	wuamgard.exe	Added by the SPYBOT.CS WORM!
Microsoft Update Machine	X	crss32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Machine	X	rxxhost.exe	Added by the RBOT.EP WORM!
Microsoft Update Machine	X	winnie.exe	Added by the W32/RBOT-ACD WORM!
Microsoft Update Machine	X	scvhost.exe	Added by the W32/RBOT-GS WORM!
Microsoft Update Machine	X	system.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Machine	X	wins32.exe	Added by the RBOT.EZ WORM!
Microsoft Update Machine	X	winortho.exe	Added by the W32/RBOT-NW WORM!
Microsoft Update Machine	X	TMEMSER.EXE	Added by the W32/RBOT-NQ WORM!
Microsoft Update Machine	X	Win32.exe	Added by the SDBOT.UV WORM!
Microsoft Update Machine	X	TASKMAN4.EXE	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Machine	X	wftestb.exe	Added by the W32/Rbot-AFZ Worm!
Microsoft Update Machine	X	windns.exe	Added by the RBOT.EF WORM!
Microsoft Update Machine	X	serviz.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Manager	X	svshost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Manager	X	WINRLS.EXE	Added by the RBOT-AF WORM!
Microsoft Update Manager	X	scvhost.exe	Added by the AGOBOT.AXJ WORM!
Microsoft Update Mechene	X	Updatez.exe	Added by the W32/RBOT-GI WORM!
Microsoft Update Process	X	wmipcvse.exe	Added by the TROJ/AGOBOT-JF TROJAN!
Microsoft Update Security Patch	X	mssecurityupdatepatch.exe	Added by the Win32.Agent.ef backdoor TROJAN!
Microsoft Update Server	X	mssrv.exe	Worm or trojan, as yet unidentified
Microsoft Update Service	X	csrss32.exe	Added by the W32/Agobot-HC WORM!
Microsoft Update Service	X	mswin32.exe	Added by a variant of the Win32.Spybot WORM!
Microsoft update service	X	systemm.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Update SERVICE	X	phqghum.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Service	X	msupdate.pif	Added by the W32/Rbot-AQB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Update Services	X	wsnfty.exe	Added by the W32/RBOT-AFU WORM!
Microsoft Update Services	X	wcsnfty.exe	Added by the W32/RBOT-AGK WORM!
Microsoft Update Time	X	wuam.exe	Added by the W32/Rbot-M WORM!
Microsoft Update USB2	X	wuammgrd32.exe	Added by the W32/Rbot-ADT Worm!
Microsoft Update v2.6	X	lxxex.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Update Win32a	X	winupdate32a.exe	Added by the W32/Rbot-LO WORM!
Microsoft Update Win32x	X	winupdate32x.exe	Added by the W32/Rbot-AJN WORM!
Microsoft Updater	X	wuamgrds.exe	Added by the BKDR_RBOT.A!
Microsoft Updater	X	Winsys32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Updater Resources	X	WinFixd32.exe	Added by the SPYBOT.CA WORM!
Microsoft UPDATER32	X	lsass.exe	Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup
Microsoft Updaters	X	tskmgr.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Updaters	X	sysconfigs.exe	Added by the W32/RBOT-DF TROJAN!
Microsoft Updaters Pros	X	WINDLL32XP.EXE	Added by the SPYBOTTER.GEN VIRUS!
Microsoft Updates	X	wuamgrd.exe	Added by the W32/RBOT-CO WORM!
Microsoft Updates	X	wkssvrs.exe	Added by the W32/RBOT-EB WORM!
Microsoft Updates	X	wkssvr.exe	Added by the RBOT.R WORM!
Microsoft Updates	X	systemc32.exe	Added by the W32/RBOT-GR WORM!
Microsoft Updates	X	wtemp32.exe	Added by the W32/Rbot-AHQ WORM!
Microsoft Updates 2 USB	X	wgafixer.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Updates 5 USB	X	sp3fixer.exe	Added by the W32/Rbot-ADS Worm!
Microsoft Updates Resources	X	WinFixIDs.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Updating	X	wuamguards.exe	Added by the W32/RBOT-BY WORM!
Microsoft Updating	X	syswr.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Updating	X	navguard.exe	Added by the RBOT.HW WORM!
Microsoft Updating Client	X	websvc.exe	Added by the RBOT.AQ WORM!
Microsoft Updating Machine	X	sysc0de.exe	Added by the RBOT.RB WORM!
Microsoft Updatting	X	miroupdate.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Updote	X	(Random File name)	Added by the W32/Rbot-ARC WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft UpMachine	X	doezs.exe	Added by the RBOT.BCT WORM!
Microsoft upnp Update	X	msie.exe	Added by a W32/Rbot-LQ worm infection
Microsoft uptime Service	X	sysuptime.exe	Added by the W32/RBOT-ACG WORM!
Microsoft uptime Service	X	sycuptime.exe	Added by the W32/RBOT-AHY WORM!
Microsoft UpToDate Driver (32-bits)	X	[random file name].exe	Added by the W32.SPYBOT.LXJ WORM!
Microsoft USB2 Driver	X	crmss.exe	Added by the W32/RBOT-VK WORM!
Microsoft Utility Startup	X	OSA9.exe	Resource hog that launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it but it isn't required anyway. Different filenames used for different variants
Microsoft Vertupdate	X	MSvert32.exe	Added by the W32/MYTOB-CY WORM!
Microsoft Video Capture Controls	X	MSsrvs32.exe	Added by the W32/SDBOT-AAK WORM!
Microsoft Video Controls	X	tskmsgr.exe	W32.SpyBot worm variant
Microsoft Viral Scanning Protection	X	msviral.exe	Added by the W32/Sdbot-CLH WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Virual Machine	X	sms.exe	Added by the W32/RBOT-SP WORM!
Microsoft Visual SourceSafe	X	services.exe	Added by the W32.Neveg.B worm. Note - this is NOT the legitimate services.exe system file, which should NOT figure in Msconfig/Startup
Microsoft Visual SourceSafe	X	winlogon.exe	Added by the W32.Neveg.B worm
Microsoft Visual Studio	X	plscdksxg.exe	Added by the W32/Rbot-AWV WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Visual Studio VSA	X	varpc32.exe	W32.SpyBot worm variant
Microsoft Web Device	X	wdevice.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Webserver	U	svctrl.exe	Personal web server program which enables you to create and host a web server from your computer. Not required for most people
MicroSoft Wind0ws Updater	X	winsupdater.exe	Added by a variant of the WIN32.RBOT WORM!
MicroSoft Window Updater	X	winsupdater.exe	Added by the W32/RBOT-ZZ WORM!
Microsoft Windows	X	mstask0.exe	Added by the SDBOT.FQ WORM!
Microsoft Windows	X	atup	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows	X	Microsoft Windows.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
Microsoft Windows	X	explorar.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows	X	(Path of Executable)	Added by the Troj/Bdoor-LI TROJAN!
Microsoft Windows	X	windets.com	Added by the Troj/Flood-EQ TROJAN!
Microsoft Windows 128bit Subsystem	X	system12.exe	Added by the Troj/Ranck-CZ TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Windows 16Bit	X	mswinn16.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Windows 2000	X	Winupdsdgm.exe	Added by the GAOBOT.AO WORM!
Microsoft Windows 32Bit	X	mswinn32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows 64 Bit	X	mswin32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Control	X	mswctl32.exe	Added by the RBOT.JP WORM!
Microsoft Windows CSRSS	X	csrss.exe	Added by the W32/KALEL-A WORM! - NOTE - this file should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Microsoft Windows DHCP	X	___r.exe	Added by the W32.Maslan.A or W32.Maslan.C WORMS!
Microsoft Windows DLL 32-BIT	X	msncheck32.exe	Added by the W32/SDBOT-XX WORM!
Microsoft Windows DLL Services	X	mwindll.exe	Added by the W32/SDBOT-VX WORM!
Microsoft Windows DLL Services Configuration	X	regscv.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Windows DLL Services Configuration	X	winDSL.exe	Added by the W32/Sdbot-ZG Worm!
Microsoft Windows DLL Services Configuration	X	proxy.exe	Added by the W32/Sdbot-ZL Worm!
Microsoft Windows DLL Services Configuration	X	newdll.exe	Added by the W32/Sdbot-ZR WORM!
Microsoft Windows DLL Services Configuration	X	newdll2.exe	Added by the W32/SDBOT-ABD WORM!
Microsoft Windows DLL Services Configuration	X	windll32.exe	Added by the SDBOT.BHD WORM!
Microsoft Windows DLL Services Configuration	X	poker.exe	Added by the W32/SDBOT-ZY WORM!
Microsoft Windows DLL Services Configuration	X	windir32a.exe	Added by a variant of the SDBOT.BHF WORM!
Microsoft Windows DLL Services Configuration	X	poker3.exe	Added by the W32/SDBOT-AAH WORM!
Microsoft Windows DLL Services Configuration	X	dllmanager32.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Windows DLL Services Configuration	X	windir32.exe	Added by the RBOT.BRQ WORM!
Microsoft Windows DLLHandler	X	bitpaint.exe	Added by the SDBOT.AHG WORM!
Microsoft Windows Explorer	X	iexplorer.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Files Loader	X	cgy32win.exe	Added by the W32/Rbot-AXR WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Windows Game Updater	X	msgame32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows GUI	X	Windowz.exe	Added by the RANDEX.AEV VIRUS!
Microsoft Windows GUI	X	msmonk32.exe	Added by the W32/SDBOT-PE WORM!
Microsoft Windows Kernel Services	X	winkrnl386.exe	Added by the ZEBROXY VIRUS!
Microsoft Windows Loader	X	wloader.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Microsoft Windows Media Player	X	wimp.exe	Added by the W32/RBOT-FN WORM!
Microsoft Windows Media Player	X	mediaplayer.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Registry Service	X	wregistry.exe	Added by the AGOBOT.AKG WORM!
Microsoft Windows Registry Updater	X	wreg.exe	Added by the W32/FORBOT-DN WORM!
Microsoft Windows Secure Server	X	rpcxWindows.exe	Added by a W32/Rbot-LL worm infection
Microsoft Windows Secure Update	X	rpcxwinupdt.exe	Added by an unidentified WORM or TROJAN!
Microsoft Windows Securety	X	wurguar.exe	Added by the W32/RBOT-KY WORM!
Microsoft Windows Security	X	spvsper.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Windows Security	X	wscndrives.exe	Added by the W32/Rbot-AJK WORM!
Microsoft Windows Service	X	winsys.exe	Added by the W32/Rbot-ADP Worm!
Microsoft Windows Service Pack	X	winspkn.exe	Added by the W32/Rbot-AYD WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Windows Services Controller	X	wservices.exe	Added by the WIN32.RBOT.FD WORM!
Microsoft Windows Storage Machine Service	X	winms.exe	Added by the W32/RBOT-AHK WORM!
Microsoft Windows System	X	syshost.exe	Added by the W32/Rbot-ASW WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Windows System	X	srwhost.exe	Added by a variant of the W32/Rbot-ASW worm! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Windows System Service Manager	X	winsvc.exe	Added by the SPYBOT.LR WORM!
Microsoft Windows Task Manger	X	Mstosk.exe	Added by a W32/Sdbot-WW worm infection
Microsoft Windows Updata	X	scvhost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Update	X	rundlls.exe	Added by the HABRACK VIRUS!
Microsoft Windows Update	X	spools.exe	WORM_SDBOT.TD
Microsoft Windows Update	X	msoffice2.exe	Added by a W32/Rbot-GB worm infection
Microsoft Windows Update	X	svchos.exe	Added by a Backdoor.Sdbot.AC worm infection.
Microsoft Windows Update	X	svcshost.exe	Added by the W32/FORBOT-CF WORM!
Microsoft Windows Update	X	svshost.exe	Added by the WOOTBOT.CJ WORM!
Microsoft Windows Update	X	svmhost.exe	Added by the W32/FORBOT-CH WORM!
Microsoft Windows Update	X	scvvhost.exe	Added by the W32/Forbot-FH WORM!
Microsoft Windows Update	X	swwhost.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Update	X	MSNMSGR.EXE	Added by the W32/SDBOT-WM WORM!
Microsoft Windows Update	X	svzhost.exe	Added by the W32/FORBOT-EV WORM!
Microsoft Windows Update	X	scrhost.exe	Added by the W32/Rbot-AOW WORM! Note: This (scrhost.exe) is not the legitimate Windows Process. (Notice the difference in the spelling.) The legitimate Windows Process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Windows Update	X	sccvhost.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Windows Update	X	mnswinsx.exe	Added by the W32/Rbot-AWH WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Windows Update Application	X	wuap.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Update Logon	X	win-logon.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Update Service	X	wupdmgr32.exe	Added by the DOS.AUTOCAT VIRUS!
Microsoft Windows Update XP64	X	*******.exe ( = random char)	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Updater	X	winupdgm.exe	Add by the GAOBOT.BI WORM!
Microsoft Windows Updater	X	svchostz.exe	Added by the DAEMONI-E VIRUS!
Microsoft Windows Updater	X	WINIUPDATES.EXE	Added by a W32/Rbot-KK worm infection
Microsoft Windows Updater	X	WINUPDATE.EXE	Added by the W32/SDBOT-PU WORM!
Microsoft Windows Updater	X	win32upd.exe	Added by the W32/RBOT-EC WORM!
Microsoft Windows Updater	X	TMNTSrv.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft Windows Updater	X	windates.exe	Added by the SDBOT.TE WORM!
Microsoft Windows Updater	X	msnupdateit.exe	Added by the W32/AGOBOT-RL WORM!
Microsoft Windows Updater	X	spoolvs.exe	Added by the RBOT.ACQ WORM!
Microsoft Windows Updater	X	suvhost.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft Windows updaterD	X	log32zx.exe	Added by the W32.Mydoom.W WORM!
Microsoft Windows Updates	X	explorer32.exe	Added by the SDBOT.VQ WORM!
Microsoft Windows W32 Services	X	mssw32.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Windows WinSaSS Management	X	winsass.exe	Added by the W32/Rbot-APW or W32/Rbot-AUO WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Windows WKS Service	X	gt.exe	Added by the SDBOT.FV WORM!
Microsoft Windows Workstation	X	devcode.exe	Added by the W32/Rbot-AWL WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft Windows XP Configuration Loader	X	m32svco.exe	Added by the W32/SDBOT.WORM.48548
Microsoft WINGS32 Protocol	X	WinSGR32.exe	Added by the W32/Rbot-APU WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Microsoft WinRaR	X	winrar.exe	Added by the W32/Rbot-AEC Worm!
Microsoft Winsock	X	mswinsck.exe	Added by the W32/RBOT-ANK WORM!
Microsoft Winsock Service	X	msusvc.exe	Added by the W32/Rbot-ANS WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoft Winsock Wrapper	X	ws2_32s.exe	Added by a variant of the W32.SPYBOT WORM!
Microsoft Winsocks 32 Controller	X	MSWSCK32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft WinSound	X	[random file name]	Added by a variant of the WIN32.RBOT WORM!
Microsoft WinUpdate	X	syslx32.exe	Unidentified worm or trojan
Microsoft WinUpdate	X	syswin32.exe	Added by the W32/Rbot-HO WORM!
Microsoft WinUpdate	X	svh0st.exe	Added by a SPYBOT.DL worm infection
Microsoft WinUpdate	X	Winamp61.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft WinUpdate	X	spfix.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft WinUpdate	X	mntcgf032.exe	Added by the W32/RBOT-PF WORM!
Microsoft WinUpdate	X	Winupd32.exe	Added by the RBOT.MQ WORM!
Microsoft WinUpdate	X	WinNTinit32.exe	Added by the RBOT.VS WORM!
Microsoft WinUpdates	X	serm32.exe	Added by the RBOT.GE worm
Microsoft WM	X	mswm32.exe	Added by the TROJ/BCKDR-AM TROJAN!
Microsoft Word	X	BootSector.exe	Added by a variant of the AGOBOT alias GAOBOT WORM!
Microsoft Word Profissional	X	csrss.exe	Added by the Troj/Bancban-DB or Troj/Bancos-DP TROJAN! (Note:) May also be found in the \protect\ or \JavaVM\ folder.
Microsoft Word Profissional	X	Java Plug In close.exe	Added by the Troj/Banker-EL TROJAN!
Microsoft Works Calendar Reminders	N	wkcalrem.exe	Produces a pop-up reminder of events scheduled using the MS Works Calendar
Microsoft Works Portfolio	N	WksSb.exe	The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program.Can be prevented from starting from a setting within Portfolio
Microsoft Works Update Detection	N	wkdetect.exe, WkUFind.exe	Checks for updates to MS Works
Microsoft World Service	X	winworld.exe	Added by an unidentified IRC worm with backdoor capability!
Microsoft Wxdate	X	Syswu32.exe	Added by the SPYBOT.HZ WORM!
Microsoft X Update	X	wuamkoppnp.exe	Added by the W32/RBOT-ANI WORM!
microsoft xdaemon 2.0	X	xdaemon.exe	Added by the DELF.D VIRUS!
Microsoft XML Service	X	msxmlx.exe	WORM_RBOT.KS
Microsoft Xp Systems loader	X	winsystem32xp.exe	Added by the W32.KELVIR.W WORM!
Microsoft Xp Systems loaders	X	win32xpsys.exe	Added by the W32.SPYBOT.NYT WORM!
Microsoft XPSP Protocol	X	xp386.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoft xpsp2	X	xpsp2.exe	Added by the W32/Sdbot-YQ Worm!
Microsoft xpsp2	X	Networksystem.exe	Added by a variant of the W32/SDBOT WORM!
Microsoft's System Module	X	Sysmodule.exe	Added by the TROJ/BDOOR-FJ TROJAN!
Microsoft--Updates	X	sxvhost.exe	Added by a W32/Rbot-FH worm infection
Microsoft-software	X	***.exe (where = random char)	Added by a variant of the WIN32.RBOT WORM!
Microsoft-Update	X	wngard.exe	Added by a W32/Rbot-JV worm infection
Microsoft-Updates	X	svxhost.exe	Added by the W32/Rbot-CT WORM!
Microsoft32.exe	X	Microsoft32.exe	Unidentified worm or trojan
microsoft420	X	microsoft420.exe	Added by the MENACE.B (or W32.SOFUNNY) VIRUS!
Microsoftf DDEs ContDLL	X	rune.pif	Added by the W32/Rbot-AGF WORM!
Microsoftf DDEs ContrDL	X	runm.pif	Added by the W32/Rbot-AFQ Worm!
Microsoftf DDEs Control	X	lxes.exe	Added by the RBOT.BOF WORM!
Microsoftf DDEs Control	X	wees.exe	Added by a variant of the the RBOT.BOF WORM!
Microsoftf DDEs Control	X	FEnR.exe	Added by the W32/RBOT-AIM WORM!
Microsoftf DDEs Control	X	soff.pif	Added by the W32/Rbot-AKH WORM!
Microsoftf DDEs Control	X	Erun.pif	Added by a variant of the WIN32.RBOT WORM!
Microsoftf DDEs Control	X	why-.exe	Added by the W32/Rbot-AMV WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoftf DDEs Control	X	msnn.exe	Added by the W32/Rbot-AXT WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Microsoftkeysd	X	systemproc.exe	Added by the W32/FORBOT-BI WORM!
Microsoftkeysd	X	systemwin32s.exe	Added by the WOOTBOT.CO WORM!
Microsoftkeysd	X	systemwin32.exe	Added by a variant of the WIN32.RBOT WORM!
Microsoftkeysds	X	lass32.exe	Added by a variant of the WIN32.RBOT WORM!
MicrosoftKs	X	Drivers.bat	Added by the Troj/Shutdown-F TROJAN!
microsoftm eegs cuntrol	X	loor.pif	Added by a variant of the WIN32.RBOT WORM!
Microsoftmsn32.exe	X	microsoftmsn32.exe	Added by the TROJ/CERTIF-C TROJAN!
MicrosoftMultimediaTask	X	Mmtask.exe	Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
MicrosoftNetwork Daemon for Win32	X	NETD32.EXE	Added by the RANDEX.F VIRUS!
MicrosoftOEM	X	smvss.exe	Added by the TROJ/DEDLER-G TROJAN!
Microsofts media	X	winmplayd.exe	Added by an undidentified WORM or TROJAN!
Microsofts media	X	wingtp.exe	Added by the W32/RBOT-VO WORM!
Microsofts MediaScope	X	winmep.exe	Added by the W32/Rbot-WB WORM!
Microsofts MediaScope	X	winmedplay.exe	Added by a variant of the WIN32.RBOT WORM!
Microsofts Security Manager	X	**.exe [** = random char]	Added by the RBOT-WH TROJAN!
Microsofts Service	X	lcsrv16.exe	Added by a variant of the WIN32.RBOT WORM!
Microsofts Updates	X	lsasss.exe	Added by the W32/Rbot-AEX Worm!
Microsofts Updatez	X	cmsssr.exe	Unidentified worm or trojan
Microsofts Updatez	X	exploirez.exe	Added by a variant of the WIN32.RBOT WORM!
MicrosoftServiceManager	X	mstask32.exe	Added by the YAHA.P VIRUS!
MicrosoftServiceManager	X	Wintsk32.exe	Added by the YAHA.U VIRUS!
MicrosoftServiceManager	X	EXPLORERE.EXE	Added by the YAHA.AB VIRUS!
MicrosoftServiceManager	X	msupdat.exe	Added by the YAHA.AA VIRUS!
MicrosoftSourceSafe	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
MicrosoftSys	X	SPOOLSYS.exe	Added by the PWSteal.Tarno.N TROJAN!
MicrosoftUpdate	X	syshelper.exe	Added by the WOOTBOT.AC WORM!
MicrosoftUpdate	X	WinUp32.exe	unidentified worm
MicrosoftUpdates	X	syshelped.exe	Added by a W32/Forbot-AZ worm infection
MicrosoftUpdates	X	(Original Trojan filename)	Added by the Troj/Delf-LO TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MicrosoftValue	X	syscnfg.exe	Added as the result of an unidentified VIRUS!. "syscnfg.exe" is found in the C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Microsoftvirus	X	sysoverload.exe	Added by the W32/FORBOT-AL WORM!
MicrosoftWindows	X		MagicSearch - a CoolWebSearch parasite variant,
Microsoftz turn Control	X	read.pif	Added by the W32/Rbot-AFS Worm!
Microsoftz turn Control	X	aexl.exe	Added by the SDBOT.BCO WORM!
Microsoft� PID Lex	X	PIDLex.exe	Added by the NIOVADOOR VIRUS!
Microsoft� ActiveX Debugger NT	X	setdebugnt.exe	Added by the Troj/Bancos-CZ Trojan!
Microsoft� System Mapper	X	SysMap.exe	Added by the MAPSY VIRUS!
Microsong	X	svchosts11.exe	Added by the W32/SDBOT-EV WORM!
Microszoft Update Mach1nezs	X	svchst.exe	Added by the W32/RBOT-ED WORM!
Microzoft_Ofiz	X	KdzEregli.exe	Added by the AMUS.A VIRUS!
Micrsoft CFG 32	X	lrbzus32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Micrsoft Driver	X	windrive.exe	Added by the BACKDOOR.SDBOT.AF WORM!
Micrsoft Driver	X	msdriver.exe	Added by the W32/SDBOT-XD WORM!
Micrsoft Internet Explorer	X	IEXPL0RE.EXE	Added by the W32/RBOT-AQV WORM!
Micsorosft Security Center	X	wcnsfty.exe	Added by the W32/RBOT-AHU WORM!
MightyFAX Controller	N	MFNTCTL.EXE	Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software"
MigrationVend or SetupCaller	?	rundll32.exe migrate.dll, CallVendorSetupDlls	??
MimBoot	N	mimboot.exe	Starts Musicmatch_Jukebox at bootup - can be started manually.
Mincer	X	Mincer.exe	Added by the WM97/Minceme-A Worm!
MINIBUG	X	MINIBUG.EXE	Displays ads inside Weatherbug - see here
MINIFERT.EXE	N	MINIFERT.EXE	Part of Backweb
minilog	U	MINILOG.EXE	If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use
MiniMavis	N	MiniMavis.exe	Mavis Beacon typing tutor
minimo	X	[path to file]	Added by the TROJ/MOSUCK-X TROJAN!
MiniNote	N	MININOTE.EXE	Mini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes Software
Miniphone	?	glophone.exe	VoiceGlo Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - is it required in startup?
miniport	X	usb2chk.exe	Added by the Troj/Lazar-A TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MiniPortRt	X	miniport_mp.exe	Malware - see here
MiniServer.exe	X	MiniServer.exe	Added by the Troj/LittleW-E TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
MinMaxExtender	U	Mmext.exe	MinMaxExtender - window handling tool
Miosf Update	X	wimsqaad.exe	Added by the BACKDOOR.SDBOT.AG WORM!
Mirabilis ICQ	N	NDetect.exe, icq.exe, ICQNet.exe	If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
Miramar Systems, Inc.	U	atmsg.exe	Miramar PC/Mac networking software
Miranda IM	N	miranda32.exe	Miranda Instant Messaging client
Mirate Sp 2 Information	X	miratesp2.exe	Added by the RBOT.QH WORM!
Mircosoft DNS Service	X	svchost.exe	Added by Troj/IRCBot-AK TROJAN!
Mircosoft Sockets SP2	X	mssck.exe	Added by the MYTOB.ET WORM!
Mircosoft Update	X	wuampkd.exe	Added by a variant of the W32/SDBOT WORM!
Mircrosoft Svchost32	X	svchost32.exe	Added by the W32/RBOT-AZW WORM!
Mircrosoft Windows Config DLL	X	rundllc32b.exe	Added by the W32/RBOT-ZY WORM!
miroVIDEO Tray Tool	N	misitray.exe	Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions
MirrorFolderShell	U	mrfshl.exe	MirrorFolder backup software
Mirsoft sdcE	X	taskmegr.exe	Added by the W32/Rbot-AWY WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
misiCTRL	?	misiCTRL.exe	Miro video driver related. Is it required?
misiTRAY	?	misiTRAY.exe	Miro video driver related. Is it required?
Mismo	X	win32x.exe	Added by the W32/RBOT-JP WORM!
Mixer	N	Mixer.exe	C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
Mixghost	N	mixghost.exe	Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu
ml00!.exe	X	ml00!.exe	Malware, detected by Panda antivirus as Trj/Downloader.BWD
ML1HelperStartUp	U	ML1HEL~1.EXE	Midnight_Lake Screen saver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...
ML1HelperStartUp	U	ML1Helper.exe	Midnight_Lake Screen saver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...
mload	X	lxmstart.exe	Added by an unidentified VIRUS!
MM Install	?	setup.exe	Possibly Money Manager from Moneysoft?
MMB2	X	explorer.exe	Added by an unidentified WORM or TROJAN - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in the C:\Windows\System folder (Win 98/ME) or in the C:\Winnt\System32 or C:\Windows\System32 subfolder (Windows 2000 and Win XP)
MMC	X	inisys.exe	Added by the W32/Oscabot-I Worm!
mmcndmgr	X	mmcndmgr.exe	unidentified worm or trojan
MMCWINMGMT	N	winmgmt.exe	Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
MMERefresh	?	MMERefresh.exe	Related to Digidesgin Protools. What does it do and is it required?
Mmessenger	X	messenger.exe	Added by the AGOBOT.GM WORM!
Mmgsvc	X	mmgsvc.exe	Spyware.Mmgsvc
MMhid	U	mmhid.dll	This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP
MMHK	?	mmhk.exe	A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?
MMHotKey	N	MMHotKey.exe	Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
MMKeybd	U	MMKeybd.exe	Multimedia keyboard manager. Required if you use the additional keys
mmod	X	mmod.exe	eZula TopText adware
mmpti	N	m1mmpti.exe	Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards
MMRun	?	mmrun.exe	??
mmsys	?	recover.exe	?
MMSystem	X	"%\Windows%\rundll32.exe "%System%\mmsystem.dll"", RunDll32"	Added by a FUNNER.A worm infection
MMSystem	X	RunDll32	Added by the W32/FUNNER-A WORM!
MMTASK	Y	mmtask.tsk	A check on the file\'s properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc
mmtask	N	mmtask.exe	Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator
MMtask Service	X	mmtask.exe	Added by the BACKGAT.A VIRUS! Not the valid MusicMatch Jukebox which has the same filename
MMTray	N	mm_tray.exe	MusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator
MMTray	N	MMTray.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used
MMTray2K	N	MMTray2K.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used
MMTrayLSI	N	MMTrayLSI.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used
mmusrstp	?	procrun.exe	??
mmxp2passion.exe	X	mmxp2passion.exe	MediaMotor/Popuppers adware component
mmxrun	X	msosa.exe	Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and RegCompres (REGCPM32.EXE), otherwise they return
mmxrun	X	mswinindex.exe	Added by TwoSeven SPYWARE!
mnklins	X	mnklins.exe	Transponder parasite related
mnpol	X	mnpol.exe	Added by the DOWNLOADER.DLUCA.B TROJAN!
MNS	U	MNS.exe	Mobile_Net_Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more.
mnsvc	X	mnsvc.exe	Added by the AUTOUPDER VIRUS!
mnsvcsp	X	mnsvcsp.exe	VIRUS!
mobsync	N	mobsync.exe	MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages
MOBSYNC32.EXE	X	mobsync32.exe	Added by the FINERO VIRUS!
MOD	N	muamgr.exe	MicroAngelo On Display from Impact Software lets you customize Windows icons. With a few exceptions, you can customize icons by right-clicking on them
Modem	X	locatesvc.exe	Added by a variant of the W32.SPYBOT WORM!
Modem Driverz Updates	X	mdmdrv.exe	Added by a variant of the W32/SDBOT WORM!
MODEMBTR	U	MODEMBTR.EXE	Modem Booster from inKline Global to improve ISP connections
Modeminf	X	Modeminf.exe	Added by a CRYPTER.C trojan variant infection
ModemOnHold	U	MOH.EXE	NetWaiting Modem-on-Hold Application
ModemUtility	N	mdmsetpe.exe	System Tray configuration icon for Aztech modems
ModularConfig	X	syscnfg.exe	Added as the result of an unidentified VIRUS!. "syscnfg.exe" is found in the C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Module Call initialize	X	RUNDLL32.EXE reg.dll, ondll_reg	Added by a variant of the LOVGATE WORM!
Modulo 00FE0F01 Host Internet	X	syschost.exe	Added by the TROJ/DELF-KW TROJAN!
MOJNPluginSrIvcs	X	neomonap23.exe	Added by a variant of the W32/SDBOT WORM!
Money Express	N	moneyexpress.exe	Part of MS Money. Available via Start -> Programs
MoneyAgent	N	money express.exe	Part of MS Money. Available via Start -> Programs
MoneyAgent	N	mnyexpr.exe	Microsoft Money
MoneyStartUp	N	Money Startup.exe	Microsoft Money
MoneyStartUp10.0	N	Activation.exe	Part of MS Money 2002. Available via Start -> Programs
monitor	X	monitor.exe	Browser hijacker, redirecting to NCM Search
Monitor Apache Servers	U	ApacheMonitor.exe	Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs
Monitoring Service	X	svchost.exe	Added by the CONE.C VIRUS! This is not the valid svchost.exe as described here. Located in a Windows\Tasks directory, and not in Windows\System32
Monitormgt	X	Monitormgt.exe	Added by the GEMA TROJAN!
MonitorSD	X	SDMonitor.exe	Max Secure Spyware Detector, bogus "Spyware remover" - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"
Monitor_Helper	U	monitor.exe	MyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself!
MONPluginSrIvcs	X	n3monap23.exe	Added by a variant of the WIN32.RBOT WORM!
Monstersoundtray	N	Freectrl.exe	Diamond Multimedia sound card control panel
MonTest	X	vccxzq.exe	Added by the W32/SDBOT-EA WORM!
MoodBook	U	mb.exe	MoodBook is a free Windows utility that brings art to your desktop
MoodLogic Updater	N	Updater.exe	Related to MoodLogic MP3 mix maker
MoodLogicTV	N	mtv.exe	Related to MoodLogic MP3 mix maker
moon phase	N	moon.exe	Moon Phase - tray icon that indicates the phases of the moon
Morpheus	N	morpheus.exe	MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"
morphstb	X	morphstb.exe	Adware downloader - detected by Kaspersky antivirus as Trojan-Downloader.Win32.Stubby.c
mosearch	X	mosearch.exe	Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here
Motherboard Config	X	Ati2xxx.exe	Added by the W32/RBOT-AIK WORM!
MotherBoard Sounds	X	Sounds.exe	Added by the W32/RBOT-AAP WORM!
Motive SmartBridge	N	mpbtn.exe	System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Motive SmartBridge	N	MotiveSB.exe	System tray icon for the Virtual Assistant from AT&T_Broadband , used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Motive SmartBridge	N	BTHelpNotifier.exe	System tray icon for the Virtual Assistant from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
MotiveMonitor	U	motmon.exe	Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used�the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it\'s not required
MotiveSB	N	MotiveSB.exe	The same as Motive SmartBridge below
MotMon	U	motmon.exe	Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used�the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it\'s not required
motoin	X	mm15201518.Stub.exe	Delfin_Promulgate adware variant
Mount Safe & Sound	U	Fbmount.exe	From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
mouse	X	mouse.exe	Added by the W32/Rbot-AHJ WORM!
Mouse 32A	N	Mouse32A.exe	Mouse driver to control mouse functions from Azona. Available via Start -> Programs
Mouse Suite 98 Daemon	N	pelmiced.exe	Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
Mouse Suite 98 Daemon	N	ICO.EXE	Found on a Sony Vaio laptop and seems to be related to Mouse Suite 98 Daemon according to the properties. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
mousebut	X	mousebut.exe	Added by a CRYPTER.A trojan infection
Mousecntl	X	mousecntl.exe	Added by a Crypter.C trojan variant infection
MouseCount	N	MC.exe	MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required
mousedrv	X	mousedrv.exe	Added by a CRYPTER.A trojan infection
MouseDrv	X	update.exe	Added by the ZOTOB.N WORM!
MouseDrv	X	(Path to the worm file)	Added by the W32/Zoload-B WORM!
mouseElf	U	MC.exe	System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features
mouseElf	U	gnetmous.exe	Genius_NetScroll mouse driver - required if you use non-standard Windows driver features
mouseElf	U	mouseElf.exe	System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features
MouseImp	U	MImpHost.exe	MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"
Mousinfo	U	mousinfo.exe	MS mouse information tool - for troubleshooting mouse problems
MoveSearch	X	Search.exe	PigSearch adware
Movielink Manager Uninstall	N	msvcmm32.exe	Auto-update for Movielink - internet movie rental System Tray access
MovieNetworks	X	MovieNetworks.exe	MovieNetworks will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:\Program Files\MovieNetworks directory
Movieplace	X	Movieplace.exe	MoviePlace malware
Mozila Firefox	X	firebox.exe	Added by the W32/RBOT-AIP WORM!
Mozilla Firefox	X	F1REF0X.EXE	Added by a variant of the W32/SDBOT WORM!
Mozilla Quick Launch	N	Netscp6.exeMozilla.exe	Netscape 6 and Mozilla browsers
MP Tcloaxs	X	mptcloaxs.exe	Added by the RANDEX.CT VIRUS!
Mp3 Loader	X	Sysdata.EXE /S	Added by the W32/Avette-A VIRUS!
MP3download	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
MPEO	U	Csinsm32.exe	Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
MPFExe	Y	mpf.exe	McAfee Personal Firewall
MPFExe	Y	MpfTray.exe	McAfee Personal Firewall
MPFExe	X	mcagent.exe	Added by the TROJ/ANTIMCA-A TROJAN! - do NOT confuse with the McAfee VirusScan executable as described here
MPL32 driver	X	MPL32.exe	Added by a Loony-M trojan infection
MplSetup	U	MplSetup.exe	Used by Ricoh network printers to enable network printing from the client
MPM Manager	X	MPM.exe	Added by the DONBOMB.A TROJAN!
MPower	U	MPower.exe	MPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". Some users swear by programs such as this but I suggest you read this article and make up your own mind
MPR MSG	X	mprmsg32.exe	Added by the W32.MYTOB.CF WORM!
MPREXE	X	MPREXE.EXE	Added by the OPASERV.T VIRUS! Note - this is not the legitimate Mprexe.exe system file
MPREXE.exe	Y	mprexe.exe	WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here and here. Note - why some people have it listed in start-up programs I don\'t know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus
MprHTML	X	MprHTML.exe	Added by a variant of the VAGRNOCKER VIRUS!
mprocessor	X	mprocessor.exe	InstallDollars.com foistware
MPSExe	U	mscifapp.exe	McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"
MpsOnn	Y	MpsOnn.exe	Canon printer driver
MPT	?	MPT.exe	??
MPtask Services	X	mptask.exe	Added by the LALA or DOWNLOADER-BN.B or AOT VIRUSES!
MPTBox	N	MPTBOX.EXE	Cannon Multi-Pass toolbox - a button bar
mptsgsvc.exe	X	mptsgsvc.exe	Hacker_Tool - detected by TDS-3 antitrojan as "HackTool.Win32.Hidd.j"
MPXTray	N	mpxptray.exe	Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc
MP_STATUS_MONITOR	U	monitr32.exe	Cannon Multi-Pass status monitor - your choice.
mqbkup	X	mqbkup.exe	Added by the OPASERV.K VIRUS!
mrtMngr	N	mrtMngr.exe	Maintenance Release Task Manager for Intuit�s QuickBooks or Quicken
MRU-Blaster Scheduler	U	scheduler.exe	MRU-Blaster scheduler - detects and cleans MRU (most recently used) lists on your computer
MRU-Blaster Silent Clean	N	mrublaster.exe	MRU-Blaster - performs silent cleaning of MRU lists at boot
MRUBlaster	U	indexcleaner.exe	MRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder
MS Auto-IPSec Protection	X	MSASP32.exe	Added by the W32/Rbot-AER Worm!
MS Autoloader 32	X	MSAuto32.exe	Added by the SPYBOT.BD WORM!
Ms Builders	X	Wupated.exe	Added by the W32/AGOBOT-SS WORM!
MS Config Loader	X	svchos1.exe	Added by the AGOBOT.R WORM!
MS Config Loader	X	MSWin32bck.exe	Added by the GAOBOT.AA WORM!
MS Config Loader	X	svcrhost.exe	Added by a variant of the WIN32.RBOT WORM!
MS Config Service	X	Msloader32.exe	Added by the W32/Rbot-KJ WORM!
MS Config v13	X	lrbz32.exe	Added by the W32.GAOBOT.AOL WORM!
MS Configuration	X	MSFramer.exe	Added by the RANDEX.OL VIRUS!
Ms Configuration	X	microsoftsa32.exe	Added by the W32.KELVIR.X WORM!
MS DATABASE	X	MSDATA32.EXE	Added by a variant of the W32/SDBOT WORM!
MS Decryption Software	X	active.exe	MediaTickets adware variant
MS DVD DirectX Dll Drivers	X	mdxdl.exe	Added by the W32/SDBOT-XI WORM!
MS DVD DirectX Sound Drivers	X	msdrvdx.exe	Added by the W32/SDBOT-XJ WORM!
MS Explorer	X	mexplore.exe	Added by the YAHA.AE VIRUS!
MS FIREWALL	X	msfrewall.exe	Added by the W32/SDBOT-PU WORM!
MS FIREWALL	X	msfirewall.exe	Added by the W32/SDBOT-QH WORM!
MS HTML	X	msHtml.exe	Added by the PESTDOOR.31 VIRUS!
MS HTML	X	mslat.exe	Added by the LATINUS.SVR VIRUS!
MS HTML Location Class	X	MSHTML32.exe	Added by the W32/RBOT-YD WORM!
MS Internet Executor 32	X	MSIXEC32.exe	Added by the W32/Rbot-AEQ Worm!
MS lsass Startup	X	lsass135.exe	Added by the RBOT.WM WORM!
MS lsass6 Startup	X	lsass1356.exe	Added by a variant of the W32/SDBOT WORM!
MS management console	?	mms.exe	Suspicious as the Microsoft Management Console is "mmc.exe" and doesn\'t normally run at startup
MS Microsoft Socket Deamon	X	MSSCKD32.exe	Added by a variant of the WIN32.RBOT WORM!
MS MSN Menssenger 7.0	X	MSMSN7.exe	Added by the W32/RBOT-ACA WORM!
MS MSN Menssenger 7.0	X	MSEXPORT.exe	Added by a variant of the W32/SDBOT WORM!
MS Network Control	X	mswin.exe	Added by the DUMBA VIRUS!
ms ownage	X	winPE.exe	Added by the W32/Rbot-AJL WORM!
MS PLUS INC	X	wpad.exe	Added by the W32/MYTOB-AN WORM!
Ms Processe Manager	X	msproc.exe	Added by the RBOT.ATO WORM!
MS Real Player	X	RealPlyr.exe	Added by the RBOT.MR WORM!
MS Registry Service	X	MSRMS32.exe	Added by the W32/Rbot-AKP WORM!
MS Remote Procedure Call	X	msrpc32.exe	Added by the W32/RBOT-QL WORM!
MS Screen Saver	X	scrsave.scr	Added by the W32/Rbot-AGT WORM!
MS Security	X	systm.pif	Added by the W32/Rbot-AQN WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MS Security Authority Service	X	lsass.exe	Added by the W32/Kalel-B WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
MS Security Hotfix	X	service5.exe	Added by the GAOBOT.AG WORM!
MS service	X	msservice.exe	Added by the W32/RBOT-ZG WORM!
MS Sound Config 16bit	X	sndcfg16.exe	SdBot.MB backdoor trojan
Ms Sound Drivers	X	msdrv.exe	Added by the W32/SDBOT-WR WORM!
Ms Spool32	X	MS SPOOL32.EXE	Added by the ASASSIN VIRUS!
MS SyS Restore	X	sysrestore.exe	Added by the RBOT.XM WORM!
MS Sys Security	X	mswin.pif	Added by the W32/Rbot-APJ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MS System Security	X	mswin32.pif	Added by the W32/Rbot-AOX WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Ms task manager	X	tskmgr.exe	Added by the SDBOT.CCD WORM!
MS taskbar	X	nts.exe	Added by the W32/RBOT-AGB WORM!
MS taskbar	X	crssr.exe	Added by the W32/Rbot-AGO WORM!
MS taskbar	X	taskbars.exe	Added by the RBOT.BRW WORM!
MS Taskbars	X	taskbars.exe	Added by the W32/Sdbot-ACV WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
MS taskmanager	X	tskmgr.exe	Added by the W32/Rbot-AKA WORM!
MS UniX	X	navupdate64.exe	Added by a variant of the WIN32.RBOT WORM!
MS Unix Binary	X	win32ttb.exe	Added by the SPYBOT.OQ WORM!
MS Unix Binary	X	msnupdate.exe	Added by the W32/RBOT-AAM WORM!
MS Unix Binary	X	outlookexpressupdate.exe	Added by the W32/RBOT-YU WORM!
MS Unix Binary	X	msmq2inst.exe	Added by the W32/RBOT-YF WORM!
MS Unix Binary	X	Win32Update.exe	Added by the W32/RBOT-BAS WORM!
MS Unix Binary	X	Norton2005Update.exe	Added by a variant of the WIN32.RBOT WORM!
MS Unix Binary	X	trmupdate.exe	Added by the W32/RBOT-ACC WORM!
MS Unix Binary	X	WinGuard.exe	Added by the W32/RBOT-ACL WORM!
MS Unix Binary	X	msnq3insller.exe	Added by a variant of the WIN32.RBOT WORM!
MS Update	X	syshost.exe	Added by a W32/Evaman-F worm infection
MS Updates	X	mscache.exe	Spyware web downloader
MS Updates	X	syshosts.exe	Added by the W32.Mydoom.Y WORM!
MS Updates	X	aupd.exe	Spyware web downloader
MS Updating Utility	X	msupdater.exe	Added by the W32/RBOT-XR WORM!
MS USB 2.0 Windows Support	X	msusb32.exe	Added by a variant of the WIN32.RBOT WORM!
Ms Valud Loader	X	Svhots.exe	Added by the W32/AGOBOT-SP WORM!
ms window update	X	*****.exe ( = random character)	Added by a variant of the WIN32.RBOT WORM!
MS Windows AOL Driver	X	MSAOLdrv.exe	Added by the W32/Rbot-ASP WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MS windows Data list process	X	MSDATLST.exe	Added by an unidentified WORM or TROJAN!
MS Windows procces 32	X	msprocces.exe	Added by the W32/Rbot-AEZ Worm!
MS Windows Process Class	X	MSPRCSS32.exe	Added by the W32/RBOT-YQ WORM!
MS Windows Process Init	X	MSWPI32.exe	Added by the W32/Rbot-ASQ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MS Windows Security Updater	X	updater.pif	Added by the W32/RBOT-AKY WORM!
MS Windows Update	X	scguard.exe	Added by the W32/RBOT-YZ WORM!
MS WINS Binary	X	ign32.pif	Added by the W32/Rbot-ASB WORM! This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ms************* ( * = random digit)	X	ms************.exe ( = random digit)	WINBO adware component
Ms*.exe ( = random char)	X	Ms*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Ms*32.exe ( = random char)	X	Ms*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
MS-Connect	X	arr.execdm.exegame.exemsite18.exeweb.exe	Adult content dialler - see here
MS-DOS Boot Service	X	Boot32.pif	Added by the W32/Rbot-AMF WORM!
MS-DOS Boot Service	X	boot32.pif	Added by a variant of the WIN32.RBOT WORM!
MS-DOS Security Service	X	ms-dos.pif	Added by the W32/Rbot-AMR WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
MS-DOS Service	X	MS-DOS.pif	Added by the W32/Rbot-AII WORM!
MS-DOS Windows Service	X	MS-DOS.PIF	Added by the W32/Rbot-AJW WORM!
MS-HTML	X	(random filename)	Added by the LATINUS.15 VIRUS!
MS-patch	X	msconfig32.exe	Added by the W32/Rbot-AUF WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MS-patch	X	mspatch32.exe	Added by the W32/Rbot-AWF TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MS-RunKey	X	arr.exe	MS-Connect dialler/hijacker
ms64.exe	X	ms64.exe	Added by a variant of the WIN32.RBOT WORM!
MS7531	X	ms7531.exe	Homepage hijacker
MSACM	X	msacm.exe	Added by a W32/Opaserv-O worm infection
msadcheck	X	msadcheck32.exe	Browser hijacker, redirecting to search-system.com
MSAdmin	X	jdbgmrg.exe	Added by the DASMIN.A VIRUS! Note - this is not the valid JDBGMGR.EXE file - see here
msadp32	X	msadp32.exe	Added by a Octa-B trojan infection
MSAgent	X	mshtm.exe	Browser hijacker, redirecting to buldog-search.com
MSAgent	X	hhnt.exe	Added by the TSPY_AGENT.JI spyware
MSAgentXP	X	MSAgentXP.exe	Reported by Ewido_Security_Suite as TrojanDownloader.Reqlook.c
msaim	U	msaolim.exe	MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!
msappts32	X	msappts32.exe	Added by the Troj/Elburro-A TROJAN! Note: This trojan file is found in the Windows\msapps\msinfo or Winnt\msapps\msinfo folder.
MSBB	X	msbb.exe	nCase adware
Msbb.exe	X	msbb.exe	nCase adware
msbcs	X	msbcs.exe	Added by the Troj/Dadobra-G TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MsBootMgr.exe	X	MsBootMgr.exe	Added by the BACKDOOR.VERIFY TROJAN!
msbsc	X	(Path to Trojan)	Added by the Troj/Banker-DF Trojan!
MSChoExE	X	suge.exe	Added by a variant of the Win32.Rbot WORM!
msci	?	mcinfo.exe	McAfee Internet Security related. What does it do and is it required?
msclean	X	msvchost.exe	Added by the W32/Opanki-Q TROJAN!
mscman	X	mscman.exe	Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!"
mscn	U	mscn.exe	Part of the SafeChildNet internet filtering program - required if you use it
Mscnt	X	mscnt.exe	Added by the Troj/Dluca-C TROJAN!
Mscolour	X	mscolour.exe	Added by the WIN32.GEMA TROJAN!
MSCommX	X	mscommx.exe	Win32.Rbot worm variant
MSCONFG32.EXE	X	MSCONFG32.EXE	Added by the OPTIX.04.C VIRUS!
MSCONFG32.EXE	X	MSCONFG32.EXE	Added by the OPTIX.04.C VIRUS!
MSConfig	N	MSCONFIG32.EXE	Unidentified adware, spyware or virus
msconfig	X	msconfig.exe	CoolWebSearch parasite related. **Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
msconfig	X	wins.exe	Added by the RBOT.PF WORM!
MSConfig	X	MSCONFIG35.EXE	Added by a variant of the W32.SPYBOT WORM!
Msconfig lptt01 or Msconfig ml097e	X	msconfig.exe	Variant of the RapidBlaster parasite (in a "msconfig" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Windows Msconfig which has the same executable name
MSConfig Manager	X	msupdate.exe	CoolWebSearch parasite related,
MSConfig or MSConfigReminder	N	msconfig.exe	This is an entry that appears when you uncheck an item in the Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
msconfig service	X	MSupdate32.exe	W32.SpyBot worm variant
msconfig.exe	X	uline.exe	Added by a variant of the WIN32.AGENT.AH downloader TROJAN!
msconfig.exe	X	proxy.exe	Added by a variant of the WIN32.AGENT.AH downloader TROJAN!
MSConfig45	X	MSConfig45.exe	Added by the SDBOT.OJ WORM!
MSConfigr	X	jdbgmrg.exe	Added by the DASMIN.C VIRUS! Note - this is not the valid JDBGMGR.EXE file - see here
MsConfigs	X	MsConfigs.exe	Added by the ALCAN.A WORM!
MSControl28	X	crsss.exe	Added by the SPYBOT.AJX WORM!
MSControl31	X	winnsyst.exe	Added by the RBOT.CFY WORM!
MSControl3d1	X	isasse.exe	Added by the RBOT.CGU WORM!
MSCORE	X	syscnfg.exe	Added as the result of an unidentified VIRUS!. "syscnfg.exe" is found in the C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Mscsgs	X	MSCSGS.EXE	Added by the ZEZER VIRUS!
Mscsgs32	X	MSCSGS32.EXE	Added by the ZEZER VIRUS!
mscsvc.exe	X	mscsvc.exe	Added by the PWSTEAL.BANCOS.T and Troj/Banker-CK TROJANS!
Msctrl32	X	Msctrl32.scr	Added by the REDIST VIRUS!
MSCVT	X	MSCVT.exe	Added by the SLIDESHOW VIRUS!
MSDcom	X	MSDcom.exe	Added by a variant of the W32/SDBOT WORM!
msdev	X	msdev.exe	Added by the FORBOT-CR WORM!
msdev	X	msconfig.exe	Added by the AGOBOT.AAU WORM! - Note, this is NOT the legitimate Windows System Configuration Utility as described here
msdirect.exe	X	msdirect.exe	Added by the Troj/Certif-L TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSDLL	X	syscnfg.exe	Added as the result of an unidentified VIRUS!. "syscnfg.exe" is found in the C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Msdmxm	X	msdmxm.exe	Added by the Troj/Dload-DC TROJAN!
MSDN	X	nese.exe	Added by the SDBOT.AHY WORM!
MSDN HELP	X	msdn.exe	Added by the AGOBOT.AIB WORM!
MSDOS Security Service	X	msdos.pif	Added by the W32/Rbot-AMP WORM!
MSDOS Service	X	MSDOS.PIF	Added by the W32/RBOT-AIY WORM!
MSDOS Windows Service	X	MSDOS.PIF	Added by the W32/Rbot-AKF WORM!
Msdos32	X	Msdos32.pif	Added by the RECORY VIRUS!
msdos423	X	msdos423.exe	Added by the MENACE.A (or W95.SOFUNNY.WORM@M) VIRUS!
MSDTC	N	msdtc.exe	MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server
Msemu32	X	Msemu32.exe	Unidentified spyware/adware/hijacker
mservices.exe	X	mservices.exe	Added by the SDBOT.WJ WORM!
Msfind	X	Msfind.exe	CoolWebSearch parasite related.
MSFind32	X	msfind32.exe	Added by the CAYAM VIRUS!
msfindosa.exe	X	msfindosa.exe	Added by the DOWNLOADER-BS VIRUS!
MSFTP Service Config	X	r3grun.exe	Added by a variant of the W32/SDBOT WORM!
MSFWAVTSM	X	FTPDev.exe	Added by the W32/RBOT-ACF WORM!
Msg Fixage	X	msgfixed.exe	Added by the SDBOT.ZD WORM!
MsgApi	X	(path to file)	Added by a Dedler-D trojan infection
msgb1	X	msgb1.exe	Added by a Win32.Dluca.gen trojan infection
MsgCenterExe	N	RealOneMessageCenter.exe	RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way.
msgex32	X	msgex32.exe	Added by the W32/APPFLET-A WORM!
Msgmgr	X	(path to worm)	Added by the BABYBEAR VIRUS!
msgserv_	X	Syss.exe	Added by the FANTA TROJAN!
msgsm32	X	msgsm32.exe	Added by the W32/Rbot-ASG WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Msgsrv16	X	Msgsrv16.exe	Added by the DELF family of VIRUSES!
MSGSRV32.exe	Y	msgsrv32.exe	Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background
MsgSvcMgr32	X	cmdzxdll.exe	Added by the W32/Rbot-AEK Worm!
msgsvr32	X	msgsvr32.exe	Added as the result of the DEADHAT.B VIRUS! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:\Windows\System) on a Win9x/Me machine
MSGTAG	U	MSGTAG.exe	MSGTAG is an application that tells you when your emails have been received and opened.
Msgtray	X	sys16.exe	Added by an unknown VIRUS!
Mshelp32	X	mshelp32.exe	Added by a CoolWebSearch parasite variant
MSHT@	X	MSHT@.EXE	Added by the MAGISTR.A VIRUS!
msident	X	msident.exe	Unidentified adware or trojan
msidle	X	msidle.exe	Added by a W32/Opaserv-O worm infection
MsIdle32.exe	X	MsIdle32.exe	Added by the BACKDOOR.VERIFY TROJAN!
MSIdll	X	winmp.exe	Added by a variant of the WIN32.RBOT WORM!
MSIE Parsers	X	MSIE32ab.exe	Added by the SDBOT.MV WORM!
msiew	X	mseiw.exe	Added by the LITTLOG TROJAN!
MSIEXEC	X	MSIEXEC32.exe	Added by the AINESEY.A VIRUS!
MSIEXEC	X	MSIEXEC.EXE	Added by the VBS/YOSENIO-A VIRUS!
MSIMN32	X	MSIMN32.EXE	Hijacker - recognized by Kaspersky antivirus as Trojan.Win32.Agent.cx
MSIN	?	MSin.exe	??
Msinet	X	Msinet.exe	Added by the W32/Rbot-AOA WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
MSInfo	X	msinfo.exe	Added by the ALADINZ.M VIRUS!
MSInfo	X	AVBgle.exe	Added by the W32.NETSKY.O WORM!
MSInstall	X	smvss.exe	Added by the TROJ/DEDLER-G TROJAN!
msjava service	X	xpcd.exe	Added by a SDBOT.VM worm infection
MSKAGENTEXE	U	MskAgent.exe	Part of McAfee Spamkiller
MSKCES32	X	(random filename)	Added by the CLONER VIRUS!
MSKDetectorExe	U	MSKDetct.exe	Part of McAfee Spamkiller
MSKernel32	X	MSKernel32.vbs	Added by the LOVELETTER (I LOVE YOU) VIRUS!
MSkernel32	X	System.exe 4820	Added by the TUXDER VIRUS!
MSKExe	U	spamkiller.exe	McAfee SpamKiller
mskj	X	mskj.exe	Added by the Kaemon TROJAN!
MSKServerExe	U	MSKSrvr.exe	Part of McAfee Spamkiller
mslagent	X	mslagent.exe	Added by the Troj/Wintrim-F TROJAN!
MSLARISSA	X	MSLARISSA.pif	Added by the ASSIRAL.B WORM!
MSLIB32	?	mswatch32.exe	??
MSLog	X	MicrosoftLog.exe	Added by a variant of the W32/SDBOT WORM!
Mslogon lptt01 or Mslogon ml097e	X	mslogon.exe	Variant of the RapidBlaster parasite (in a "Mslogon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
MsManager	X	msmgr32.exe	Added by the YAHA.AF VIRUS!
msmanager32	X	msmngr32.exe	Added by the RANDON-R (or WOMANIZ.A) VIRUS!
msmautoprotect	X	msmssgs.exe	Added by the TROJ/BIFROSE-AJ TROJAN!
msmc	X	mscpbo.exe	ClientMan parasite variant
msmc	X	ms***.exe ( = random char)	ClientMan parasite variant
msmc	X	msmc.exe	ClientMan parasite variant
MSMcAfeee	X	Avsynmgr32e.exe	Added by the FRAMAR VIRUS!
MSMcAfeeh	X	Avsynmgr32h.exe	Added by the FRANGO VIRUS!
MSMcAfeeS	X	Avsynmgr32S.exe	Added by the VOLAC or VOLAC.DR VIRUSES!
MSMessnger	X	msnupd.exe	Added by the W32/Rbot-ADY Worm!
msmgr	?	msmgr.exe	??
msMGR	X	rtkmsg.exe	Added by the W32/SDBOT-BPY WORM!
Msmgt	X	msmgt.exe	Total Velocity adware/hijacker
MSMNTJBE	X	MSMNTJBE.EXE	Added by the Troj/Bancos-EF TROJAN! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
MSMNTJNG	X	MSMNTJNG.EXE	Added by the Troj/Graber-G TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
MSMNTMTS	X	MSMNTMTS.EXE	Added by the TROJ/BANKER-GZ TROJAN!
msmon	X	msmon.exe	Added by a variant of the Win32.GEMA.D TROJAN!
MsMovies	X	MsMovies.exe	Malware - detected by Kaspersky antivirus as Trojan-Dropper.Win32.WinAD.h
MsmqIntCert	?	regsvr32 /s mqrt.dll	Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?
MSMSGS	U	msmsgs.exe	Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
MsMsgSrv	X	msmsgsrv.exe	Added by the BACKDOOR-CQO TROJAN!
MSMsgSvc	X	MSMSGSVC.exe	Browser hijacker, identified by some antiviruses as a variant of the StartPage.QC TROJAN!
msmsngr	X	msmsngr.exe	Added by the W32/DOPBOT-B WORM!
msn	X	system32.exe	Added by the KITRO.A VIRUS!
msn	X	msnmsg.exe	W32/Rbot-GO worm
MSN	X	msnmsgs.exe	Added by a W32/Rbot-KL worm infection
MSN	X	msnmesengers.exe	Added by a W32/Rbot-ME worm infection
MSN	X	ctfmoons.exe	Added by the SPYBOT.HI WORM!
MSN	X	msnmesengers.exe	Added by the RBOT-ME WORM!
MSN	X	msnmsgr.exe	Added by the W32.Mytob or W32.Mytob.B WORM! **Note - this is not the valid MSN_Messenger utility
msn	X	msnsvc.exe	Added by a variant of the W32/SDBOT WORM!
MSN	X	msn16.exe	Added by the W32/SDBOT-VN WORM!
MSN	X	msnsgr.exe	Added by an unidentified WORM or TROJAN!
MSN 9.0 Plus	X	(Random letters).exe	Added by the W32/Rbot-ALY WORM!
MSN Administration For Windows		msnadp32.exe	Added by the BROPIA.W WORM!
MSN ang	X	cssrss.exe	Added by the W32/FORBOT-CE WORM!
MSN BETA	X	service.exe	Added by the RBOT.AUU WORM!
Msn Config	X	msngf.exe	Added by the W32/RBOT-QG WORM!
Msn Configuration Loader	X	msngms.exe	Added by the W32.KELVIR.T WORM!
MSN Funny Images	X	imsngsr.exe	Added by the W32/Agobot-TT WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSN Internet Access	N	trayclnt.exe	Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards
MSN Manager	X	cvss.exe	W32.SpyBot worm variant
MSN Manager	X	mscmgr.exe	Unidentified malware - causes multiple browser windows to open
MSN Message Background loader	X	msnmesg.exe	Added by a variant of the WIN32.RBOT WORM! Note: File name may be different with some of the other variants.
MSN Messages	X	msnmesg.exe	Added by the W32/RBOT-ACN WORM!
MSN Messanger	X	msnmsng.exe	Added by a SDBOT.XN worm infection
Msn Messeng	X	windns.exe	Added by a variant of the WIN32.RBOT WORM!
Msn Messenge	X	IExplorer.exe	Added by the Troj/Delf-LL TROJAN! Note: This is not the legitimate Windows process Iexplore.exe or explorer.exe (Notice the difference in the spelling). This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSN messenger	X	messenger.exe	Unidentified trojan VIRUS!. Note - this is not the real MSN Messenger, see this thread
Msn Messenger	X	msnmsgs.exe	Added by the TROJ/LOONY-P TROJAN or the W32.MYTOB.AD WORM! - NOTE: not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
MSN Messenger	X	Reosmsngr.exe	Added by a variant of the W32.SPYBOT WORM!
MSN Messenger	X	msnmsgr.exe	Added by the AGOBOT.AOQ WORM! - Note - this is not the valid MSN Messenger utility as described here
MSN MESSENGER	X	msmmsgr.exe	Added by the W32.KELVIR.Q WORM!
MSN Messenger	X	msmsgs.exe	Added by the TROJ/DLOADER-LN or ZLOB-C and Troj/ZlobDrop-C TROJANS! - NOTE: this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
MSN Messenger	X	msmsgs.exe	Added by the Zhopa TROJAN!
MSN Messenger	X	msnmsngr.exe	Added by a variant of the WIN32.RBOT WORM!
MSN Messenger	X	IExplorer.exe	Added by the Troj/Banker-EU TROJAN!
MSN Messenger	X	PIC1324(1)(1)(3).exe	Added by the W32/CHOKE.C WORM!
Msn Messenger	X	msnmsnr.exe	Troj/Banker-GG is a keylogging TROJAN! NOTE - This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSN Messenger 32	X	msniu.exe	Added by the W32/Rbot-AWB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSN Messenger 323	X	msniu3.exe	Added by the W32/Rbot-AXB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSN Messenger 6.2	X	tyd.exe	Added by a variant of the WIN32.RBOT WORM!
MSN messenger service	X	mssgs.exe	Unidentified trojan VIRUS!. Note - this is not the real MSN Messenger, see this thread
MSN Messenger Service Starter	X	msnmgsr.exe	Added by the W32/Rbot-AOS WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Msn Messenger Update	X	msnupdate.exe	Added by a variant of the WIN32.RBOT WORM!
MSN Messenger User Controls	X	msmsgr.exe	Added by the W32.Kelvir.HI WORM!
Msn Messengers	X	MSNMSGR.EXE	Added by a RBOT.KX worm infection
MSN MMISSENGER	X	mssmmspgr.exe	Added by the W32.KELVIR.AJ WORM!
Msn Patch	X	msndp.exe	Added by the RBOT.AAI WORM!
Msn Patches	X	msndr.exe	Added by a variant of the W32/SDBOT WORM!
Msn Plus Updater	X	msnplus.exe	Added by the W32/RBOT-MU WORM!
Msn Processe Manager	X	msni32.exe	Added by the W32/Rbot-ADX Worm!
MSN Quick View	N	Msndc.exe	Quick way to connect to MSN internet service
MSN Registry loader	X	msmnwin.exe	Added by the W32.Kelvir.FK WORM!
MSN service	X	msnmgr16.exe	Added by a variant of the WIN32.RBOT WORM!
MSN service	X	NTDKRN.EXE	Added by the RBOT.UJ WORM!
Msn Service	X	matrixcam.exe	Added by the MYTOB.JH WORM!
Msn Service	X	raloded.exe	Added by the W32/Mytob-DY WORM!
MSN Service	X	amsnmsgrs.exe	Added by a variant of the W32/SDBOT WORM!
MSN service	X	msnmsgr16.exe	Added by the W32/Rbot-RZ WORM! Note: This worm has nothing to do with MSN and this worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSN Start	X	msnmsgr7.exe	Added by the W32/RBOT-PH WORM!
MSN Update	X	msn32.exe	Added by the RBOT.AHN WORM!
Msn Update Manager (Sp2)	X	MSMSGS.EXE	Added by the W32/AGOBOT-NL WORM!
Msn Update Service	X	userx.exe	Added by the W32.Mytob.JF WORM!
MSN Updater	X	msnms.exe	Added by the FORBOT-CG WORM!
Msn Updater	X	msnplugins.exe	Added by the W32/RBOT-HS WORM!
Msn Updater	X	windatemanager.exe	Added by the SDBOT.TS WORM!
MSN UPDATERS	X	virtualmemory.exe	Added by a Rbot-JK worm infection
MSN Updates	X	spoolsv32.exe	Added by a variant of the WIN32.RBOT WORM!
msn.exe	X	son.exe	Added by the Troj/StartPa-GS TROJAN!
MSN32 X Service	X	MSN32x.EXE	Added by an unidentified WORM!
MSN8m Startup	X	msn8m.exe	Added by a variant of the WIN32.RBOT WORM!
msnager32	X	svchostt.exe	Added by the WOMANIZ.E TROJAN!
msnappau	N	msnappau.exe	Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar
Msnarrator	X	msnarrator.exe	Added by the NARAT.A VIRUS! - also identified as MPGCOM Toolbar adware
MSNavWH	X	MSWkwrH.exe	Added by the W32/ANAV-A WORM!
MSNET	X	msnet.exe	Added by the BOA VIRUS!
MsnExplorer	X	winagent.exe	Added by the TROJ/BDOOR-EQ TROJAN!
MsnExplorer	X	MSEXPLOREN.EXE	Added by the TROJ/BDOOR-EB TROJAN!
MsnExplorer	X	SHCH.EXE	Added by the TROJ/BDOOR-EB TROJAN!
MsnExplorer	X	SVCHST.EXE	Added by the TROJ/BDOOR-EB TROJAN!
MsnFixer	?	msnfixjs.js	Located in the HP\bin\msnfix directory of a HP PC
MSNGrabber	X	MSNgrabber.exe	Added by the W32.ENVID.A WORM!
msngta32	X	msngta32.exe	Added by a variant of the WIN32.RBOT WORM!
MSNIA	N	MSNIASVC.EXE	Added with MSN version 9. Resets certain internet settings upon bootup and can\'t be disabled via MSCONFIG
msnload32.exe	X	msnload32.exe	Added by the BANCOS.M TROJAN!
MSNMESENGER	X	Main.exe	Added by the PRORAT VIRUS!
msnmsg	X	asgag.exe	Adware trojan - probably CoolWebSearch parasite related.
msnmsg	X	TBC.exe	Added by an unidentified TROJAN!
msnmsg.exe	X	mscmd32.exe	Added by a variant of the WIN32.AGENT.AH TROJAN!
msnmsgq32	X	msnmsgq.exe	Added by the WIN32.TACTSLAY.H TROJAN!
msnmsgr	N	msnmsgr.exe	MSN Messenger utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
MsnMsgr	X	MsnMsgrs.exe	Added by the W32/NETSKY-AN WORM!
msnmsgr32-.exe	X	msnmsgr-.exe	W32.SpyBot worm variant
MSNMSGR5	X	MSNMSGR5.exe	Added by a RBOT.PQ worm infection
MSNMSGRE	X	swef.bat	IRC worm or backdoor trojan!
MSNMSGRE	X	swef.bat	IRC worm or backdoor trojan!
MSNMSGRR	X	swin.bat	IRC backdoor trojan or worm!
MSNMSGRS	X	swe.bat	IRC worm or backdoor trojan!
MSNMSGRS	X	swiss.bat	IRC worm or backdoor trojan!
MSNMSGRS1	X	swed.bat	IRC worm or backdoor trojan!
msnmsgs.exe	X	msnmsgs.exe	Added by the Troj/Banker-HK TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
msnmsgsgs	X	msnmsgsgs.exe	Added by the "Catal" alias Spy.Delitall.B backdoor TROJAN!
msnmsgy	X	[path to file]	Added by the TROJ/BANKER-EQ TROJAN!
MSNPluginSrIvcs	X	n3vasap23.exe	Added by a variant of the WIN32.RBOT WORM!
MSNPluginSrvcs	X	p6.exe	Added by the SDBOT.AKJ or W32/Rbot-VJ WORM!
MSNPluginSrvcs	X	sagate.exe	Added by the SDBOT.AKJ WORM!
MSNProxy	N	MSNProxy.exe	MSNProxy - SOCKS4 proxy for MSN Messenger. Desktop shortcut available
msnsched2	X	msnsched2.exe	Added by the W32.SPYBOT.NNT WORM!
MSNService	X	MSNService.exe	Added by the CARPET.C VIRUS!
msnsgs	X	msnsgs.exe	Added by the Troj/Cheuko-B TROJAN!
msnshed	X	msnshed.exe	Added by the W32/RBOT-YN WORM!
MSNSysRestore	X	pc32.exe	Added by a variant of the MASTAK VIRUS!
msnToolbaar	X	msnmsgesc.exe	Added by the RBOT.BMF WORM!
MSObject32	X	MSObject32.js	Added by the PUN VIRUS!
Msoffice	X	msoffice.hta	Hijacker - redirecting to Searchdot.net
MSOffice	X	services.exe	Browser hijacker. The file is placed in a newly created MSOffice folder in System32 - Note - this is NOT the legitimate Windows services.exe process, which should NOT figure in Msconfig/Startup!
MSOfficeCfg	X	qservice.exe	Premium rate adult material dialer
MSOfficeCfg	X	navchk.exe	Premium rate adult material dialer
MSOfficeCfg	X	msocfg.exe	Premium rate adult material dialer
MSOfficeCfg	X	shman.exe	Premium rate adult material dialer
MSOfficeCfg	X	ssvr.exe	Premium rate adult material dialer
msoffwz	X	msoffwz.EXE	Added by the Troj/Bancban-HQ TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
msoft-updater23	X	slssystem.exe	Added by the W32/Rbot-ASR WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
msoft-updater23	X	mssysstems.exe	Added by W32/Rbot-ATU WORM!
MSOleath32	X	winss.exe	Added by the KATHER TROJAN!
MSOOBD	X	MSOOBD.EXE	Added by the MAGISTR.A VIRUS!
mspaint.exe	X	check32.exe	Added by the WIN32.AGENT.AH TROJAN!
Mspatch69	X	(path to trojan)	Added by the MPROX VIRUS!
Mspatch89	X	cnqmax.exe	Added by the RANDEX.P VIRUS!
msping	X	msping.exe	Added by the Trojan.Floodblack Trojan!
MSPluginSrvc	X	p3.exe	Added by the W32/RBOT-WV WORM!
MSPLUS	X	msplus32.exe	Added by the W32/MYTOB-AM or W32/MYTOB-CL WORMS!
MSPQFile	X	MSA****.TMP	Homepage hijacker. See here for more information. **** can be anything
MSPRO32	X	pnp.exe	Added by the ZOTOB.O WORM!
MSPRO32	X	(PATH TO WORM FILE)	Added by the W32.Iberio WORM!
MSprotect.exe	X	MSprotect.exe	Added by the W32/Dabyrev-A WORM!
mspwr	U	pupstman.exe	"Transparent icon background" feature of Ashampoo's PowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me)
mspwr	U	pupxpman.exe	Related to Ashampoo's PowerUp_XP
mspwr	U	pwrupst.exe	Ashampoo PowerUp_XP is a tool for fine-tuning your Windows� NT4, 2000, 2003 Server and XP configuration.
MSPY2002	N	ImScInst.exe	Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
MSR	X	msr.exe	Added by the AGOBOT.RT WORM!
Msrc	X	Msrc.exe	Added by the KRYPTONIC GHOST VIRUS!
msreg.exe	X	msrege.exe	Added by the ZINX VIRUS!
msReg32 Loader	X	msreg32.exe	Added by the AGOBOT.IU WORM!
MSREGIT	X	Msgp.exe	Added by the KRYPGHOS (Kryptonic Ghost) VIRUS!
MSRegScan	U	SGP.exe	SpyGator is a spyware program that monitors Internet activity, logs keystrokes, and takes screenshots.
MSRegScan	U	ETNKL.exe	Added by the ComKeylogger surveillance software. Uninstall this software unless you put it there yourself.
MSRegSvc	X	regsvc32.exe	Homepage hijacker that changes your homepage to an adult content site
msrepair	X	msrepair.exe	Added by the SDBOT.AFL WORM!
msresear	X	(Path to trojan EXE)	Added by the Troj/Weasyw-B TROJAN!
msresearch	X	msresearch.exe	TROJAN! - 180SearchAssistant adware related
msresearch	X	tool3.exe	Spy Sheriff/SpywareNO malware component, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
msrundll	X	msrund1l32.exe	Added by the Backdoor.Binghe TROJAN!
msrunocx32	X	msrunocx32.exe	Added by the SKUS VIRUS!
Msrv32	X	Msrv32.exe	Added by the AGOBOT-NB WORM!
MSSCDL	U	MSSCDLL.exe	SpyCapture keystroke logger/monitoring program - remove unless you installed it yourself!
msserv	X	lvsrev.exe	Added by the TROJ/BROWMON-B TROJAN!
msserv	X	msserv.exe	Added by the TROJ/BLACKLOG-A TROJAN!
msserv32	X	msserv32.exe	Added by the W32/RBOT-ACK WORM!
msservice	X	msserv.exe	Added by the HYD VIRUS!
MSSever	X	(Path to Executable)	Added by the Troj/PWS-CW TROJAN! Note: This trojan will attempt to steal passwords and other personal information.
mssfos	X	sfool.exe	Added by the W32.Randex.EUS WORM!
MSSGisg	X	(path to file)	Added by the RANKY.N TROJAN!
MSShow	X	MSShow.exe	Added by the Troj/QQRob-M TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
MSSHVC	X	MSSHVC.exe	Added by the NUFFY.A VIRUS!
mssoul	X	msmscc2.exe	Added by the Win32.Dapizl.A banker WORM!: ( a "banker worm" is designed to pillage banking information and send it back to the perpetrators!)
mssp3	X	mssp22.exe	Added by the TROJ/IBANK-D TROJAN!
MSSQL	X	Mssql.exe	Added by the SDBOT WORM!
Msstart	X	msstart.exe	Added by the LIVUP.C VIRUS!
MSStartOptimizer	X	Iexpres.exe	Added by the POLDO.B VIRUS!
MSStartOptimizer	X	WINUPD.EXE	Adult content dialler - see here. This has to be cleared at the same time as RegCompres (REGCPM32.EXE), atisrc2 (windfind.exe) and mmxrun (msosa.exe), otherwise they return
msstask	X	msstask.exe	Added by the MYPARTY VIRUS!
mssurfer lptt01 or mssurfer ml097e	X	mssurfer.exe	Variant of the RapidBlaster parasite (in a "surfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Lavasoft Adaware
mssvc	X	(path to trojan)	Added by the PSK VIRUS!
MSSVC	X	svcsys.exe	Added by the FATOOS-C TROJAN!
MSSVC.EXE	Y	MSSVC.EXE	Stealthdisk - hides folders, files and applications. Will also encrypt them for better protection
mssvc32	X	mssvc32.exe	Added by the W32/Agobot-ME WORM!
mssys	X	mssys.exe	Added by the MYSS.B VIRUS!
mssysint	X	Iexplore .exe	Added by the PWSTEAL.ABCHLP and PSPIDER.310.B VIRUSES! Note - this is not the valid Internet Explorer (iexplore.exe)
mssysint	X	comime.exe	Added by the TROJ/NETSNAKE-I TROJAN!
mssyslanhelper	X	msmsgri32.exe	Added by the RANDEX.D VIRUS!
MsSystem	X	msdos.exe	Adult content downloader - see here
MsSystem	X	mssys.exe	Added by the VANTA.A VIRUS!
MSSYSTEM	X	svcsys.exe	Added by the FATOOS-C TROJAN!
Mstapi	X	Mstapi.exe	Keylogger trojan
Mstask	X	mstask.exe	Added by the OPASERV.N VIRUS! Note - this is not the "Scheduling Agent" and the executable resides in C:\Windows or C:\WINNT
mstask	X	mstask.exe	Browser hijacker, redirecting to find-more.net
MSTask	X	run_dll.exe	Yuupsearch adware
MStask	X	svchost.exe	Added by the TROJ/LDPINCH-BV TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
MsTask	X	wstask32.exe	Added by W32/Mytob-FE and W32/Mytob-FG WORM!
MSTaskbar 32	X	tbsvc32.exe	Added by the RBOT.BQZ WORM!
mstasks	X	mstasks.exe	Added by the PWSTEAL.OMERSTROKE TROJAN!
Mstcgww	?	MSTCGWW.EXE	??
Mstng32	X	MSTng32.exe	Added by the TANG VIRUS!
MSUpdate	X	wupd.exe	Added by the ALADINZ.M VIRUS!
MSUpdate	X	svchosthlp.exe	Added by the BLASTER.T VIRUS!
msupdate	X	msupdate.exe	Added by the W32/RBOT-MZ WORM or Troj/Surila-E backdoor TROJAN! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MSUpdate	X	criticalUpdate.exe	Affilred adware
msupdate	X	update.exe	Added by a variant of the W32/SDBOT WORM!
Msupdate	X	svcrhost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Msupdate	X	outIook.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Msupdate	X	expIorer.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Msupdate	X	svcshost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Msupdate	X	svchosts.exe	Added by a variant of the WIN32.TACTSLAY TROJAN!
MsUpdate	X	MsUpdate.exe	Added by the W32.Alcra.D WORM! Note: This worm file is found in the Program Files\MsUpdate folder.
MSupdate.exe	X	N/A	CoolWebSearch parasite related.
MSUpdateDevKit	X	axfd.exe	Added by the W32/SDBOT-ZD WORM!
MsUpdater System	X	udpsys32.exe	Added by the RBOT.AAA WORM!
MSupdater.exe	X	N/A	CoolWebSearch parasite related.
msupdater25	X	lsasser.exe	Added by W32/Rbot-ATS WORM!
msupdates	X	msupdt.exe	Added by a W32/Rbot-JO worm infection
MSUpdSrv	X	msupdsrv.exe	Browser hijacker, redirecting to a porn site
msurl	X	msurl32.exe	Added by a CRYPTER.A trojan infection
msuser32.exe	X	msuser32.exe	Added by the ANDROV VIRUS!
MsVBdll	X	MsVBdll.pif	Added by the W32.Aimdes.A WORM!
MsVBdll	X	sys32dll.exe	Added by the W32.Aimdes.B or W32.Aimdes.C WORM!
MSVBVM60	X	msvbvm60.pif	Added by the W32/SCOLD-B WORM!
MSVBVM60	X	MSVBVBM60.pif	Added by the SCOLD.C WORM!
msvc32	X	msvc32.exe	ClientMan parasite variant
msvc32	X	msvc32.exe	Added by the W32/AGOBOT-NT WORM!
msvcc	X	msvchost.exe	Added by the XOMBE VIRUS!
MSVersion	X	INTERNETFEATURES.exe, clrschp038.exe	Added by the POPMON.A VIRUS! - also known as PopMonster adware
msvhost	X	aig.exe	Added by the Troj/Aimbot-BC TROJAN! Note: This worm file is found in the Windows(95/98/Me/XP) or WINNT (Nt/2000) folder.
msvload32	X	msvload32.exe	Added by the W32/RBOT-ACI WORM!
msvsc32	X	msdev.exe	Added by the W32/RBOT-GJ WORM!
MSVsmt	X	rpcxctx.exe	Added by an unidentified WORM or TROJAN!
MSVSync	X	videosync.exe	W32.SpyBot worm variant
MSVXD	X	MSVXD.EXE	Added by the DATOM.A VIRUS!
msw	X	msw.exe	Abcsearch.com/DealHelper adware variant
mswave	X	mswave.exe	Added by a CRYPTER.A trojan infection
Mswavedll	X	mswavedll.exe	Added by the CRYPTER-C TROJAN!
MSwheel	U	mswheel.exe	Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
MSWin	X	mswin.exe	Added by the BANKER-CU TROJAN!
Mswincfg	X	Mswincfg32.exe	Added by the BACKDOOR.CYBSPY TROJAN!
MsWindows SysDate	X	sysmsvc.exe	Added by the W32.Spybot.FCD WORM!
MSWindows Syspg	X	mspg32.exe	Added by the W32/Rbot-TB WORM!
MSWindowsUpdate	X	Systern.exe	Added by the W32/Rbot-AFD Worm!
Mswinpid32	X	mswinpid32.exe	Added by the Win32.Lapos.A TROJAN! This is a a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
MSWinSrv	X	MSWinSrv.exe	Added by the MTRON TROJAN!
MSWinSrv32	X	MSWinSrv32.exe	Added by the MTRON-B TROJAN!
MSWinupd	X	winupd.exe	Added by the Troj/Dloader-YE or Troj/Dloadr-AAA TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MsWinVgr	X	msvgr.exe	Added by the W32.Mytob.LE WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
mswkork Service	X	msework.exe	Added by a variant of the WIN32.RBOT WORM!
msword	X	msword.exe	Added by the W32/Rbot-ADR Worm!
mswork Service	X	mswork.exe	Added by a variant of the W32.SPYBOT WORM!
mswspl	X	wmplayer.exe, other file names	Added by a TROJ_SMALL.IQ trojan downloader infection
mswspl	X	searchbarcash.exe	SearchBarCash adware variant
mswspl	X	vnmispoisn_downloader.exe	SearchBarCash adware variant
mswspl	X	plugin1.exe	Added by the TROJ_SMALL.IQ downloader TROJAN!
msxct	X	msxct.exe	eXact_Advertising (NaviSearch, BargainBuddy, CashBack) adware component
Msy1 Startups	X	msyj32.exe	Added by the W32/AGOBOT-QQ WORM!
msys lptt01	X	msys.exe	New variant of the RapidBlaster parasite (in a "Msyss" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Msys32	X	morfitwebentrance.exe	Morfit ADjectPager - "uses home page rental technology for generating revenues". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage
MSysDrv	X	msdrv.exe	Added by the Win32.VB.wf backdoor TROJAN!
ms_anti_spyware	X	mwfirewall.exe	Added by the Trojan.Gamqowi TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
ms_anti_spywarebxp	X	mwfirebpx.exe	Added by the Troj/Surila-D TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
MS_LARISSA	X	MS_LARISSA.exe	Added by the W32.Assiral WORM!
MS_NETD_WIN32	X	netd32.EXE	Added by the RANDEX.F VIRUS!
MS_SETUP.EXE	X	MS_SETUP.EXE	Added by the CHARGE VIRUS!
MS_Update Check	X	wdfmgr.exe	Added by the W32/AGOBOT-TB WORM!
MtdAcq	N	MtdAcq.exe	Creative_MediaSource "Sound Sniffer", monitors the drive for new media files then automatically adds them to the media library.
Mtr2	X	mtr2.exe	Added by the KRYPTONIC GHOST VIRUS!
MUAL	U	mual.exe	Millesky video mail updater and launcher
muamgr	U	muamgr.exe	Quick access to MicroAngelo 5.0. It can make the background of the icon text transparent and also change the color of the shortcut\'s text to a color you want. Very useful, if you have a wallpaper. Available via Start -> Programs
Mufix	?	mufix.exe	Part of INFOConnect, web-based, enterprise client configuration, management, and deployment software, as used by ABSS (a financial management system used by the US military which will allow purchase request packages to be electronically submitted to contracting, and which also facilitates electronic receipt of items and EFT) - what does it do and is it required
Multi-function keyboard	U	GWHotkey.exe	Software that sets up the Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click access to e-mail, browser, volume and CD/DVD controls, etc)
MultiCAM Initializer	U	MCamBoot.exe	The MultiCAM Initializer is part of the MultiCAM software package provided by Vista Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital cameras on a single computer. Clears itself from memory once initialized but can also be safely disabled
Multimedia Codecs	X	mcc.exe	Added by the TROJ/DLOADER-MB TROJAN!
Multimedia extensions	X	mservice.exe	EasySearch adware
Multimedia extensions	X	(Path to EXE)	Added by the Troj/SmutSrch-A Trojan!
Multimedia KBD or MULTIMEDIA KEYBOARD	U	MMKeybd.exe	Multimedia keyboard manager. Required if you use the additional keys. Can also be listed as Keyboard Manager
multiran	X	multiran.exe	Added by the Troj/Cosiam-E TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MultiRes	U	MultiRes.exe	MultiRes - system tray utility allowing quick access to changing desktop resolutions and has the ability to lock the screen refresh rate in WinNT/2K/XP
MUPS	U	MUPS.exe	Lauches the Belkin Bulldog Plus Service - required if you want to access the UPS advanced functions
murphy shield	Y	lmgui.exe	Firewall part of BitDefender virus scanner/firewall
Music01 Server	N	Music01 Server.exe	J River Media Jukebox
MusIRC	X	musirc4.71.exe	Added by the RANDEX.Q WORM!
MusIRC (irc.music.com) client	X	musirc4.71.exe	Added by the RANDEX.Q WORM!
Mustek MDC 3000	?	Mounter.exe	Related to software for the Mustek MDC_3000 digital camera - what does it do and is it required?
MutexServiceEx	N	Sys32Smm.exe	Webroot Sofware's discontinued "Privacy Master"
MW1HelperStartUp	U	Mw1helper.exe	ScreenScenes MagicWaterfall screen saver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30...
mwavscan	U	mwavscan.com	MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system, including memory, services, starup items and registry, or only scan files in a specified folder or drive.
MWProEng	N	MWProEng.exe	Logitech Mouseware Pro software - only required when using special functions
MWSnap	N	MWSnap.exe	MWSnap - screen capture utility. Start manually when required
mwsoemon	X	mwsoemon.exe	"My Web Search" malware
Mwsvm	X	mwsvm.exe	SeekSeek search hijacker related - as seen here
MxHLp32	X	MxHLp32.exe	Added by a variant of the VAGRNOCKER VIRUS!
MXO Auto Loader	U	MXOaldr.exe	Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
MXOBG	U	MXOALDR.EXE	Maxtor includes a driver to bypass the Windows certified drivers check just when it detects an external drive. MXOaldr.exe is installed with the new driver and if disabled the button on a Maxtor OneTouch External Store no longer functions
MxRunner	U	MxRunner.exe	EasyUninstall from Aladdin Systems (formerly by Ontrack)
My Agent	X	msagent.exe	Added by the NEGASMS.A VIRUS!
My App	X	SMSSvc.exe	Added by the NEGASMS.A VIRUS!
My Search Bar Eq	X	S4BAREQ.EXE	MySearch bar parasite
My-disgo	U	MyKey disgo.exe	Related to disgo_pro Program will synchronize data.
MyAccessMedia	X	tmp*.exe (where = random char/digit)	My AccessMedia toolbar related, stealth installed!
MyAgtTry	U	MyAgtTry.exe	System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications
Myapp	X	(filename)	Added by the FATEE.B VIRUS!
Myapp	X	service.exe	Homepage hijacker
MyAV	X	avpguard.exe	Added by the W32.NETSKY.J WORM!
MyCIO Agent Service	Y	myagtsvc.exe	McAfee VirusScan ASaP Agent service
myCIO.com ASaP	U	MyAgtTry.exe	System tray notification for McAfee VirusScan ASaP on-line scanner. Not required to be protected but you lose notifications
myCIO.com Splash	N	Splash.exe	Splash screen for McAfee VirusScan ASaP on-line scanner
MyCometCursor	X	MYCOME~1.EXE	Comet Cursor adware
MyDailyHoroscope	X	MyDailyHoroscope.exe	eConfidence MyDailyHoroscope foistware
MyDailyHoroscope	X	MYDAIL~1.EXE	eConfidence MyDailyHoroscope foistware
MyFastAccess	X	myfastupdate.exe	My-Fast-Access toolbar updater
myhuy	X	huy.exe	Added by the W32/Blaster-C WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
myhuy	X	huy2.exe	Added by the W32/Blaster-L WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MyIE.exe	U	MyIE.exe	MyIE2/Maxthon browser related
MyLife	X	CmdServ.exe	Added by the HOLAR.A VIRUS!
myNetWatchman	U	nwclient.exe	Sends your firewall alerts to a website, which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running
MyPointsPointAlert	X	wjview ...MyPointsPointAlertrun.exe	"With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles". Dubious privacy policy
myprint mileage	U	mpm.exe	Reports battery status on a portable printer
MyPrivacyIndexPath	Y	MyPrivacyIndex.exe	Omniquad Total_Security
MySLScan	X	msvc32.exe	Added by the W32/FORBOT-EH WORM!
mysoft	X	winexplor.exe	Browser hijacker, also detected as the TROJ/STARTPA-JR TROJAN!
MySoftware NewsFlash	?	Newsflsh.exe	??
MytekSystrayExePath	U	MyTekSystray.exe	MyTek system tray - web site providing computer tech support in Australia
MyTotalSearch Email Plugin	X	mtsoemon.exe	MyTotalSearchBar adware
MyVBApp	X	SysNT.exe	ReferAd adware
MyVirt.exe	X	MyVirt.exe	Added by the REMADM-C TROJAN!
MyVitalAgent	U	VtlAgent.exe	MyVitalAgent from Lucent Technologies. Replacement for Net.Medic, monitoring all popular internet transactions and alerting the user of the loaction of connection problems. Available via Start -> Programs
MyWebSearch Email Plugin	X	mwsoemon.exe	MyWebSearch parasite
M_S DVD DirectX Dll Drivers	X	msxdl.exe	Added by the W32/SDBOT-BJN WORM!
N2PTray	U	Net2fone.exe	An Internet telephony application. Needed only if you have an account at Net2Phone, Inc
NADaemon	N	NADAEMON.EXE	Program by NetActive which appears to be piggybacked onto some Nvidia graphics cards software. They seem to look after "digital rights management". One user reports disabling it has no detrimental affect - not required
Naggerrunkey	N	nagger.exe	Packard Bell Free Internet Signup screen
Naimagent_service	Y	EPOAgentnaimas32.exe	Networked version of McAfee VirusScan. Installs, configures and updates the software and DAT (virus definition) files on local computers from a network server. A resource hog but required for DAT updates and if disabled can also cause random freezes and error messages
Naimagent_UI	Y	EPOAgentnaimag32.exenaimag32.exe	Workstation background program for Network Associates� McAfee ePolicy Orchestrator - a network management tool for enforcing antivirus protection of the workstations using system policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32 communicate with the ePolicy Orchestrator processes on the network fileserver to check for virus updates or for the need to perform a virus scan
Name	X	Iexplorer0.exe	Added by the THREADSYS VIRUS!
NAMEDPIPE SYSTEM	X	namedpipe.exe	Added by the W32.Mytob.LO WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
NAMEDPIPE SYSTEM	X	namedpipe.exe	Added by the W32/Mytob-FH TROJAN!
NAP32	X	NAP32.exe	Premium rate adult content dialer
Narrator	X	*****.exe ( = random char)	Added by the QOOLOGIC TROJAN!
Natal	X	Natal.scr	Added by the OPASERV.AE VIRUS!
NAV	X	RuxDLL32.exe	Added by the MAPSON.D VIRUS!
nAv AGENT	X	N/A	Added by the RIOSYS VIRUS! Note the lower-case "n" and "v" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes
NAV Agent	X	systems.exe	Added by the TARNO.C VIRUS! Note - this is not the valid Norton Antivirus entry of the same name
NAV Agent	Y	navapw32.exe	Norton Anti-Virus's background scanning process
NAV Agent	X	winsnav.vbs	Added by the W32.ANPES WORM!
NAV Agent	X	wmilib32.exe	Added by the Troj/VB-XU TROJAN!
NAV Auto Prot	X	navprot1.exe	Added by the RBOT.ZAC WORM!
NAV Auto Protect	X	navprotect.exe	Added by a variant of the WIN32.RBOT WORM!
NAV Auto Protect	X	msfwe1.exe	Added by a variant of the WIN32.RBOT WORM!
NAV Auto Protect	X	dnsserv.exe	Added by a variant of the W32/SDBOT WORM!
NAV Auto Protect	X	mcafee32.exe	Added by a variant of the W32.SPYBOT WORM!
NAV Auto Update	X	Navautoupdate.exe	Added by the SPYBOT VIRUS!
NAV Auto Updates	X	slserver.exe	Added by a variant of the W32/SDBOT WORM!
NAV Auto Updates	X	navwindows.exe	Added by a variant of the W32/SDBOT WORM!
NAV Auto Updates	X	csrssp.exe	Added by a variant of the W32/SDBOT WORM!
NAV Auto Updates	X	slserves.exe	Added by a variant of the W32/SDBOT WORM!
NAV Auto Updates	X	navupdaters.exe	Added by the W32/RBOT-UN WORM!
NAV Auto Updates	X	navupdaterx.exe	Added by a variant of the WIN32.RBOT WORM!
NAV CfgWiz or NAV Configuration Wizard	N	cfgwiz.exe	Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
NAV DefAlert	U	DefAlert.exe	Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis
NAV Live Update	X	(path to worm)	Added by the DEBORMS.C VIRUS! <filename> represents the path to the worm. Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec
NAV Scan Service	X	NAVSCAN32.EXE	Added by a SDBOT.VG worm infection
NavAgent32	X	lasvr32.exe	Added by the FEMOT.D VIRUS!
NavAgent32	X	SCardSvr32.Exe	Added by the MOFEI.B VIRUS!
navapp	X	navapp.exe	NavExcel adware variant
navapw32	Y	navapw32.exe	Norton Anti-Virus's background scanning process
NAVCheck	X	navchk.exe	Premium rate adult material dialer
NAVCheck	X	shman.exe	Adult material premium rate dialer
Naviscope	U	naviscope.exe	Naviscope is a multipurpose browser enhancement that can speed up Web searches, lock out cookies, examine HTML send/receive headers, provide single-click network diagnostics, and much more
NaviSearch	X	nls.exe	eXact Advertising BargainBuddy/NaviSearch adware
navman_20	X	sysnav32.exe	CoolWebSearch parasite related.
NAVNet	X	**.tmp ( = random digit)	Unidentified adware
navp.exe	X	navp.exe	Added by the W32/AGOBOT-OE WORM!
NavPass	X	NavPass.exe	Free system for gaining access to and downloading from adult content web-sites
NavRegReminder	N	NavLoad.ini	Corel, HP or ScanSoft registration reminder; not required
NavScan	X	(random filename)	Added by the OBSORB VIRUS!
NAVSCAN32.EXE	X	NAVSCAN32.exe	Added by the W32/SDBOT-DO WORM!
NAVSCANNER32	X	NAVSCANNER32.EXE	Added by the RBOT.QC WORM!
NAVUpd	X	rundll32.exe navupd.dll, Startup	Added by the NAVU VIRUS!
NAV_Update	X	NAV_Update.exe	Unidentified WORM or TROJAN!
nawadll32	X	nawadll32.exe	Added by the W32/Sdbot-ZI Worm!
nawdll32	X	nawdll32.exe	Added by the W32/Sdbot-ZM Worm!
NB Common Dialog Enhancements	N	COMDLGEX.EXE	Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs
NB Start Menu	N	STARTM.EXE	Part of McAfee Nuts & Bolts. Provides the same control as MSCONFIG and can be used instead if you have N&B
NB Windows Patterns	N	WINDBKGND.EXE	Part of McAfee Nuts & Bolts. With Background Patterns, you can change background patterns of wizard and dialog windows
NBJ	U	NBJ.exe	Ahead Nero BackItUp backup program. Only required for if you have scheduled back-ups
NbkCtrl	U	NbkCtrl.exe	Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here
NBT System alias	X	[path] repcale.exe [path] beird.exe	Added by a variant of the RANDON.AN WORM!
nbustrce1D	?	nbustrce1D.exe	Device driver, possibly CD-ROM/DVD-ROM related - what exactly is it and is it required in startup?
Ncao	X	osoa.exe	PurityScan/Clickspring adware
Ncao	X	urpo.exe	PurityScan/Clickspring adware
NCClient	?	N/A	??
NCD	N	ncd.exe	Norton Change Directory - from the DOS days that allows the user to change directories on their machine without typing the complete path
NCLAUNCH	?	NCLAUNCH.Exe	Part of SWF Studio from Northcode Inc - an extension to Flash. Bundled when you create a self-installing screen-saver on Win2K/XP. Is it required?
NCS_SS	N	Csinsm32.exe	Same as CleanSweep Smart Sweep-Internet Sweep
NDAv	X	csnss.exe	Added by the W32.Serflog.C WORM!
NDAv	X	svhost.exe	Added by the W32.Serflog.C WORM!
NDDEAGNT	?	NDDEAGNT.EXE	WinNT default process. Network Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services
NDIS Adapter	X	ndis.exe	Added by a SDBOT.VF worm infection
NDIS Adapter	X	windows.exe	Added by the W32/FORBOT-BR WORM!
NDIS Adapter	X	lsass2.exe	Added by the WOOTBOT.CW WORM!
NDIS Adapter	X	servenxpp.exe	Added by the W32/FORBOT-GP WORM!
NDIS Adapter	X	servenxpp.exe	Added by the W32/Forbot-GP WORM!
NDplDeamon	X	nstask32.exe	Added by the RANDEX.E WORM!
NDplDeamon	X	winlogin.exe	Added by the RANDEX.E WORM!
NDPS	U	DPMW32.EXE	Novell Distributed Printer Services - part of Novell's Netware Client and Groupwise products. Not required if you don't use this feature
NDrv	X	NDrv.exe	PurityScan/Clickspring adware
NDSTray	U	NDSTray.exe	ConfigFree Tray on a Toshiba laptop. Tray utility for their network switching application which permits switching network devices and settings with a click on the tray icon. While it is not required, for people who span multiple networks and want an easy way to go from wired to wireless and change addresses and other network settings, it's a must have.
Necbar	N	Necbar.exe	Nec Assistant; Ark's Navigator, a graphical interface for NEC computers
NECMFK	Y	necmfk.exe	NEC wireless keyboard driver
Necutray	U	Necutray.exe	Driver for external USB storage devices (hard drives, flsh disks, etc)
neqprvfy.exe	?	neqprvfy.exe	Appears to be related to the downloading of some application - possibly verifying updates?
Nero	X	shch.exe	Added by a variant of the TROJ/BDOOR-EB TROJAN!
nero	X	nrchk.exe	Premium rate adult content dialer
Nero Checker	X	nerocheck.exe	Added by the Troj/Proxy-X TROJAN! Note: This is NOT related to "Nero Burning Rom" CD writing software. This trojan file is found in the Windows or Winnt folder.
Nero Updater.6.12	X	wmp9.exe	Added by the W32/Agobot-AAG Worm!
Nero.ma	X	.exe	Added by the JONBARR.D VIRUS! where <digits> is 2 or 3 random digits
NeroAutoStartClient	X	NeroASM.exe	Added by the AGOBOT.VG WORM!
NeroCheck	U	nerocheck.exe	Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
NeroCheck	X	regedit.exe	Added by the DOOMJUICE.B VIRUS! Note - this is not the valid Ahead Nero CD burning program. Also it is not the valid Windows registry editor which resides in C:\Windows or C:\Winnt wheras this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)
NeroFilterCheck	U	NeroCheck.exe	Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
NeroLoader	X	NeroLoader.exe	Added by the Troj/Bancban-EJ TROJAN!
NeroNETTrayIcon	N	NNServiceCtrl.exe	System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network
NeroUpdater6.8	X	winjava.exe	Added by the AGOBOT.AMK WORM!
Net	X	WINREG.EXE	Added by the ASSASIN.D VIRUS!
Net Accelerator	U	NetAccelerator.exe	Rizal NetAccelerator - "Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you want to speed up your Internet access up to 200% - 300% ???". Only required if you find it helps improve your performance
Net Activity Diagram	U	nad.exe	Net Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs
NET Bios Stats	X	ntbstats.exe	Added by the W32/Sdbot-ZX WORM!
Net*.exe ( = random char)	X	Net*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Net*32.exe ( = random char)	X	Net*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Net-It Launcher	N	NILaunch.exe	Net-It - web publishing software
NetAccelerator	U	NetAccel.exe	NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster, browse faster, surf faster!. Only required if you find it helps improve your performance
NetAdm7	X	NETADM7.EXE	Added by the BANCOS.F VIRUS!
Netapi	X	Netapi.exe	Added by the NETDEVIL.14 (NetDevil 1.4) VIRUS!
netapi32	X	netapi32.exe	Added by an unidentified TROJAN!
NetApp	X	winserv.exe	Added by the SHADOWTHIEF VIRUS!
Netbios Helper	X	nbthlp.exe	Added by the PWS-BANKER.Y password stealing TROJAN!
netconfig	X	netconfig.exe	Added by the NETCONF VIRUS!
NetCruiser Dialer	U	NCDialer.exe	NetCruiser Dialer from NetCruiser Software. "An Internet dialer and connection monitor with features to launch applications when a connection is detected, dial and hangup at predefined times and automatic redialing of dropped connections"
netdaemon	X	netdaemon /v	Added by the Vb.RH TROJAN! - malware designed to "kill" a number of antispyware applications: (SpyBot, Giant, SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more)
netdll32	X	netdll32.exe	Added by a CRYPTER.A trojan infection
netdllex	X	netdllex.Exe	Added by a CRYPTER.A trojan infection
NetDy	X	VisualGuard.exe	Added by the W32.NETSKY.N or W32.NETSKY.W WORM!
NETFP32.EXE	X	NETFP32.EXE	TrojanDownloader.Win32.Agent.cd
netfxupdate or NetFxUpdate_v1.0.3705	?	netfxupdate.exe	Would appear to be a valid Microsoft .NET file (see here) but this suggest\'s it\'s a trojan?
NetGuard	U	NetGuard.exe	FBM Software ZeroSpyware 2004 spyware detector and remover; real time monitor.
Netlimiter	U	Netlimiter.exe	Netlimiter - "An internet traffic control tool to monitor applications which access the internet and actively control their internet traffic. Use it o set (download/upload) speed limits for applications or even single connection. NetLimiter also allows you to share your internet connection bandwidth among all applications running on your PC."
Netline User	N	netchk.exe	Netline supplies internet related products and services and this program identifies user ID and IP information. Found installed along with the Falcon 4 game, for example
NetLink	X	netlink32.exe	Added by the GAOBOT.WO WORM!
NetLogon	X	userint.exe	Added by the W32/SDBOT-BC WORM!
NetManageImport	U	nmcpdata.exe	NetManage business software related
NetManagerService	X	ntss.exe	Added by the BESTPICS.A VIRUS!
NetMeter	X	NetMeter.exe	NetRatings Premeter spyware
NetMeter	X	NielsenOnline.exe	Appears to have possible Malware functions, for more information Click_Here
NetMon	X	netmon.exe	Added by the W32.MIMAIL.M WORM!
Netmonw	X	Netmonw.exe	Added by the TROJ/BDOOR-FX TROJAN!
netmsg	U	netmsg.exe	Net_Message is a small tool to send messages across the network, using the Windows Messenger Service, so there is no client install required to receive the messages. It has a number of other features as well.
NetPatrol	U	winclient.exe	NetPatrol network monitoring software
netpc32.exe	X	netpc32.exe	Malware, probably CoolWebSearch parasite related
NetPerSec	N	NetPerSec.exe	NetPerSec - measures the real-time speed of your Internet connection
NetPumper	X	NetPumperIEProxy.exe	NetPumper download manager - bundles Cydoor and SaveNow adware, see here
NetReach	X	nrcheck.exe	Added by an unidentified VIRUS!
Netropa Internet Receiver	X	Netropa.exe	Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware
NetRun	U	NetRun.exe	NetRun - will 'RUN' a 'List' of programs only when a internet connection is detected, and close/kill the same 'List' when the connection is lost
Netscape Messenger	N	NETSCAPE.EXE	In Netscape 6 (I know for sure with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new name for the embedded AIM, no doubt to make it sound like Windows Messenger, the XP version of MSN Messenger). Basically, netscape.exe can be more than just Netscape Messenger, and Messenger can be more then just AIM in disguise, depending on the version of Netscape installed
Netscp6	N	Netscp6.exe	Netscape 6
NetScreen-Remote	U	SafeCfg.exe	NetScreen_Remote VPN Client Software
NetService	X	ntsvc.exe	Added by the Troj/QQPass-DU TROJAN!
NetService	X	ntsvc.exe	Added by the Troj/QQPass-DU TROJAN!
netservices	X	recall.exe	Added by a variant of the W32/SDBOT WORM!
netservices	X	svchostn.exe	Added by the SDBOT.GI WORM!
NETServices	X	csxrs.exe	Added by a variant of the W32/SDBOT WORM!
NetShow Powerpoint Helper	U	NSPPTHLP.EXE	If disabled, user created fonts can no longer be seen by other programs
NetStat Live	N	Nsl.exe	AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data
netsv32	X	netsv32.exe	Added by a W32/Sdbot-PX worm infection
NetTime	U	NETTIME.EXE	From a visitor - "This is the executable for NetTime. It is started from the registry when you check the box to start at startup. NetTime allows you to synchronize your computers' clock with a server on your local net or the internet using any of several protocols, e.g. NTP."
NetTurbo	U	netturbo.exe	NetTurbo from SharewareOnline.com. "Accelerate Your Internet Connections by up to 600%". If you find it helps your connectivity leave it enabled
Netunit32	X	wunit32.exe	Added by an unidentified WORM or TROJAN!
NetWatch32	X	netwatch.exe	Added by the W32.MIMAIL.C WORM!
Netword Agent	N	nwant33.exe	An interesting browser utility that allows you to navigate by typing a single word or phrase (a "NetWord") related to what you're looking for into your browser's location field. It also puts an icon in the system tray icon that is a circle with the letter N in the center to access the menu faster. Available via Start -> Programs
NetWork	X	csrs.exe	Added by the AGOBOT.JJ WORM!
Network Access	X	winssh.exe	Added by a variant of the W32/SDBOT WORM!
Network Administration	X	NAS.exe	Added by the ANTILAM.20.Q VIRUS!
Network Administration Service	X	rsvc32.exe	Added by the RBOT.ABH WORM!
Network Associates Error Reporting Service	U	TBMon.exe	Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
Network Connections	X	internat.exe	Added by the TROJ/VB-ZD TROJAN!
network device driver	X	msfirewall.exe	Added by the Troj/Delf-LB TROJAN!
NetWork Device Switch	U	NetDevSW.exe	Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary
Network Host Controller	X	(path to trojan)	Added by the WHISPER VIRUS!
Network Host Service	X	msmnart32.exe	Added by the W32/RBOT-CJV WORM!
Network Protocol Service	X	wuamgrd.exe	WORM_RBOT.EA
Network protocol service	X	wintcp.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Network Security	X	secsvc.exe	Added by the W32/Rbot-ALX WORM!
Network Security Guard	X	*********.exe ( = random char)	CoolWebSearch parasite related.
Network Security Guard	X	(Pathname of the Trojan executable)	Added by the Troj/Colem-A TROJAN!
Network Service	X	svchost.exe	Hijacker, also detected as Win32.Omal.C Trojan.
Network Service	X	svhost.exe	Added by the Troj/HacDef-K TROJAN!
Network Service Manager	X	netsvc.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
NetworkAssociates Inc	X	internet.exe	Added by a variant of the LOVGATE WORM!
NetworkClient	X	NetworkClient.exe	Added by the LEMUR VIRUS!
NetworkKey	X	netkey.exe	Added by the Troj/IRCBot-AJ TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Networks Configurator	X	NetConfs.exe	Added by the W32/RBOT-OX WORM!
Networks Controler	X	Netsis.exe	Added by the W32/RBOT-NG WORM!
NetworkSetup	N	dlink.exe	D-Link System Tray icon
NetZero_uoltray	N	exec.exe regrun	Netzero free ISP software - not required
Netzip Smart Downloader	X	npnzdad.exe	Advertising spyware
NetZIPFolders	N	nzfprop.exe	Netzip Classic zip file manager
NeuroMedia(IESpeaker)	X	NeuroMedia.exe	Part of an older freeware version of IESpeaker - a program that allows you to listen to web pages. NeuroMedia.exe only downloads advertisments. Not included in the paid-for version currently available
NeuroSpeech OESpeaker	N	OEMonitor.exe	Part of OESpeaker - a program that allows you to listen to long E-mails instead of reading them in Outlook Express. OEMonitor.exe checks whether OE is open or not
New Csnm Manager	X	csmn.exe	Added by the SDBOT.BZS WORM!
New.net or NEWDOT~1	X	rundll32.exe NewDotNetStartup Newdot~2.exe	NewDotNet foistware
New.net Startup	X	rundll32 (path to file),NewDotNetStartup -s	NewDotNet foistware
Newman	X	playavi.exe	Added by the Troj/Lineage-AT TROJAN! Note: This trojan file is found in the Windows\java or Winnt\java folder.
News Service	?	ispnews.exe	F-Secure antivirus related. However, is this particular item required??
Newsalrt	N	NEWSALRT.EXE	MSNBC News system tray utility to alert you to new news
Newsgroup lptt01 or Newsgroup ml097e	X	newsgroup.exe	Variant of the RapidBlaster parasite (in a "newsgroup" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
NewsUpd	N	newsupd.exe	For Creative Soundblaster Live! series soundcards. System tray application for News updates. Available via Start -> Programs. Also spyware - see here.
NewtonKnowsUpd	X	NewtKnow.exe ...NewtnUpd.dll, runkey	NewtonKnow hijacker
NFM Service	U	NPDOR9x.exe	Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required
nForce Tray Options	N	sstray.exe	nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
NGClient	U	ngctw32.exe	Symantec Ghost Server software - needed for a "a Ghost multicast" (transfer images to multiple machines). Can be launched manually
ngpw36	X	ngpw36.exe	AdBlaster adware variant
NGServer	N	ngserver.exe	Symantec/Norton Ghost Console service
NI.UWFX5	X	UWFX5NetInstaller.exe	WinFixer web installer - Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
NI.UWFX5LP_0001_0802	X	UWFX5LP_0001_0802NetInstaller.exe	WinFixer web installer - Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
NI.UWFX5LP_0001_0803	X	UWFX5LP_0001_0803NetInstaller.exe	WinFixer web installer - Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
NI.UWFX5T	X	UWFX5TNetInstaller.exe	Added by the Troj/DownLdr-BO TROJAN! Note: This trojan file is found in the Windows\Downloaded Program Files or Winnt\Downloaded Program Files folder.
NI.UWFX5V_0001_0802	X	UWFX5V_0001_0802NetInstaller.exe	WinFixer web installer - Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
NiceDownloads	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
Nielsen NetRatings	N	insight.exe	Nielsen NetRatings - "Provides real-time research and analysis about Internet users, delivering the timely, actionable data you need to make critical business decisions on your competition, your Web site�s audience and your customers". Is it required?
nikLaus	X	nikLaus.exe	Added by the NIKLAS VIRUS!
NInit	N	NInit.exe	Norton Uninstall Deluxe. Monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging - not required
nisserv	Y	NISSERV.EXE	Norton Personal Firewall
Nisum	Y	NISUM.EXE	Norton Personal Firewall
niSvcLoc	U	niSvcLoc.exe	Related to National Instruments Corp. LabView
NJG40	X	NJG40.EXE	Added by the BANCOS.D VIRUS!
NkvMon.exe	N	NkvMon.exe	Nikon View 5 - for transferring pictures from Nikon digital cameras
NkVwMon.exe	N	NkVwMon.exe	Nikon View - for transferring pictures from Nikon digital cameras
NLS Keyboard	X	keyboard.exe	Added by a variant of the W32.SPYBOT WORM!
NLS Monitor	X	nlsmon.exe	Added by the W32/Rbot-AXJ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
NMSSvc	?	NMSSVC.EXE	NIC Management Service - diagnostics program for Intel Pro family network cards
NMSVC	Y	nmSvc.exe	Covenant Eyes - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Disabling it means loss of internet connection until renabled - therefore required if you use it
nMTaskBarService	?	nMtsk.exe	Taskbar control for ISDN NetMod modem. Sorry, I dont know whether or not it is required. Unknown if this is a required item for startup
nnmgr	X	nnmgr.exe	Added by the Adware.FFToolBar adware toolbar.
NNSvc	U	nnsvc.exe	NetNanny internet filter
No Credit Card	X	plugin-.exe	Adult content pop-up dialler
No-IP DUC	U	DUC20.exe	Part of http://www.no-ip.com provided service. Keeps No-IP's dynamic nameserver (DNS) updated if and when your computer's (network's) dynamic IP-address changes so that you can run servers on computers with dynamic IP. Shortcut available
NoAds	U	NoAds.exe	Blocks advertisement banners in Internet Explorer
NoAdware	U	NoAdware	NoAdware Adware/Spyware remover - initially considerered a "rogue" program - see here . The latest version has since apparently mended its ways: see note
NoAdware3	U	NoAdware3	NoAdware Adware/Spyware remover - initially considerered a "rogue" program - see here . Has since apparently mended its ways: see note
Nod32 Free antivirus	X	nod32krn.exe	Added by the W32/RBOT-AAO WORM!
Nod32CC	U	nod32cc.exe	Control Center part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update your virus data files via the click of a button
NOD32kernel	Y	Nod32krn.exe	Nod32 Antivirus Version 2
nod32kui	Y	nod32kui.exe	Nod32 Antivirus Version 2
NOD32POP3	Y	Pop3scan.exe	POP3 E-mail part of Eset's NOD32 virus-scanner
Nod3d2 Free antivirus	X	N0D32KRN.EXE	Added by the W32/RBOT-ABQ WORM!
NodeMnger	?	Nodemngr.exe	Part of the Dell OpenManage Client installation - to allow Dell representatives to remote logon?
nodriver	X	AUEKXRZ.EXE	Added by a variant of the SPYBOT VIRUS!
Noha	X	aasd.exe	PurityScan/Clickspring adware
Nokia Connection Monitor	N	NclConf.exe	Monitors the infrared port, the serial ports and the Bluetooth for a Nokia phone connection. It is installed by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon shows if a phone has been connected. If you have a conflict with another program, such as TV tuner card remote control monitor, you can disable it, and run only when needed. Available via a desktop shortcut or Start -> Programs - not required
Nokia Tray Application	U	NclTray.exe	Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
NOMAD Detector	U	ctmnrun.exe	Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
NomdCheck	N	nomdchek.exe	Part of Intel's Native Audio
Norman ZANDA	U	ZLH.EXE	System Tray icon for Norman Antivirus
NortE Antivirus	X	norten.exe	Added by the W32/Rbot-AFF Worm!
NortE Antivirus	X	norte.exe	Added by the RBOT.BQQ WORM!
norten Software Intrenet	X	norten.pif	Added by W32/Rbot-AWA WORM!
Norton Antivirus 2004	X	SYMANTECAV2.EXE	Added by the W32/Spybot-DY WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Norton Antivirus 7.0a	X	[path to file]	Added by the PERDA-B or RANCK-CT TROJAN
Norton AntiVirus AutoProtect	Y	navapw32.exe	Norton Anti-Virus's background scanning process.
Norton Antivirus AV	X	FVProtect.exe	Added by the W32.NETSKY.P WORM! **Note - this is not the popular AV software!
Norton AntiVirus Sys	X	NAVsys32.exe	Added by a variant of the W32/WOOTBOT WORM!
Norton Auto Protect	X	nava.exe	Added by an unidentified WORM or TROJAN!
Norton Auto Protect	X	crss32.exe	Added by the SDBOT.ATF WORM!
Norton Auto-Protect	Y	navapw32.exe	Norton Anti-Virus's background scanning process. Can be inconvenient because it scans files when Run/Opened or Downloaded/Created and you can scan files manually via right-click after downloading/copying. However, in light of some of the viruses around these days it's probably best to put up with the inconvenience
Norton Auto-Protect	X	ccApp.exe	Added by the W32.Ahker.D WORM! **Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton_AV_2003 file with the same filename
Norton Auto-Protect	X	SERVICES.exe	Added by the W32.Ahker.B WORM!
Norton AV Preload	?	Premend.exe	Norton Antivirus related. What does it do and is it required
Norton AV Protection Startup	X	Ati2xxx.exe	Added by a variant of the WIN32.RBOT WORM!
Norton Crashguard Monitor	N	cgmenu.exe	Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001
Norton Disk Doctor	N	Ndd32.exe	Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, checking for disk errors. Better than ScanDisk but can be started manually via Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
Norton Drive Protection	X	msdt32.exe	Added by the W32/FORBOT-GB WORM!
Norton eMail Protect	Y	POPROXY.EXE	Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
Norton Firewall	X	(path of the Trojan EXE)	Added by the Troj/Banker-ET TROJAN!
Norton Ghost 9.0	N	GhostTray.exe	Norton_Ghost tray icon - the application can be launched manually
Norton Guard 32	X	ntguard32.exe	Added by a variant of the WIN32.RBOT WORM!
Norton Live Update Server	X	cpsdv.exe	Added by the AGOBOT.EW WORM!
Norton Live Updater	X	Cavapsvc.exe	Added by the GAOBOT.AO WORM!
Norton Live Updater	X	Sochost.exe	Added by the GAOBOT.AO WORM!
Norton Navigator Loader	N	nnloader.exe	An older Norton utility for file management under Windows 95. More information here
Norton Personal Firewall	X	npfw.exe	Added by the W32/RBOT-UI WORM!
Norton Personal Firewall	X	jah.exe	Added by a variant of the W32/SDBOT WORM!
Norton Personal Firewall	X	npfw32.exe	Added by the W32/RBOT-UQ WORM!
Norton Personal Firewall	X	lah.exe	Added by a variant of the WIN32.RBOT WORM!
Norton Personal Firewall	Y	IntroWiz.exe	Part of Norton Personal Firewall or Norton Internet Security
Norton Program Scheduler	U	nsched32.exe, NPSsvc.exe	Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95, WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus scans
Norton Program Scheduler Event Checker	?	npscheck.exe	Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker
Norton Protect	X	npprotect.exe	Added by the W32/RBOT-WW WORM!
Norton protect	X	nvsvc.exe	Added by a variant of the WIN32.RBOT WORM! - NOTE - do NOT confuse with the legitimate NVIDIA Driver Helper Service file of the same name as described here
Norton Protect Activies	X	csrss.exe	Added by the Troj/Banker-CZ TROJAN!
Norton Service Driver	X	wsul.exe	Added by the W32/RBOT-ABI WORM!
Norton Service Process	X	navapvc.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Norton SpySweeper AutoUpdate	X	navsw.exe	Added by a W32/Forbot-AS worm infection
Norton Swap Cleaner	X	nortonswap.exe	Added by a W32/Rbot-MH worm infection
Norton System Doctor	N	Sysdoc32.exe	Norton Disk Doctor from Norton Utilities. Automatically runs at start-up, major resource hog and best started manually form Start -> Programs. Delete the shortcut in the Start -> Programs -> Startup folder as well
Norton SystemWorks	N	cfgwiz.exe	Norton SDystem Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it
Norton Update	X	ccUpdate.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Norton Update	X	winsvc.exe	Added by the AGOBOT.ALP WORM!
Norton updated	X	NVSV32.EXE	Added by the SDBOT.ABH WORM!
Norton Updater	X	winset.exe	Added by a variant of the W32.SPYBOT WORM!
Norton Updater	X	NortonUpdate.exe	Added by an unidentified WORM or TROJAN!
Norton Updater	X	lsa.exe	Added by a variant of the WIN32.RBOT WORM!
Norton Updater	X	ccUpdate.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Norton Updater	X	navupdtr.exe	Added by the SDBOT.AXV WORM!
Norton Wizzard	X	nwiz.exe	Added by the GAOBOT.ZX or GAOBOT.ADV WORMS! Note - this is not the valid nVidia application that shares the same name
norton32	X	norton32.exe	Unidentified worm or trojan
NortonAntivirus	X	LSASS.exe	Added by the W32.Pexmor WORM! Note: This (LSASS.exe) is not the legitimate Windows Process and has nothing to do with NortonAntivirus. The legitimate Windows Process (Lsass.exe) is found in the System32 folder and should not be seen in Msconfig or as a Startup item. This worm file is found in the Windows\Temp or Winnt\Temp folder.
NortonAV	X	norton_antivirus.exe	Added by the BACKDOOR.NETJOE TROJAN! **Note: this is not the legitimate Symantec AV program
nortonav	X	CCUPD32.EXE	Added by an unidentified WORM or TROJAN!
Nortons AV SYSTEM	X	scvchost.exe	Added by a variant of the WIN32.RBOT WORM!
nortonsantivirus	X	ccEvtMngr.exe	Added by the TROJ/HZDOOR-A TROJAN!
NortonVPlus	X	svchost.exe	Added by the Troj/Roamer-A TROJAN! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Notebook Maximizer	U	maximizer_startup.exe	Toshiba Notebook Maximizer software; adjust settings to save battery power and increase efficiency
NotebookManager	?	nbm.exe	Associated with Acer notebook PCs. What does it do and is it required?
NOTEPAD	X	NOTEPAD.exe	Added as the result of the RUSTY VIRUS! Note - not to be confused with the valid Windows "NOTEPAD" text editor! - This malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
Notepad lptt01 or Notepad ml097e	X	notepad.exe	Variant of the RapidBlaster parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not Windows Notepad which has the same executable name
notepad.exe	X	upx.exe	Added by a variant of the WIN32.AGENT.AH TROJAN!
notepad.exe	X	msmsgs.exe	Added by the TROJ/ZLOB-I and Troj/Zlob-H TROJANS!
notepad.exe	X	msmsgs.exe	Added by a variant of the Troj/FAKESPY-B TROJAN! - NOTE: this particular msmsgs.exe file is located in the Windows\System32 or Winnt\System32 folder, and should not be mistaken for the MSN Messenger file of the same name!
notepad2.exe	X	popuper.exe	Added by the Troj/Puper-C or TROJ/PUPER-E or Troj/Puper-AX TROJAN!
notes	X	notepaad.exe	Added by the RBOT.BME WORM!
Notn	X	Eber.exe	PurityScan/Clickspring adware
Notn	X	wtta.exe	PurityScan/Clickspring adware
NovaBackup * Tray Control	U	NbkCtrl.exe	Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see http://www.no-panic.com/backup/tech_supt/nbackup7_commandline.html * represents the version number
NovaPortal Single User Service	?	NPSU.exe	??
Novast or Schedulerd	U	SCHENGD.EXE	NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it
NOYPI_KANG_ASTIG	X	Exit to DosPrompt.pif	Added by the W32.Filukin.A WORM!
NPF Value	X	NPFMONTR.exe	Added by a variant of the W32.SPYBOT WORM!
NPFMonitor	?	NPFMntor.exe	Norton AntiVirus Firewall Install Monitor - what exactly does it do and is it required?
NPROTECT	U	nprotect.exe	Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid - see here
NPS Event Checker	?	npscheck.exe	Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event Checker
NS	X	ns.exe	Added by the W32/AGOBOT-HS WORM!
NSCheck	X	NSCHECK.EXE	NetSetter/Marketscore foistware
nscntrl	X	nscntrl.exe	Added by the Troj/Dload-DC TROJAN!
nsdcmd services	X	nsdcmdav.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
nsdcmd vid process	X	nsdcmdwin.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
nsdlua	X	nsdlua.exe	All-In-One Telcom - adult content dialler
nsdriver	X	nssys32.exe	NetShagg adware
nse	X	nse.exe	Added by the AGOBOT-ML WORM!
Nsengine	U	Nsengine.exe	Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here
NSHelper	U	aexnsinstallhelper.exe	Altiris Express Notification Server Install helper - monitors integrity of the installation
nssysconf	X	(random file name)	VIVIA.A trojan variant
nstat	X	netstat.exe	adult material dialer
NsUpdate	X	NsUpdate.exe	Added by the Dial/Laet-B Dialer! Note: This is a premium rate dialer application and can run up very large phone bills.
Nsv	X	nsvsvc.exe	Delfin_Promulgate adware
nsvcin	X	n20050308.exe	Adware downloader/installer, Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!
Nsvdr	X	nsvdr.exe	Adult content dialler
nsys	U	nsys.exe	NetSpy keystroke logger/monitoring program - remove unless you installed it yourself!
nsys32	X	nsys32.exe	Added by the W32/Agobot-SU Worm!
NSystemMonitor	N	Symmon.exe	Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging
NT Kernel Patch	N	ntkrnlpt.exe	FaxServe network fax software
NT Logging Service	X	Syslog32.exe	Added by the W32/SDBOT-ACK WORM!
NT MICROSOFT SVCD	X	ntvsvcd.exe	Added by a variant of the WIN32.RBOT WORM!
NT security	X	rundll32.com	Added by the W32/Rbot-AJC WORM!
NT Service	X	NTOKSRNL.EXE	Added by the W32/RBOT-AAG WORM!
NT Services	X	ntsvc.exe	Added by the AGOBOT.VJ WORM!
NT Video API32	X	NTAPI32.exe	Added by the W32/RBOT-FW WORM!
NT Virtual Machine	X	[path to file]	Added by the W32/SCAERBOT-A WORM!
Nt*.exe ( = random char)	X	Nt*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Nt*32.exe ( = random char)	X	Nt*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
NT-Virtual Device Manager	X	ntvdmn.exe	Added by the W32/SDBOT-AAA WORM!
Ntcheck	X	mapserver.exe	Added by the TROJ/TOMPAI-B WORM!
NTCommLib3	X	NTCommLib3.exe	Admess adware variant
ntddetect	X	ntddetect.exe	Added by the TROJ/AGENT-CU or BDOOR-ZAU TROJANS!
NTdhcp	X	NTdhcp.exe	Added by the Troj/QQRob-O or Troj/QQRob-K TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder
NTdhcp	X	CiKewl.exe	Added by the Troj/QQRob-N TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ntdll	X	ntdll.exe	Added by the BIONET.404 VIRUS!
NTDLM	X	csrss.exe	Added by the HALE VIRUS! Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling as this resides in c:\winnt\system32\qossrv
Ntech.patchs	X	(trojan filename)	Added by the LEMIR.G VIRUS!
ntechin	X	n20050308.exe	Adware downloader, Delphin_Media_Viewer related, also detected as the DELMED.A TROJAN!
NTFS16	X	ntfs16.exe	Added by a W32/Rbot-LY worm infection
NTFSCLUP	Y	NTFSCLUP.EXE	Part of ConfigSafe- "checks if an ntfssos restore has been performed since it was last run. It exits immediately after running. 99 % of the time it will only execute about a dozen instructions before exiting"
ntfsmonitorpro	X	ntfs64.exe	Added by the W32/FORBOT-EB WORM!
NTFSS Microsoft System	X	filees.exe	Added by the RBOT.GAB WORM!
NTFSS MICROSOFT SYSTEM	X	filess.exe	Added by the RBOT.AXZ WORM!
ntldr	X	ntldr.exe	Browser hijacker to search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry changes found by HijackThis, also creates the following system files: * Creates file C:\WINDOWS\SYSTEM\ntldr.exe. * Creates file C:\m.exe. * Creates file C:\WINDOWS\Search-For-You.url. * Creates file C:\n.bat. * Deletes file c:\q.exe. * Creates file C:\q.exe. * Creates file C:\r.bat
ntlfreedom	N	RyDial.dll, QuickStart	NTL Freedom ISP software - reportedly not required
ntmsevt	X	ntmsevt.exe	Added by the TROJ/STOPED-B TROJAN.
NTP Server	X	(path to trojan)	Added by the RANKY.F VIRUS!
nTrayFw	Y	ntrayfw.exe	Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
NTrtc	N	ntrtc.exe	Dell year 2000 tool to deal with non-standard applications. Only required on older Dell PCs that may need this support - see here
NTSet32	X	services.exe	Added by the Troj/WinSpy-C TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the Windows\dll32 or Winnt\dll32 folder.
NTSF Microsoft System	X	ntsf.exe	Added by the RBOT.ARQ WORM!
NTSF Microsoft System	X	fylez.exe	Added by a variant of the WIN32.RBOT WORM!
NTSF MICROSOFT SYSTEM	X	wntsf.exe	Added by the RBOT.ATC WORM!
NTSF MICROSOFT SYSTEM	X	fufffy.exe	Added by the W32/Rbot-AEL Worm!
NTSF MICROSOFT SYSTEM	X	scvhost.exe	Added by a variant of the WIN32.RBOT WORM!
NTSF MICROSOFT SYSTEM	X	ntssf.exe	Added by a variant of the WIN32.RBOT WORM!
NTSF MICROSOFT SYSTEM	X	winsis32.exe	Added by a variant of the WIN32.RBOT WORM!
NTSF MICROSOFT SYSTEM	X	marya.exe	Added by the W32/Rbot-AXY WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ntsmod	X	ntsmod.exe	adware downloader/installer, probably VX2/Look2Me related - also detected as the WIN32.VB.RL TROJAN!
NTsocket	X	NoeWinnt.exe	Added by the Ataka-E TROJAN!
NTsrv.exe	X	NTsrv.exe	Added by a variant of the SERVU-O TROJAN!
nTune	U	nTune.exe	nVidia nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
ntupd32	X	ntupd32.exe	See_Here
ntupdate	X	dnsvc.exe	Added by the W32/SDBOT-TC WORM!
NTupdater	X	(Points to the renamed mIRC client.)	Added by the Troj/Digarix-D TROJAN!
NTVDM	U	NTVDM.EXE	Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS\'s (Windows NT, 2K and XP). Required if hardware on a machine with these OS\'s needs 16-bit DOS drivers. You can find a bit more about NTVDM here
ntvdmd	X	ntvdmd.exe	Adware downloader - also detected as the TROJ/DLOADER-YP TROJAN!
ntvdscm	X	ntvdscm.exe	Added by the Troj/ScKeyLog-I TROJAN!
NuTCSetupEnviron	Y	ncoeenv.exe	Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows, so disabling this would be unwise if you are using NuTCracker or any 3rd party package that is using it. Since you might not know what is actually using it it's probably best left alone
NVagent	X	Informe.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
NvagNT	X	nvagNT.exe	Added by the W32/AGOBOT-RV WORM!
nvc Win32	X	nvcvc.exe	Added by the W32/Rbot-ADD Worm!
NvClipRsv	X	swchost.exe	Added by the W32/Dumaru-AK WORM!
NvClipRsv	X	rsv32.exe	Added by a Troj/Tofger-X trojan infection
NvClipRsv	X	svchost.exe	Added by the W32/Dumaru-AK WORM!
NVCLOCK	?	rundll32 nvclock.dll, fnNvclock	Overclocking utility for nVidia based graphics cards?
NvColorInit	?	rundll32.exe NvQtwk.dll, NvColorInit	Associated with Nvidia based graphics cards
NVCOM	X	NVCOM.exe	Added by the W32/AGOBOT-SB WORM!
NvCpl	U	NvStartup	Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
NvCpl	X	NvCpl.EXE	Added by the W32.YANZ.B WORM!
NvCpl	U	rundll32.exe NvCpl.dll	Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
NvCpl	X	windowsp.exe	Added by a variant of the W32/SDBOT WORM!
NvCpl	X	(random executable)	Added by the W32/AGOBOT-APJ WORM!
NvCpl	X	rundl32.exe	Added by the W32/Agobot-TO WORM! Note: This (rundl32.exe) is not the legitimate Windows process rundll32.exe (Notice the difference in the spelling.) This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
NvCplD	X	m2gr32.exe	"Switch" premium rate adult content dialer
NvCplD	X	ntcpl.exe	"Switch" adult content dialer
NvCplDaemon	N	rundll32.exe NvQtwk.dll, NvCplDaemon	System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)
NvCplDaemon	U	rundll32.exe NvCpl.dll	Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
NvCplDaemon	U	NvStartup	Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
NvCplDaemon	X	msmsgrs.exe	Added by the Troj/Dloader-YI TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
NvCplDaemon32	X	anvshell32.exe	Added by the Troj/VB-XU TROJAN!
NvCplDeamon	X	nvdisp.exe	Added by the Troj/PeepVie-I TROJAN!
NvCplDmn	X	NAVSVC.EXE	Added by an unidentified VIRUS!
NvCplScan	X	msc32.exe	Added by the W32/FORBOT-DD WORM!
NvCplScan	X	winasp.exe	Added by the FORBOT.BZ WORM!
NvCplScan	X	nvsc32.exe	Added by the W32.Kelvir.D WORM!
NvCplScan	X	kav32.exe	Added by the W32/FORBOT-EW WORM!
nvd32 lptt01 or nvd32 ml097e	X	nvd32.exe	Variant of the RapidBlaster parasite (in a "nvd32" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Nvid	X	<8 random charachters>	Unidentified adware
Nvid32	X	Nvid32.exe	Added by the GEMA TROJAN!
Nvidex32	X	Nvidex32.exe	Added by the GEMA TROJAN!
NVIDIA ActiveArmor	Y	ntrayfw.exe	Software interface for NVIDIA ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets
Nvidia Control Daemon	X	nksvc32.exe	Added by the W32/AGOBOT-OV WORM!
Nvidia Control Panel	X	ncsvc32.exe	Worm, as yet unidentified
NVIDIA Driver	X	MSPMSPSU.EXE	Added by a WORM_WOOTBOT.Y infection
NVIDIA nForce APU1 Utilities	N	NVATray.exe	nVidia's nForce Audio Processing Unit (APU) ; provides 3D positional audio and DirectX 8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real time.
NVIDIA nTune	U	nTune.exe	nVidia nTune - motherboard monitoring and overclocking utility for nVidia nForce chipset based motherboards
NVIDIA Remote Control Panel	?	Nvarem.exe	NVIDIA graphics card related - what does it do and is it required?
NVidia System Utility	U	NVSystemUtility.exe	The NVidia_System_Utility lets you adjust bus speeds, hardware voltages, memory controller timings, and fan speed as well as additional settings to increase performance aggressiveness and hardware voltages. Will also display a dynamic graph of CPU and system temperatures, hardware voltages, and memory bus speeds.
NVIDIA Video drivers	X	video_32D.exe	Added by the AGOBOT.KV WORM!
NVIDIA Video drivers	X	video_32sD.exe	Added by the W32/RBOT-BB WORM!
Nvidia32	X	nvidia32.exe	CoolWebSearch parasite related.
NvidiaQuickTweak or NVQuickTweak	N	rundll32.exe NvQtwk.dll, NvTaskbarInit	System Tray icon used to change display settings for nVidia based graphics cards. Unnecessary since you can easily configure these settings the way you want them in the Display Properties
nvidll32	X	nvidll32.exe	Added by the W32/RBOT-XK WORM!
NVIEW	U	rundll32.exe nview.dll, nViewLoadHook	This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers
nviload32	X	nviload32.exe	Added by the W32/SDBOT-VT WORM!
nviload32	X	nviload32.exe	Added by the W32/SDBOT-VT WORM!
NvInitialize	N	rundll32.exe NvQtwk.dll, NvXTInit	Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled
nvirundll	X	nvirundll.exe	Added by the W32.SPYBOT.NPS WORM!
nvjxue	X	nvjxue.exe	Added by the W32/EYEVEG-J WORM!
NVmax	Y	NVmax.exe	NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card
NVMCTRAY	N	RUNDLL32.EXE ...NVMCTRAY.DLL, NvTaskbarInit	System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
NvMediaCenter	N	RunDLL32.exe NvMCTray.dll, NvTaskbarInit	System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
NVMixerTray	N	NVMixerTray.exe	System Tray access to audio controls from nVidia's motherboard ForceWare software
nvmsgdwn	X	NVMSGDWN.EXE	Added by the Troj/Graber-D TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
NvMsnW	X	Isass.exe	Added by the WIN32.BROPIA.K WORM!
NVRaidService	Y	nvraidservice.exe	nVidia NVRaid - hard disk striping/mirroring utility for increased performance and reliability. Required if you have a RAID setup
NVRT	N	nvrt.exe	NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports
NVRTClk	?	NVRTClk.exe	Related to a Gigabyte video card; unsure whether required
nvsv32.exe	X	nvsv32.exe	Added by the W32/FORBOT-DI WORM!
nvsv32.exe	X	cstr.exe	Added by a variant of the W32/SDBOT WORM!
nvsv32.exe	X	asr_fnt.exe	Added by the WOOTBOT.GE WORM!
nvsv32.exe	X	nvsv33.exe	Added by the WOOTBOT.FP WORM!
NvSvc	N	nvsvc.exe	NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled. NOTE: If using drivers other than nVidia's, such as Asus, this service may have been renamed to reflect that
NVSVC	X	nvsvc.exe	Added by the AGOBOT.ALX WORM! - NOTE - do NOT confuse with the legitimate NVIDIA Driver Helper Service file as described here
nvsvca32	X	nvsvca32.exe	Added by the WIN32.TACTSLAY.E TROJAN!
NVSystem32	X	nvscv32.exe	Added by the W32/Agobot-NO WORM!
NvUpdater	X	nwiz32.exe	Added by a variant of the WIN32.RBOT WORM!
NvXplDeamon	X	xstyles.exe	Added by the SMALL.AJ VIRUS!
NWEReboot	?	dummy.exe	??
nwiz	N	nwiz.exe	Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system
nwiz32	X	nwiz32.exe	Added by the Troj/Sinbank-A TROJAN!
Nwpopup	Y	Nwpopup.exe	Broadcast message handler part of Novell_Netware that displays server, printer and other messages.
nwrecmsg	U	nwrecmsg.exe	Broadcast message handler part of Novell_Netware that displays server, printer and other messages - can cause crashes
nwss	U	Sp0.exe	Added by the SpyOutside surveillance software. Uninstall this software unless you put it there yourself.
NWTRAY	Y	nwtray.exe	Novell Netware. Displays the red "N" tray icon which can be disabled (by right-click on the icon) but is also needed by the client
oadaemon	?	oadaemon.exe	Background process that establishes connection with a C3-1000 scanner and watch general status of the device and for scanner button presses. Can it be started manually?
oahstifr	Y	oahstifr.exe	Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
OAKSTART	U	OAKSTART.EXE	Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
OAKTASK	N	OAKTASK.EXE	Taskbar utility for a "control panel" for a CD-RW
OASClnt	?	oasclnt.exe	McAfee VirusScan On-Access Scan Client service - what does it do and is it required?
Object Store Server	Y	osserver.exe	Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital, it verifies all the links etc in a site. It runs as a service in NT, 2K and XP but needs to start up in Win 9.x so you'll see a DOS box for a short while during boot up."
objtjprx	?	objtjprx.exe	??
obsver	?	obsver.exe	Part of LingoWare translating software - what does it do and is it required?
OCAudioIni	N	OCAudioIni.exe	One-click Audio Converter - allows you to convert files of multiple audio formats right from Windows Explorer
ocraware	N	ocraware.exe	Optical Character Recognition software as part of OmniPage Limited Edition - supplied with some scanners. Scan directly into most word processor applications, such as Word, WordPerfect, etc. Available via Start -> Programs
ocx32	X	ocx32.exe	Added by the ASTEF or RESPAN VIRUSES!
OCXUPDT32	X	ocxupdt32.exe	Added by the W32/AGOBOT-IF WORM!
OD	X	SYSCNTR.EXE	HotVideo dialler
od-matrxx	X	od-matrxx.exe	Adult dialler - xx can be any number
od-stndxx	X	od-stndxx.exe	Adult dialler - xx can be any number
od-teenxx	X	od-teenxx.exe	Adult dialler - xx can be any number
ODBC BackUp	U	fdxxl.exe	G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here . Disable/remove if you didn't install it yourself!
oddworldz.exe	X	oddworldz.exe	Added by the Troj/Multidr-EG TROJAN!
Odometer	N	Odometer.EXE	Mouse odometer - tracks how far your pointer/arrow has traveled on the screen. Shortcut available
ODSPConfig	U	ODSPConfig.exe	DsktopSurveil surveillance software - get rid of it unless you installed it yourself!
Oeloader	X	Oeloader.exe	Xupiter OrbitExplorer toolbar related, drive-by foistware
OEM Tools 32	X	tres32.exe	Added by a RBOT.QB worm infection
OEM32 Tools	X	sres32.exe	W32.SpyBot worm variant
OEMCLEANUP or OEMRESET	N	oemreset.exe	Resets OEM installation settings at bootup. Not required unless you\'re new to PC\'s
OEMRUNONCE	U	oemrun.exe	Windows Millennium file - used by setup when installing the OEM 'express' version of the operating system. Uncheck after setup has finished.
oeplugin	U	bxOEPlugin.exe	noHTML for Outlook Express is an add-on that protects Outlook Express from email viruses and email scripts by converting incoming email messages from HTML format to simple text.
OEPowerPlugs	?	winoeinit.exe	??
OESpamTest	U	OESpamTest.ExE	Kaspersky_Anti-Spam
OEXCheck	N	EA2Check.exe	Express Assist from AJSystems.com. Utility for use with Outlook Express to backup, restore, synchronize amongst others
Offer Companion or Offers	X	offers.exe	Advertising spyware
Office Startup	N	Osa.exe, Osa9.exe	Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.
Office Startup	X	Exploer.exe	Add by the GAOBOT.BV WORM! **Note - This is not a valid MS Office entry
Office Startup	X	exploer.exe	Added by the AGOBOT.BV WORM!
OfficeAgent	X	svcrhost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
OfficeAgent	X	outIook.exe	Added by the WIN32.TACTSLAY.A TROJAN!
OfficeAgent	X	expIorer.exe	Added by the WIN32.TACTSLAY.A TROJAN!
OfficeAgent	X	svcshost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
OfficeDeamon	X	msorunner.exe	Added by a variant of the WIN32.TACTSLAY TROJAN!
OfficeGuard RegChecker	Y	ogrc.exe	Kaspersky Labs anti-virus
OfficeGuardUI	X	svcss.exe	Added by the DEDLER-C TROJAN!
officejet 6100	?	hposol08.exe	Associated with a HP PSC2110 (and maybe others) all-in-one machine
OfficeQuickAccess	X	OfficeHost.vbs	Added by the W32.Pexmor WORM! Note: This worm file is found in the Windows\Temp or Winnt\Temp folder.
Offices	X	msnmgd32.exe	Added by the W32/FORBOT-DV WORM!
OfficeScan95	Y	pccwin97.exe	Trend Micro antivirus OfficeScan
OfficeScanNT Monitor	Y	pccntmon.exe	Trend Micro OfficeScan Antivirus real-time scan monitor
OFFICEXP	X	OFFICEXP.exe	Added by the WOOTBOT.HE WORM!
office_update	X	(Pathname of the Trojan exe)	Added by the Troj/Dloader-ZB TROJAN!
OfotoNow USB Detection	N	Rundll32.exe OFUSBS.DLL, WatchForConnection OfotoNow	Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start -> Programs
ogrc	Y	ogrc.exe	Kaspersky Labs anti-virus
Oil Change	N	OCTray32.exe	From CyberMedia/Network Associates. Checks for updates to software installed on your PC. Available via Start -> Programs
OIM	?	oim.exe	Related to the O2 (was "genie") mobile phone service. What does it do and is it required?
OLE	X	(filename)	Added by the STAWIN or TARNO.D VIRUSES!
oleaccrc	X	oleaccrc.exe	Adware downloader - recognized by Kaspersky antivirus as TrojanDownloader.Win32.Agent.am
OLEDb Service	X	runoledb32.exe	Added by a variant of the SPYRE.B TROJAN!
Olehelp	X	Olehelp.exe	CoolWebSearch parasite related.
olehelp	X	olehelp.exe	Added by the BOOKMARKER.D or BOOKMARKER.G hijacker/viruses
OleLoader	X	ole32.exe	Added by the BACKDOOR.WIN32.DELF.BR TROJAN!
olesvr	U	olesvr.exe	Salfeld Child_Control_2003 - parental control software
Olive System	X	Szchost.exe	Added by the MERCURYCAS.A VIRUS!
Olympic	X	IE4321.exe	Adult content premium rate dialer - also detected as Trojan.Win32.Small.CZ
Omf4	X	OMF4.EXE	Added by the FREEMEGA VIRUS!
OmgStartup	N	omgstartup.exe	Sony program called OpenMG Jukebox - player and music organizer
OmniHTTPd	U	ohttpd.exe	OmniHTTPd web server from Omnicron
OmniPage	N	Opware32.exe	Part of OmniPage Pro from Scansoft (was Caere) - "the fastest, easiest way to turn paper documents into digital files you can edit." Opware32.exe links Word, via OLE, with OmniPage. If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
OmniPass	U	scureapp.exe	OmniPass from Softex Inc. - secure password management software
On Screen Display	U	OSD.EXE	By Netropa for HP and other brands. Same group as KBD MediaCenter & Touch Manager. Pressing a "hot key" on such a keyboard brings a corresponding panel on the screen for volume, etc. Nice but not required if you don\'t adjust things regularly - can also freeze
OneTouch Monitor	N	OneTouchMon.exe	"Finds" the Visioneer scanner to see if it's on then loads it in the tray for quick access which delays the initial boot to desktop process. According to the Windows_Startup_Online_Repository , with the icon in the tray, if you restart or leave desktop, on your return, it again looks for the scanner and again bogs down your system. A desktop icon or star t > programs will provide access without the constant delays. Advise not to load this one in the tray.
OneTouchMonitor or One Touch Monitor or ONETO	N	OneTouchMonitor.exe 1tou~2.exe ONETOU~2.EXE	For Visioneer OneTouch scanners. System tray access to the control panel for the scanner
Onflow	X	onflow.exe	Onflow is a internet company that offers an online advertising program. Not required - uninstall
Online Service	X	svchost.exe	Added by the HOSTIDEL.B or TARNO.B VIRUSES! This is not the valid svchost.exe as described here. Located in a Windows\Tasks directory, and not in Windows\System32
Online Service	X	svchost.exe	Added by the HOSTIDEL.C VIRUS!. This is not the valid svchost.exe as described here
OnlinePCfix SmoothSurfer	U	SS.exe	Smooth-Surfer - blocks banners, ads, popups, and cleans MRU and Recent file lists
OnlineTime	N	onlinetime.exe	OnlineTimer - monitors your Windows dial-up network and logs the time you spend online as well as the resulting costs
online_party	X	online_party.exe	Adult content dialler
Onluna Sarvice	X	sachost.exe	Added by the TROJ/TOFGER-AA TROJAN!
Onlune Sarvice	X	sachost.exe	Added by the TROJ/DAEMONI-J TROJAN!
OnSrvr	X	OnSrvr.exe	OnWebMedia adware
oo4	X	RunDLL32.EXE oo4.dll, DllRun	BookedSpace parasite variant
OOLHELPT	?	OOLHELPT.exe	??
OP12 Reminder	N	Ereg.exe	Registration reminder for OmniPage Pro 12 from ScanSoft
Open Service Drivers	X	opiater.exe	Added by a variant of the WIN32.RBOT WORM!
Open Site	X	opnste.exe	OpenSite adware
Open Site	X	opensite.exe	OpenSite adware
Open2Enter	X	runme.exe	Adult Content Dialler
Open2Enter	X	runme2.exe	Adult Content Dialler
Open32	X	Open32.exe	Horseserver.net browser hijacker
OpenGL Drivers	X	0penGLD.exe	Added by the W32/YIMP-A WORM!
OpenMstart	X	mcmgr32.exe	"Switch" adult content dialer
OpenMstart	X	mmgr32.exe	"Switch" adult content dialer
OpenMstart	X	Snt.exe	"Switch" adult content dialer
OpenOffice.org ..*	U	quickstart.exe	OpenOffice.org office suite quick start (where "..*" is the version number)
OpenOffice.org x	N	QUICKS~1.EXE	Displays OpenOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the OpenOffice suite. Available via Start -> Programs. Will automatically be started when any OpenOffice component is started from Start -> Programs. A resource hog (takes > 16 MB of memory). "x" represents the version number
Openwares LiveUpdate	U	LiveUpdate.exe	Web-update utility as used by various types of software - see here
Operations Typhoon Rising Registration	N	NOVG.EXE	Joint_Operations registration reminder
Operator	N	??	Media Pilot operator, in Win.ini. Locks port open
Operator	U	xtmop.exe	Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported
OpiStat	N	OPISTAT.EXE	OpiStat is a European Research Institute whose goal is to understand consumer needs and opinions better
OPQFile	X	regedit.exe /s ...rad03FA6.tmp	Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit
opr	X	opr.exe	MediaMotor/Popuppers adware component
opsql update check	X	opsql.exe	Added by the W32/RBOT-ACJ WORM!
OPTIMIZER	X	iexplore.exe	Added by the EVIVINC VIRUS! Note - "iexplore.exe" resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) whereas the valid "iexplore.exe" (IE) resides in C:\Program Files
Optimum Online	X	Netsurf.exe	OptimumOnline ISP software related spyware - displays advertising popups and collects information about user activity.
Optional Web Drivers For WIN32	X	phqghume.exe	Added by a variant of the WIN32.RBOT WORM!
Optus Cable Data Monitor	U	datamonitor.exe	Allows Optus customers to monitor their actual data usage against Optus' "data allowance limits".
OptusNetUsage	U	OptusNet Usage Meter.exe	This product is designed specifically for OptusNet users who wish to have their connection monitored on a frequent basis. It can also estimate when you are going to hit your usage limit, and how far over your suggested limit you should be.
Opware12	N	Opware12.exe	OmniPage Pro 12 from ScanSoft
Opware14	N	Opware14.exe	ScanSoft's OmniPage_Pro_14 - If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
OpwareSE2	N	OpwareSE2.exe	ScanSoft's OmniPage_Pro_14 - If running, a user can call up OmniPage from inside of Word and ask it to scan something, via "File, Acquire Page." Also some of OmniPage's Options dialog boxes are accessible from within Word. Only required by novices and is Available via Start -> Programs
OrbitUpdate	X	update.exe	Xupiter OrbitExplorer toolbar, drive-by foistware
OrbitView	X	view.exe	Xupiter OrbitExplorer toolbar, drive-by foistware
OrderReminder	N	OrderReminder.exe	The HP Order Reminder utility is installed with the HP LaserJet printer software and allows you to set specific times for reminders to check the current level of toner in the print cartridge - it also contains an Order Now link to a Web page that helps you order supplies online from a reseller of your choice.
org5.exe	?	org5.exe	Lotus Organizer 5 application file, Lotus Organizer software. What does it do and is it required?
OrgyCam	X	OrgyCam.exe	Adult content dialler
OrigRage128Tweaker	U	RAGE128TWEAK.EXE	Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com
ORiNOCO	U	Cmluc.exe	Client Manager software for an ORiNOCO wireless LAN card
OS Security	X	mswind32.pif	Added by the W32/Rbot-ASU WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
OSA	X	winword.exe	Added by the Trojan.Kangenie TROJAN!
Osa32	X	NTOSA32.exe	Added by the ANIG VIRUS!
OSS	X	ossproxy.exe	NetSetter/Marketscore foistware
OSS	X	rk.exe	RelevantKnowledge, NetSetter/Marketscore foistware variant
OSS	X	rlvknlg.exe	MarketScore/Relevant_Knowledge adware related.
OSSProxy	X	OSSPROXY.EXE	NetSetter/MarketScore foistware
OStivityInvAgt	U	ostivity.exe	OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network, a complete inventory (software and hardware) is taken of the system"
Osus	X	acao.exe	PurityScan/Clickspring adware
Osus	X	rrup.exe	PurityScan/Clickspring -Adware - The executable is located in the user's "Application Data" folder or the Program Files\htwu folder.
otcx	X	otcxxh.exe	Added by the CAROOL VIRUS!
outlook	X	outlook.exe	Added by the W32/SDBOT-RU WORM!
Outlook Express Config	X	****.exe (where = random char)	Added by a variant of the WIN32.RBOT WORM!
Outlook Express Protocol	X	look.exe	Added by the W32/RBOT-ACS WORM!
Outlook Mail Services	X	express.exe	Added by the RBOT.CJN or W32/RBOT-ATJ or W32/SDBOT-AEM WORM!
OutLooks	X	InSane.exe	Added by the SWOOP TROJAN!
Outpost Firewall	Y	outpost.exe	Outpost personal firewall
outpostupdate	X	outpostupdate.exe	Added by the Troj/Cosiam-C TROJAN!
Outwar	X	syslaunch.exe	Outwar adware downloader
OVCJ	?	ovcj.exe	??
Overnet	N	Overnet.exe	Overnet peer-to-peer (P2P) file sharing program
ovyriwi	X	telace.exe	Added by the SDBOT.BVS WORM!
OWCCardbusTray	U	ocbtray.exe	Icon in the system tray for safely removing PCMCIA cards. Only required if you have a laptop or desktop which includes a PCMCIA card interface
OWCWebCamDV	U	wcdvtray.exe	WebCamDV from Orange Micro, Inc - enables the user to use a DV camera connected via Firewire as a Webcam
OWMngr	X	OWMngr.exe	OnWebMedia/SearchSeekFind advertising foistware
OxigenClientAdmin	U	Oxigen.exe	Open University Oxigen screensaver admin client. Downloads the latest information from the net to display in the screen saver.
oz2	X	oz2.exe	Added by the W32.Mydoom.W WORM!
P0w3rF1Y	X	svchost.exe	Added by the Troj/Bdoor-MM TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
P17Helper	?	Rundll32 P17.dll,P17Helper	ASIO driver for the Sound Blaster Audigy & Audigy 2 series sound card - is it required in startup?
P2P NETWORKING	N	P2P Networking.exe p2pautostart.exe	P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required; see here
P2P Networking	N	P2P	Peer to Peer (P2P) sharing of files on the internet
P2P Networking2	X	P2P Networking2.exe	P2P Networking2.exe is an advertising program by Joltid. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately.
P2P Networking3	N	P2P Networking3.exe	P2P Networking, a component bundled with Kazaa that enables other applications to use Peer-to-Peer functionality. Not required; see here
p2pnetwork	X	p2pnetwork.exe	Added by the ALCAN.A WORM!
p2pnetworking	X	p2pnetworking.exe	Added by the W32/Rbot-AFL Worm!
P3p4chk	X	P3p4chk.exe	Added by the GEMA TROJAN!
p4mx4	X	p4mx4.exe	Added by a CRYPTER.A trojan infection
PaciSoft	X	pacis.exe	PacerD_Media/Pacimedia.com adware installer
Packard Bell EverSafe Tray Control	?	TrayControl.exe	Packard Bell EverSafe software. What does it do, and is it required?
PadTouch	N	PadExe.exe	Toshiba Touch and Launch, offers easy movement and freedom of programs navigation with TouchPad.
Pagekeeper Jobs or Pagekeeper Lite	U	pkjobs.exe	PageKeeper Jobs is a separate PageKeeper program that handles the analysis of new documents and keeps track of the location and content of current documents in PageKeeper. Pagekeeper comes bundled with scanners such has HP, Microtek, etc
PAgent	X	PAgent.exe	Scans your hard drive for the popular P2P file-sharing applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After searching the entire local filesystem for any files with those names it connects to the DownloadWare servers and tells it what, if anything, is found. See here for more info
Pagis Scheduler	N	Monitor.exe	Scheduler for the Pagis scanning suite from Scansoft.
pagmstart	?	client.exe	Possibly related to this?
Pagoo	N	PAGOO.EXE	Pagoo - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
paint.exe	X	shnlog.exe	Added by the TROJ/PUPER-A And Troj/Puper-D TROJANS!
PaintingRoom evidence monitor	X	paintingroom.exe	Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
PaintingRoom smile monitor	X	paintingroom.exe	Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
Palm MultiUser Config	?	Configtool.exe	MultiUser configuration for a Palm PDA device?. Is it required?
Palm.exe	N	Palm.exe	Palm Desktop Software for use with Palm handheld devices. Available via Start -> Programs
PalNetaware	X	pnetaware.exe	PalTalk
PaltalkNetaware.exe	N	PALNETAW~1.EXE	Voice chat program. This program stores all buddy list info apparently on the server itself so you never lose your buddy list should you need to reinstall the program due for whatever reason or even reformat. Available via Start -> Programs. Delete the shortcut in Start -> Programs -> StartUp as well otherwise it will be reinstated
pamela.exe	U	pamela.exe	Pamela is a plug-in or add-on that adds features to Skype peer to peer voice service. Note: Located in the Program files\Pamela folder.
Panda Antispam Server Service	U	PasSrv.exe	AntiSpam software, part of Panda Platinum_Internet_Security
Panda Cleaner	Y	pavdr.exe	Panda Antivirus related - possibly Panda ActiveScan
Panda Preventium+ Service	Y	PREVSRV.EXE	Panda_Titanium Antivirus
Panda Software Intrenet	X	"panda.pif"	Added by W32/RBOT-ATZ WORM!
PandaAVEngine	X	PandaAVEngine.exe	Added by the W32.NETSKY.R WORM!
PandaScheduler	U	pavsched.exe	Panda Antivirus scan scheduler. Required if this is your virus scanner program and you have scans scheduled on a regular basis. I recommend that you scan manually so you don't need this but if you tend to forget then leave it
Pantera	X	pantera.exe	Added by the SDBOT.AYN WORM!
Paperport	N	runppdrv.exe	Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here
PaperPort PTD	N	pptd40nt.exe	"PaperPort" software associated with scanners
PaperQuote System Tray Icon	N	PQTRAY.EXE	PaperQuote is a "wallpaper" changer with daily quotes that are either for inspiration or motivation
Parallel Tasking	X	ptask.exe	Added by the TROJ/SMALL-CJ TROJAN!
PartSeal	U	PartSeal.exe	System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
Password Door Loader	U	PDMonitor.exe	Password Door - password protection software
PasteLister	N	plister.exe	PasteLister - clipboard extender. Start manually when required
Patch	X	patch.exe	Added by the W32/NetBus TROJAN!
Patches Value	X	WinGamed.exe	Added by a SDBOT.BR worm infection
Path	?	lide.exe	??
pathname	X	pathname.exe	Added by the BACKDOOR.IRCCONTACT TROJAN!
PathNvidiaTV	?	patchnvidiaTVout.exe	Appears to be related to Nvidia Gigabyte Video card. Typical file location is the Program Files\Gigabyte\Nvidia folder.
PAV.EXE	X	%Number%	Added by the KITRO.D (or ARGEN.A) VIRUS!. %Number% can be any number
PAV.EXE	Y	PAV.EXE	PER Antivirus
PAVFIRES	Y	PavFires.exe	Panda Antivirus
PAVFNSVR	Y	PavFnSvr.exe	Panda Titanium Antivirus
Pavkre9x	Y	pavkre9x.exe	Panda_Titanium Antivirus
PavProc	Y	PavPrS9x.exe	Panda Titanium Antivirus
PavProt	Y	PavProt.exe	Panda Titanium Antivirus
Pavprot9	Y	Pavprot9.exe	Panda_Titanium Antivirus
PayTime	X	paytime.exe	Added by Troj/StartPa-YR or Troj/Paymite-C TROJAN!
pbagent	U	pbagent.exe	Probot keystroke logger/monitoring program - remove unless you installed it yourself!
PC Alert III	U	alert.exe	MSI PC Alert III - allows you to view your system and cpu temperature, fan rpm and more. Only required if you overclock
PC Booster	U	pcbooster.exe	PC Booster from inKline Global - "easy-to-use computer system optimizer that gives your system the extra speed and stability you want while ensuring that your computer is kept clean and in tip-top condition"
PC Dynamics SdwMon32	U	sdwmon32.exe	SafeHouse "Personal Privacy" protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted.
PC-Config32	X	corona.exe	Added by the CORONEX.A VIRUS!
PC-Duo System Snapshot	U	CLBOOT32.EXE	PC-Duo_Remote_Control from Vector. "System Snapshot provides a detailed inventory of a Client's hardware configuration. It includes information on CPUs, memory, operating systems, printers, display drivers, disk size and free space, network details and much more!". For tech support users to provide remote assistance
pcAnywhere Agent	U	pcamgt.exe	Part of pcAnywhere 9.0 or later. This process listens for incoming PC Anywhere connections if your PC is configured as a PC Anywhere host.
PCBODYGUARD or PCBG	Y	PCBODYGUARD.EXE	PC Bodyguard from Calluna - protects system files and settings from being deleted, modified, etc
PCCClient.exe	Y	PCCClient.exe	PC-Cillin 2002 antivirus software
pccguide.exe	Y	pccguide.exe	PC-Cillin 2002 antivirus software
PCCIOMON.EXE	Y	PCCIOMON.EXE	PC-Cillin 2000 antivirus software. This is the actual virus-scanner
PCClient.exe	Y	PCClient.exe	Trend Micro PC-cillin Internet Security
PccPfw	Y	PccPfw.exe	Trend Micro PC-Cillin personal firewall
PcCtlCom	Y	Pcctlcom.exe	Trend Micro PC-cillin Internet Security
PCDRealtime	N	realtime.exe	Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site.
PcEXPLODE	X	specialfile.exe	Added by a RBOT.RH worm infection
PCHbutton	N	PCHbutton.exe	Used by HP Instant Support
PCHealth	N	pchschd.exe	This is a "scheduler" and does not turn off PC Health. For more information refer here
PCHEasySearch	X	STUpdate.exe	PCH EasySearch bar
PCIMODEM	?	pcimodem.exe	Associated with Lucent based Aztech MDP7800-U PCI modems. Is it required?
PCLEPCI	U	ppe.exe	Pinnacle Systems PCI Performance Enhancer. "This tool helps to increase the PCI Busmaster performance of all Pinnacle PCI boards."
PClK	X	PClK.exe	Added by the Troj/LegMir-BL TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
PCMCIA Resource Monitor	?	nvp2pmon.exe	NVIDIA nForce P2P Driver - what does it do and is it required?
PCMService	?	PCMService.exe	In a Dell\Media Experience sub-directory
PCprot	X	crcss.exe	Added by an unidentified WORM!
pcqmqgn.exe	?	pcqmqgn.exe	??
PCRecSA	U	PCRecSA.exe	Part of the IBM/XPoint Rapid Restore backup utility. If you choose, you can use it to create a "clean" backup of your hard drive. The process involves the software partitioning your hard drive, making a compressed image of the working drive which will then allow you to revert to that should you need to
pcServer	X	server.exe	"Ssppyy" spyware
PCShield	X	regsvr32 /s [path] sfg_****.dll	SafeguardProtect/Veevo malware, where * is a random char or digit
PCStart	N	Pcm25.exe	Runs as part of PCMonitor which is a program for monitoring your activity on your system. It makes screen dumps and key logging. It can hang-up your system because the screen dump page gets VERY big
PCSuiteTrayApplication	N	TrayApplication.exe	System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu.
PCSuiteTrayApplication	N	LaunchApplication.exe	System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless or cable connection. PC Suite can also be launched through Start Menu.
Pcsv	X	pcsvc.exe	Delfin_Media_Viewer or "Promulgate" adware
PcSync	N	PcSync.exe	If a Nokia phone has been connected, synchronises the phone with MS Outlook or other organiser software. It is installed by the Nokia PC Suite, and the tray icon shows if a phone has been connected. Available via a desktop shortcut or Start -> Programs
PcSync	X	PCsync.exe	Added by the W32/RBOT-XJ WORM! - NOTE: do NOT confuse with the Nokia application described here
pctspk	U	pctspk.exe	Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions
PCTVOICE	U	pctvoice.exe	The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it, it comes back. It�s better to leave it
PCTVOICE	U	pctspk.exe	Used for modems based upon PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and also for some Power management options. If you remove it you may not be able to use any of those functions
PCWatch	U	pcwatch.exe	Added by the Spyware.PCWatch surveillance software. Uninstall this software if you did not install it yourself.
PDA Commander	X	stisvc32.exe	Added by W32/Agobot-TX WORM!
PDASCAN	X	pdascan.exe	Added by the W32/AGOBOT-QY WORM!
PDEngine	U	PDEngine.exe	PerfectDisk from Raxco - disk defragmenter. Only required if you schedule disk defragmenting at re-boot
pdexplo	N	PDEXPLO.EXE	PowerDesk Pro by Ontrack. Enhanced desktop and file manager. Available via Start -> Programs
PDF Converter Registry Controller	?	RegistryController.exe	ScanSoft PDF_Converter related - what does it do and is it required?
pdfFactory Pro Dispatcher v1	N	fppdis1.exe	"With pdfFactory you can create PDF documents from any program printing to the virtual PDF printer". Available via a desktop shortcut or Start -> Programs
pdfMachine dispatcher	U	mapisnd.exe	pdfMachine Windows print driver
pdfSaver3	N	pdfSaver3.exe	PDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher etc.
PDirect	N	PDirect.exe	IBM Presentation Director software
pdp Server	U	ctpdpsrvr.exe	Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network
PDUiP6000DMon	U	PDUiP6000DMon.exe	Related to Canon iP6000D printer
PDUiP6000DTskbr	U	PDUiP6000DTskbr.exe	Related to Canon iP6000D printer
PDVDServ	U	PDVDServ.exe	Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one
Pe2ckfnt SE	N	chkfont.exe	Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu
Peeramid	?	PService.exe	In a "Koptimizer" folder in Program Files - what is it and is it required?
PeerGuardian	N	PeerGuardian_1.99b_pr14.exe	PeerGuardian "is a tiny firewall program especially designed for P2P software users, but also for anyone who is concerned about the investigations that corporations and authorities perform on the internet. PeerGurdian blocks connections for the configured IP ranges and logs the blocked connections."
PeerGuardian	U	pg2.exe	PeerGuardian is an IP blocker for Windows. Used to protect privacy on P2P networks by blocking IP addresses specified in blocklists. Features support for multiple lists, a list editor, automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc).
Pent@VALUE 3.2	U	Pent@VALUE.exe	Pent@VALUE Digital Satellite Internet PC Receiver
PeqBL100	X	PEQBL100.exe	Added by the W32.PEQ WORM!
PER Email Protection	Y	pavmail.exe	PER Antivirus
PerfectPrint	N	pfppop70.exe	Print engine used by Corel WordPerfect 7 and Presentations 7
Perfomance Monitor	X	davcsync.exe	Added by the W32/Lamud-A Worm!
Perfomance Settings	X	svchost.exe	Added by the TROJ/TOFGER-AP TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
PerformCl	X	perfcl.exe	adware downloader and installer
PersFw	Y	PersFw.exe	Kerio or Tiny Personal Firewall
Persistence	N	igfxpers.exe	Associated with the Common User Interface module for Intel graphics cards
Personal Computer	X	scvhost.exe	Added by the W32/Rbot-AJE WORM! Note: This trojan file scvhost.exe (Notice the difference in the spelling) is not the legitimate Windows Process. The legitimate Windows Process (svchost.exe) should not be seen in Msconfig or as a Startup item.
Personal Firwall	X	ptmedsrv.exe	Added by the SDBOT.XY WORM!
Pervasive.SQL Workgroup Engine	U	W3dbsmgr.exe	Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
PestPatrol Control Center	U	PPControl.exe	PestPatrol Control Terminal - launches PestPatrol features such as PPMemCheck and CookiePatrol
PestPatrolCL	U	PestPatrolCL.exe	PestPatrol's command line scanner, combines with the Windows Task scheduler and is required in cases where schedules for regular scanning are set
Petit Larousse 2001	U	HIPL2000Popup.exe	Popup dictionary tool
Pex Sound Driver	X	Today's Results.vbs	Added by the W32/Trode-A WORM!
pex Sound driver 2	X	Today's Results.vbs	Added by the W32/Trode-A WORM!
PFW_CfgEngine	?	PFWCFG~1.EXE	Personal Firewall related?
PFW_PullSrv	?	PULL.EXE	Personal Firewall related?
PgMonitr	X	PgMonitr.exe	Delfin_Promulgate adware variant
PGPSDKSVC	Y	pgpsdkserv.exe	PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings, among other things. As you can imagine, it is necessary for PGPsdkServ to be running in order to perform practically any PGP functionality
PGPSERVICE	U	pgpservice.exe	PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice, but they are capable of a "fall-back" mode where they can handle such access on their own. Thus, if you are not running PGPnet, you may not immediately notice much of a difference if you disable PGPservice. If you are running PGPnet, you will notice a big difference
PGPtray	N	pgptray.exe	PGP 7.x. Provides icon tray shortcuts to PGP programs from Network Associates. Available via Start -> Programs
PGStub.exe	X		Unidentified adware
pgtaff	X	pgtaff.exe	AdRotator adware variant
Phime2002a or PHIME2002ASync	N	TINTSETP.EXE	Part of Microsoft\'s Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
PHIME2OO2ASyst	X	(Pathname of the Trojan exe)	Added by the Troj/DBdoor-B TROJAN!
PhoneFree version 6.2	U	PHONEF??.EXE	An Internet telephony application. Complicated registration and ad banners tailored to your profile - see here
Photo Express Calendar Checker SE	N	CALCHECK.EXE	If you create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will replace the wallpaper automatically. Photo Express 2.0 has a calendar checker which checks the date on your system and updates your wallpaper accordingly
Photo Loader supervisory	N	Plauto.exe	Casio's Photo Loader software. Hook up your camera to the USB port, and it pops up and asks you if you want to load your pictures
Photoshop	X	svchost.exe	Added by the Troj/Cdopen-E TROJAN! Note: This file is usually located in the Program Files directory.
PhotoShow Deluxe Media Manager	N	mssysmgr.exe	Simple Star PhotoShow_Deluxe photo editing and organizing software; makes it easy to send and share digital photos.. Bundled with software from Nero, ComCast, SnapFish, MacroMedia and others.
PhotoWise QuickLink	N	quicklnk.exe	Agfa PhotoWise - "PhotoWise QuickLinkTM lets you drag and drop photos right from the camera into your document (applications must be OLE-compliant). Use PhotoWise to print contact sheets and photographic prints. Create slide shows, screen savers, wallpaper and more."
PIC SYSTEM	X	picx.exe	Added by the MYTOB.LL WORM!
Picasa Media Detector	N	PicasaMediaDetector.exe	Media detector for Picasa's automatic photo organizer
PicasaNet	N	Hello.exe	Hello is an application that allows Blogger users to post digital photos and captions directly to their personal weblogs, or blogs.
Pickatag	N	pickatag.exe	Pick-a-tag - "Freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"
PICPRTR	N	PICPRTR.EXE	Program for viewing and measuring a variety of 3D CAD data formats
picsvr	X	picsvr.exe	Delfin_Promulgate adware
pictureBUZZTray	N	swtray.exe	System Tray access to PictureBUZZ on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually
PiDunHK	U	PIDUNHK.EXE	Part of the Prodigy Internet software - part of the dialer/DUN. Presumably needed for users of that service otherwise you may not be able to connect, although you may try creating your own shortcut and see what happens
piiserviceOE	U	N/A	Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE
pilif	X	pilif.exe	Added by a W32.Fili worm infection
Pinger	N	pinger.exe	Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification
PingTimeout Institution	X	pingchek.exe	Added by the W32/SDBOT-VY WORM!
PinnacleDriverCheck	Y	PSDrvCheck.exe	Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn\'t use any resources so you can leave it enabled
Piolet	N	piolet.exe	Piolet - peer-to-peer file sharing client
PIPE SYSTEM	X	pipe.exe	Added by W32/Mytob-FF WORM!
Piracy	N	SysUtil.exe	"Software Piracy Alert" feature bundled with PGWare software. Cries foul when it detects an 'illegal' version. The alerts are reported to disappear as soon as the software is correctly registered. There are privacy issues though: "The Software includes a feature that assigns a unique order number to GameGain based on purchase information. The Software reports this number to us via the internet either when you run the Software or enter the registration number, or both. The Software may also identify and report to us your IP address, date and time of installation, registration and/or use. We use this information strictly to count the number of installations, detect unauthorized access or piracy of the Software, and develop rough statistical data regarding the geographic location of our users."
PivotSoftware	N	wpctrl.exe	PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
Pixel32	X	Pixel32.exe	Added by the GEMA TROJAN!
Pixelpwr32	X	Pixelpwr32.exe	Added by the GEMA TROJAN!
Pixelsvr	X	Pixelsvr.exe	Added by the GEMA TROJAN!
pjWebCam	U	pjWebCam.exe	Webcam automation software that saves regular photos from webcam and can also act as HTTP server
PK Guard	X	pkguard32.exe	Added by the W32.Guapim WORM!
PK Services	X	pksvc.exe	Added by the W32/FORBOT-BW WORM!
PktAnything	U	PocketCompanion.exe	PocketAnything lets you save anything on your computer to your mobile, with one click.
Planl�gningsagent	U	mstask.exe	Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray - required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on.
PlaxoUpdate	U	InstallStub.exe	Installstub.exe is is Plaxo's core executable program, which is used to check for new or updated information from the Plaxo Network. This program also interacts with Outlook.
Playboy	X	playavi.exe	Added by the PWSteal.Gamanlock TROJAN! Note: This trojan file is found in the Windows\java or Winnt\java folder.
PLEAPCPUCPL	U	pleapu.exe	CPU Control Panel for the Powerleap CPU upgrade
PLFFAP	?	HotfixQ0306270.exe	Prolific Technology Inc. USB Flash Disk driver is it required in startup?
Plguni	N	Plguni.exe	McAfee QuickClean 3.0 - removes internet clutter and unwanted programs
plmg.exe	U	plmg.exe	Paragon Last Minute Bidder - auction assistant software
PLoader	?	umsd.exe	USB Mass Storage Disk related tray icon. Is it required?
Plob	X	kernel.com	Added by the OPTIXPRO.12 VIRUS!
Plook	X	plook.exe	AffiliateTarget.com alias PLook adware
Pluck Tray	U	PluckTray.exe	RSS (XML TAGS) reader program
PluckSvr	N	PluckUpdater.exe	Pluck Toolbar updater
Plug And Play	X	msnmsg.exe	Added by the W32/RBOT-ID WORM!
PLXSTART	U	PLXSTART.EXE	Sets the spindown timeout and access speeds at startup and displays the "Plextor Manager 2000" splash screen for Plextor CD-RW.
PLXTASK	N	PLXTASK.EXE	Taskbar utility for a "control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture 2000 (rips audio CDs into MP3 or WAV files)
pm32ctrl	X	pwr32crtl.exe	Added by a CRYPTER.A trojan infection
pm32info	X	pm32info.exe	Added by a CRYPTER.A trojan infection
pmc	X	764.exe	Adult content dialler
pmcqt	X	pmcqt.exe	Added by the Troj/Dluca-V TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
PMedia	X	winsrvc.exe	Internet marketing sofware from PMedia as used in E-Card FriendGreetings foistware - see here . Treated by Trend as the FRIENDGRT.B WORM!
PmProxy	?	PmProxy.exe	Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. What does it do and is it required?
pmr	X	pmr.exe	Powerstrip foistware variant
PMT	U	personalmoneytree.exe	According to the web site Personal_Money_Tree is an automatic cash rebate program. Note: Not recommended.
PMTSHOOT	N	pmtshoot.exe	MS tool for troubleshooting power management problems
PMXInit	U	pmxinit.exe	Restores user display preferences Kyro2 based graphics cards. Not required unless you change the default settings - such as gamma
PNAgent	N	PNAgent.exe	PhatNoise Music Manager - manages WMA, MP3, WAV, etc music files
PNP	X	wuaaclt.exe	Added by the W32/Lilbre-A WORM!
PnP Driver	X	playboy.exe	Added by the W32/Forbot-FR WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder. Added Note: This malware can collect system information, add or delete shares and users, kill processes, download and execute files, send email, remotely control a connected web cam, sniff network traffic or launch a denial-of-service attack!
PNP FIX	X	(Worm filename)	Added by the W32/Rbot-AKQ WORM!
Pnpchk	U	Pnpchk.exe	Aztech Labs Sound 3 PnP driver
pnpsvc_lock	X	startsvs.exe	browser hijacker
pnpsvc_lock	X	*****.exe ( = random digit)	browser hijacker
PNSetup	U	PNSetup.exe	PopNot - pop-up killer
PNtask Services	X	pntask.exe	Added by the LALA.C VIRUS!
Pocket Sheet Sync	U	PSXLTRAY.EXE	Casio Pocket Sheet synchronization software
Poet		Poet.exe	Added by the DOEP.A VIRUS!
Pofatch	X	nstrue.exe	Added by the RANDEX.Z VIRUS!
point32	U	point32.exe	Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
POINTER	U	point32.exe	Microsoft_Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
Points Manager	N	points manager.exe	Altnet TopSearch adware
Pollon	X	pollone.exe	Added by the SPYBOT.FW WORM!
polo.exe	X	polo.exe	Added by the Troj/Agent-PE TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
POP	X	PopSrv***.exe	PeopleonPage foistware, bundled with Grokster where *** are random digits
Pop-Up Smasher	U	PopupSmasher.exe	Pop-Up Smasher - pop-up killer
Pop-Up Stopper	U	dpps2.exe	Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
Pop-Up_Blocker	U	Popup.exe	A Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer. Can be enabled/disabled via Tweak-XP -> Internet Tweaks
Pop-Up_Scanner	U	Popupscn.exe	Panicware popup blocker
pop3trap.exe	Y	pop3trap.exe	PC-Cillin 2000 antivirus software -> E-mail scanner
PopeSvr	X	PopeSvr.exe	Added by the Troj/LegMir-AJ TROJAN!
PopMark	X	WinTask.exe	"Pop Marketing" adware
PopNot	U	PopNot.exe	PopNot - pop-up killer
PopOops	U	PopOops.exe	PopOops - pop-up killer
Popopen	U	popopen.exe	PopOpen makes your windows spring open with animation effects
Poproxy	Y	POPROXY.EXE	Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled to automatically check for suspect attachments in E-mails that may contain viruses. It downloads the E-mail into poproxy, which serves as a proxy server on the local machine, before scanning it
popsrv146	X	popsrv146.exe	PeopleOnPage online dating browser enhancement - also adware and privacy issues, see here. For removal instructions see here
PopSubtract	U	PopSub.exe	PopSubtract - pop-up killer
Popup Ad Filter	U	PopFilter.exe	Popup Ad Filter - pop-up killer
Popup Blocker System	X	PopUpBlocker.exe	Added by a variant of the WIN32.RBOT WORM!
Popup Blocker System326a Monitoring	X	PopUpBlocker6a.exe	Added by the RBOT.AUH WORM!
Popup Blocker System8 Monitoring	X	PopUpBlocker8.exe	Added by a variant of the WIN32.RBOT WORM!
Popup Blocker Updater	X	regsvr32 veev****.dll	SafeguardProtect/Veevo
Popup Defence Updater	X	regsvr32 [path] pdfupd.dll	SafeguardProtect/Veevo hijacker
Popup Defence Updater (required)	X	regsvr32 /s [path] pdf***.dll ( = random char/digit)	SafeguardProtect/Veevo hijacker
Popup Defender	U	PD.exe	Popup Defender - pop-up killer
Popup Terminator	U	GLADManager.exe	Popup Terminator - pop-up killer
PopupEliminator	U	Popup Eliminator.exe	Popup Eliminator - pop-up killer
PopUpKiller	U	PopUpKiller.exe	PopUpKiller - pop-up killer
popuppers	X	newpop63.exe	Popuppers adware variant
popuppers64	X	a64sddd.exe	Popuppers adware, also detected as the TROJ/LOWZONE-AA TROJAN!
popuppers65	X	a65d.exe	Popuppers adware variant
popuppers65	X	a64sddd.exe	Popuppers adware variant
PopUpStopperCompanion	U	PSComp.exe	PopupStopper_Companion popup blocker
PopUpStopperFreeEdition	U	PSFREE.EXE	Pnaicware's Pop-Up Stopper - free limited features version
PopUpStopperProfessional	U	PopUpStopperProfessional.exe	Panicware's Pop-Up Stopper - paid for version
PopupVanish	U	PopupVanish.exe	Pop-up blocker
PopUpWasher	U	PopUpWasher.exe	PopUpWasher pop-up killer
PopUpWatch	U	PopUpWatch.exe	Part of BPS Trace Remover - made by the folks who "developed" BPS Spyware Remover which reportedly uses an old, "borrowed" SpyBot database. Read this and this. Do not support these guys!
POS-Partnerbatchprocessor	?	BATCH.EXE	VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut?
Post-It(r) Software	N	Psnotes.exe	Pop-up "yellow" notes on screen. Available via Start -> Programs
POW!	U	pow.exe	Pop-up killer
Power Scan	X	powerscan.exe	"Foistware" by Integrated Search Technologies - the people behind the ISTbar parasite
PowerBar	N	Powerbar.exe	Part of CyberLink's PowerDVD software; not sure what exactly it does, but not required in startup
PowerChute	Y	Pwrchute.exe	"During a power outage, if you're not available to save your files & close down Windows....PowerChute will do that for you. PowerChute will save your application files, close your applications and shut down your computer just like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit would go to battery until it wore down, then your computer would shutoff"
PowerChute	X	Pwrchute.exe	Added by the Troj/Lazar-A TROJAN! Note: This trojan file is found in the Windows\Program Files>\APC_Power or Winnt\Program Files>\APC_Power folder.
PowerDOCSAPIHost	U	papihost.exe	Hummingbird PowerDOCS - "delivers powerful enterprise document management functionality via a tightly integrated Microsoft WinNT/98/2K environment"
PowerDVD	N	PowerDVD.exe	Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled, PowerDVD will open automatically when a DVD movie is inserted. Launch manually
PowerKey	U	PowerKey.exe	Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
PowerManagement	X	Rundlll.exe	Added by the SURDUX VIRUS!
PowerManager	X	Svchost.exe	Added by the JEEFO VIRUS! Note - this is not the valid svchost.exe as described here
PowerPanel	Y	POWPANEL.EXE	Power management utility on notebooks/laptops - automatically switches modes when running on battery
PowerPrifile	X	rundl132 kenel.dll, PowerProfileEnable	Added by the INMOTA VIRUS!
PowerPro	U	powerpro.exe	Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs, but I'd leave it alone if you use this program
PowerProf	X	PowerProf.exe	Added by the WIN32.LOREX.B TROJAN!
PowerProfile	X	mfcp30.exe	Added by the RINDAS-A TROJAN!
PowerQuest Startup Utility	N	PQINIT.EXE	From a visitor - "This seems to be installed when you install Power Quest Partition Magic. I think that it implements the changes when you use the magic mover app. If you don't have any mappings set up, it does nothing (except waste bytes and cycles). I disabled it using msconfig.exe with no problems"
PowerReg Scheduler	N	PowerReg Scheduler.exe	PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
PowerReg SchedulerV2	N	PowerReg SchedulerV2.exe	PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
PowerReg SchedulerV3	N	PowerReg SchedulerV3.exe	PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others
POWERR~1	?	POWERR~1.exe	Power monitoring?
PowerS	?	PowerS.exe	ProlinkTest for either their AGP graphics card or TV/FM capture card. Is it required?
PowerSet	?	Regedit.exe /s ...PowerSet_8100_CU.REG	Appears to be Toshiba power management related
PowerStrip	N	powerstrip.exe	PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
PowerStrip	N	pstrip.exe	PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings
PowerTools Tray Icon	U	pttray.exe	PowerTools - add-on for AOL
Powertweak	U	PT2.EXE	"Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if \'Use predefined settings\' is enabled in the programs options
Powertweak	U	PTCTRL.EXE	"Powertweak is designed to configure your system in the best way. A processor, the core of the system, or a chipset (a set of components that manage the data flows between the different parts of the system) can be configured." This item is added to startup if \'Configure system at logon\' is enabled in the programs options
Power_Gear	U	BatteryLife.exe	Power management for all Asus notebook. Useful but not critical.
PP****usb	N	FBDirect.exe	Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
PP2000 Instaupdate	U	PPInupdt.exe	Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually
PP2000 Real Time Scan	Y	PPVstop.exe	Protector Plus anti-virus software - real time scanner
PP2000 Taskbar Control	Y	PPTbc.exe	Protector Plus anti-virus software - system tray access
PP3100b	N	flatbed.exe	Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop
ppass	U	Antispy.exe	AntiSpy firewall - "program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide"
PPControl	U	PPControl.exe	PestPatrol Control Terminal - launches PestPatrol features such as PPMemCheck and CookiePatrol
PPCRunonce	?	PPCRunOnce.exe	Related to PeoplePC ISP software - what does it do and is it required?
PPHIDPAD	U	pphidpad.exe	PenPower Chinese handwriting recognition software
PPK Setup(Server)	U	SEServe.exe	Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button, collect your e-mail automatically with one key stroke. You can also program your PPK to turn on your SuperSlim Notebook at a predetermined time and perform simple tasks - completely unattended"
PPMemCheck	U	ppmemcheck.exe	PPMemCheck - "extends PestPatrol's power so that the most dangerous Pests -- those that are about to execute -- are found, terminated, and cleaned from a user's system"
PPPOEO	X	pingppac.exe	Added by the W32.Spybot WORM!
PPPOEOE	X	WINLITE.EXE	Added by the W32/RBOT-AAN WORM!
PProTray	N	pprotray.exe	Part of the power professional program. Loads the System Tray control
PPSVC	U	[path to file]	PC_Police is spyware that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. If you didn't install this yourself remove it.
pptd40nt	N	pptd40nt.exe	"PaperPort" software associated with scanners
PPUpdate	U	ppupdater.exe	PPUpdater - "is the update program that ships with PestPatrol. It is able to update licensed and evaluation versions, and presents a visual display of what it is doing". Run manually unless you think you'll forget to check for updates on a regular basis
PPWWebCap	N	PPWebCap.exe	"PaperPort" software associated with scanners
pqhelper	X	pqhelper.exe	Searchcentrix hijacker
PractiSearch	U	PSearch.exe	PractiSearch web search software
Praize Messenger	U	itLoad.exe	Praize IM Christian chat instant messenger
Prayer	U	PTW.EXE	Islamic Adhan program (call fpr daily prayers)
prdtect	X	prdtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prxtect.exe, prmtect.exe and so forth!
PreAnnotate	?	PreAnntt.exe	Genius Wizard Pen Tablet driver related. Is it required?
Precision Time Clock Checker	N	PrecisionTime.exe	Precision Time 2.0. Checks your computer clock time against the Naval Observatory or some other source to assure accurate time
PrecisionTime	X	PrecisionTime.exe	PrecisionTime - clock synchronizing software containing adware by Claria/GAIN
precpop2	X	starter.exe	PrecisionPop adware
Prein	X	APP***.tmp ( = random char or digit)	Unidentified adware
Preload	Y	Preload.exe	Millenium Multi-Function Keyboard driver
PreloadApp	?	hphprld.exe	HP PhotoSmart printers related - what does it do and is it required?
Premeter	X	prmt.exe	NetRatings software by Opistat. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!
Premeter	X	nrpr.exe	NetRatings software by Opistat . "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!
Preview AdService	X	PrevAdServ.exe	Windupdates Adware Variant
PrevxHome	Y	SAGUI.exe	PrevX_Home intrusion prevention software
PrevxOne	Y	PXConsole.exe	Prevx intrusion prevention software
PrevxPro	Y	SAGUI.exe	Prevx_Home intrusion prevention software
prgtect	X	prgtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
Price Patrol	N	neo.exe	Price Patrol by Half.com - internet shopping companion for finding the best on-line prices
PrimaLauncher	?	Launcher.exe	Associated with PrimaScan scanners. Is it required?
Primax 3D Mouse	U	3dmoused.exe	Enables the scroll button on the Primax 3-D Scroll mouse
Primsta	?	Primsta.exe	Linksys Wireless CompactFlash Card driver related. Is it required?
Print Driver Helper Service	X	crsrr.exe	Added by the AGENT-BC TROJAN!
Print Master Event Reminder	N	PMremind.exe	Print Master Gold - calander feature that pops up reminders, such as birthdays
Print Screen Deluxe	N	psdeluxe.exe	Utility allows "Print Scrn" or "Print Screen" key to capture, print or save the current window
Print Services	X	spolserv32.exe	Added by the RBOT.ZP WORM!
print sharing	X	start.bat	Added by the ZCREW VIRUS!
print sharing	X	hidden32.exe (path) explorer.exe	Added by the ZCREW.B VIRUS! Note - this is not the valid Windows Explorer (explorer.exe)
Print Spooler	X	Spoolsv.exe	Added by the CIADOOR.B VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
Print Spooler	X	spoolsvc32.exe	Added by the SDBOT.BB WORM!
Print Spooler	X	spools.exe	Added by a W32/Rbot-LD worm infection
Print Spooler	X	spool.exe	Added by the TROJ/BDOOR-IS TROJAN!
Print Spooler	X	spoolsv32.exe	Added by the RBOT.SW WORM!
Printer	X	Spyassault.exe	Bogus "Spyware remover" - see this list of non-Recommended anti parasite software
Printer	X	private.exe	Win32.Rbot worm variant
Printer	X	dipset.exe	Added by a variant of the Proxy-FBSR TROJAN!
printer	X	sysprinter.exe	Added by the TROJ_SMALL.ZY TROJAN!
printer	U	SpyAssaultScanner.exe	Bogus "Spyware remover" - see this list of non-Recommended anti parasite software
Printer Monitor	X	webprinter.exe	Added by the TROJ/IRCBOT-Z TROJAN!
Printer Spool	X	updater.exe	Added by a variant of the WIN32.RBOT WORM!
Printer spool Service	X	spool.exe	Added by the W32/RBOT-ACP WORM!
printer spooler	X	commonaccess.exe	Added by the Troj/Delf-LB TROJAN!
Printer Spooler Subsystem	X	spoolss.exe	Added by a variant of the WIN32.RBOT WORM! - Note - this is NOT the legitimate Windows spoolss.exe process, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
Printer Update	?	CFGREG.EXE	Maybe a registration reminder or automatically updates drivers or application software for a printer?
PrinterSpool	X	[path] RESTORE.EXE [path] SPOOL.EXE	Added by the ALADINZ.K VIRUS!
Printing Driver	X	msprint.exe	Added by the RBOT.JH WORM!
Printkey2000	N	printkey2000.exe	Screen grabber that intercepts the pressing of the Print Screen (Prn Scrn) key. Start manually when required
PrintMngr	X	system.exe	Added by an unidentified TROJAN!
printnow	N	printnow.exe	PrintNow - a utility that primarily allows "Print Srceen" or "Alt Print Screen" screenshots to be sent directly to a printer
PrinTray	N	Printray.exe	Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray
PrintScreen	N	UNWISE.EXE	Gadwin PrintScreen - utility to capture, print or save the current window
Printscreen 95	N	PRT95MIN.EXE	Printscreen 95 - utility to capture, print or save the current window
PrintSpoolSv	X	System.exe	Added by a Troj/Bdoor-S worm infection
PRISMSTA.EXE	U	PRISMSTA.EXE	Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example
PRISMSVR.EXE	?	PRISMSVR.EXE	Siemens Gigaset USB Adapter software related. Is it required?
Privacy Eraser Pro	N	PrivacyEraser.exe	Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities
PrivacyKeyboard	U	PrivacyKeyboard.exe	PrivacyKeyboard is a product "that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices, both known and unknown, currently in use or presently being developed worldwide."
PrivacyScanner	X	pscan.exe	"Privacy Champion", a stealth installed 'Privacy Scanner'. It purportedly scans your PC for links to porn websites, and then offers to "clean" them.. Produces loads of False Positives as goad to purchase.
PrivateNet	X	(Various filenames)	Premium rate adult content dialer
Privoxy	U	privoxy.exe	Privoxy - web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk
PrizeSurfer	X	prizesurfer.exe	"PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
prjtect	X	prjtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
prktect		prktect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
prltect	X	prltect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
prmt	X	prmt.exe	NetRatings software by Opistat. "OpiStat measures Internet usage anonymously and surveys participants according to their profiles and online habits". This software has been reported to get downloaded and installed automatically after a Grokster install. It anonymously collects your use of the Internet protocols (sites visited, Web pages, advertisements seen, electronic commerce, streaming). To be avoided!
prmtect	X	prmtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prxtect.exe, prdtect.exe and so forth!
PrnSys Executable	U	PrnSys.exe	Print screen utility bundled with some HP printer software; not required, but your choice if you like that feature.
pro	X	[path to file]	Added by Troj/Spywad-F TROJAN!
pro	X	SpySheriff.exe	Added by the Troj/Spywad-I TROJAN! Note: This trojan file is found in the Program Files\SpySheriff folder.
Pro PCL Status Monitor	U	PENGSS.EXE	Xerox printer/fax/copier status monitor (PCL = printer control language)
ProArt	?	ProArt.exe	??
Proc992	X	[path to file]	Added by W32/Ixbot-C WORM!
Proc993	X	wqxfne.exe	Added by the W32/Ixbot-D WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
process.exe	X	process.exe	Added by the PWSTEAL.BANCOS.P TROJAN!
ProcessGovernor	U	processgovernor.exe	Process Supervisor is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions.
ProcessSupervisorGUI	U	ProcessSupervisor.exe	Process Supervisor is a technology designed to automatically configure and manage processes on one or more computers for the goal of maintaining system stability and responsiveness, restricting executables from running, and logging of program executions.
procmon	X	procmon.exe	Added by the BIONET.40A VIRUS!
Prodigy DSL	?	EnterNetDUN.Exe	Prodigy EnterNet DUN PPPoE Client - is it required?
ProdikeysAutorun	N	Prodload.exe	Creative Prodikeys software. "an interactive music entertainment device which not only functions as a full-featured, ergonomic �QWERTY� keyboard but also comes equipped with 37 touch-sensitive music keys and accessible music controls for endless entertainment at your desktop. Coupled with the Sound Blaster audio card, you can explore a wide array of realistic instrument sounds and have non-stop fun making music right at your desktop."
ProDsl	N	ProDsl.exe	Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs
Profile	X	Profile.vbs	Added by the WHITEHO or TRAPPY VIRUSES!
ProfileAMP	U	Profile8	WinAmp media player add-on; "will replace %s with the current Winamp song and %m with current memory stats every song change. Change the color of your links, have a count down to a certain date. Works for all versions of Winamp."
Profiler	N	Profiler.exe	Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs
profiler	X	prof.exe	Added by the TROJ/ZAPCHAS-G WORM!
profiler	X	liteout.exe	Added by the TROJ/ZAPCHAS-G WORM!
Prog	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
Prog	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
Program File	X	Progmon.exe	Added by the PEEPER VIRUS!
Program in Windows	X	iexplore.exe	Added by a variant of the LOVGATE WORM!
Program Neighborhood Agent	U	pnagent.exe	Citrix_Program_Neighborhood_Agent
projselector	N	projselector.exe	Roxio Project Selector; can be started manually
Promon.exe	N	promon.exe	System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
PromptCast	U	PromptCast.exe	Auto-download for viewing short films and movie trailers for Surveys - Membership to site is required and it 'background'-downloads the needed clips for the survey.
PromulGate	X	PgMonitr.exe	Delfin_Promulgate adware variant
PRONoMgr.exe	N	PRONoMgr.exe	System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
PRONoMgrWired	U	PRONoMgr.exe	Intel�s Pro 100 Ethernet card manager
Propel Accelerator	U	PropelAC.exe	Propel Internet Accelerator
ProPort Startup	U	ProPort.exe	Proport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving
ProSiteFinder	X	prositefinder.exe	Adware by 180Solutions
Prote��o de tela	X	ssmaze.scr	Added by the BANCBAN-FB TROJAN!
Protect	U	SHVRTF.EXE	PC_Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash, PC ANGEL will retrieve everything up to the minute before the crash or the last known stable registry.
protect	X	protect.scr	Added by the Troj/Dloader-TQ TROJAN!
Protected Storage	X	RUNDLL32.EXE MSSIGN30.DLL ondll_reg	Added by a variant of the LOVGATE WORM!
Protection	X	Protection.exe	Added by the W32/FEBELNECK-A WORM!
Protection	X	[path] runtask.exe [path] protection.exe	Added by a variant of the Downloader.Agent.3.AU TROJAN!
Protection	X	Firewall.exe	Added by the W32.Elitper.A WORM!
Protection	X	IExplore[space].exe	Added by the W32.Elitper.D WORM!
Protection	X	Norton Internet Security.exe	Added by the W32.ELITPER.E WORM!
ProtocolDiskChk	X	ssrms.exe	Added by the Troj/Bdoor-ML TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Provan Security	X	psecure.exe	Added by the RBOT.BRV WORM!
PROXOMITRON	N	PROXOM~1.EXE	HTML proxy
Proxomitron	N	Proxomitron.exe	HTML Proxy
ProxyWay	U	proxyway.exe	ProxyWay anonymous proxy surfing software
PRPCMonitor	U	PRPCUI.exe	Intel� SpeedStep� interface. This automatically detects whether a mobile PC is using battery or AC power. When using battery power, SpeedStep scales the processor clock frequency and voltage to reduce the power it needs by 40%
prqtect	X	prqtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prrtect	X	prrtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
prstect	X	prstect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prtcct	X	prtcct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prttect	X	prttect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
prutcct	X	prutcct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
prutdct	X	prutdct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prtcct.exe and so forth!
prutgct	X	prutgct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
pruthct	X	pruthct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prutict	X	prutict.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prutlct	X	prutlct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prutpct	X	prutpct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prutqct	X	prutqct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prutsct	X	prutsct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
pruttct	X	pruttct.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: routinely uses alternative file names like prdtect.exe, prtcct.exe and so forth!
prvtect	X	prvtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
prxtect	X	prxtect.exe	"Prutect" malware from e2Give - attempts to tamper with a number of anti spyware applications, like Ad-Aware and SpyBot S&D. - NOTE: has been seen using alternative file names like prdtect.exe, prmtect.exe and so forth!
ps1	X	ps1.exe	PacerD_Media/Pacimedia.com adware component
PS2	U	ps2.exe	Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost.
psaload32	X	psaload32.exe	Added by the W32/Rbot-ADL or W32/Rbot-ANW WORM!
PSD Tools Channel	X	ChannelUp.exe	BuddyLinks adware
PSDrvCheck	Y	PSDrvCheck.exe	Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn\'t use any resources so you can leave it enabled
PService	X	svcnow32.exe	Added by the TROJ/SPYBOT-DJ TROJAN!
PSFree	U	PSFree.exe	Pop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
PSGuard	X	PSGuard.exe	Bogus spyware remover - also known as the SmitFraud alias FAKEALE-C TROJAN!
PSGuard spyware remover	X	PSGuard.exe	Bogus spyware remover - also known as the SmitFraud alias FAKEALE-C TROJAN!
pshower	X	pshwr.exe	SafeSurfing adware variant
PSIMSVC	Y	PSIMSVC.exe	Panda Titanium Antivirus
PSIWin2.3 Connection Server	N	Psconsv.exe	Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs
pskl	U	keyspy.exe	KeyboardLogger logs keystrokes and records the windows in which they were entered. If you didn't install it yourself remove it.
PsMFCard	U	PsMFCard.exe	Component of the Toshiba Controls. Provides power-saving functions for the PCMCIA slots. Through the Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except disabling the ability to reduce power consumption by powering-down the PCMCIA slots when not in use
PSNotify	Y	psnotify.exe	Pharos SignUp Vx - "PC reservation and management application that addresses the PC scheduling needs of public libraries and higher education labs and libraries"
PSof1	X	PSof1.exe	PacerD_Media/Pacimedia.com adware installer
PSoft1	X	psoft1.exe	PacerD_Media/Pacimedia.com adware installer
PsPCCard	?	PsPCCard.EXE	Found on a Toshiba laptop?. Any ideas?
PspContr	U	pspcontr.exe	Driver/controller for the Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer supported it can be disabled but the Mike can still be used for certain functions using this driver
PsSound	U	PsSound.exe	On a Toshiba laptop. Operates your sound in one of 4 modes, off, on , on only with powerr, same as #3 but longer delay
pst	U	memaker2.exe	Added by the SpymodePCSpy surveillance software. Uninstall this software unless you put it there yourself.
PSTORES	?	PSTORES.EXE	Part of Windows Services Protected Storage?
ptech	X	ptech.exe	Related to "Prutect" malware from e2Give
ptfb	N	ptfb.exe	Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
Ptipbmf	?	rundll32.exe ptipbmf.dll, SetWriteCacheMode	Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller
PtiuPbmd	?	Rundll32.exe ptipbm.dll, SetWriteBack	Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. If used is it required?
ptrun32	U	ptrun32.exe	Parent Tools for AIM
PTRUN32	U	ptr32w.exe	Added by Spyware.ParentTools surveillance software. Remove unless you installed it yourself!
Ptsnoop	N	Ptsnoop.exe	These descriptions I've come across - all valid as far as I can see :- (1) Program installed with some modems that monitors the COM ports for the modem driver. Not required from what I've read - may need a registry edit to get rid of it (2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info (3) Apparently the people who put it out claim it's a driver for a Voice modems (don't know who they are though - Ed) Note: If using AOL and you disable this you may lose your connection or lock up (4) Can also be an older Logitech scanner program. Remove from the Win.ini tab under Load='path'\PTSNOOP and the System.ini tab under drivers='path'\ptrtkr.drb. Can cause parallel port conflicts big time dragging system resources way down when a conflict exists (5) Allows audio monitoring of modem phone dialling tones and can be useful if you have connection problems (6) Karen Kenworthy's Snooper - "logs the start and stop time of all programs run under Windows"
pttrun	U	pttrun.exe	Transmeta Crusoe processor related. Reduces application launch times and makes the computer "more responsive"
PtUDFApp	N	PtUDFApp.exe	Sony abCD program, included on the CD Xtreme install CD, used to format CD-RWs for packet writing (similar to DirectCD). Available via Start -> Programs. Note that you must add a /T switch to the command line to get it to load to the taskbar
Public Microsoft ODBC	X	ODBC32.exe ( = random char)	Added by the MASLAN.D WORM!
pumcfgp	U	proxycfg.exe	GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser
Pure Networks Port Magic	N	PortAOL.exe	Pure Networks Port Magic, as available in the latest version of the AOL� 9.0 Optimized SE software; automatically configures most in-home Internet gateways, improving access and performance for applications such as instant messaging, online gaming, and streaming music and video. See here
Purgative	U	PURGATIVE100.EXE	AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
Purgatory	X	Purga.exe	Added by the W32/Purgory-B WORM!
Push Client	N	pull.exe	Client software from Interwise that MS use for their webcasts
Push The Freakin' Button	N	ptfb.exe	Push the Freakin' Button - "When a dialog causes irritation, you simply tell PTFB which button should be pressed, and it will handle the dialog in future"
PUSH6599	N	PUSH6599.EXE	Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software
PutA!!	X	PutA!!.exe	Added by the OPASERV.L VIRUS!
PutAS!	X	PutA!!.com	Added by the OPASERV.Z VIRUS!
putil	X	(filename)	Added by the LDPINCH VIRUS!
putil	X	(file name)	Added by a Troj/LdPinch-AA trojan infection
PV92TRAY	U	PV92Tray.exe	PCtel HSP V.92 modem Configuration Utility
PVR	N	PVR.exe	Pocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound card
PVUnInst1	U	PVUnInst1.exe	Privacy_View is privacy software that ensures that all your private computer files, photos, documents, and websites remain secure from prying eyes.
pwindicator	N	pwic.exe	ParaWin XP - International Language Software for Windows XP/NT/2000
Pwr32ctr	X	Pwr32ctr.exe	Added by the GEMA TROJAN!
Pwr32ctrl	X	Pwr32ctrl.exe	Added by the GEMA TROJAN!
Pwr32mgt	X	Pwr32mgt.exe	Added by the GEMA TROJAN!
Pwrmonit	Y	Rundll32 PwrMonit.dll	IBM's proprietary 'battery maximiser' and power monitoring software for laptops
Pwroff	X	Pwroff.exe	Added by the GEMA TROJAN!
Pwrsave	U	Pwrsave.exe	Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power
Pwruplogin	?	pulogin.exe	??
PwrupTweakMe	U	PUPXPTWK.EXE	"Ashampoo PowerUp XP is a convenient tool for fine-tuning your Windows� NT4, 2000 and XP configuration to suit your precise needs and wishes. It gives you direct access to many frequently-required settings and parameters, enabling you to make your operating system behave the way you want." Boot-up options won't work if disabled
PWS Tray	U	PwsTray.exe	Microsoft's Personal Web Server, an application which allows PCs to behave as web servers (allows you to test your .asp pages on your own PC without having to load them onto the internet). Available via Start -> Programs
p_981116	N	p_981116.exe	Win32 cabinet self extractor. More info here
Q152404	N	wsript.exe Q152404.VBS	Appears to run Scandisk at bootup on NEC PCs
q36i36O	X	lms2cenu.exe	Added by the SECONDTHOUGHT VIRUS!
QAGENT	N	qagent.exe	Quicken program is controlled by a separate utility program called the Quicken Download Manager (also known as Qagent). When Quicken Download Manager option is enabled, background downloading takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet
qappsrvc32.exe	X	qappsrvc32.exe	Added by a Proxy_Trojan variant - identified by Kaspersky antivirus as Trojan-Proxy.Win32.Webber.m
QBCD autorun	N	autorun.exe	Quick Books CD
qbkupdbs	X	mqbkup.exe	Added by the OPASERV.K VIRUS!
qbotd	X	(random filename)	Added by the BOTTEN VIRUS!
qBrowse	?	qbrowse.exe	??
QBRSR	X	QuickBrowser.exe	QuickBrowser/Top-banners.com adware
Qchex Tray Icon	U	Qchex.exe	Related to G7_Productivity_Systems Check Software.
QCTRAY	U	Qctray.exe	System Tray icon providing access to the "IBM Access Connections" wizard on ThinkPad laptops and also allows to change the network environment. Not the same as QCWLIcon, which is pertinent only to the Wireless LAN
QCWLICON	U	Qcwlicon.exe	Used by IBM Thinkpad laptops with built-in wireless card (802.11). System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off
QD FastAndSafe	N	QDCSFS.exe	Automatically runs Fast & Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove files such as Temporary Internet Files (cache). Recommended you run it manually
QDM or QDMStart	U	QdmStart.exe	QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI\'s series of motherboards for monitoring PSU, temperatures, BIOS information, etc. Only required if you overclock system components and need to monitor temperatures, etc
Qdsafe	?	??	??
Qexplo	?	Qexplo.exe	??
qgqqft	X	[path to Trojan]	Added by the Ranky.T TROJAN!
QH Live Update Scheduler	Y	UPSCHD.EXE	Quick_Heal Anti-Virus
QH Office 2K Check	Y	O2KCHECK.EXE	Quick_Heal Anti-Virus MS Office documents virus checker
QMusic	?	QMAgent.exe	??
QNPlus	N	QNPlus.exe	Quick Notes Plus by Conceptworld - sticky notes tool
Qoeloader	U	Qoeloader.exe	Qurb 2.0 anti-spam tool for Outlook/Outlook Express. Required when supporting OE but not for Outlook. Shortcut available via Start -> Programs
QQ	X	sendmess.exe	Added by the SEMES VIRUS!
QQServer	X	QQ.exe	Added by the Troj/DownLdr-AN TROJAN!
qservices	X	qservice.exe	Added by the Troj/Progent-A TROJAN!
qservices	X	qservice.exe	Added by the Troj/Progent-B TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
QSort2000	N	QSORT.EXE	Utility that sorts your Start menu and Favourites in alphanumerical order. Not required - at any time you can right-click on these lists and choose "Sort by Name"
QT4HPOT	U	OneTouch.exe	Hewlett Packard One Touch keyboard driver. Required if you use the additional keys
QTaskStartup	U	qtask.exe	Feature of Quicken.com Brokerage to customize and display Desktop Alerts and icon. It is not required for the Quicken Program to run correctly, it is only required for the Desktop Alerts feature
QTime	X	nrchk.exe	Premium rate adult content dialer
QTSTUB.EXE	N	Qtstub.exe	Part of an old version of the Quick Tax application. It enables Quick Tax Calendar Popup to show tax calendar reminders
QTSvc	X	ssvr.exe	Adult material premium rate dialer
QTSvc	X	shman.exe	Adult material premium rate dialer
QTSvc	X	navcke.exe	Adult material premium rate dialer
QTSvc	X	msocfg.exe	Adult material premium rate dialer
qttask	N	Qttask.exe	System Tray access to Apple's "Quick Time" viewer from version 5 onwards
Quantifier Security	X	qsecue.exe	Added by the W32.Spybot.UOL WORM!
QUBCity	?	qtp.exe	??
Queensla	?	Queensla.exe	??
Quick Controls	U	Astrotoolbar.exe	Gateway Astro Screen and Sound Controls tray icon
Quick Heal Messenger	U	QHM32.EXE	Quick_Heal Anti-Virus Messenger - Keeps you informed about the latest threats, hoaxes etc.
Quick Heal On-Line Protection	Y	Cateye.exe	Quick Heal - virus scanner
Quick Heal Startup Scan	Y	QHSTRT32.EXE	Quick Heal - virus scanner
Quick Shelf xx	N	qushelfxx.exe	Places an icon in the system tray for launching MS Bookshelf. Available via Start -> Programs"xx" represents the version number - ie, 98, 99
Quick Startup	Y	Fquick32.exe	For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
Quick Time file manager	X	quicktimeprom.exe	Added by the SDBOT TROJAN!
Quick View Plus	N	QVP32.EXE	Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs
QuickBooks Delivery Agent	N	QBDAGENT.EXE	As far QAGENT but for QuickBooks. Can also have the version number in the name
Quickbooks Update Agent	N	qbupdate.exe	Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not
QuickCamPro	U	QuickCamPro.exe	System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example, auto FTP Upload, etc
quicken	X	quicken.exe Waol.exe Winrar.exe	CoolWebSearch parasite related.
Quicken Scheduled Updates	N	bagent.exe	Quicken background downloading module
Quicken Startup	N	QWDLLS.EXE	Quicken option to load DLLs at startup
QuickenSEMessage	N	Qsemsg.exe	Quicken option
QuickFinder Scheduler	N	QFSCHD100.exe, QFSched.exe	Used in Corel 2002 & Corel Suite 7 - finds files faster by indexing your files (similar to Microsoft's Find Fast or Fast Search for its Office products)
QuickLaunchEr	Y	QuickLaunchEr.Exe	QuickLaunchEr - allows you to quickly launch programs from an icon in the system tray
Quicklink III	N	QL.EXE	HP fax program and only needs to be in the start-up group if you allow your phone to automatically answer your phone in fax mode, that is, to receive faxes after a certain number of rings. Available via Start -> Programs
Quicknote	N	quicknote.exe	JC&MB Quicknote Virtual Scrapbook
QuickPassword	U	agquickp.exe	Smart card-based authentication and digital signature client software
QuickRes	N	QUICKRES.EXE	Utility to quickly change desktop resolution - left over from Win95 Power Toys. In Win98 and above incorporated via Control Panel -> Display. Not required unless you have to change resolutions on a regular basis
quickset	N	quickset.exe	Dell taskbar icon allowing you to quickly change settings
Quicktime	X	qttasks.exe	Added by the TROJ/ADCLICK-AK TROJAN!
Quicktime	X	shch.exe	Added by a variant of the TROJ/BDOOR-EB TROJAN!
Quicktime Mediaplayer	X	winmplyer32.exe	Added by the W32/RBOT-PM WORM!
Quicktime Mediaplayr	X	wnmplyr.exe	Added by a variant of the WIN32.RBOT WORM!
Quicktime Pro 3.0	X	winuodps.exe	Add by the GAOBOT.BH WORM!
Quicktime Runtime	X	Qtimer.exe	W32.SpyBot worm variant
QuickTime Task	N	Qttask.exe	System Tray access to Apple's "Quick Time" viewer from version 5 onwards
QuickTime Task	X	qttasks.exe	CoolWebSearch parasite related.
Quicktime Task	X	random file name	NetVision dialer
QuickTime Update Completion x	N	quicktimeupdatehelper.exe	Different numbers caused by number of launches. So if 3 updates are made separately, 3 would appear (in theory)
QuicktimeMngr	X	QUICKTIMEMNGR.EXE	Added by a WOOTBOT.AW worm infection
QuickTimeUpdate	X	QuickUpdate.exe	Added by the Troj/Bifrose-CW TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Quicktlme	X	ru.exe	Adult content dialler
QuickTV	U	QuickTV.exe	Infra-red remote control driver for the AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote control
Quickzip	X	Ls.exe	MsConnect browser hijacker and dialler
QuickZip	X	lu.exe	MsConnect browser hijacker and dialler
QuikShield	N	qkshield.exe	QuikShield popup blocker - reportedly stealth installed, see here
QuikSync	N	QUIKSYNC.EXE	Used by Iomega drives. Available via Start -> Programs
qwe	X	qwe.exe	Added by the TROJ/LINEAGE-F TROJAN!
QWS3270 Sessions	U	sessions.exe	QWS3270 Secure terminal emulation software
RA Server	X	Slave.exe	Added by the RA VIRUS!
RabbitWannaHome	X	rabbit.exe	Added by the W32.MIMAIL.S WORM!
Rabo Session Monitor	Y	RaboSessionMon.exe	Related to RaboBank electronic banking software
RadarSync	N	RadarSync.exe	Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically
RadBoot	U	RadBoot.exe	RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings
RadioSvr	U	RadioSvr.EXE	Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network
Rainlendar	U	Rainlendar.exe	Rainlendar is a customizable calendar that displays the current month.
RAM Idle Professional	U	RAM_XP.exe	RAM_Idle - a memory management program which manages the free RAM that is available to Windows, thus preventing your computer from running progressively slower over time.
RAMASST	U	RAMASST.exe	Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP\'s CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs
RamBooster2	X	rb.exe	Added by the AKAK VIRUS!
RAMDef	U	ramdef.exe	Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. Some users swear by programs such as this but I suggest you read this article and make up your own mind
RAMDrive	U	RDTask.exe	Virtual Hard Drive (Ram Drive) takes a portion of your system memory (RAM) and uses it to simulate a hard disk drive. For more information see FarStone
RamIdle	U	ramidle.exe	RAM Idle - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." Some users swear by programs such as this but I suggest you read this article and make up your own mind
RAMpage	U	RAMpage.exe	Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source
Randex virus built for IRBMe	X	irbme.exe	Added by a W32.Randex.RH worm infection
random 10-character filename	X	Winupdates.exe	Added by a W32/Rbot-MM worm infection
RandomWin32	X	mgnwin32.exe	Added by the W32/SDBOT-DV WORM!
rant	X	rant.exe	Added by the W32/RBOT-ZB WORM!
RapApp	Y	RAPAPP.EXE	Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch
Rapdata	X	ravsecs.exe	Added by the Troj/QQPass-V TROJAN!
Rapdatae	X	rabseuser.exe	Added by the TROJ/QQPASS-S TROJAN!
Rapid Restore	U	rrpcsb.exe	XPoint "Rapid Restore PC"; a "Managed Recovery� solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user."
RapidBlaster	X	rb32.exe	Homepage hijacker (adult content) - see this newsgroup thread
Raptelnet	X	ravspeger.exe	Added by the Troj/QQPass-AA TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Raptelt	X	ravspegtl.exe	Added by the Troj/QQPass-AB TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder and the Temp folder as temp~3
Raptor Mobile	Y	vpnservices.exe	Symantec VPN Client used to connect to corporate networks. If unchecked, must be uninstalled using Add/Remove Programs as it tightly integrates into networking
RasCon Remote Access Service Manager	X	rasmngr.exe	WORM_SPYBOT.EM
rasctrs	X	rasctrs.exe	Hijacker, also detected as the ADWAHECK TROJAN!
Rase	X	boln.exe	PurityScan/Clickspring adware
RasMan.exe	X	RasMan.exe	Added by the Troj/Feutel-H Trojan!
rate.exe	X	i11r54n4.exe	Added by the BEAGLE.E or BEAGLE.F or BEAGLE.G or BEAGLE.H or BEAGLE.I WORMS!
rate.exe	X	*******.exe ( = random char)	Unidentified adware
RAV8Tray	Y	ravtray8.exe	RAV anti-virus related
RAVEN_VLZS.EXE	X	RAVEN_VLZS.EXE	Another eAcceleration program - spyware. Read their privacy statement here
RavMon	Y	RavMon.exe	RAV AntiVirus
RavTime	X	Mstray.exe	Added by the WUKILL.A VIRUS!
RavTimer	Y	RavTimer.exe	RAV AntiVirus
RavTimer	X	explores.exe	Added by the Troj/Homey-A TROJAN! Note: This is not the legitimate Windows process explorer.exe (Notice the difference in the spelling.) This trojan file (explores.exe) is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
RavTimeXP	X	(worm filename)	Added by the WULLIK.B VIRUS!
RavTimeXP	X	Virus	Added by the CAGER.A WORM!
RavTimXP	X	(worm filename)	Added by the WULLIK.B VIRUS!
RavUptpe	X	ravsesur.exe	Added by the TROJ/QQPASS-T TROJAN!
rav_temp.exe	?	rav_temp.exe	??
RAX SYSTEM	X	scrigz.exe	Added by the MYTOB.KR WORM!
Ray Process Killer	N	Prkill.exe	Ray Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL ALT DEL instead
razertra	Y	razertra.exe	razer diamondback mouse driver
rb32 lptt01 or rb32 ml097e	X	rb32.exe	Variant of the RapidBlaster parasite (in a "RapidBlaster" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
rbenh ml***e	X	rbenh.exe	Variant of the RapidBlaster parasite (in a "RBEnhance" folder in Program Files) where *** represents random digits. It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Rcf Driver	X	rcf.exe	Added by the RANDEX.BLD VIRUS!
rCron	X	rcron.exe	"Switch" adult content dialer
rCron	X	dservice.exe	"Switch" premium rate adult content dialer
RCScheduleCheck	U	RCSCHED.EXE	Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"
RCSync	X	RCSync.exe	PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware
RDClient	U	RDCLIENT.EXE	Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection
RDLL	X	RunDll16.exe	Added by the SDBOT.F WORM!
rdvs	X	(worm filename)	Added by the ULTIMAX VIRUS! <filename.exe> is the worm filename created
Reactor3	X	[random name]32.exe	Added by the W32.BOFRA.A WORM!
Reactor5	X	[random name]32.exe	Added by the W32.BOFRA.D WORM!
Reactor6	X	[random name]32.exe	Added by the W32.BOFRA.C WORM!
Reactor6	X	[random name]32.exe	Added by the W32.Mydoom.AK WORM!
Reactor7	X	[random name]32.exe	Added by the W32.BOFRA.B WORM!
Reactor8	X	[random name]32.exe	Added by the W32.BOFRA.E WORM!
Reactor9	X	[random name]32.exe	Added by the W32.BOFRA.E WORM!
readdb40	X	rundll32.exe (path) readdb40.dll,EnableRunDLL32	LZIO.com adware downloader
Real Internet Player	X	Reaiplay.exe	Added by a variant of the W32.SPYBOT WORM!
Real player updater	X	realupd.exe	Added by the PARLAY VIRUS!
real scheduler	X	real scheduler.hta	Added by the CEEGAR TROJAN!
Real Spy Monitor	U	Winrsm.exe	Realspy keystroke logger/monitoring program - remove unless you installed it yourself!
Real Statics Agent	X	ccreal.exe	Added by a variant of the WIN32.RBOT WORM!
Real-Tens	X	Real-Tens.exe	DownloadWare based advetising spyware
RealAudio	X	RealAudio.exe	Added by the CEEGAR TROJAN!
RealDownload	N	RealPlay.exe	Download manager. Available via Start -> Programs
RealDownload Express	X	npnzdad.exe	Advertising spyware
Reality Fusion GameCam SE	N	RFTRay.exe	System Tray access for Logitech's Reality Fusion GameCam. For more details see here. Available via Start -> Programs
RealJukeboxSystray	N	tsystray.exe	System Tray icon for RealJukebox
realone_nt2003	X	moniker.exe	Added by the SNONE.A VIRUS!
RealP1ayer	X	[path to file]	Added by the RPLAY.A TROJAN! **Note that the name has a number "1" in place of the second lower case "L"
realplay	N	realplay.exe	System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
realplay lptt01 or realplay ml097e	X	realplay.exe	Variant of the RapidBlaster parasite (in a "RealPlay" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not RealPlayer which can have the same executable name
Realplayer Codec Support	X	realsched.exe	Added by the W32/AGOBOT-AAD WORM - NOTE - do NOT confuse with the Real Player executable as described here
Realplayer One	X	realplay.exe	Added by the W32/RBOT-NK WORM!
RealPlayer2	N	MsgCenterExe	RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way.
RealPlayerUpdater	X	realupd32.exe	Added by the TROJ/LOHAV-T TROJAN!
Realpopup	?	Realpopup.exe	RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"
Realsched	N	realsched.exe	Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry
Realtime Audio Engine	U	mmrtkrnl.exe	Associated with ALCATech BPM_Studio
Realtime Monitor	Y	realmon.exe	Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates
RealTimeUpdate	?	RealTimeUpdate.exe	Product description in properties is "InternetExplorerCommunicationAgent Module" ?
RealTray	N	RealPlay.exe	System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences
RealUpdater	X	realupd.exe	Added by the PARLAY or MITGLIEDER.I VIRUSES!
RebateNation0	X	RebateNation0.exe	WebRebates adware variant
Reboot	N	Reboot.exe	MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards
Recguard	Y	recguard.exe	On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense
Reclip	N	reclip.exe	Reclip Popup Clipboard manager
Recommended Hotfix - {0421701D-CF13-4E70-ADF0	X	RH.DLL	SmartPops adware
Recover	N	N/A	Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete
RecoverFromReboo	?	RecoverFromReboot.exe	Unknown
RecoverFromReboo	?	RECOVE~1.EXE	Unknown
RecoverFromReboot	?	RECOVE~1.EXE	Unknown
RecoverFromReboot	?	RecoverFromReboot.exe	Unknown
RecShe	N	RecSche.exe	Recording scheduler for WatchTV Capture Card (TV Tuner card)
Recycle Bin Handler	X	recycler.exe	Added by the TROJ/SHUCKBOT-A TROJAN!
Recycle Bin Handler 2005	X	system.exe	Added by the TROJ/BDOOR-HO TROJAN!
RecycleSTR	X	msreg32.exe	Added by the W32/RBOT-TC WORM!
Red Flag	N	redflag.exe	PMS prediction program with modes for guys and girls - no longer available
Red Swoosh EDN Client	X	RSEDNClient.exe	Red Swoosh - mechanism used by web sites to allow you to download files from those sites quicker and more efficiently. Note from the license agreement they automatically update the software and share non-personally identifiable information with others in the network
redirect	X	redirect*.exe	Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit
Redline Taskbar	N	taskbar.exe	Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
REEGRUN	X	(path to file)	Added by the SECDROP.AI TROJAN
Reek 32 Server	X	reek32.exe	Added by the RANDEX.AL WORM!
Referee	U	referee.exe	MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run
Refresh	N	Refresh.exe	(Iomega) Refresh - loads the Iomega desktop icons at startup
Reg	X	Reg.hta	Homepage hi-jacker. Removal instructions here
Reg Check	?	lpt.exe	Related to Supanet ISP software -what does it do and is it required?
Reg Service	X	winsy.exe	Added by a variant of the W32.SpyBot WORM!
Reg Service	X	winslogon.exe	Added by the W32/AGOBOT-SC or W32/Agobot-SY WORM!
Reg Service	X	REGSRV32.EXE	Added by the RBOT.ZW WORM!
Reg Service	X	ipcfg.exe	Added by the W32/Agobot-SO Worm!
Reg Service		WinnConfig.exe	Added by the W32/Agobot-PF Worm!
Reg Services	X	Winboot32.exe	WORM_RBOT.PB
reg1.reg	X	vuamgard.exe	Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
reg2.0	U	SVCH0ST.EXE	Added by the eSpyNow surveillance software. Uninstall this software unless you put it there yourself. Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
Reg32	X	Reg32.exe	Hijacker - redirecting to only-virgins.com
reg32	X	reg32.exe	Added by the NOUPDATE.B VIRUS!
Reg32	X	reg33.exe	CoolWebSearch parasite related.
Regcheck	X	~CAB001.EXE	Added by the CYBERSPY VIRUS!
regcheck	X	[path to file]	Added by the SERVPAM TROJAN!
RegCleaner	X	SYSio32.exe	Added by an unidentified virus VIRUS!. Note - do not confuse this with the popular RegCleaner registry cleaner freeware
RegCompres	X	Regcpm32.exe	Added by the POLDO.B VIRUS!
RegCompres	X	REGCPM32.EXE	Adult content dialler - see here. This has to be cleared at the same time as MSStartOptimizer (WINUPD.EXE), atisrc2 (windfind.exe) and mmxrun (msosa.exe), otherwise they return
Regcxdinaf	X	REGCXDINAF.EXE	Added by the TROJ/BANCOS-BW TROJAN!
Regcxn	X	Regcxn.exe	Added by the COIBOA-D TROJAN!
regdefend	U	regdefend.exe	RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage.
RegDone	X	winlogon.exe	Added by NEVEG.A WORM! Note - this is not the valid Windows Logon process winlogon.exe process. It should not appear in Msconfig/Startup!
RegDone	X	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe) process
RegDone Ex	X	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
RegDoneEx	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
regedit	X	regedit.exe	Added by the BRID.A VIRUS! Note - resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). The valid "regedit.exe" resides in C:\Windows (Win9x/Me/XP) or C:\Winnt (WinNT/2K)
REGEDIT	X	Regsrv32.com	Added by the SOUTHGHOST VIRUS!
regedit	X	svchost.exe ccRegVfy	Added by the Trojan.Rona Trojan!
regedit	X	autoexe.exe	Added by a variant of the WIN32.RBOT WORM!
Regexit	X	Updadv.exe	Added by the Troj/QQPass-N TROJAN!
Regexit	X	runlli32.exe	Added by the Troj/QQPass-U TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
RegFreeze	U	regfreeze.exe	RegFreeze anti-spyware software
reggsdg	X	spoolserv.exe	Added by the W32/SDBOT-MS WORM!
RegHelp	U	svchosts.exe	SpyGraphica spy software - "Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world."
reginfo32	?	reginfo32.exe	??
Register Manager	X	RegistryManage.exe	Added by the SDBOT.AYH WORM!
Register MediaRing Talk	N	register.exe	If you don't want to register MediaRing and be reminded about it every bootup disable it
Register SeqChk	?	regsvr32.exe ..csseqchk.dll	?
RegisterDropHandler	U	REGIST~1.EXE	Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Registration Service	X	toker.exe	Added by the W32/SDBOT-BB WORM!
Registration-Studio 8	N	RegTool.exe	Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems
Registry	X	wscript.exe	Added by the VBSWG VIRUS!
Registry	U	class0117[random].exe	Blackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install it.
Registry Checker	X	Regrun.exe	Added by the SDBOT TROJAN!
Registry Checkup	X	winreg.exe	Added by an unidentified WORM or TROJAN!
Registry Checkup System326a Monitor	X	Winregs326a.exe	Added by a variant of the W32/SDBOT WORM!
Registry Integrity Checker	X	regintmon.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Registry Integritycheck	X	WCPDT.EXE	Added by the W32/AGOBOT-RF WORM!
Registry Loader	X	regloadr.exe	Added by the GAOBOT.AO WORM!
Registry Loader	X	winhlpp32.exe	Added by the GAOBOT.AO WORM!
Registry oidet	X	win32.exe	Added by the RBOT.BMT WORM!
Registry Scanner	X	regscanr.exe	Added by the OPTIX LITE FIREWALL BYPASS VIRUS!
Registry Server	X	regsrv32.exe	Added by the W32/Rbot-GM WORM!
Registry Service	X	REGSRV32.EXE	Added by a variant of the WIN32.RBOT WORM!
Registry Services	X	Registry.exe	Added by the DOWNLOADER.CILE VIRUS!
Registry Startup Check	X	checkreg.exe	Added by the Troj/RemLoad-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Registry System16 Checkup Monitor	X	SystemReg16.exe	Added by a variant of the WIN32.RBOT WORM!
Registry System166 Checkup Monitor	X	SystemReg166.exe	Added by a variant of the WIN32.RBOT WORM!
Registry Value Name	X	service.exe	Added by the W32/RBOT-AHT WORM!
Registry Value Name	X	winapi32.exe	Added by a variant of the WIN32.RBOT WORM!
Registry Value Name Start	X	MsPMSPSa.exe	Added by a variant of the W32/SDBOT WORM!
RegistryCheck	X	rundll32.exe chkreg.dll,CheckRegistry	Ulubione adult content dialer
RegistryChk	X	winbackup.exe	Added by the MERTIAN VIRUS!
RegistryMechanic	U	RegMech.exe	Registry Mechanic for Windows - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"
RegistryMonitor	X	registry.pif	Affilred adware
REGIST~1	U	REGIST~1.EXE	Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation
Regkey for autostart	X	winservice.exe	Added by the W32/RBOT-NU WORM!
REGMSYS	X	(Path of Executable)	Added by the Troj/LowZone-AX TROJAN!
RegMutex	X	lexplore_.exe	Added by the Troj/MSNOpt-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
RegProt	Y	Regprot.exe	RegistryProt from Diamond Computer Systems - protects the system registry against changes
Regptmens	X	REGPTMENS.EXE	Added by the Troj/Bancos-ED TROJAN!
Regro	X	rundll132.exe	Added by the PWSteal.Ragnarok TROJAN! Note: This trojan file rundll132.exe (Notice the 1 in the file name) is not the legitimate Windows Process (rundll32.exe). Do not confuse the two. This trojan file is found in the Windows or Winnt folder.
RegRun	X	mActiveX.exe	Adware downloader - also detected as a variant of the TROJ_LOWZONES.BW or TROJ_AGENT.RD TROJAN!
REGRUN	X	winfix22490.exe	Adware downloader - also detected as a variant of the TROJ_LOWZONES.BW or TROJ_AGENT.RD TROJAN!
REGRUN	X	(pathname of the Trojan executable)	Adware downloader - also detected as a variant of the TROJ_LOWZONES.BW or TROJ_AGENT.RD TROJAN!
REGRUN	X	sory.exe	Adware downloader - also detected as a variant of the TROJ_LOWZONES.BW or TROJ_AGENT.RD TROJAN!
REGRUN	X	regeditt.exe	Adware downloader - also detected as a variant of the TROJ_LOWZONES.BW or TROJ_AGENT.RD TROJAN!
REGRUN	X	dialer.exe	Adware downloader - also detected as a variant of the TROJ_LOWZONES.BW or TROJ_AGENT.RD TROJAN!
RegRun WinBait	U	winbait.exe	Part of RegRun - used to detect unknown viruses. RegRun compares winbait.exe with the original copy called winbait.org and warns if the files are different..
Regrun2	Y	WatchDog.exe	Greatis Software's RegRun 3 Security Suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's, viruses, etc
REGRUNM	X	autoprotect.exe	Added by an unidentified WORM or TROJAN!
Regrx	X	rundll32.exe	Added by the TROJ/WAYIC-A TROJAN! - NOTE: this file is found in the C:\Windows folder, and is not to be confused with the legitimate rundll32.exe file, always located in the Windows folder on Win 98 and ME systems, and in the Winnt\System32 or Windows\System32 folder in Windows XP and NT!
Regscan	X	regscanr.exe	Added by the TROJ/OPTIX-SE TROJAN!
RegScan	X	DLLSRV32.EXE	Added by the AGOBOT.AEW WORM!
RegScan	X	Regscan.exe	Added by the BACKDOOR.TALEX TROJAN!
RegServer	?	regserve.exe	Related to XGI Technology's Volari graphics cards - what does it do and is it required?
regservices.exe	X	regservices.exe	Added by a W32/Rbot-MN worm infection
RegShave	N	regshave.exe	Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly
regsrv	X	regsrv.exe	Added by the OPTIXPRO.11 VIRUS!
regsrv	X	scvhost.exe	Added by the AGOBOT.E WORM!
regsrvc	X	regsrvc.exe	Added by the TROJ/STOPED-A TROJAN!
Regsv	X	regsv.exe	Search hijacker - redirecting to scheo.com
regsvc	U	systune	Added by AceSpy SPYWARE! ** Treat as an X if it wasn't intentionally installed.
Regsvc	X	regsv.exe	Added by an unidentified TROJAN!
regsvc32	X	regsvc32.exe	Homepage hijacker that changes your homepage to an adult content site
regsvr	X	regsvr.exe	Added by the WEBMONEY-G TROJAN!
REGSVR32	U	regsvr32.exe ctasio.dll	ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
RegSvr32	X	msmsgs.exe	Added by the Trojan.Zlob.B or Troj/Zlob-M TROJAN!
regsync	X	regsync.exe	SafeSurfing adware
regtmlp	?	N/A	??
RegTweak	U	RegTwk.exe	Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface
RegVer	X	REGVER.EXE	Added by the LATINUS.16 VIRUS!
RegWrite	X	csrss.exe	Added by the SOKACAPS VIRUS! Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling
Regx10EXE	U	atix10.exe	ATI Remote Wonder - PC wireless remote control
reg_key	X	FUKULAMER.exe	Added by the BEAGLE.AH WORM!
reg_key	X	loader_name.exe	Added by the BEAGLE.Y or BEAGLE.Z or BEAGLE.AA WORMS!
reg_run	X	Systen.exe	Added by the TROJ/BANCOS-BS TROJAN!
Reg_WFT	X	Regsysw.com	Added by the WILSEF VIRUS!
Reg_WFT	X	scanreg32.com	Added by the Troj/SennaSpy-F Trojan!
ReleaseRAM	U	RRAM.exe	"Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". Some users swear by programs such as this but I suggest you read this article and make up your own mind
reload	X	reload.vbs	Added by the LOVELETTER.AS VIRUS!
Reload	X	reload.exe /reloadenterpice	Added by the Lazar TROJAN!
RemHelp	N	Remhelp.exe	BT Voyager ADSL Modem Help related
Reminder	N	reminder.exe	From MS Money. Reminds you of your bills
Reminder	N	Remind_XP.exe	Subscription reminder to unlock unkimited use for SoftThinks CD Creator CD/DVD rewriting software, usually supplied with HP PC's as a pre-installed package
Reminder-cpqXXXXX	N	remind32.exe	Compaq printer Registration
Reminder-hpcXXXXX	N	remind32.exe	HP CD-Writer Registration
Reminder-ranXXXXX	N	remind32.exe	Registration reminder widget for Rand Mcnally maps
reminder-ScanSoft Product Registration	N	remind32.exe	Registration reminder for ScanSoft products such as PaperPort
RemindMe	U	RemindMe.exe	Remind-Me - calendar software
Remind_XP	N	Remind_XP.exe	Subscription reminder to unlock unkimited use for SoftThinks CD Creator CD/DVD rewriting software, usually supplied with HP PC's as a pre-installed package
Remndr	X	CsRemnd.exe	CasinoOnline foistware
Remote Access	U	rnaapp.exe	Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed
Remote Access Slave	X	Synchost.exe	Added by the RIPJAC VIRUS!
Remote Control	N	Rc.exe	Hinet Hi-Five ISP software
Remote Controller	N	TVRMVCR.EXE	ProLink PlayTVpro TV tuner software
Remote Desktop Computing	U	marspc.exe	Marspc Remote Desktop Computing
Remote Management Agent	U	zenrc32.exe	Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation
remote master	U	remote master.exe	Required if you want your ASUS Remote control to work at all. Available via Start -> Programs
Remote Procedure Call	X	winsysrpc.exe	Added by a W32/Sdbot-PS worm infection
Remote Procedure Call	X	winrpc.exe	Added by a W32/Rbot-KM worm infection
Remote Procedure Call For Windows 32bit	X	rpc.exe	Added by a W32/Rbot-MD worm infection
Remote Procedure Call Locator	X	RUNDLL32.EXE reg678.dll ondll_reg	Added by a variant of the LOVGATE WORM!
Remote Procedure Calls	X	mswinrpc.exe	Added by a RBOT.KJ worm infection
Remote Procedure Calls	X	mswinc.exe	Added by the W32/RBOT-IT WORM!
Remote Procedure Calls	X	win.exe	Added by the W32/SDBOT-QI WORM!
Remote Update Monitor	Y	imonitor.exe	Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer.
RemoteAgent	Y	RAUAgent.exe	Trend Micro's Office Scan Client, see here ; "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates".
RemoteCenter	U	RcMan.exe	Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats
RemoteControl	U	rmctrl.exe	Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
RemoteControl	U	PDVDServ.exe	Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one
Remote_Agent	N	RemoteAgent.exe	Cyberlink Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings, you will need this, otherwise can be disabled. Available via Start -> Programs
REMOVE ME	X	windos.exe	Added by the SDBOT.EE WORM!
Removecpl	N	Removecpl.exe	Related to a Belkin 54Mbps Wireless Utility Control Panel applet
Removed.exe	X	Removed.exe	GatorCheat - adware downloader
RemStart	?	remstart.exe	Part of McAfee\'s Remote Desktop 32 Agent application. What does it do and is it required?
RenolB	?	ib.exe	??
RepliGo Assistant	U	RepliGoMon.exe	Cerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"
ReproPRD	U	PrdUsb.exe	Thrustmaster Corporation Presets application - a game controller driver, presumably necessary for certain functions to work
requester	X	requester.*.exe	Added by a variant of the Win32.Muquest.A trojan - NOTE: the asterisk stands for a digit, examples: requester.5.exe, requester.10.exe
Requester	X	requester.11.exe	Added by the Muquest TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Required Service Drivers	X	micront.exe	Added by the W32/RBOT-ABD WORM!
resagnt	X	restun.exe	Adware downloader - detected by Panda antivirus as Trj/Downloader.ALQ
reseurce	X	(Path to Trojan)	Added by the Troj/Lineage-AI TROJAN!
Resolution Assistant	N	matcli.exe	Dell Resolution Assistant. "matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide
Resource Meter	N	rsrcmtr.exe	Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes
Restart Watch	?	Watch.exe	Associated with an Eicon Networks Diva ISDN or ADSL modem. What does it do and is it required?
Restart WSC Setting	U	wscrestp.exe	WinStart Commander - part of Ultra_WinCleaner_Utility_Suite . Starts Windows faster and controls hidden programs to boost performance and prevent system slow downs and crashes.
Restart_VS	?	Viewsonic.exe	Could be a left-over from the installation of a Viewsonic flat panel display
RestoreIT!	Y	VBPTASK.EXE	RestoreIT! from FarStone "allows you to recover instantly your files, system configuration, and even your operating system, to any point in time prior to the data loss or system failure."
restory	X	restory.exe	Added by the RETSAM VIRUS!
Resume Copy	U	copyfstq.exe	Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function
ResumeFixClocks	U	resumefix.exe	Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards
retime	X	retime.exe	Added by the GIPMA VIRUS!
RetrieverScheduler	U	retrieverscheduler.exe	80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available
RevoTaskbarApp	U	RevoTask.exe	Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it; but changes to speaker setup and sound modification (Bass/Treble etc) will not be available.
RexSyMon	N	rexsymon.exe	Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC
RF	X	EC.exe	Added by the Troj/Lineage-U TROJAN!
rfagent	U	rfagent.exe	Registry_First_Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders
RFTray	X	RFTRay.exe	Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs
rfw	Y	Rfw.exe	RAV AntiVirus
RFX_auto_upgrade	N	rundll32.exe npvpg005.dll	A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade
RH	U	rh32.exe	EuroFonts - adds Euro symbols to pre-Euro computers
Rhino	X	[random name]32.exe	Added by the W32.BOFRA.A WORM!
RhinoBlocker	U	RhinoBlocker.exe	RhinoBlocker - pop-up stopper
RHSI SHS	N	SHS.exe	Rogers Hi-Speed Internet software. "Should you ever lose access to your Rogers Hi-Speed Internet connection or e-mail, the Self-Healing Software (SHS.exe) will automatically repair your settings to get you up and running in a flash"
richup	X	richup.exe	SafeSurfing parasite variant
Ring Central Fax	U	rcenterrll.exe	Only needed if you want a PC to answer faxes automatically
rIOphosIs	X	rIOPHosIs.vBS	Added by the RIOSYS VIRUS!
RivaTuner or RivaTunerStartupDaemon	U	RivaTuner.exe	RivaTuner for tweaking nVidia graphics cards. Required if you make any changes
RjLyraInstaller	?	setup.exe	??
rmctrl	U	rmctrl.exe	Remote Control background application for CyberLink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one
rmmon	N	mprmmon.exe	Resource Monitor for the now defunct Chromatic Research MPact2 3DVD graphics card
RMremote	?	RmRemote.exe	Remote control driver for REALmagic Xcard. Is it required?
rn4d	X	dirote.exe	Added by the BKDR_MAROON.A TROJAN!
Rnaomflt	U	naomf.exe	Naomi internet filtering software
RNBc Test	X	wf32vbs.exe	Added by the W32/Rbot-AGR WORM!
RNBc Test	X	bvldv32.exe	Added by the W32/Rbot-AJF WORM!
RNBOStart	U	sentstrt.exe	Program used to initialise the VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that plug-in to the parallel port. These are usually supplied with workplace design tools and restrict the use of the software only to the machine to which the H/W key is connected. Required if you have such tools
RNBz Test	X	wf32vbc.exe	Added by the W32/Rbot-AEY Worm!
RNDc Test	X	wf32b.exe	Added by a variant of the W32/SDBOT WORM!
rndll2	?	rndll2.exe	May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?
rngmf	X	(path to trojan)	Added by the RANKY.C VIRUS!
Rnudll32	X	tadxtr.exe	Added by the TROJ/QQPASS-O TROJAN!
Roam04	X	ActiveX.exe	Added by the Troj/Roamer-A TROJAN! Note: This worm/trojan file is found in the Windows or Winnt folder.
RoboForm	N	RoboTaskBarIcon.exe	Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin
RoboFormWatcher	N	RoboFormWatcher.exe	AI Roboform from Siber Systems. Automatically completes web forms. Available via Start -> Programs
Rocket.Time	U	RocketTime.exe	Time synchronization software from Rocket Software
roketpipe	?	rpclient.exe	??
rollbk	X	sysup.exe	Added by the W32.Serflog.B WORM
rollbk	X	svosm.exe	Added by the W32.Serflog.B WORM
rollbk	X	msmpatch.exe	Added by the W32.Serflog.B WORM
rollbk	X	dsm.exe	Added by the W32.Serflog.B WORM
romahere	X	matrixhere.exe	SuperSpider hijacker - a CoolWebSearch parasite variant
romahere2	X	***********.exe ( = random char)	SuperSpider hijacker - a CoolWebSearch parasite variant
romahere3	X	***********.exe ( = random char)	SuperSpider hijacker - a CoolWebSearch parasite variant
Root_Machine	X	(Pathname of the Trojan exe)	Added by the Troj/Bancban-DI TROJAN!
ROOT_Machine	X	winlogon.exe	Added by the Troj/Banker-FI TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the Windows\inf or Winnt\inf folder.
ROUTD	?	ROUTD.exe	??
RoxAssist	N	RoxAssist.exe	Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel".) .Can be run manually
Roxio Engine	?	MSMNGR32.EXE	Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A VIRUS!
RoxioAudioCentral	N	RxMon.exe	Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly.
RoxioDragToDisc	N	DrgToDsc.exe	Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
RoxioEngineUtility	Y	EngUtil.exe	Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
RP32	U	rp32.exe	ControlIT (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems.
RPC	X	MSschost.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
RPC Patcher	X	(path to worm)	Added by the BOLGI VIRUS!
rpc Win32	X	shost32.exe	Added by the W32/RBOT-ABL WORM!
rpc Win32	X	spoolscv.exe	Added by a variant of the WIN32.RBOT WORM!
rpcda Win32	X	rpcda.exe	Added by the W32/Rbot-AE Worm!
RPCserr32g	X	winlogon.exe	Added by the W32/Ritdoor-B WORM! Note: This trojan file is found in the Windows (95/98/ME/XP) or WINNT (NT/2000) folder.
RPCserv32	X	services.exe	Added by the W32.MYDOOM.AL WORM! - Note - this is NOT the legitimate Windows services.exe process, which should NOT figure in Msconfig/Startup!
RPCserv32g	X	services.exe	Added by the MYDOOM.BH WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
RPCserv32g	X	services.exe	Added by the W32.BOBAX.AA WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
RPCserv32g	X	services.exe	Added by the W32/MYDOOM.BV WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
RPCserv32g	X	MSDEFR.EXE	Added by the BOBAX.AD WORM!
RPCserv32g	X	NB32EXT2.EXE	Added by the BOBAX.AD WORM!
RPCserv32g	X	CSRSS.EXE	Added by the BOBAX.AD WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
RPCserv32g	X	SMSS.EXE	Added by the BOBAX.AD WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows smss.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
RPCserv32g	X	WINLOGON.EXE	Added by the BOBAX.AD WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows winlogon.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
RPCSS.exe	Y	rpcss.exe	Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here
RpcxWindows Extensions	X	rpcxwinex.exe	Added by the RBOT.ACP WORM!
rreg	X	rreg.exe	Unidentified adware
RRMedic	X	rrmedic.exe	Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection
rscmpt	U	rscmpt.exe	Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status
RSD_HDDThermo	N	HDD Thermometer.exe	Related to RSD_Software hard disk temperature monitoring tool.
rsMenu	U	rsMenu.exe	Synchronizes a Casio PDA with MS Outlook
RSPC Driver	X	(random filename)	Added by the W32/RBOT-SN WORM!
RSPC Driver D	X	(random filename)	Added by a variant of the WIN32.RBOT WORM!
RSRCMTZ	?	RSRCMTZ.exe	??
RSS	X	rundll32 RSSToolbar.dll, DllRunMain	"Related Sites" toolbar - SearchAndClick hijacker variant
RssReader	U	RssReader.exe	RssReader - a free RSS reader able to display any RSS and Atom news feed (XML)
RSync	X	netsync.exe	SafeSurfing adware
rtcdll	X	rtcdll.exe	Unidentified adware
RTHDCPL	Y	RTHDCPL.EXE	Realtek HD Audio Sound Effect Manager
RtlMon.exe	N	RtlMon.exe	Monitor for RealTek network card
RTMonitor	Y	RTMonitor.exe	Cheyenne, ( now eTrust ) antivirus
rtos	X	rtos.exe	IRC trojan
RTStartMute	?	N/A	??
rtvscn95	Y	RTVSCN95.EXE	Real-time virus scanner component of Norton Anti-Virus Corporate Edition
Ruby13	X	Ruby13.exe	Added by the MEXER.E worm
Ruby14	X	Ruby14.exe	Added by the W32/FIGHTRUB-A WORM!
ruin	X	system32.exe	Added by the TROJ/DELF-JM TROJAN!
RuLaunch	U	RuLaunch.exe	Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
run	X	dec25.exe	Added by the W32.ATAK.F WORM!
run	X	inetinfo.exe	Added by the Backdoor.Binghe TROJAN!
run	X	Autoexec.com	Added by the HOLCAS.A WORM!
Run Msn Messenger	X	msnmgr.exe	Added by the AGOBOT.HA WORM!
Run MSupdt32	X	wscript MSupdt32.vbs	Added by the CASER VIRUS!
Run POPFile in background	U	perl.exewperl.exe	POPFile - E-mail spam blocker
Run Services as Application	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Run Services as Application	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Run Services as Application	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Run Services as Application	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Run Services as Application	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Run Services as Application	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Run Services as Application	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Run Services as Application	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
Run StartupMonitor	U	StartupMonitor.exe	Mike Lin's StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
Run TaskMrg	X	csrss.exe	Added by the TROJ/LDPINCH-W TROJAN!
run windows	X	servic.bat	Added by the REBOOT-AP TROJAN!
Run XP Service Pack	X	xpservicepack.exe	Added by a Sdbot.AQA worm infection
Run05	X	rundll_32.exe	Added by the Troj/Bancos-DT TROJAN!
run32dll	X	WINClock.exe	Unidentified mIRC VIRUS!
run32dll	X	task32.exe	Unidentified mIRC VIRUS!
Run32dll	X	ocxdll.exe	Unidentified mIRC VIRUS!
run=	X	info32.exe	CoolWebSearch parasite variant.
run=	N	cmmpu.exe	MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)
run=	N	hpfsched	HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
run=	N	lxdboxcp.exe	Lexmark DOS-Printing Control Program for the Lexmark 2050. Only required if you need to print from DOS
run=	N	pcfix2k.exe	pcfix2k splash screen
run=	X	ptlseq.cpl	PhoenixNet BIOS adware. See here
run=	U	ramsys.exe	Advanced Startup Manager from Rays Lab
run=	?	wallflip.exe	Desktop wallpaper changer?
run=	X	svcinit.exe	CoolWebSearch parasite related.
run=	X	fntldr.exe	CoolWebSearch parasite related.
run=	Y	smsrun16.exe	Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the client and then launch SMS client programs
run=	X	RAVMOND.exe	Added by a variant of the LOVGATE WORM!
run=	X	real.exe	Added by a variant of the LOVGATE WORM!
run=	?	LXBTppls.exe	Reportedly part of Lexmark printer software - what does it do and is it required?
run=	X	cyxid98.exe	Unidentified malware
run=	X	iexpIore.exe	Added by the OBLIVION-B TROJAN!
run=	X	services.exe	Krepper-G trojan, a CoolWebSearch parasite variant. Note - this is NOT the legitimate services.exe process, which should NOT figure in Msconfig/Startup!
run=	X	mouse_configurator.win	Added by the VBS.GAGGLE.E WORM!
run=	X	RegistryReminder.exe	Added by the APSTROJAN.OB TROJAN!
run=	X	msxmidi.exe	CoolWebSearch parasite variant -recognized by Kaspersky antivirus as TrojanDropper.Win32.Small.cw
run=	X	wmplayer.exe	CoolWebSearch parasite variant - Note: this is not the Windows Media Player executable!
run=	X	winlogon.exe	CoolWebSearch parasite variant - Note - this is NOT the legitimate Windows winlogon.exe process!
run=	X	Msvxd.exe	Added by the W32.DATOM WORM!
run=	N	fmedia.exe	FMedia FaxWorks related - can be run manually
run=	Y	wswpd.exe	Used with some models of Panasonic, Epson and NEC printers - required for printer to work.
run=	Y	asistat.exe	Used with some models of Panasonic, Epson and NEC printers - required for printer to work.
run=	X	msreg32.exe	Added by the BACKDOOR-FORCEDENTRY TROJAN!
run=	X	clean_service.cmd	Added by the W32.Refaz WORM!
run=	X	Autoexec.com	Added by the HOLCAS.A WORM!
run=	X	htmlsync.exe	Searchforfree.info browser hijacker
run=	X	msoffice.exe	Added by the ADWARELOADER TROJAN! - NOTE: Do NOT confuse with the (legitimate) Microsoft Office file, which would typically be located in the Program Files\Microsoft Office\Office folder!
run=	X	DRDOOM.EXE	Added by the W32/SEMAPI-A WORM
run=	X	svhost.exe	Added by the ADMINCASH.B TROJAN!
run=	X	Celine.scr	Added by the TROJ/CELINE-A TROJAN!
run=	X	services.exe	Added by the TROJ/KREPPER-N TROJAN! - NOTE - this file is placed in a inet10066 folder in Winnt or Windows , and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
run=	X	dllreg.exe	Added by the TROJ/DUMARU-L TROJAN!
run=	X	mdm.exe	Added by the TROJ/PROXY-GG TROJAN!
RunAlert	U	AService.exe	MSI MOtherboard PC Alert III - MSI motherboard monitoring software. Only required if you "overclock" your system
runAP	N	runAP.exe	Not required but what is it?
Runapp32	X	Runapp32.exe	Added by the NEODURK VIRUS!
RunBack	X	LaunchBD.exe	MyBackDrop - is or bundles a GoGotools adware variant. See privacy_policy
RunBD	X	backdrop.exe	MyBackDrop - is or bundles a GoGotools adware variant. See privacy_policy
RunCA	Y	InvokeSvc3.exe	Wireless-G USB Wireless Network Adapter related - would appear to be required
Rund11	X	Rund11.EXE	Added by the W32/Mario-C WORM!
rund1132	X	rund1132.exe	Added by the W32/DOPBOT-A WORM!
Rund1132.exe	X	Rund1132.exe	Added by the Troj/StartPa-HS TROJAN!
Rund1l32	X	Winfi1e32.exe	Added by the MERTIAN VIRUS!
Rundil32	X	Updadv.exe	Added by the Troj/QQPass-N TROJAN!
Rundil32	X	runlli32.exe	Added by the Troj/QQPass-U TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
rundl332	X	math.exe ...pluged.exe	Added by the DOOMJUICE VIRUS!
rundli32	X	rundli32.exe	Added by the LADE VIRUS!
Rundli32	X	runlli32.exe	Added by the Troj/QQPass-U TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
RunDLL	X	rundll32.exe bridge.dll, Load	Flingstone.com browser hijacker
Rundll	X	Rundll~.exe	Added by the W32/DELF-KT TROJAN!
Rundll	X	rundll32.exe [random file name].dll "taskmon"	Added by the MYTOB.IG WORM!
RunDll	X	RunDll.exe	Added by Troj/QQPass-AH TROJAN!
rundll###	X	die.exe and either ttg.exe or secure.exe or mdll.exe or secure.bat	Added by the SUMTAX VIRUS! where ### is 134, 569, 777 or 946
Rundll16	X	Rundll16.exe	Added by any number of VIRUSES!
Rundll32	X	Rundll32.exe	Added by the DVLDR VIRUS! Note - this is not the valid "Rundll32.exe" as it\'s in the Windows\Fonts directory
RUNDLL32	N	RUNDLL32.EXE NvQtwk, NvCplDaemon	System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)
RunDLL32	N	RunDLL32.exe NvMCTray.dll, NvTaskbarInit	System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
rundll32	U	Rundll32.exe Wf2kcpl.dll DllLoadDefaultSettings	Loads default settings for Leadtek Winfast graphics cards
RunDLL32	X	winupdate.exe	Unidentified VIRUS! - possibly a BMBOT variant
Rundll32	X	Windows.exe	Added by the QQPASS.E VIRUS!
rundll32	X	(path to worm)	Added by the AUTEX VIRUS!
rundll32	X	rundll32.exe	Added by the SANKER VIRUS! Note that the valid "rundll32.exe" resides in C:\Windows\System32 wheras this version resides in C:\Windows
rundll32	X	csrss.exe	Added by the GUTTA TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
rundll32	U	RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent	Associated with a Bluetooth adapter. If disabled the error dialogue box disappears
RUNDLL32	X	rundl32.exe	Added by the W32/Demotry-A Worm!
rundll32	X	rundll32.exe	Added by the Troj/Agent-EZ keylogging TROJAN! Note: This trojan file is found in the System\SHELLEXT (95/98/ME) or System32\SHELLEXT (NT/2000/XP) folder. Do not confuse this with the real rundll32.exe which resides in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Rundll32 cmicnfg	N	Rundll32 cmicnfg.cpl, CMICtrlWnd	System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
Rundll32.exe	X	Proyecto1.exeRoot.exe	Added by the GRUEL VIRUS!
Rundll32.exe	X	(file name)	Added by a W32/Xelif-A worm infection
Rundll32_7	X	rundll32.exe MSIEFR40.DLL, DllRunServer	BrowserAid "Featured Results" hijacker variant
Rundll32_8	X	rundll32.exe inetp60.dll, DllRunServer	BrowserAid parasite variant
Rundll32_8	X	rundll32.exe C:\1.dll,DllRunServer	Added by BrowserAid adware
rundll64	X	(path to worm)	Added by the AUTEX VIRUS!
RundllSvr	X	Rundll.exe	Added by the W32.HUAYU WORM!
Rundllsystem32	X	Rundllsystem32.exe	Added by the NETDEVIL.B VIRUS!
Rundnm	X	Rundnm.exe	Added by the TROJ/DELF-HA TROJAN!
RUNGogoTools	X	LaunchAdware.exe	GoGoTools adware
RUNGogoTools	X	GoGoLaunch.exe	www.gogotools.com adware
RUNHYPER	X	hyperx.exe	Adware related downloader, detected as TrojanDropper.Win32.PurityScan.g
runing	X	win.exe	Added by the Troj/Delf-LC TROJAN!
RUNLOAD	X	l0ad.exe	Adware related downloader, detected as TrojanDropper.Win32.PurityScan.g
RUNLOUD	X	loud.exe	Adware related downloader, detected as TrojanDropper.Win32.PurityScan.g
Runner	X	lsass.exe /i (Original trojan file name)	Added by the Troj/Drowsy-B TROJAN! Note: This is not the legitimate Windows Process lsass.exe. (Which is found in the System32 folder.) This worm/trojan file of the same name is found in the Windows or Winnt folder.
RunOnce	U	RUNONCE.EXE	Part of MS Data Access Components - only required if you use these
RunProg	X	Server.exe	Added by the OPTIX.04.A VIRUS!
RunProg	X	wini.exe	Added by the OPTIX.04.D VIRUS!
runreper	X	viewer.exe	Added by the W32.REPER.A WORM!
runs	X	run.exe	Added by the W32/Rbot-BWF WORM!
RunServices	X	runsvc32.exe	Added by the AGOBOT.QJ WORM!
runSubvalues	X	[path to file]	Added by the TROJ/DLOADER-QY TROJAN!
RunSysd32	U	RunSysd32.exe	DesktopShield2000 by St�phane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
Runtt1	X	Internet.exe	Added by the Troj/Lineage-Q Trojan!
Runtt1	X	Internat.exe	Added by the Troj/Lineage-R Trojan!
RunWin	X	[path to file]	Added by the TROJ/BANKER-ES TROJAN!
runwin32	X	runwin32.exe	Troj/ESearch-A trojan
RUNWIN32	X	runwin32.exe	Added by the Troj/VB-AET TROJAN! Note: This trojan file is found in the Windows (95/98/ME/XP) or WINNT (NT/2000) folder.
RunWindowsUpdate	X	uptodate.exe	BrowserAid/BrowserPal foistware
Run[0]	X	syscnfg.exe	Added as the result of an unidentified VIRUS!. "syscnfg.exe" is found in the C:\windows\fonts (or C:\winnt\fonts) directory where no *.exe files should reside
Run_cd	X	Run_cd.exe	Added by the GHOST.23 VIRUS!
Rupsw32	U	Rupsw32.exe	MegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems.
RUSBHOLoader	?	rundll32.exe RUSBHOLoader.dll, AutoRegister	??
RVC6Player	X	tskdbg.exe	Added by the TROJ/ZAPCHAS-M TROJAN!
rvde	X	N/A	Related to li-speed****
RVP	X	bpc.exe	BroadcastPC adware
RxMon	N	rxmon9x.exe	Dell Resolution Assistant
r_server	Y	r_server.exe	Radmin - remote admistrator server
r_server	X	service.exe	Added by the TROJ/MULTIDR-CP TROJAN!
S0undMan	X	svch0st.exe	Added by a variant of the LOVGATE WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
S24EvMon	?	S24EvMon.exe	Event Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required?
S3 Internal Chip	X	s3serv.exe	Added by the W32/AGOBOT-DD WORM!
S3apphk	N	S3apphk.exe	A tool installed alongside the drivers for your S3 video output device. It is not necessary but should be allowed to run unless it is causing problems.
S3Hotkey	?	s3hotkey.exe	S3 Video driver related. What does it do and is it required?
S3Mon	?	S3Mon.exe	S3DuoVue multi-monitor taskbar helper by S3 Graphics. What does it do and is it required?
S3TRAY	N	S3Tray.exe	S3 display configuration taskbar utility for S3 chipset based graphics cards. Can be run from Start-> Settings -> Control Panel -> Display
s3tray2	?	s3tray2.exe	Same as the s3tray entry in this table?
S3TRAYHP	?	S3trayhp.exe	S3 Video driver related. What does it do and is it required?
S4F	U	S4F.exe	S4F internet filtering software
s4helper	X	s4helper.exe	Searchcentrix hijacker
SA	?	Sa3.exe	Logitech QuickCam driver. Is it required?
SA Service	?	SAservice.exe	Associated with Cyber Trio and Warner troubleshooting software fromG-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. What function does this perform and is it required?
Sa3dsrv	N	Sa3dsrv.exe	3D sound extension for Windows
saap	X	saap.exe	180Solutions/N-Case adware variant
Sabreserver	N	SABSERV.EXE	Airline reservation software from Sabre. Available via Start -> Programs
sac	X	sac.exe	180Solutions/N-Case adware variant
SACC	X	sacc.exe	SurfAccuracy adware
SAClient	N	RegCon.exe	AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you\'re immediately notified by e-mail, pager, or text messaging
Safe	X	SafeWin.exe	Added by a PWSteal.Focosenha trojan infection.
Safe	X	(Path to trojan exe)	Added by the Troj/Banker-DT TROJAN!
SafeGuard Popup Blocker Updater	X	regsvr32 [path] sfgupd.dll	SafeguardProtect/Veevo
SafeGuard Popup Blocker Updater (required)	X	regsvr32 [path] sfg***.dll ( = ramdom char/digit)	SafeGuardProtect/Veevo
SafeGuard Popup Updater (required)	X	regsvr32 [path] PDF***.dll ( = random char/digit)	SafeguardProtect/Veevo hijacker
SafeHouseSystemTray	U	SDWTRAY.EXE	SafeHouse "Personal Privacy" system tray icon - PP protects and hides your private and personal photos, videos, files and folders by making them "invisible" and encrypted.
SafeInstall.exe	N	SAFEIN~1.EXE	Monitors a download and ensures an newer version of a file isn't replaced by an older one
SafeOFF	N	SafeOff.exe	Provides protection that if user accidentally presses the power switch a dialog will pop up for confirmation
SafeSearch	X	safesearch.exe	AutoSearch parasite variant
SafeSurfingUpdate	X	SSUpdate.exe	DyFuCa/MoneyTree parasite variant
Safeworld	U	Freedom.exe	SafeWorld Internet Security
Sagate Security Firewall	X	sagate.exe	Added by the W32.GAOBOT.BOW WORM!
SAgent2ExePath	N	SAgent2.exe	Seiko Epson printer status agent. Disable if printer is not used often
SAGENTSERVICE	U	Sagent.exe -start	Added by TinySpyAgent **Note this application must be manually installed.
sagnt	X	sagnt.exe	Adware web downloader
SAHagent	X	Sahagent.exe	ShopAtHomeSelect adware
SAHBundle	X	bundle.exe	ShopAtHomeSelect adware
SAHBundle	X	shop1003.exe	ShopAtHomeSelect adware
saie	X	saie.exe	180Solutions/N-Case adware variant
SAIMON	U	SaiMon.exe	Saitek joystick driver
sain	X	sain.exe	180Solutions/N-Case adware variant
sais	X	sais.exe	180Solutions/N-Case adware variant
SaiSmart	?	SaiSmart.exe	"Smart Button Special Sauce" - included with the latest software for Saitek game controllers. Related to the "S", "Shift" or "Smart" button. What does it do and is it required?
SaitekAutoConfigure	U	saicnfig.exe	Configuration for Saitek game controllers
Sakemsneql	X	simenu.exe	Added by the SDBOT.BTO WORM!
salm	X	salm.exe	180Solutions/N-Case adware variant
Sam-sung	X	Sam-sung.exe	Added by a variant of the W32/SDBOT WORM!
SAMcal	U	SAMcal.exe	SamCal - calendar/reminder program
Sametime Connect	U	Connect.exe	IBM Lotus Instant Messaging and Conferencing software
Samsong	X	Samsong.exe	Added by the SDBOT.BNE WORM!
Samsung	X	Samsungs.exe	Added by an IRC_TROJAN variant!
SandIcon	N	SandIcon.exe	SanDisk ImageMate CompactFlash card reader SDDR-31 (USB). Very little use except to place the Sandisk icon beside its drive designation in Windows Explorer. The reader itself will work fine without it. The simplest thing is to just unplug the reader when you're not using it. It may slow the startup by a few nanoseconds, but once the software sees there's no reader, you get back the resources
sapp	X	sapp.exe	180Solutions/N-Case adware variant
saSyncMgr	X	rundll32.exe sasync.dll, SyncWait	Browser hijacker - redirecting to Searchant.com
SATARaid	U	SATARaid.exe	RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives
satmat	X	satmat.exe	Transponder parasite updater/installer
sau	X	sau.exe	180Solutions/180Search adware
SAUpdate	U	SAUpdate.exe	Big Brother from Quest Software. System and network monitor
SAutoLaunchExe	U	SAutoLaunchExe.exe	Sharp Zaurus PDA related, needed to synchronize information with a Desktop or Notebook.
SAVAgent	Y	SAVAgent.exe	Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly, e.g. automatically updating PCs used by dial-in home or out-of-office users
Save	X	Save.exe	SaveNow adware
SaveDate	X	SaveStartDate.Exe	Unidentified adware
Savenow	X	SaveNow.exe	SaveNow adware
Savenow	X	savenow.exe	SaveNow adware
SAW	X	saw.exe	SmartAdware adware
Say The Time 5.0	U	SAYTIME.EXE	This program has audio cues for the system clock in male and female voices, customizes the appearance of the system clock, and can synchronize it to a time server regularly
SB	U	sb.exe	Acer Soft Button on Acer Tablet PCs
SB Audigy 2 Startup Menu	N	/l:eng	Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
SB Watchdog	X	SBWatchdog.exe	Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank. See here for more information
SBAutoUpdate	U	sbautoupdate.exe	SpywareBlaster auto-updater
SBC Self Support Tool	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The SBC Self Support Tool is required to run with the Help and Support program. If you uncheck SBC and and then run Help and Support it will add another SBC entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
SBC Yahoo! Connection Manager	N	ConnectionManager.exe	The cmanager.exe process is used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection.
SBDrvDet	U	SBDrv.exe	Detects the "Easy Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one
sbdrvdet	N	sbdrvdet.exe	Checks to see if Creative sound card driver should be updated
SBHC	X	sbhc.exe	SuperBar parasite - uninstall available here
SBMPOP	X	SBMPop.exe	SearchByMedia adware
SBMX	N	sbmx.exe	SoundMAX MPU401 MIDI device emulator for x86 VM DOS games/apps (for Win9x only)
sbss Launcher	X	sbss.exe	SideBySide adware
SbUsb AudCtrl	U	RunDll32 sbusbdll.dll,RCMonitor	Control for Soundblaster MP3 external (USB) sound card
sc	N	scrubxp.exe	ScrubXP - utility that deletes safe to remove files, cookies, browsing history, etc
sc	U	sc.exe	Watchdog 2.0 Software - monitoring program
sc	U	run.exe	All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file.
sc23exec	?	sc23exec.exe	Possibly related to a digital camera
SC3300CC	Y	SC3300CC.exe	SiPix digital camera Twain device driver
scain	X	s030109.Stub.exe	Adware downloader/installer, Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!
ScamDisk	X	SVOHOST.exe	Added by the LEWOR.D WORM!
scan	X	mscman.exe	Spyware/malware, included into the latest version of Grokster, among others. According to research by SpyBot's PMK, "able to trick ZoneAlarm, auto-clicking it to allow passing through the firewall!"
Scan Detector	?	Pmxdetect.exe	Associated with PrimaScan scanners. Is it required?
Scan Register	X	ssms.exe	Added by the W32/RBOT-AT WORM!
Scan Wizard	?	button.exe	Associated with ScanWizard as supplied with Microtek scanners - see also Scanner Detector or SDetect. What does it do and is it required?
ScanDisc	X	satan.exe	Added by the GregStar backdoor TROJAN!
ScanDisk	X	ScanDisk.exe	Added by the GANDA.A VIRUS! Note - this is not the valid "ScanDisk" Win9x/Me standard disk error checker
scands32.exe	X	scands32.exe	Added by a variant of the Adclicker TROJAN!
ScanFile	?	??	??
ScanInicio	?	Inicio.exe	Part of Panda Anti-Virus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti-virus is fully operational. It only adds a fraction of a second to start-up time and is worth leaving active
Scanner Detector	N	SDetect.exe	ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
ScanPanel	?	ScnPanel.exe	Trust Easy_Webscan scanner related - what does it do and is it required?
Scanreg	X	(filename)	Added by the QQPASS.E VIRUS!
ScanRegistry	X	nsrvnt.exe	Added by the NERTE VIRUS!. Not to be confused with the real ScanRegistry below - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe
ScanRegistry	X	scanregv.exe	Added by the MASTERLOCK VIRUS!. Not to be confused with the real ScanRegistry below - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe
ScanRegistry	Y	Scanregw.exe	Scans the Windows 98 and Millennium system Registry and makes back-ups at start-up. This is vital should the registry become corrupt. The "Scanregw.exe" executable is located in %windir% (the Windows directory - typically C:\Windows)
ScanRegistry	X	Scanregw.exe	Added by the W32.STATOR WORM! Not to be confused with the legitimate ScanRegistry entry - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%\System (where %windir% is the Windows directory - C:\Windows or C:\Winnt). Runs from the registry RunServices key as opposed to the Run key
ScanRegistry	X	Scanregw.exe	Added by the GWGHOST VIRUS!. Not to be confused with the real ScanRegistry above - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%\System (where %windir% is the Windows directory - C:\Windows or C:\Winnt)
ScanSpyware v *	X	Scanner.exe	"Spyware remover" (where * = the version number) of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites
scApp	X	scApp.exe	Added by the W32/Stando-E WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SCardSvr	N	scardsvr.exe	Related to SmartCard readers and sometimes uses lots of system resources
SCardSvr	X	SCardSvr32.Exe	Added by the MOFEI.B VIRUS!
scheck	X	scheck**.exe	Added by the KETCH VIRUS! where ** represents a number
scheck45	X	scheck45.exe	Related to unknown Malware - hidden installer associated with it
ScheduIe	X	nrchk.exe	Premium rate adult content dialer
Scheduled Maintenance	N	Scheduled_Maintenance.exe	Scheduler for Iolo System Mechanic tweaking utility. It can cleans your registry and deletes temporary files at defined intervals. Available via Start -> Programs
Scheduler	X	svcrhost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Scheduler	X	outIook.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Scheduler	X	expIorer.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Scheduler	X	svcshost.exe	Added by the WIN32.TACTSLAY.A TROJAN!
Scheduler	X	winagent.exe	Added by the WIN32.TACTSLAY.B TROJAN!
Scheduler	X	MSMSGS.EXE	Added by the TROJ/HOSTBANK-A TROJAN! - NOTE: this particular msmsgs.exe file is located in the Windows\System32\Config or Winnt\System32\Config folder, and should not be mistaken for the MSN Messenger file of the same name!
Scheduler	U	Scheduler daemon.exe	Tenebril GhostSurf or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or one-time only cleanings.
Scheduler Service	X	wsass.exe	Added by the WIN32.LIOTEN.KX WORM!
SchedulerMgr	X	navchk.exe	Premium rate adult material dialer
Scheduling Agent	X	Scheduler.exe	Added by the SUBWOOFER VIRUS! Note - this is not the real MS Scheduling agent as the executable is incorrect
SchedulingAgant	X	MMTASK.EXE	Added by the YAB.A VIRUS! Not the valid MusicMatch Jukebox which has the same filename
SchedulingAgent	U	mstask.exe	Windows Task Scheduler, displayed as a box with a stopwatch in the System Tray - required if you have regularly scheduled tasks like defragmenting, ScanDisk, weekly virus scans and so on.
SchedulingAgent	U	mstinit.exe	MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Schmaili	U	Schmaili.exe	Schmaili - insert animated smilies into your e-mail
Schoolpop0	U	Schoolpop0.exe	Schoolpop Shopping Buddy
schost	X	(Path to trojan)	Added by the Backdoor.Tjserv.D TROJAN!
SCHWIZEX	Y	SCHWIZEX.EXE	Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
ScManager	X	scman.exe	Added by the W32/FORBOT-CW WORM!
scopedll	X	scopedll.exe	Added by a CRYPTER.C trojan variant infection
Scotia OnLine Recovery or Scotia OnLine Secur	N	etdirrcv.exe	Scotia OnLine Security Software provided by Entrust for Scotiabank. Provides trusted secure access to Scotia OnLine Secure Web sites. . represents the version number. Now obsolete after Scotiabank modernised their login process
Scr	X	scr.scr	Added by the OPASERV.T VIRUS!
ScrapPad	N	Scrappad.exe	ScrapPad allows you to quickly and easily record notes, thoughts, messages, and just about anything you want. Use it like you use scrap paper
scrbmk	X	(Pathname of the Trojan executable)	Added by the Troj/Dloader-VP TROJAN!
Screen Calendar	U	scrcal.exe	Screen_Calendar allows you to create custom desktop wallpapers with built in active calendar and scheduler.
Screen Guard	U	launch.exe	Part of Access Denied security and privacy software
Screen Guard Message Scan	U	sgms.exe	Part of Access Denied security and privacy software
Screen Saver	X	scrnsaver.scr	Added by the W32/Rbot-AGP WORM!
Screen Saver Control	N	FSScrCtl.exe	Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon
ScreenPrint32	N	ScreenPrint32.exe	ScreenPrint32 screen capture software - can be launched manually.
screxe	?	scruser2k.exe	??
script	?	script.bat	Maybe associated with DOS on a Win9x machine
ScriptBlocking	Y	SBServ.exe	Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information
ScriptSentry	Y	Scriptsentry.exe	Script Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly
Scroll-In-Mouse V2.0	U	SCROLL.EXE	Toolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special features
scrsvc	X	scrsvc.exe	Hijacker, a CoolWebSearch parasite variant - also detected as the Troj/Agent-DS Trojan!
ScrSvr	X	ScrSvr.exe	Added by the OPASOFT.A VIRUS!
ScrSvr	X	ScrSvr.exe	Added by the OPASERV VIRUS!
ScrSvrOld	X	(worm filename)	Added by the OPASERV VIRUS!
Scsi	Y	Scsi.exe	SCSI Miniport driver
scvhost	X	svzhost.exe	Added by a variant of the W32.SPYBOT WORM!
scvhost	X	scvhost.exe	Hijacker, redirecting to bestsearch.cc - recognized by Kaspersky antivirus as Trojan.Win32.StartPage.rw
scvhost	U	scvhost.exe	Wiretap is a spyware program that monitors and records keystrokes, programs executed, Web sites visited, and Instant Messenger conversations. If you didn't install this yourself, remove it.
scvhost loader	X	ixplore.exe	Added by the SDBOT-CY TROJAN!
scvhost.exe	X	scvhost.exe	Added by a Troj/Lohav-N trojan infection
scvhost.exe	X	scvhost.exe	Added by the W32/AGOBOT-RA WORM!
sd32info	X	sd32info.exe	Added by a CRYPTER.A trojan infection
SDaemon	U	sdaemon.exe	PC Security from Tropical Software. 'PC Security� 5.1 is the ultimate in computer security, offering multiple locking systems for the Windows environment and internet. Lock files, monitor programs' activities, even detect intruders! PC Security offers flexible and complete password protection, "Drag and Drop" support, plus many other handy features'
SDAutoLiveupdate	X	LiveUpdateSD.exe	Max Secure Spyware Detector, bogus "Spyware remover" - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"
SDAv	X	csnss.exe	Added by the W32.Serflog.C WORM!
SDAv	X	svhost.exe	Added by the W32.Serflog.C WORM!
sdchosts32	X	vbdd.exe	Added by the WIN32.RANKY.AG backdoor TROJAN!
SDetect	N	SDetect.exe	ScanSuite Scanner Detector - part of ScanWizard, supplied with Microtek scanners. Waits until you press the "GO" button and seems to serve no other purpose. Automatically installed without prompting. Not required if you can start your scanning application before pressing the "GO" button
sdfsdfsdf	X	sp2update.exe	W32.SpyBot worm variant
SDIN Adapter	X	sdin.exe	Added by a W32/Forbot-AP worm infection
SDJobCheck	?	triggusr.exe	Part of CA_Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required in startup?
SDK Codre Function22	X	sdkimddprovment2.exe	Added by the W32/SDBOT-YJ WORM!
SDK Core Component	X	SDKC0RE.exe	Added by the W32/SDBOT-WC WORM!
SDK Core Component	X	sdkcore.exe	Added by the W32/SDBOT-WC WORM!
SDK Core Function	X	sdkimprovment.exe	Added by the RBOT.BHL WORM!
SDK Core Function2	X	sdkimprovment2.exe	Added by the W32.SPYBOT.OGX WORM!
Sdk*.exe ( = random char)	X	Sdk*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Sdk*32.exe ( = random char)	X	Sdk*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
SDKcore Update Components2	X	SDKC0R3.exe	Added by the W32/RBOT-ABA WORM!
sdkupdate22	X	SDK0mCORE.exe	Added by the W32/FORBOT-DT WORM!
SDPhotoBar.exe	N	SDPhotoBar.exe	SmartDraw_Photo . Organize, enhance, print, and share your photos. It's also a powerful graphic editor for creating images and web graphics.
sdrss	X	sdrss.exe	Added by the W32/SDBOT-SQ WORM!
sds20	U	svchost.exe	InlookExpress logs keystrokes and captures screenshots. If you didn't install this yourself remove it.
SDTray	U	sdtray.exe	RSA Keon Web_PassPort - software that allows organizations to use digital certificates in a Web-based environment to help ensure that their transactions are authentic, confidential and digitally signed.
sdxsys32	X	sdxsys32.exe	Added by the Troj/Brogger-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
sealmon	U	sealmon.exe	SealedMedia enables you to combine document protection and control with your existing applications, such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint and Email.
Search Bar	X	taskbar.exe	Added by the W32/OPANKI-F WORM!
Search Hook	?	srchhook.exe	??
Search Page	X	http://find.naupoint.com	Naupoint browser hijacker
Search-Exe	X	SE.exe	Hijacker - redirecting to Search-exe.com
Search-Exe	X	se.exe	Search-Exe hijacker
Search.vbs	X		Hijacker
searchbar	X	vnmispoisn_downloader.exe	SearchBarCash adware variant
SearchEnhancement	X	scbar.exe	IE search hijacker
searchnav	X	searchnav.exe	SearchNav adware - IEFeatures/Popnav variant
SearchNavVersion	X	searchnavversion.exe	SearchNav adware - IEFeatures/Popnav variant
SearchSetter	X	searchsetter[1].exe	browser hijacker, redirecting to FindWhateverNow.com
SearchSquire33	X	SearchUpdate33.exe	SearchSquire parasite
SearchUpgrader	X	SearchUpgrader.exe	eUniverse/KeenValue adware related hijacker
Secboot	X	w32tm.exe	Added by the HAXDOOR.D TROJAN!
secboot	X	mszx23.exe	Added by a variant of the HAXDOOR.D TROJAN!
secboot	X	vtd_16.exe	Added by the TROJ/HAXDOOR-AE TROJAN!
SecondChance	U	sctray.exe	Power Quest Second Chance. Sets checkpoints for saving a backup copy of the registry to a disk so you can restore it if you have a crash
Secret	X	Secret.exe	Added by the Troj/Delf-LW TROJAN!
Secret-Crush	X	start.exe	Hijacker that may reset your browser's home page and/or search settings to point to undesired sites
SECRETMAKER	U	secretmaker.exe	SECRETMAKER is a combonation of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter, Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History Cleaner, and Garbage Cleaner.
SecretSmileys	U	ss.exe	Secret_Smileys is an add-on for AIM� that provides users access to 1000's of new Smileys that can be viewed by anyone using a current version of AIM. Secret Smileys also adds other features such as logging of IM conversations, and it gets rid of that annoying advertisement on your buddy list window.
secserv.exe	X	secserv.exe	Reported by Panda as an EasySearch Adware variant. Note: EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer.
secsvc32	X	secsvcnt.exe	Added by the Global_Patrol TROJAN!
Secsys	U	Secsys.exe	Key Interceptor - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
secure	X	secure.exe	DealHelper adware
secure	X	[random filename]	DealHelper adware
secure	X	svshost.exe	Added by the W32/Rbot-AFO Worm!
SecureClean4RegManager	N	scregmanager4.exe	WhiteCanyon SecureClean_4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
SecureClean4Tray	N	sctray4.exe	WhiteCanyon SecureClean_4 disk cleaner - clean hard drive data, MRUs, temp files and more. Can be started manually
SecureCleanIEClean	N	SCIEClean.exe	SecureClean - scans your system for hidden temporary files, deleted email messages, Internet histories and caches
SecureItPro	U	Secureitpro470p.exe	SecureIt Pro - lock your computer when you're not there, to stop malicious users from accessing your desktop
SecureLogin	X	Mslg32.exe	Added by the REDZED VIRUS!
Security Accounts Manager SM	X	samsm.exe	Added by the SPYBOT.JE WORM!
Security Agent	X	securag.exe	Added by the Troj/Bancban-F TROJAN!
Security Agent Manager	X	mssams.exe	Added by the W32/RBOT-SV WORM!
Security iGuard	N	Security iGuard.exe	"Spyware remover" of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites
Security Manager	U	SecurityManager.exe	A ComCast Internet software suite that provides a variety of features (firewall, popup blocker, parental controls etcetera) to help ensure your computer is secure, and your information is kept private.
Security Patch	X	scmss.exe	Added by the W32/RBOT-ZW WORM!
Security Patch	X	WinUpdate32.exe	Added by the W32/SDBOT-BM WORM!
Security Patches	X	msnkn.exe	Added by the RBOT.WW WORM!
Security Patches	X	WinLab32.exe	Added by the W32/SDBOT-KB WORM!
security service	X	syss.exe	Added by an unidentified WORM or TROJAN!
securw	X	Nctrup.exe	Added by the W32.NOPIR.A WORM!
SECWIZ98	Y	SECWIZ98.EXE	Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available here
seeve	X	seeve.exe	MediaMotor/Popuppers adware variant
Select server	X	slcsvr.exe	Added by the TROJ/DLOADER-WD TROJAN!
SelfHostUtil	?	slefhost.exe	??
seli	X	[path to executable]	Added to Troj/LowZone-AS TROJAN!
SeMS	U	SeMS.exe	PCsms - tool that enables you to send sms text messages from your PC to any UK mobile phone
Sen	X	tlii.exe	Reported by Kaspersky Anti-Virus as Win32.PurityScan.ah This Malware file is usually found in the Program Files\bama folder.
Sensiva	U	Sensiva.exe	Symbol_Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much easier and much faster. It recognizes your handwriting with unparalled performance and executes commands in a snap. Just by using your mouse, pen, or touchpad, simply draw symbols to execute actions instantly.
SENTRY	X	SENTRY.exe	From IP Insight. Allows website owners "to instantly determine the precise geographic location, connection speed and detailed demographics of every visitor to your website". Will be detected by most firewalls and the majority of home users should disable it
Sepate Security Firewall	X	sepate.exe	Added by a variant of the WIN32.RBOT WORM!
Serials	X	serials.exe	Any one of a variety of worms and trojans
serpe	X	formatsys.exe	Added by the W32.Serflog.A WORM!
serpe	X	serbw.exe	Added by the W32.Serflog.A WORM!
serpe	X	msmbw.exe	Added by the W32.Serflog.A WORM!
serrdctl.exe	Y	serrdctl.exe	"Shared Modem Service Client Event Viewer" - used when a number of PCs have access to a number of modems. Required to be running on each PC for access to the modems
SERV PacK2	X	nerx.exe	Added by the W32/SDBOT-ACP WORM!
Serv-U	N	serv-u32.exe	FTP server
Serv-U	X	wssdsu.exe	Added by the MANIFEST VIRUS!
server	X	server.exe	Added by the Troj/Singu-Q TROJAN!
server	X	system.exe	Added by the Troj/Meths-A TROJAN!
Server Backbone	X	server05.exe	Added by the W32/RBOT-ZM WORM!
SERVER.EXE	X	SERVER.EXE	Added by the BUSHTRO122 or SMOKODOOR VIRUSES!
serverex	X	Server.txt.vbs	Added by the DELTAD.A VIRUS!
Service	X	service.exe	Added by the ALADINZ.H VIRUS!
Service	X	services.exe	Added by the W32.NETSKY or W32.NETSKY.B WORM! **Note - not to be confused with the valid Windows "services.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt
Service	X	(trojan filename)	Added by the KAITEX.E VIRUS!
Service	X	SYSNT.exe	Added by the BACKDOOR-CHA TROJAN!
service	X	services.exe	Added by the W32.NETSKY.AI WORM! - Note - this is NOT the legitimate Windows services.exe process, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
Service	X	Service.pif	Added by the W32/ASSIRAL-C WORM!
service	X	wN2S.exe	Added by a variant of the WIN32.RBOT WORM!
Service Cleaner	X	filen.exe	Added by the RBOT.BRH WORM!
Service Connection	N	sccenter.exe, bwtray.exe	For Compaq PC's. Part of Backweb
Service Controller	X	Csrrs.exe	Added by the GAOBOT.AO WORM!
Service Controller	X	service.exe	Added by the PREVERT TROJAN!
Service Drivers	X	Compt.exe	Added by the W32/RBOT-ZJ WORM!
Service Drivers	X	msnpg.exe	Added by the RBOT.BMD WORM!
Service Drivers	X	PC.EXE	Added by the W32/SDBOT-WK WORM!
Service Drivers	X	abl.exe	Added by the W32/Sdbot-YX Worm!
Service Host	X	(filename).exe	Added by the TORVEL.B VIRUS!
Service Host	X	spoolos.exe	Added by the TORVEL VIRUS!
Service Host	X	SVCHOST.EXE	Added by the DAOSER-A TROJAN! - NOTE - this file is placed in a subfolder of WINDOWS\System32\Services, and is not to be confused with the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
Service Host Driver	X	svchost.exe	Added by the HITON VIRUS! This is not the valid svchost.exe as described here. Located in a Windows directory, and not in Windows\System32
Service Manager	X	DXSOUND.EXE	Added by the Proxy-Gric TROJAN!
Service Manager	N	sqlmangr.exe	SQL Server Service Manager - provides tray access to SQL server, the server agent and MSDTC. Available via Start -> Programs
Service Manager	X	SERVICEMGR.EXE	Added by the W32/PASSMAIL-D VIRUS!
service manager	X	service.exe	Added by the DONBOMB.A TROJAN!
Service Manager	X	serv3manager.exe	Added by the W32/Sdbot-AGO WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Service Monitor	X	filen.exe	Added by a variant of the WIN32.RBOT WORM!
Service Monitor	X	msnfilen.exe	Added by W32/Rbot-ALE or W32/Rbot-AUY WORM!
Service Monitor	X	WinOcx.exe	Added by the W32/Rbot-AQJ WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Service Monitor	X	javams32.exe	Added by the Troj/Delf-NK TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Service Monitor	X	msnserve.exe	Added by the W32.SPYBOT.YQW WORM!
Service Pack	X	(See description box.)	Added by the W32/Lerpa-A WORM! Note: The file name will be one of the following common.exe or common.pif or common.scr or Sexo.exe or Sexo.jpg.pif or ini_file__.pif or load_me__.tmp or msfile.pif or system_load_.pif or zipped.rar.pif
Service Pack DLL Runtime	X	spdll32.exe	Added by a variant of the WIN32.RBOT WORM!
Service Process	X	SVCHOST.EXE	Added by the DARKER VIRUS! Note - not the valid svchost.exe as described here. Located in %Windir% not %Sysdir%
Service Process	X	winset.exe	Added by a variant of the W32.SPYBOT WORM!
Service Process	X	service.exe	Added by the Troj/Dcmbot-C TROJAN!
Service Registry NT Save	X	jdbgmgrnt.exe	Added by the Troj/Bancos-EU TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Service Registry NT Save	X	taskmgrnt.exe	Added by the TROJ/BANCOS-BY TROJAN!
Service Registry NT Save	X	regeditnt.exe	Added by the TROJ/BANCOS-BM TROJAN!
Service Scheduler	X	scheduler.exe	Added by the W32/AGOBOT-PH WORM!
Service System	X	kernels32.exe	Added by the TROJ/BANCOS-DA TROJAN!
Service System	X	windowsXP.exe	Added by the Troj/Bancos-EL TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Service System	X	wernell87.exe	Added by the Troj/Bancos-FJ TROJAN! Note: This trojan file is found in the Windows (95/98/ME/XP) or WINNT (NT/2000) folder.
Service System	X	kgbfsm344.exe	Added by the Troj/Bancos-FS TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
service updaer	X	qualityz.exe	Unidentified worm, probably a W32.SpyBot variant
Service.exe	X	Service.exe	"servedby.advertising" popup generator
service32	X	service32.exe	Added by the W32/AGOBOT-ST WORM!
ServiceConfig	U	ispbeg.exe	Comcast Transition Wizard. On June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband Internet to Comcast High-Speed Internet. Until then it will run at startup and then terminate - hence the U recommendation
serviceconnect	X	serviceconnect.exe	Added by the AGOBOT.AIR WORM!
ServiceLayer	Y	ServiceLayer.exe	Nokia Connectivity Library support task that is needed by NCLTRAY and by the Nokia Connection Manager for either to work properly.
servicemng	X	service.exe	Added by the W32/Tame-C WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
services	X	Svchosts.exe	Added by the SDBOT.N WORM!
services	X	start.bat	Added by the ZCREW VIRUS!
Services	X		Added by the RANCK or RANCK.B or METEORSHELL VIRUSES!
Services	X	back32.exe ...service.exe	Added by an unidentified VIRUS! Back32.exe is the baddie whose purpose is to HIDE the MIRC32 server in service.exe
Services	X	winread.exe	Unidentified trojan
Services	X	kirby.exe	Proxy-Agent trojan variant
Services	X	services.exe	Added by the Backdoor.Zincite.A TROJAN! NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Services	X	windns.exe	Added by a variant of the WIN32.RBOT WORM!
Services	X	mshost.exe	Added by the TROJ/LANFILT-J TROJAN!
Services	X	sockys32.exe	Added by the WIN32.RANKY.L Proxy_Trojan
Services	X	scks32.exe	Added by a Proxy_Trojan variant
Services	X	sys.exe	Added by a Proxy_Trojan variant
services	X	(Pathname of the Trojan executable)	Added by the Troj/Gpcode-B TROJAN!
Services	X	csrss.exe	Added by a variant of the BACKDOOR.RANKY.U TROJAN!
services	X	windows32.exe	Added by the W32/FlyVB-C WORM!
services	X	socks.exe	Added by the WIN32.SMALL.N Proxy TROJAN! - A PT is a backdoor trojan which allows a remote hacker to connect to other systems via the compromised system.
Services	X	services.exe	Added by the W32/Antiman-E WORM!
Services	X	[pathname of Trojan Executable]	Added by Troj/Ranck-DB TROJAN!
services	X	services.exe	Added by the Troj/QQRob-S TROJAN! Note: This is NOT the legitimate services.exe process, which should NOT figure in Msconfig/Startup!
Services	X	iexplore.exe	Added by the W32.Mogi WORM! Note: This is not the legitimate Windows process iexplore.exe (Which is normally found in the Program Files\Internert Explorer folder) This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Read the link, rootkit type stealth involved.
Services Administrator	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Services Administrator	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Services Administrator	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Services Administrator	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Services Administrator	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Services Administrator	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Services Administrator	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Services Administrator	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
Services Controller	X	lsassa.exe	Added by the CIADOOR.122 VIRUS!
Services Controller	X	services.exe	Added by the TROJ/CIADOOR-F TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows services.exe process, located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Services Host	X	Scchost.exe	Added by the DONK VIRUS! Note - this is not the valid svchost.exe as described here
Services Host	X	svchost32.exe	Added by the W32/Agobot-TG WORM! Note: (svchost32.exe) is not the legitimate Windows Process. (Notice the 32 that's been added.) The legitimate Windows Process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Services Logon	X	services.exe	Added by the W32.CROWT.A WORM! - Note - this is NOT the legitimate Windows services.exe process, which should NOT figure in Msconfig/Startup!
Services Process	X	services.exe	Added by unidentified spyware - recognized by Kaspersky antivirus as TrojanSpy.Win32.Small.x
Services Process	X	smss.exe	Added by the Troj/Small-EK Trojan!
Services Startup	X	svhost33.exe	Added by a variant of the WIN32.RBOT WORM!
Services Startup	X	services.exe	Added by the W32.CROWT.A WORM! - Note - this is NOT the legitimate Windows services.exe process, which should NOT figure in Msconfig/Startup!
Services.dll	X	smss.exe	Added by the W32/SOBER-L WORM! - NOTE - this file is placed in a %WinDir%\msagent\system folder, and should NOT be confused with the legitimate Windows smss.exe process, located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Services.EXE	X	services.exe	Added by the KAZPING VIRUS! Note - this is not the valid Windows Service Controller (services.exe) process
services.exe	X	Services.exe	Added by the CIADOOR-F TROJAN! - Note - this is NOT the legitimate Windows services.exe process, which should NOT figure in Msconfig/Startup!
Services004	X	(worm filename)	Added by the BUGBROS VIRUS!
services32	X	mc-110-12-0000079.exe	Added by the TrojanDownloader.Agent.rv TROJAN!
services32	X	mc-58-12-0000120.exe	"Shorty" adware component, also detected as the AGENT.FD TROJAN!
services32	X	mc-58-12-0000140.exe	"Shorty" adware component, also detected as the AGENT.FD TROJAN!
Services32 Startup	X	win32dll.exe	Added by the W32/SDBOT-XO WORM!
ServicesLog	X	ccapp32.exe	Added by the W32/Rbot-AMX WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Servicing	X	hostd.exe	Added by the SDBOT.BUI WORM!
Servicio Local	X	svhost.exe	Added by a variant of the WIN32.RBOT WORM!
servics	X	servics.exe	Added by the Troj/Singu-J Trojan!
SERVlCE	X	SERVlCE.EXE	Added by the W32/Agobot-UB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ServUTrayIcon	?	ServUTray.exe	System Tray icon for Serv-U FTP server.Is it required?
Session Client	U	sescli.exe	SurfSpy keystroke logger/monitoring program - remove unless you installed it yourself!
Session Manager Subsystem	X	smssa.exe	Added by the W32/Rbot-AGS WORM!
SESync	X	sed.exe	Downloadware/SED adware downloader
SetDefaultMIDI	?	MIDIDef.exe	Related to a Soundblaster Audigy soundcards. What does it do and is it required?
setdefprt	N	setdefprt.exe	Used to set a Brother MFC printer/copier/scanner as the default printer after installation
SetDefPrt	N	BrStDvPt.exe	Used to set a Brother MFC printer/copier/scanner as the default printer after installation
SetecCertUtil	U	Certutil.exe	Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV
setFTPBack	X	createsw.exe	Added by the FTP_BMAIL VIRUS!
SetHook	N	SetHook.exe	Fellowes Neato CD label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
seticlient or SETI@home	N	SETI@home.exe	SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data
SetIcon	N	SetIcon.exe	Installed by a 6-in-1 (4 Media Card slots, a floppy drive and a USB connection) device. Constantly updates the icons for the four Media Card slots that it has and is a resource hog
SetiQueue	N	Setiqu~1.exe	Provides work unit buffering for Seti@Home clients - see here for more details
SetiSpy	N	SetiSpy.exe	From the site - 'SETI Spy is a little program I wrote to "spy" on the progress and performance of the SETI@home client. I call it a "spy" because I tried to make it as unobtrusive as possible'
SetPoint	X	SetPoint.exe	Added by the W32/RBOT-BWI WORM!
SETPOINT Logitech Inc	X	KHALMNP.exe	Added by the W32/RBOT-AAX WORM!
SetRefresh	?	SetRefresh.exe	Found on a Compaq PC. Video refresh rate utility? Is it required?
Setting	X	sysweb.exe	Added by the SDBOT.GEN WORM!
setup	N	hphprld.exe ....setup.exe	HP DeskJet Setup - printers function normally without it
Setup experation	X	svchost.exe	Added by the TOFGER-AW TROJAN! - Note - this is NOT the legitimate Windows svchost.exe process, which is located in the System32 folder, and which moreover should NOT figure in Msconfig/Startup!
setupa	X	runt32.exe	Added by the TROJ/QQPASS-K TROJAN!
setupdata	X	rnll32.exe	Added by the Troj/QQPass-AG TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SetupICWDesktop	N	icwconn1.exe	Appears to be the "Internet Connection Wizard" from Internet Explorer being set-up as a desktop shortcut. Appears under the RunOnce registry key but is available under Start -> Programs -> Accessories -> Communication (or similar) anyway
setupuser	X	regedit.exe setupuser.log	CoolWebSearch parasite related.
setuzp	?	setuzp.exe	??
SetVrc	X	setvrc.exe	Added by the HUNTOCX VIRUS!
Sex Teris	X	st01b.exe	Added by the REPAD VIRUS!
Sexnow	X	Sexnow.exe	Added by the Dial/Senow-B premium rate porn dialer
Sexy_sg	X	Sexy_sg.exe	Premium rate adult content dialer
sf	X	sf.exe	SurfEnhance adware component
sfita	X	sfita.exe	Added by the Troj/Favadd-H TROJAN! also known as SurfEnhance adware component.
SFP	N	vzSFPWin.EXE	Verizon Online Support Center, promps for online updates
sfpc	U	sfpc.exe	Spy4PC is a spyware program that monitors user activity, logs keystrokes, and takes screenshots. If you didn't install this yourself remove it.
SFtrb Service	X	cftrb32.exe	Added by the SOBIG.D VIRUS!
SfWinStartInfo	U	sfWinStartupInfo.exe	SFIRM32 Online Banking software
Sgecrypt	U	Sgecrypt.exe	SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Sgeecview	U	Ecview.exe	SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
sginst	N	sginst.exe	eAcceleration Stop-Sign related; not recommended; see note
SGTBox	?	SGTBox.exe	Canon scanner driver. Is it required?
sgtray	U	sgtray.exe	StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
shambl3r	X	cnf.bat	Added by the REMABL VIRUS!
shambl3r*	X	shambl3r.exe	Added by the REMABL VIRUS! where * is 2 to 11
Shania	X	Shania.vbs	Added by the SHANIA VIRUS! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
Share-to-Web Namespace Daemon	N	hpgs2wnd.exe	"HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites." In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs
Shareaza	N	Shareaza.exe	Shareaza P2P client
Shareaza	U	bindata.exe	Shareaza P2P client related
sharedprem	X	sharedprem.exe	Added by the MAKECALL VIRUS!
Sharing and Mapping Software	Y	DShmap.exe	Intel AnyPoint internet sharing software
SharkEject	N	AEJCT32.exe	Allows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required
Shcenter	N	chcenter.exe	IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"
SheduIer	X	svchst.exe	Premium rate adult content dialer
SheduIer	X	shch.exe	Added by the TROJ/BDOOR-EB TROJAN!
SheduIer	X	svchst.exe	Added by the TROJ/BDOOR-EB TROJAN!
SheduIer	X	winagent.exe	Added by the TROJ/BDOOR-EB TROJAN!
Sheduler	X	nerocheck.exe	Added by the WIN32.TACTSLAY.B TROJAN!
Shell	X	Shell32.exe	Added by the BADSECTOR TROJAN!
Shell	X	ray.exeTray.exe	Homepage hijacker re-directing browsers to adult content websites
Shell	X	wmedia16.exe	Added by the GOLDUN TROJAN!
Shell	X	Open32.exe	Added by the Troj/Small-DL TROJAN!
Shell	X	Explorer.exe, msmsgs.exe	Added by the Zhopa TROJAN!
Shell	X	svchost.exe	Added by the Doyorg TROJAN!
Shell	X	Explorer.exe sound_drive16.exe	Added by the TROJ/BDOOR-GP TROJAN!
Shell	X	iexplore.exe	Added by the W32/Kipis-U WORM!
shell	X	explorer.exe	Added by the Trojan.Kakkeys Trojan!
Shell	X	ibm0000.exe ( = digit)	Added by the Troj/Torpig-C and Troj/Torpig-J TROJANS! - Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on.
Shell	X	taskmrg.exe	Added by the Troj/Bancban-FT TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Shell	X	ibm[RANDOM 5 DIGIT NUMBER].exe	Added by the Anserin TROJAN! Note: This trojan file is found in the Program Files\Common Files\Microsoft Shared\Web Folders folder.
Shell API32	X	svcnet.exe	Added by the WIN32.TIBICK.C WORM!
Shell Extension	X	spollsv.exe	Added by a variant of the LOVGATE WORM!
Shell Monitor	X	services32.exe	Added by a variant of the WIN32.RBOT WORM!
Shell Tray Window	X	ShellTraywnd.exe	Added by the TROJ/STULTDOR-A TROJAN!
shell update	X	shellexec.exe	Added by the W32/Agobot-TH WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Shell32	X	Shell32.vbs	Added by the VBS.Scafene WORM!
shell32	X	ntldrt.exe	Added by the W32/Jlok-A WORM!
ShellApi	X	SHELLMSN.EXE	Added by the NETDEV.B VIRUS!
Shellapi32	X	Shellapi32.exe	Added by the NETDEVIL (or NERTE) VIRUS!
Shellapi32	X	svcnet.exe	Added by the W32/TIBICK-C WORM!
Shellapi32	X	mcvsrte.exe	Added by an unidentified WORM! - Note, do do confuse with the McAfee SecurityCenter file of the same name described here
ShellCommand	X	(path to file)	Added by the Troj/Remcon-A TROJAN!
ShellEx	X	ShellEx.exe	Added by the ANAKHA VIRUS!
ShellOS	X	A+++.exe	Added by the WIN32.VB.AV keylogger TROJAN!
ShellRun	X	lexplore_.exe	Added by the Troj/MSNOpt-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Shellspl	X	lsas.exe	Added by the TROJ/YALER-A TROJAN!
Shellspl	X	spools.exe	Added by the PROXAGE-A TROJAN!
shellsystem	X	shellsystem.exe	Added by the UPCHAN TROJAN!
shhost	X	shhost.exe	Added by the BACKDOOR.WIN32.AGENT.CE TROJAN!
shicoxp	N	shicoxp.exe	Installed with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer.
Shine	X	Shine.exe	Added by the HAPPYLOW or W32/Nishe-A VIRUS!
SHINITV	?	SHINITV.exe	?
Shmgrate.exe	X	ibot4.exe	Added by the GASTER VIRUS!
shockmachinereminder	N	SmReminder.exe	Shockmachine is an entertainment playback device that lets you save your favorite Shockwave.com titles and play them back in full-screen mode, off-line, anytime. Could be a registration reminder for the trial version
Shockwave	X	csrss.exe	Added by the SNDOG VIRUS! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
Shockwave Init	N	SWINIT.EXE	Part of Macromedia Shockwave. Controls the Shockwave Remote Control Panel. The Remote Control can be activated manually from the Start Menu by locating and selecting Shockwave and then Shockwave Remote under Programs
ShortKeys 99	N	SHORTKEY.EXE	ShortKeys from Insight Software Solutions - allows you to program keys with text strings
Showbehind	X	SHOWBEHIND.EXE	Advertisement display which can be stopped here
ShowFF	X	ShowFF.exe	Added by the Adware.FFToolBar adware toolbar.
ShowIcon_SmartDisk Corporation_USB Card Reade	?	shwicon.exe	Card reader for memory cards from digital cameras. Is it required?
Showme	X	Ruden.vbs	Added by the WM97/Handle-A VIRUS!
ShowWnd	X	ShowWnd.exe	Added by an unidentified backdoor TROJAN!
SHPC32	U	SHPC32.exe	Port monitor for Lexmark printers on a USB connection. Ties in with the Printer Control Program. Features like cancelling a print are unavailable if disabled
ShStatEXE	Y	SHSTAT.EXE	From McAfee VirusScan NT 4.x. Handles program communication among VShield components, displays VShield icon. Can be started automatically or available via Start -> Programs
Shutdownaware	U	shutdownaware.exe	Loaded by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it is connected to your system
ShutDownPro	U	ShutDownPro.exe	ShutDownPro - shutdown, reboot, logoff your System with one mouse click
Si Meter	?	SIMETER.EXE	??
si91e44b	X	rundll32.exe (path) si91e44b.dll,EnableRunDLL32	LZIO.com adware downloader
SIAPRO6	U	sia.exe	Steganos Internet_Anonym privacy software
Sicom	X	Sicom.exe	Added by the NETLIP VIRUS!
SideACT	U	SideACT.exe	SideACT organizer software
Sidebar	X	Sidebar.exe	Searchcentrix hijacker
SideWinderTrayV4 or SWTrayV4	N	SWTrayV4.exe	MS SideWinder game controller system tray icon. This is specific to version 4 of the software. Available via Start -> Programs
SigmatelSysTrayApp	?	stsystra.exe	Related to Sigmatel Appears to come preloaded.
SigX	?	sigx.exe	??
SigXC	X	SigX.exe	SigX is a "dynamic signature image generated based on whatever data your computer sends it though our SigX program. It can display your current Mp3, current OS, Free Ram, your current time and more."
Simcast	N	SimcastAlerts.exe	Simcast is a free service that allows you to subscribe to information on a large variety of topics. Alerts will appear on your desktop when a channel that you have subscribed to has something to say.
SimpLite-MSN	U	SimpLite-MSN.exe	Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service)
Singapore	X	singapore.exe	Adds a blue crescent to the taskbar and when double-clicked displays an adult-content web-site. Also known to drop your internet connection and dial an international telephone number. See here for more information. Must be disabled in MSCONFIG before un-installing or it re-instates itself
SiS Dns	X	dnssvc.exe	Added by the Troj/Dloader-UE TROJAN! Note: This trojan/worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
SiS KHooker	N	khooker.exe	SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
SiS Mpc Service	X	mpcsvc.exe	Added by an unidentified TROJAN!
SiS Tray or sistray	U	sistray.exe	System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System
SiS Windows KeyHook	U	keyhook.exe	SIS graphics cards related: "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings.
SiS7012Utility	Y	SiSAudUt.exe	SiS Corporation sound card driver
SISAM10M	?	SISAM10M.exe	??
SiSAudio	N	MP_S3.exe	WinME patch for an older SiS 961 chipset FERR bug. Enable if you have audio problems
siscolor	U	color.exe	Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board
siService.exe	U	siService.exe	Spam Inspector - anti email spam software
SiSPower	?	Rundll32.exe SiSPower.dll,ModeAgent	Responsible for power management for SIS chipsets - is it required?
SiSSetCDfmt	?	SiSSetCDfmt.exe	Related to a Silicon Integrated Systems Corp (SiS) product?
SISSoundman	?	Soundman.exe	Related to a Silicon Integrated Systems Corp (SiS) product?
SiSSWLED	U	sisswled.exe	System Tray utility for SiS 900 network cards
sistrai.exe	X	sistrai.exe	Added by the PROVA VIRUS!
sistray	X	sistray.exe	Added by the PROVA VIRUS! Note - this resides in C:\Windows\Command
Sistray32	X	remotehost.pif	Added by the W32.Holcas.A WORM!
Sistray32	X	win.bat	Added by the W32/Jupir-C WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Sistray32	X	virus.exe	Added by the Troj/Tometa-C TROJAN!
sistry	X	sistry.exe	Added by the CEBE VIRUS!
SiSUSBRG	N	SiSUSBrg.exe	SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP
sixtysix	X	sixtypopsix.exe	MediaMotor/Popuppers adware downloader
SK51	U	SK51.EXE	SaveKeys keystroke logger/monitoring program - remove unless you installed it yourself!
SK60	U	SK60.EXE	Added by the SaveKeys surveillance software. Uninstall this software unless you put it there yourself.
SK9910DM	U	SK9910DM.EXE	Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
SKDAEMON	U	SKDAEMON.EXE	Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
skinkers	U	skinkers.exe	Selection of desktop messaging/marketing tools with celebrity tie-ins including MTV's "Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here
sks-32	X	SKS32P~1.EXE	SpyKeySpy logs keystrokes and sends the stolen information to a configurable email address.
SkyBlaster Scheduler	Y	SSFSch.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
skynetave.exe	X	skynetave.exe	Added by the SASSER.D VIRUS!
SkynetRevenge	X	winlogon.scr	Added by the W32.NETSKY.AA WORM!
Skype	N	Skype.exe	"Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"
SkySurfer Management Service	Y	SmaServ.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
sl4 rules	X	rbot32.exe	Added by the W32/SDBOT-QC WORM!
Slayhacker734	X	slay7383.exe	Added by the Troj/SikBot-A TROJAN! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
SleepManager	N	SleepMgr.exe	This program locates free contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate mode
SlickRun	U	sr.exe	"SlickRun is a floating command line utility for Windows. It gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL"
slide	X	Iexplore.exe	Added by the GASLIDE VIRUS! Note - this is not the valid Internet Explorer file "iexplore.exe"
slimp3	N	SliMP3 Server.exe	Slimp3 Server - "presents an entirely new way of accessing and enjoying your music collection. Instead of storing your music on CDs or memory cards, the SliMP3 uses your home network to access the music stored on your PC"
Slingshot	N	SLINGS~1.EXE	Atomica Slingshot - "reference tool with access to dictionary and encyclopedia terms, bios, technical terms, history, geography, and much more"
SlipStream	U	slipcore.exe	Sliptstream Web Accelerator
slmss	X	slmss.exe	SeekSeek search hijacker related - as seen here
sload	X	sload.exe	Win SynchroAd adware, also detected as TROJ/DLOADER-QG TROJAN!
slvchost32	X	slvchost32.exe	Unidentified worm or trojan
sm	X	sr_exe.exe	Added by the LUKUSPAM TROJAN!
sm	X	sm_exe.exe	Added by the OLFEB.A TROJAN!
sm	X	sa_exe.exe	Added by the OLFEB.A TROJAN!
sm	X	sf_exe.exe	Added by the OLFEB.A TROJAN!
SM1BG	?	SM1BG.EXE	USB driver for downloading from within Napster to portable MP3 players. Is it required to run at startup or can it be run manually?
Sm56acl	N	sm56hlpr.exe	Helper utility for Motorola based SM56 software modems - resides in the System Tray
sman	X	app**.tmp ( = digit)	Unidentified adware
Smapp	N	smtray.exe	System Tray access for the Compaq/ADI SoundMAX integrated digital audio controller
Smart Card Service	N	ScardSvr.exe	For Smart Card readers. Known to cause problems, especially for Windows 2000 users - see here. Probably not required unless you use such a device regularly
Smart Connect Monitor	U	SCMon.exe	Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Smart Connect Setup	U	SCSetup.exe	Appears on a Sony Vaio. Smart Connect Version 2.1 enables data transfer between Vaios via i.LINK cable. Smart Connect supports File and Printer Sharing for MS networks. You can copy files from your Vaio to another Vaio or print using a printer connected to a remote Vaio
Smart Label O Server	N	ssloserv.exe	Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Smart Label O Server	N	ssloserv.exe	Part of the printer software for the smart-label printer made by Seiko. Can reportedly be disabled safely.
Smart Label RFViewer	N	SSLFVIEW.EXE	Part of the printer software for the smart-label printer made by Seiko. Can be disabled safely
Smart Type Assistant	N	sta.exe	Smart Type Assistant - a complex typing automation tool, intended to make your work faster and safer
Smartalec	U	pcaccel.exe	Smartalec PC Accelerator - system optimization utility
SmartBarXP	N	SmartBarXP.exe	SmartBarXP is a bar that runs down the side of your screen, and can be configured to display interactive panels known as 'panes'. These panes include media players, slideshow and image viewing panes, a virtual desktop manager, and live news, weather and stock feeds to mention but a few
sMaRTcaPs	N	SMARTC~1.EXE	sMaRTcaPs from Phoebus LLC - enables you to configure the time needed to depress Caps Lock, Num Lock & Insert keys
Smarthruengine	U	QS.exe	Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers
SmartPCXL	U	pcaccel.exe	Smartalec PC Accelerator - system optimization utility
SMax4	N	SMax4.exe	System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
SMax4PNP	U	SMax4PNP.exe	SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
smbdpmi	?	smbdpmi.exe	IBM Netfinity Director and Universal Management Services related. What does it do and is it required?
smcserv	X	winsrv.exe	Added by the W32/AGOBOT-OU WORM!
SmcService	Y	smc.exe	Sygate Personal Firewall
Smcsta.exe	?	Smcsta.exe	SMC Networks wireless PCI card driver. Is it required?
SmcSVR	X	SmcSVR.exe	Added by the LEGMIR.JU TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Smith Micro try	N	smiptray.exe	Smith Micro shared files. Comes with D-Link web cam
SmoothView	N	SmoothView.exe	TOSHIBA Zooming Utility - allows "automatic" zoom feature in some appications, like IE, MS-Office, WMPlayer, Adobe-Reader and also desktop icons.
smres	X	smres.exe	Added by W32/Agobot-UA WORM!
SMS Application Launcher	U	LAUNCH32.EXE	Microsoft Systems Management Server - used to manage computers on a network remotely
SMS Client Service	U	clisvc95.exe	When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)
Sms System32	X	SmsSystem32.exe	Unidentified malware
SMS Win9x Message Agent	U	SMSMsg.exe	This program assigns a user to a Systems Management Server site
Smserial	Y	sm56hlpr.exe	Motorola based modem driver
SMSI Loader	N	SMLoader.exe	Smith Micro HotFax - fax software
smsm	X	smsm.exe	Added by the Troj/Banker-CO Trojan!
smsrv	X	smsrv.exe	Added by the W32/Agobot-SX Worm!
smss	X	(path to smss.exe)	Added by the ALADINZ.F VIRUS! Note - this is not the legitimate Smss.exe system file should normally NOT figure in Msconfig/Startup!
SMSS	X	SMSS.EXE	Added by the Troj/Borobot-K or Troj/Subot-D TROJAN! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Smss	X	ssms.exe	Added by the RBOT.OP WORM!
smssLevel4	X	smss.exe	UNidentified malware - NOTE - this file is placed in a C:\Program Files\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4 folder, and should NOT be confused with the legitimate Windows smss.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
SMSSS	X	smsss.exe	Added by the SDBOT.ZD WORM!
SMSSS Loader	X	smsss.exe	Added by the AGOBOT.MQ WORM!
SMSSU	X	SMSSU.EXE	Hijacker, detected by Norton antivirus as Trojan.StartPage.O
smsys	X	Explorer.exe	Added by the CLICKER-C VIRUS! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in a C:\Windows\Template or C:\Winnt\Template subdirectory
smsys	X	vi.exe	Adult content dialler
Smt	U	SMT.exe	Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself!
SMToolbar	N	SMToolbar.exe	StartMake.com toolbar
SMTP32 Mailing Protocol	X	smtp32.exe	Added by a variant of the WIN32.RBOT WORM!
SmWizard	?	SmWizard.exe	SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?
SN Messenger	X	msnmsgr.exe	Added by the W32/Rbot-AVP WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
snapple	X	snapple.exe	Added by the W32/FORBOT-EG WORM!
snbr	?	snbr.exe	??
snbupt	X	snbupt.exe	UpSpiralBar adware component
sncntr	X	sncntr.exe	Added by the Troj/Dluca-I TROJAN!
SNCT511	?	vsnct511.exe	Unidentified "Snapshot Viewer"- what does it do and is it required?
snd332	X	snd332.exe	Added by the "B1ld0" AIM WORM!
Sndcompat	X	Sndcompat.exe	Added by the GEMA TROJAN!
SNDMon	U	SNDMon.exe	Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadates but probably requireD if you leave them to run automatically - hence the "U" recommendation
SndPnpMix	X	wauctlxp4.exe	Added by the WIN32.MUDROP.N TROJAN!
Sndsaver	X	Sndsaver.exe	Added by the GEMA TROJAN!
sndsrvc	?	SNDSRVC.EXE	Part of Norton Personal Firewall and Norton Internet Security - what does it do and is it required?
SNInstall	X	[various file names]	Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
Snippet	U	SnippingTool.exe	The Snipping Tool (part of the Experience_Pack for Tablet PC) allows you to easily "cut out" anything on screen and share it with other people. The whole screen becomes an "inkable" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later, or send it to someone else in an e-mail message.
SNP Generic Host Process	X	svchost.exe	Added by the Troj/Zapchas-O TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
snpstd	?	vsnpstd.exe	Sonix PC Camera Monitor MFC Application - what does it do and is it required?
SNPSTD2	?	vsnpstd2.exe	CameraMonitor MFC Application. Appears to be related to a USB connection to a digital camera -is it required?
Snsicon	N	Snsicon.exe	Launches a screensaver program from Second Nature
SNSS.EXE	X	SNSS.EXE	Added by the Dialer.Nunci premium dialer.
SO5 Integrator Pass One	?	sointgr.exe	StarOffice 5. See here for more details
SO5 Integrator Pass Two	?	sointgr.exe	StarOffice 5. See here for more details
Soar	X	Rwon.exe	PurityScan/Clickspring adware
Social Security Agency	X	rpcxsocsa.exe	Added by a variant of the WIN32.RBOT WORM!
Sock32	X	sock32.exe	Added by the SDBOT WORM!
SoDA Startup	Y	SodaStartup.exe	Used by the Rational SoDA project management tool. Unsure of it's actual purpose but it's recommended you leave it enabled if you use the software
soffice	N	SOFFICE.EXE	Displays StarOffice quick start applet in System tray. Right clicking on the icon allows rapid starting up of components of the StarOffice 6.0 suite. Available via Start -> Programs. Automatically started when any StarOffice 6.0 component is started from the Start -> Programs. A resource hog (it eats > 16 MB of memory).
Soft Profile Inc	X	hxdef.exe...	Added by a variant of the LOVGATE WORM!
softIce Update 32	X	wininits.exe	Added by the W32/Rbot-ANB WORM! Note: This worm/trojan file is found in the Windows or Winnt folder.
SoftickPPP	U	PPPGate.exe	Softick_PPP is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer.
SOFTinst	Y	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
SoftStuff Wallpaper Changer	U	softstrt.exe	AzureBay wallpaper changer
Software	X	software.exe	Added by the TROJ/CRABTON-B downloader TROJAN!
Solo Sentry	Y	Solosent.exe	Solo Antivirus
SoloSchedule	U	Solocfg.exe	Scheduler for Solo Antivirus. Leave enabled unless you scan manually on a regular basis
SoloSysCheck	U	Syscheck.exe	Solo_antivirus System Integrity Check - Monitors system registry, system.ini, win.ini and startup to protect you from new Internet Worms and Backdoors.
somatic	X	somatic.exe	Searchcentrix hijacker
Sonic A3D Control	N	vrtxctrl.exe	Sound related options
Sonic RecordNow!	X	smsc.exe	Added by a variant of the W32/SDBOT WORM!
SoniqueQuickStart	N	sqstart.exe	Quickstart for Sonique audio player. Available via Start -> Programs
SonnReg	?	SonnReg.exe	Part of E-Color 3Deep for color calibration. Possibly a registration reminder?
SonudMan	X	SonudMan.exe	Added by the Trojan.Startpage.Q or Troj/StartPa-HN TROJAN! Note: This trojan file is found in the Windows or Winnt folder. Should not be confused with (soundman.exe) which is a SIS and Realtek file.
SonudMon	X	SonudMon.exe	Added by the Troj/Lewor-J TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
SonyPowerCfg	?	SPMgr.exe	Related to Sony Power Management for VAIO Computers - is it required?
Soot	?	rcea.exe	??
sophagnt	?	sophagnt.exe	Possibly related to Sophocles Screenwriting Software?
SOS	X	SOS.exe	Added by the PHILLIS VIRUS!
SOS SQL Database	N	scm.exe	SQL Server Service Control Manager. Available via Start -> Programs
SoSyncMonitor	?	SoSyncMonitor.exe	SuperOffice related. What does it do and is it required?
Sound Loader	X	sndloader.exe	Added by the AGOBOT-BV WORM!
Sound services	X	SOUND32.EXE	Added by the AGOBOT.GG WORM!
Sound System	X	WinSound1.exe	Added by an unidentified worm or trojan infection
soundcontrl	X	soundcontrl.exe	Added by the GAOBOT.AFJ WORM!
sounddrv	X	sndbdrv3104.exe	CoolWebSearch parasite related.
SoundFusion	?	rundll32 cwcprops.cpl	Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?
SoundFusion	?	rundll32 hercplgs.cpl, BootEntryPoint	Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?
SoundFusion	?	RunDll32 cwaprops.cpl,CrystalControlWnd	[Control panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?
soundman	N	soundman.exe	System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
SOUNDMAN Microsoft Help	X	soun.pif	Added by the W32/RBOT-AIU WORM!
SoundMAX	U	SMax4.exe	System Tray icon for SoundMax integrated sound. Sound properties can be accessed through the Start Menu or Control Panel
SoundMAX	X	SoundMAX.exe	Added by the W32/RIZON-A WORM! - NOTE - this file is placed in the Startup folder itself, and has NO relation to SoundMax sound cards!
SoundMAXPnP	U	SMax4PNP.exe	SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
SoundMixer	X	smvss.exe	Added by the TROJ/DEDLER-G TROJAN!
Soundmx	X	Soundmx.exe	CoolWebSearch parasite related.
soundtask	X	soundtask.exe	Added by the AGOBOT.VQ WORM!
soundtask	X	soundtask.exe	Added by the AGOBOT-MD WORM
soundtasks	X	soundtasks.exe	Added by a Crypter.C trojan variant infection
soundtctrls	X	soundtctrls.exe	Added by the W32/Agobot-ZV WORM!
SoundView	X	msdview32.exe	trojan downloader
sounofts	X	sounofts.exe	Added by the W32/Agobot-ND WORM!
sountskmanager	X	sountaskmgr	Added by an unidentified WORM or TROJAN!
SourcePath	N	gwreg.exe	Used to update Gateway registry settings for System Restoration Kit and Web update programs
sp	X	sp.reg	IE search hijacker - changes the default search to http://www.gocybersearch.com/
sp	X	regedit-s .... sp.dll	Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix
sp	X	rundll32 [path] se.dll,DllInstall	Added by the StartPage.M TROJAN, a CoolWebSearch parasite variant
sp	X	rundll32 (Path to Trojan DLL),DllInstall	Added by the Troj/Ablank-W and Troj/Ablank-Z TROJANS!
SP TimeSync	U	SP TimeSync.exe	SP TimeSync lets you synchronize your computer's clock with any Internet atomic clock (time server).
SP00LSV	X	Sp00lsv.exe	Added by the GRAYBIRD.E VIRUS!
SP2 Connection Patcher	?	SP2ConnPatcher.exe	Unidentified - possibly part of the "Warez" P2P client software what does it do and is it required?
SP2 Connection Patcher	U	SP2ConnPatcher.exe	Changes limit of concurrent TCP connections of Windows Service Pack 2.
SP2 data	X	[path] repcale.exe [path] apc.exe	Added by a variant of the RANDON.AN WORM!
SP2 Firewall/Internet Updater	X	crssrs.exe	Added by the RBOT.BJO WORM!
sp2chk.exe	X	sp2chk.exe	Added by the Aluroot.A TROJAN!
SP2ConnPatcher	?	sp2connpatcher.exe	Unidentified - possibly part of the "Warez" P2P client software what does it do and is it required?
sp2ctr	X	sp2ctr.exe	Added by a Troj/Dluca-M trojan infection
sp2update	X	sp2update.exe	ADWARE! Adware.SP2Update Tracks URLs visited and search terms entered into Internet Explorer.
Spam Blocker for Outlook Express	X	SBInst.exe	HotBar related
Spam Sleuth	U	SpamSleuth.exe	Spam Sleuth E-mail spam detection program
SPAMfighter Agent	U	SFAgent.exe	SPAMfighter anti email spam filter
spamihilator	U	spamihilator.exe	Spamihilator spam filter
SpamPal	U	spampal.exe	SpamPal - anti-spam tool
SpamSubtract	U	SpamSubtract.exe	Intermute SpamSubtract - junk email detection and removal program
spc_w	N	hcm.exe	NetZero Search Enhancement related
spc_w	N	blspc.exe	NetZero Search Enhancement related
spc_w	N	nzspc.exe	NetZero Search Enhancement related
Spdstart	N	Spdstart.exe	Norton Utilities Speed Start. "This feature optimizes the start up speed of launching applications, such as Word and Excel."
Speaking Clock Deluxe	U	SpClDlx.exe	Speaking Clock Deluxe - turns your computer into a speaking clock with several languages. It can also keep track of up to 50 alarms that can be set to a time and a date, and be repeated daily, weekly, monthly and yearly
Special Firewall Service	X	avguard.exe	Added by the W32.NETSKY.G WORM!
SpecialOffers	X	SpecialOffers.exe	SpecialOffers adware
SpecialOffers	X	SpecialOffers.exe ( = digit)	SpecialOffers adware
specific	X	specixic.exe	Added by a variant of the W32/SDBOT WORM!
Speed racer	N	CTSRReg.exe	Software for a Creative sound card
Speed Tec	U	speedtec.exe	Accel SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the Internet Protocol settings in the Windows registry to speed downloads on all modems. If you find this improves your connectivity and download speeds leave this enabled
SpeedBoss	X	(worm filename)	Added by the OPASERV.AD VIRUS!
Speedkey	U	SPEEDKEY.EXE	Additional keyboard shortcuts on MS programmable keyboard
SpeedMeter	U	SpeedMeter.exe	Application measuring upload and download speed
SpeedOptimizer	U	spo.exe	SpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing, streaming, downloading, uploading and e-mail communication.
SpeedswitchXP	U	SpeedswitchXP.exe	SpeedswitchXP is a CPU frequency control for notebooks running Windows XP
Speedtouch USB Diagnostics	U	Dragdiag.exe	For an external Alcatel ADSL high-speed modem. A diagnostic tool and can be run from the Start menu when required. The only reason it might be useful on startup is if you like seeing an \'at-a-glance\' status indicator on the taskbar (the icon is a different colour depending on the status of the device/line)
SpeedUpMyPC	U	SpeedUpMyPC.exe	SpeedUpMyPC "automatically fine-tunes all your resources including hardware, system settings and internet usage to operate at peak performance at all times."
Spees1	X	speedy.scr	Added by the OPASERV.Y VIRUS!
Spees2	X	Speedy.bat	Added by the OPASERV.AD VIRUS!
Spees3	X	SPEEDY.PIF	Added by the OPASERV.AD VIRUS!
Spellex Anywhere	N	sa.exe	Spellex-Anywhere - adds spell checking functionality to almost any Window program. Create a shortcut and run manually before it's to be used
SpIDerMail	Y	spiderml.exe	DrWeb antivirus Spider Mail e-mail scanner
Spinner Plus	N	spinner.exe	"Spinner Plus lets you listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus uses RealNetwork's G2 technology to provide high-quality online audio. The technology adjusts the audio streaming to match your Internet connection speed, which helps eliminate sound distortion or choppiness". Available via Start -> Programs
SPINX	X	OXNEY.B.VBS	Added by the VBS.YENO.C WORM!
SPnt	X	SPnt.exe	Premium rate adult material dialer
SpokeSysTray	U	SpokeSysTray.exe	Spoke_Software client application. Spoke "uses data in your e-mail and other enterprise information systems to discover the existing relationships of people in your enterprise. It then builds a private, secure relationship network for each user without any additional manual data entry."
spolsvr2	X	spolsvr2.exe	Added by the Win32/Evilsock.10 TROJAN! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
spoo1sv	X	spoo1sv.exe	Added by the SOULJET VIRUS!
Spool	X	[path to file]	Added by the RANKY.R TROJAN!
Spool	X	msvc.exe	Added by the RANKY.R TROJAN!
Spool	X	wys.exe	WhileUSurf adware component
SPOOL Configuration	X	spoolsvc.exe	W32/Sdbot-KD worm
Spool Loader	X	spool.exe	Added by a variant of the WIN32.RBOT WORM!
Spool LoadKIt	X	spoolv.exe	Added by a variant of the WIN32.RBOT WORM!
Spool lptt01 or Spool ml097e	X	spool.exe	Variant of the RapidBlaster parasite (in a "spool" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Spool Manager	X	spoolsrv.exe	Added by the Troj/Banker-FR TROJAN! Note: This is not the legitimate Windows process spoolsv.exe (Notice the difference in the spelling). This trojan file (spoolsrv.exe) is located in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Spool Server Daemon	X	SPOOLSVD32.EXE	Win32.Rbot worm variant
Spool32	X	pool32.exe	Added by the ASSASIN-F TROJAN!
spoolax	X	(Path of the trojan exe)	Added by the Troj/Perda-D TROJAN!
Spooler Service	X	Spoolsrv.exe	Added by the JOINER.C1 VIRUS!
Spooler Sub System Process	X	SPOOL32.EXE	Added by the YAB.A VIRUS!
Spooler Subsystem	X	spoolsub.exe	Added by the W32/SDBOT-ABG TROJAN!
Spooler SubSystem App	X	spoolsvc.exe	Added by the W32/POEBOT-J WORM! Note: Spoolsvc.exe is not the legitimate Windows Process. (Notice the difference in the spelling.) The legitimate Windows Process (spoolsv.exe) should not be seen in Msconfig or as a Startup item...Also search for fccj.bat if found this is the W32/Poebot-M variant.
Spooler SubSystem App	X	spooIsv.exe	Added by the W32.LINKBOT.M WORM!
Spooler SubSystem Application	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Spooler SubSystem Application	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Spooler SubSystem Application	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Spooler SubSystem Application	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Spooler SubSystem Application	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Spooler SubSystem Application	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Spooler SubSystem Application	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Spooler SubSystem Application	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
Spooler Subsytem App	X	spoolsvc.exe	Added by the TROJ/SDBOT-MM WORM!
SpoolerSubSystemProcess	X	SpooI32.exe	Added by the SPY.EHKS.21 VIRUS! Note - the "I" between "o" and "3" is a captial "i" not a lower case "L"
Spools Service Controller	X	spools.exe	Added by the W32/KASSBOT-C and W32/Kassbot-E WORMS !
spoolserv	X	spoolserv.exe	Added by a W32/Sdbot-PN worm infection
SpoolService	X	spolsv.exe	Added by the W32/AGOBOT-CS WORM!
Spoolsv	X	Spoolsv.exe	Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
spoolsv	X	scvhosts.exe	Added by the TROJ/SMALL-AW TROJAN!
spoolsv manager	X	"%Windir%\SpoolMgr.exe"	Added by the W32.Assiral WORM!
spoolsv service	X	spoolsv32.exe	Added by the W32/RBOT-AHP WORM!
SPOOLSV32	X	SPOOLSV32.EXE	Added by the TROJ/CWS-I or Troj/Hazif-B TROJAN!
spoolsvc	X	spoolsvc.exe	Added by the TROJ/DROPPER-AT TROJAN!
spoolsvr32	X	csmss.exe	Added by the AGENT-AU TROJAN!
spoolsvr32	X	csmss32.exe	Added by a variant of the AGENT-AU TROJAN!
spoolsvs.exe	X	spoolsvs.exe	Added by the Troj/Dloader-RK TROJAN!
SPOOLSVU	X	SPOOLSVU.EXE	Added by the StartPage.K TROJAN!
spoolsvv	X	spoolsvv.exe	Searchcentrix hijacker
Spoolvs	X	spoolvs.exe	Added by the SDBOT.AUS WORM!
Spore	X	MsNews.vbs	Added by the VBS.SORPE.A WORM!
Spore.b	X	Scmhlpr.vbs	Added by the VBS.SORPE.B WORM!
SPP	?	run.exe	??
spp	X	regedit -s spp.reg	IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/
sppbridge	?	sppbridge.exe	Associated with an Anycom bluetooth wireless card on laptops - used for printing to portable printers for example. Is it required or can it be started manually?
SprintPort	?	SprintPortA.exe	Novatel wireless modem related. What does it do and is it required?
SPSTEALT	U	SmartProtectorPro.exe	Smart Protector Pro - internet privacy tool that erases tracks, MRU lists, etc
spstore	?	storesp.exe	Softprobe is a program designed to provide managers with an analysis of an individuals computer use who are under their supervision. This program is NOT related to Winpup.
Spy Blocker	U	spyblocker.exe	SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all
Spy Sweeper Fix	Y	SpySweeperFix.bat	Related to Webroot_SpySweeper
Spy-Control	X	Spy-Control.exe	"Spyware remover" of dubious repute - see this list of non-recommended anti parasite software
Spy-Keylogger	U	skl.exe	SpyKeylogger is a security risk that records keystrokes. If you didn't install it yourself remove it.
SpyBan	X	SpyBan.exe	"Spyware remover" of dubious repute - see this list of non-Recommended anti parasite software
SpyBlast	X	SpyBlast.exe	Spyware killer that is in effect autoinstalled foistware, targeted by SpyBot, among others
SpyBlocker	U	spyblocker.exe	SpyBlocker blocks the communications of spyware installed on a PC so spyware runs but can't exchange data with the server to which it should report. Ensuring spyware can't communicate is important, as you may find after using Ad-Aware that some applications containing spyware subsystems may not run correctly or at all
SpyBlocs	X	SpyBlocs.exe	Rogue anti-spyware program.
SpyBlocs	X	GLFF.exe	Rogue anti-spyware program.
SpyBlocs3.0	X	SpyBlocs3.0.exe	Rogue anti-spyware program.
SpybotSD TeaTimer	U	TeaTimer.exe	Spybot - Search & Destroy - free multi-spyware removal tool from Patrick Kolla. TeaTimer.exe monitors certain changes to the registry and notifies when browser plugins and activeX controls get installed, allowing you to block/reverse this.
SpyBotSnD	U	Spybotsd.exe	Spybot - Search & Destroy - free multi-spyware removal tool from Patrick Kolla
Spybott lptt01 or Spybott ml097e	X	spybott.exe	Variant of the RapidBlaster parasite (in a "Spybott" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
SpyCop ScanCheck	U	MAIN.EXE	SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
SpyEx	X	Winllogo.exe	Added by the W32/PrsKey-A WORM!
SpyHunter	N	Spyhunter.exe	SpyHunter - spyware remover of somewhat dubious repute; see note
Spykiller	U	Spykiller.exe	Shareware "Spyware remover" of questionable quality and repute. There are better alternatives that are freeware to boot. See this page on Rogue/Suspect Anti-Spyware Products & Web Sites
SpyNuker	X	Spynuker.exe	A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers �TrekData� and �Blue Haven Media�, who distribute spyware through ActiveX drive-by-download on web pages
SpySheriff	X	SpySheriff.exe	SpySheriff malware
SpySpotter	N	SpySpotter.exe	"Spyware remover" of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites
SpyStopper	U	spystopper.exe	SpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked
SpySubtract	U	SpySub.exe	SpySubtract - multi spyware removal tool
SpySweeper	U	SpySweeper.exe	Spy Sweeper - detects and removes spyware
SpyTrooper	X	SpyTrooper.exe	SpyTrooper, malware, posing as a spyware remover - alse see here
Spyware	X	Spyware.exe	BPS Spyware Remover - reportedly uses an old, "borrowed" SpyBot database. Read this and this. Do not support these guys!
Spyware Begone	N	SpywareBegone.exe	Spyware BeGone - free spyware removal utility; not recommended; see note
Spyware Begone	N	freescan.exe	Spyware BeGone - free spyware removal utility; not recommended; see note
Spyware Cleaner	X	SpywareCleaner.Exe	"Spyware remover" of dubious repute - see the SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites
Spyware Doctor	U	spydoctor.exe	Spyware_Doctor spyware remover
Spyware Doctor	U	swdoctor.exe	Spyware_Doctor spyware remover
Spyware Guard Control Panel	U	spywar~1.exe	"SpywareGuard provides a real-time protection solution against spyware"
Spyware Nuker	X	swn2.exe	A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers �TrekData� and �Blue Haven Media�, who distribute spyware through ActiveX drive-by-download on web pages
Spyware Nuker Installer	X	SpywareNukerInstaller.exe	A "spyware removal program" by TrekBlue, which is being heavily advertised through junk e-mail from its affiliates and misleading fake-dialogue-box web advertising. This is the same company as E-mail marketers �TrekData� and �Blue Haven Media�, who distribute spyware through ActiveX drive-by-download on web pages
Spyware remover	X	Remove_spyware.exe	Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related!
Spyware Scanner	N	AseScanner.exe	Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
SpyWare Shield	U	Shield.exe	Acronis Privacy Expert Spyware_Shield prevents spyware and other suspicious programs from being installed on desktop PCs and laptops.
Spyware Slayer	X	SpywareSlayer.Exe	"Spyware remover" of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites
Spyware Stormer	N	SpywareStormer.Exe	SpywareStormer spyware remover; not recommended: see here
Spyware Vanisher	X	FreeScanner.exe	"Spyware remover" of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites
Spyware X-terminator	U	SpywareX.exe	Spyware_X-terminator spyware remover
Spyware-Cop	X	Spyware-Cop.exe	Spyware-Cop alias SpywareKilla - "Spyware remover" of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites
SpywareGuard	U	sgmain.exe	"SpywareGuard provides a real-time protection solution against spyware"
SpywareGuard	X	deinst_qfe001.exe	Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application as described here
Spywareguard lptt01 or Spywareguard ml097e	X	Spywareguard.exe	Variant of the RapidBlaster parasite (in a "Spyguard" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
SpywareGuardPlus	X	winmm64.exe	"Trojan.Win32.StartPage.ht" homepage hijacker
SpywareKilla	N	SpywareKilla.exe	Spyware remover of ill repute. For more info about it do a search for 'SpyareKilla' at this web page on "Rogue/Suspect Anti-Spyware Products & Web Sites"
SpywareNo	X	SpywareNo.exe	Bogus "Spyware remover" - see the SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites
SPYWATCH	U	SpyWatch.exe	BPS Spyware Remover - reportedly uses an old, "borrowed" SpyBot database. Read this and this. Do not support these guys!
SQConfigChecker	X	cc.exe	Xupiter SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants
SQInstaller	X	SQInstaller.exe	Xupiter hijacker
SQL Server	N	scm.exe	SQL Server Service Control Manager. Available via Start -> Programs
SQL Server Service	X	sql.exe	Added by the W32/Rbot-ADF
sqservices	X	wins32.exe	Added by the Troj/Progent-B TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
SQUpdatesChecker	X	uc.exe	Xupiter SQWire variant - adware and homepage hijacker. Note - cannot be removed via the Xupiter website in the same way as other Xupiter variants
sqvynikp	X	sqvynikp.exe	Free_Scratch_Cards foistware
sr1exe	?	updtSup3.exe	Found on a Dell computer, in a Documents and Settings\All Users\Application Data\Dell\Alert2 subfolder
sr64	X	********. exe	Adware, as yet unidentified
SrchfstUpdate	X	srchupdt.exe	SearchFast adware downloader
sre	X	rundll32.exe sre.dll,Register	CoolWebSearch parasite variant, also detected by Kaspersky antivirus as Trojan.Downloader.Agent.Fc
SRFirstRun	?	rundll32 srclient.dll,CreateFirstRunRp	Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. - does this indeed need to run at every bootup?
Srmclean	U	srmclean.exe	Srmclean helps in the installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax Integrated Digital Audio. According to Compaq - "If you disable the entry from loading into startup, then you will not be able to use the features of the sound card"
SRNG	X	srng.exe	Search hijacker - see here
SRP Startup	U	srrpro.exe	System Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium "features." This is enabled if you tick the "Remove unnecessary System Restore information on startup" box. Available via Start -> Settings -> Control Panel
SRS Applet	Y	SrsTray.Exe	S3 Sonic Vibes sound card drivers - if disabled you loose sound
srshost.exe	X	srshost.exe	Added by a variant of the RBOT-ASW worm! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Srv RPCrom	X	NClienti386.exe	Added by the W32.Watsoon.A TROJAN!
Srv32	X	Srv32.exe	Added by the OPASERV.J VIRUS!
Srv32	X	Srv32.exe	Added by the OPASERV.S VIRUS!
srv32	X	srv32.exe	Added by the W32/AGOBOT-AMI WORM!
Srv32 spool service	X	runsrv32.exe	Topantispyware.com malware, recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b
Srv32 spool service	X	spoolsrv32.exe	Added by the SPYRE.B and Troj/Dloader-ON TROJANS!
Srv32 spool service	X	(Trojan file path)	Added by the Troj/Dloader-LB TROJAN!
Srv325	X	Srv325.exe	Added by the W32/AGOBOT-PR WORM!
Srv32Old	X	.PIF	Added by the OPASERV.J VIRUS! where <filename> is the original worm name
Srv32Win	U	SpyAgent4.exe	SpyAgent - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
Srv32Win	U	Svchost.exe	Realtime-Spy keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn\'t treat it as "X" and uninstall or remove
Srv32Win	U	sysdiag.exe	NetVizor surveillance software - uninstall this software unless you put it there yourself!
srv32win	U	win16dll.exe	Screenspy captures screenshots silently. If you didn't install this yourself, remove it.
Srvce Pack Updte	X	svcpack.exe	Added by a variant of the WIN32.RBOT WORM!
srvexc.exe	X	srvexc.exe	Added by the BACKDOOR.SERVSAX TROJAN!
srvprc	U	srvprc.exe	Added by the Spyware.ActMon surveillance software. Uninstall this software unless you put it there yourself.
SsAAD.exe	?	SsAAD.exe	Sony SonicStage software related - "Atrac Hard Disk Monitor" - what does it do and is it required?
ssate.exe	X	irun4.exe	Added by the BEAGLE.J WORM!
ssate.exe	X	winsys.exe	Added by the BEAGLE.K WORM!
SSBkgdUpdate	N	SSBkgdupdate.exe	ScanSoft OmniPage auto updater. Can be disabled using the main program's options.
SSC Service Utility	U	ssc_serv.exe	SSC Service Utility is a printer utility for refilled Epson cartridges
SSCFBTN.EXE	U	SSCFBTN.EXE	Samsung smarthru software,used with Lexmark Z82 or Samsung multifunction printers
SSCFBTN.EXE	?	SSCFBTN.EXE	Samsung Scanner or Printer related - what does it do and is it required?
SSC_UserPrompt	?	UsrPrmpt.exe	Part of Symantec (Norton) Security Centre - but what does it do and is it required?
Ssd	Y	Std.exe	Stealthdisk - file and folder hiding/locking utility
ssdiag	?	ssdiag.exe	Equinox"Configuration and DOS Diagnostic for DOS and Windows platforms"
SSDPSRV	N	ssdpsrv.exe	Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play
ssgrate.exe	X	system.exe	Added by the MITGLIEDER.C VIRUS!
ssgrate.exe	X	irun.exe	Added by the MITGLIEDER.D VIRUS!
ssgrate.exe	X	irun4.exe	Added by the MITGLIEDER.F VIRUS!
ssgrate.exe	X	sysdoor.exe	Trojan.Mitglieder.N
ssgrate.exe	X	winerdir.exe	Added by the MITGLIEDER.O VIRUS!
ssgrate.exe	X	winsystems.exe	Added by the TROJ/BAGLEDL-J TROJAN!
ssgrate.exe	X	wintems.exe	Added by the Trojan.Mitglieder.Q Trojan!
SSh32	U	SSh32.exe	2Spy keystroke logger/monitoring program - remove unless you installed it yourself!
SSK Service	X	winssk32.exe	Added by the SOBIG.E VIRUS!
SSL	X	svchost.exe	Added by an unidentified VIRUS!
ssmmgr	U	ssmmgr.exe	Samsung printer monitor - for checking ink levels, etc.
ssms.exe	X	SSMS.EXE	Added by the W32.GISMOR WORM!
SSPY	U	SSYTEM.EXE	SurfingSpy keystroke logger/monitoring program - remove unless you installed it yourself!
sssasasb32	X	sssasasb32.exe	Added by the WIN32.TACTSLAY.F TROJAN!
sstata	X	dwdas.exe	Added by the Dasda trojan
sstata	X	(Path to Trojan exe)	Added by the Troj/Ranck-DF TROJAN!
SStb.exe	X	SStb.exe	Adpowerzone.com "ServerSide" keyword hijacker
sstray	N	sstray.exe	nVidia nForce Taskbar Utility - quick access to the nForce2 "Sound Storm" control panel and related utilitys
SSUpdate	X	SSUpdate.exe	DyFuCa/MoneyTree parasite variant
ssvchost	X	ssvchost.exe	Added by the HELIOS.B VIRUS!
SSWPlauncher	X	comet.exe /app:SSWPlauncher	CometCursor by Comet Systems
Stacmon	N	Stacmon.exe	Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects
standalone.exe	X	"standalone.exe"	Added by W32/AGOBOT-ADS WORM!
Stardust Screen Saver Control 2003	N	SCMain.exe	Related to Stardust_Software Screen Saver Control 2003
Stardust Wallpaper Control 2003	N	WCMain.exe	Related to Stardust_Software Screen Saver Control 2003
StarSkin	U	starskin.exe	StarSkin allows you to change the view and appearance of your Windows XP box with the use of publically available themes.
Start	Y	Quick95.exe	For a Nisis G6 USB Graphics Tablet. Re-enables itself if disabled therefore best left alone
Start	X	windows.vbs	Homepage hijacker
start	?	start.exe	??
Start aThx Roll	X	f0mered.exe	Added by the RBOT.AAV WORM!
start extracting	X	spoolvse.exe	Added by the W32/RBOT-XF WORM!
start extracting	X	spoolvs.exe	Added by the RBOT.AKC WORM!
Start Getright	N	getright.exe	See Getright Tray Icon
Start It Upping	X	svchosets.exe	Added by a variant of the WIN32.RBOT WORM!
Start Page	X	http://find.naupoint.com	Naupoint browser hijacker
Start Page	X	svcnt32.exe	Homepage hijacker, also detected as Trojan-Downloader.Win32.Delf.ks
Start RF Wireless Keyboard	Y	ktrexe.exe	Yuanxun Electronics RF wireless keyboard driver
Start RF Wireless Mouse	Y	cm20.exe	Yuanxun Electronics RF wireless mouse driver
Start Service	U	upssrv.exe	Cyber Power PowerPanelPlus software. "In the event of a power outage, PowerPanelPlus Software automatically saves and closes all open files, and then shuts down the computer system in an intelligent and orderly manner."
Start Up Cop	U	startcop.exe	StartUp Cop - startup manager
start uploading	X	smsss.exe	Added by a variant of the W32/SDBOT WORM!
Start Upping	X	taskmrg.exe	Added by a W32/Rbot-MA worm infection
Start Upping	X	SVCHOSTES.EXE	Added by the W32/RBOT-NB WORM!
Start Upping	X	taksmgr.exe	Added by the W32/RBOT-QK WORM!
Start Upping	X	mcrt32.exe	Added by a variant of the W32.SPYBOT WORM!
Start Upping	X	windupds.exe	Added by the SDBOT.AFH WORM!
Start Upping	X	windupdts.exe	Added by a variant of the WIN32.RBOT WORM!
Start Upping	X	xdcc.exe	Added by the SPYBOT.OY WORM!
Start Uppings	X	svcchosts.exe	Added by the SDBOT.VY WORM!
Start Uppings	X	mssupdate.exe	Added by a variant of the WIN32.RBOT WORM!
Start Wingman Profiler	N	lwtest.exe, lwemon.exe	Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer, it's best to leave it unchecked
Startacc	U	startacc.exe	Launches Webroot\'s Accelerate 2000 software that "speeds up your Internet connection by up to 300%". Leave enabled if you find it improves internet connection
StartEAK	Y	StartEAK.exe	Easy Access Button Support for Compaq PCs. Required if you use these
StartEAK	U	cpqeadm.exe	Easy_Access Button Support for Compaq PCs. Required if you use these
Starter	X	scvhosting.exe	WORM_SDBOT.RU
starter	X	scvhostingg.exe	Added by the W32/FORBOT-FB WORM!
Starting up	X	wvsvc.exe	Added by a RBOT.QQ worm infection
startkey	X	XMCHAI.EXE	Added by the Troj/Bifrose-AO TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
startl.exe	N	startl.exe	Lingocom LingoWare - translates any application into your language
StartMenu	X	s_menu.exe	Added by the WIN32.TACTSLAY.C TROJAN!
StartMenu	X	deamon.exe	Added by the WIN32.TACTSLAY.C TROJAN!
StartMenu	X	msgaol.exe	Added by the WIN32.TACTSLAY.C TROJAN!
StartMenu	X	browse.exe	Added by the Troj/Drowsy-C TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
startpage	X	startpage.exe	Browser hijacker - redirecting to pages2start.com
STARTPAGE	U	start1.exe	NoSpy.org - prevents spyware from changing your startpage and other browser properties. The start1.exe file is located in a NOSPY.ORG folder.
StartStop	U	STARTSTOP.EXE	StartStop from TFI Technology - startup manager
StartSurfing	U	STARTS.exe	Start Surfing allows you to protect your privacy while surfing and searching the Internet by acting as a "filter" between you and the website you are visiting. Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window Resizing, and scripts that attempt to record your personal information. Available via Start -> Programs
Startup	N	??	Related to an Iomega drive
Startup	X	WinlogonStartup	Unidentified malware
Startup	X	mirc.exe	Added by the Troj/Flood-EU TROJAN! Troj/Flood-EU provides an uninstall option for mirc.exe which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as mIRC. This one puts 10 files in the Windows or Winnt folder.
Startup Configuration	X	[six character filename]	Added by the W32/RBOT-ARV WORM!
Startup Configuration	X	wztoid.exe	Added by the W32/Rbot-ASD WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Startup Launcher GUI	?	GUI.exe	Startup manager?
Startup Manager Scanner	U	StartupMonitor.exe	Startup-Mechanic Startup monitor - offers boot protection of your PC from harmful trojans, adult-dialers, and other scumware.
Startup Update	X	Cvshost.exe	Added by the GAOBOT.AO WORM!
StartupBin	X	iwnujdss.exe	Added by the W32/SDBOT-XZ WORM!
StartupMonitor	U	StartupMonitor.exe	Mike Lin\'s StartupMonitor, throws up an alert and asks your permission every time any change is made to your start-up configuration, either in the registry or start menu
startwin	X	startwin.exe	Added by the W32.ANTIMAN.A WORM!
startwindowskeyuser	X	rundle2.exe	Added by the JAVAKILLER VIRUS!
Stat 'n' Perf	N	StatnPerf.exe	Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes
StatBar	X	STATBAR.exe	StatBar (system status bar) allows you to quickly get an overview of your system's condition (memory, CPU, uptime, and much more). Due to the sheer number of resources (over 60%) consumed by this program, it is unsuitable for Windows 95/98/SE/Me
State Service	X	csrss.exe	Added by the TROJ/DADOBRA-CP TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Statistics	X	statslist.exe	Added by the W32/Opanki-S WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Status Monitor	N	BrMfcWnd.exe	Brother scanner status monitor - can be started manually
Status Monitor XE	N	ENGSS.EXE	The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs
StatusClient	?	StatusClient.exe	Part of Hewlett Packard network printer drivers
Stay Connected!	N	StayCon.exe	More than just a pinger, actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet, CompuServe and many other ISPs as well. Available via Start -> Programs
StayAlive	U	sa.exe	StayAlive from TFI Technology. "This top-notch tool intercepts crashes when they happen, keeping your programs running so you can save your work."
STBVision	?	STBVisn.exe	Related to the STB Velocity graphics card. What does it do and is it required?
STBWEBTV	N	STBWEBTV.EXE	Used to display TV on your PC
stcinstaller	X	id53.exe	Add as a result of TROJ_SCTHOUGHT.L TROJAN!
stcloader	X	stcloader.exe	Popup adware by 2ndThought software
STCPO	Y	STCPO.exe	Sophos Sweep antivirus software
stdlib	X	[name of file]	Added by the TROJ/PERDA-E TROJAN!
STDSB	Y	STDSB.exe	Scrollbar driver for notebooks. If taken out of the Startup, it will not provide scrolling.
Stealth Anonymizer 2.5	U	stealth25.exe	Now named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacy
steam	X	steam.exe	Added by the W32/Rbot-AJT WORM! Note: The file steam.exe will be found in the Windows System folder.
Steam	N	steam.exe	Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game. Can be started mnaually.
SteFanie	X	SteFanie.vbs	Added by the VBS.Stefan WORM! Note: Make sure you check the hyper link for VBS.Stefan, this one copies it's self to numerous dirves and folders.
Stickies	N	STICKIES.EXE	Stickies - utility that allows you to put yellow "Post-It" type messages on your desktop and can be used to set reminders. Available via Start -> Programs
Sticky Notes	N	stikynot.exe	Microsoft Sticky Notes - virtual sticky notes tool
StickyNote	N	StickyNote.exe	Utility that allows you to put yellow "Post-It" type messages on your desktop. Available via Start -> Programs
StillImageMonitor	U	Stimon.exe	Stimon.exe enables a USB still-image device (such as a scanner) to initiate data transfer to a program. For example, if your scanning device has a scan button, it may start a program and begin scanning when you press it. Create a shortcut and start it manually when needed if your scanner otherwise fails to scan. May be required for your USB scanner to work - including all HP scanners and some of their SCSI scanners
stisrv	X	stisrv.exe	Added by the RBOT.BQF WORM!
stlbdist	X	rundll32exe stlbdist.DLL, DllRunMain	Hijacker pointing to www.searchandclick.com
stlbupdt	X	rundll32.exe stlbupdt.DLL, DllRunMain	BrowserAid/Startium parasite
STManager	?	drst.exe	Dr. SpeedTouch is some sort of diagnostics software which sends out information to a server which then relays the information back to the program to test the network to see if the SpeedTouch ADSL modem connection is working properly. Not required if connected via Ethernet (and probably USB). Can cause a slow down in Win2K - see here
stmha	X	wkfxi.js	Added by the JS.SPETH WORM!
StopSignSsTsMon	N	sstsmon.dll,VerifyStatus	eAcceleration Stop-Sign related; not recommended; see note
StopSignStatus	N	stopsinfo.dll",VerifyStatus	eAcceleration Stop-Sign related; not recommended; see note
STOPzilla	U	Stopzilla.exe	STOPzilla popup blocker
STOPzilla Service	U	SZNTSVC.EXE	STOPzilla popup blocker
StorageGuard	U	sgtray.exe	StorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
STPMGR	?	STPMGR.EXE	Part of SafeTP which is transparent FTP security software. Does it need to be running permanently or can it be started manually via Start -> Programs
stratas	X	xmconfig.exe	Added by the W32/Rbot-AHR WORM!
Stratas	X	ggfig.exe	Added by the OPANKI.W WORM!
stratas	X	lockx.exe	Added by the W32/Opanki-K or W32/Rbot-ASH or W32/Sdbot-AEG WORM!
StreamZap Remote	U	zremote.exe	StreamZap_PC_Remote - Control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint, MusicMatch Jukebox, and many other multimedia applications
StrgSync.exe	U	StrgSync.exe	SimpleTech Inc's StorageSync backup software - backs up an entire PC, or selected files and folders.
strmsnmsgr	X	msnmsgrs.exe	Added by the W32/RBOT-ACQ WORM!
strmsnmsgrs	X	msnmsgrsc.exe	Added by a variant of the WIN32.RBOT WORM!
strmsnnms	X	msnmegrs.exe	Added by the Troj/Sdbot-YU TROJAN!
strmsnnrs	X	msnmcgrs.exe	Added by the TROJ/RBOT-ACT TROJAN!
strmsoums	X	msnmegrse.exe	Added by the Troj/Sdbot-ZK Trojan!
Strng32	X	strngbox.exe	Added by the STRANO VIRUS!
StrokeIt	U	strokeit.exe	StrokeIt is an "advanced mouse gesture recognition engine and command processor".
strtas	X	lockx.exe	Added by the BKDR_IRCBOT.AV TROJAN!
strtas	X	lock1.exe	Added by the W32/Sdbot-ADQ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
strtas	X	lockx.exe	Added by the W32/Sdbot-AEB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
strto	X	strto.exe	Added by the TROJ/KILLPROC-F or KillProc-G TROJAN! Note: File name may be different.
strto	X	(Path to trojan executable)	Added by the Troj/KillAv-AP TROJAN!
Sts	X	iwnujdss2.exe	Added by the W32/SDBOT-YI WORM!
Stubbish	X	Stubbish.exe	Added by the W32/STUBBOT-A WORM!
StubPath	X	Sservice.exe	Added by the PRORAT VIRUS!
stxrmsgms	X	mstats.exe	Added by the TROJ/IRCBOT-AE TROJAN!
StyleXP	U	StyleXP.exe	StyleXP allows you customize the way WinXP looks. If disabled via msconfig it re-instates itself at reboot, therefore uninstall it if you don't want it
SubAH	X	SubAH.exe	Added by the SubAH backdoor TROJAN!
Subtract the Ads	N	AdSub.exe	Removes adverts from web pages. Although useful - not required
suck	X	l0ad.exe	Adware related downloader, detected as TrojanDropper.Win32.PurityScan.g
Suitcase Startup	U	Suitcase.exe	Suitcase . System font manager start up utility. Used for dynamic managment of fonts on your system.
Suite	X	SuiteOffices.exe /cleandb	Added by the Lazar TROJAN!
SULFNBJ.EXE	X	SULFNBJ.EXE	Left as the result of being infected by the PE_MAGISTR.DAM virus. This virus infects system files and renames them (changing one letter) before adding them to the Run keys in the registry. Once the virus is removed via anti-virus software, delete the infected file and remove the key from the registry
Sun	X	(Path to Executable)	Added by the Troj/Flat-E TROJAN!
sunasDTServ	U	sunasDTServ.exe	SunBelt CounterSpy spyware detection and removal software
sunasServ	U	sunasServ.exe	SunBelt CounterSpy spyware detection and removal software
SunJavaSched	X	ccEvtMngr.exe	Added by the W32/Sdbot-YP Worm!
SunJavaSched Updater	X	avamx.exe	Added by the W32/RBOT-ABJ WORM!
SunJavaUpdate	X	smvss.exe	Added by the TROJ/DEDLER-G TROJAN!
SunJavaUpdateSched	N	jusched.exe	Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
SunJavaUpdateSched	X	scvhost.exe	Added by the W32/SDBOT-AVX WORM!
SunJavaUpdateSched	X	javamx.exe	Added by the W32/SDBOT-WI WORM!
Sunkist	U	shwicon98.exe	Card reader for memory cards from digital cameras, etc
Sunkist2k	U	shwicon2k.exe	Card reader for memory cards from digital cameras, etc
SunKistEM	U	shwiconem.exe	Used by your computer to communicate with your Alcor_Micro Multimedia Card Reader - necessary if you're using this software
SuNotification	U	suatshut.exe	ShadowSurfer - "provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode� system state no matter what changes have occurred to your PC."
SunProtectionServer	U	SunProtectionServer.exe	CounterSpy antispyware software
SunServer	U	SunServer.exe	CounterSpy antispyware software
SupaDial	?	SupaDial.exe	SupaNet.com modem driver related - is it required?
Supastatus	N	status.exe	Supanet ISP software
super	X	fuckbx.exe	Added by the LINEAGE-H TROJAN!
super	X	super.exe	Added by the W32/AGOBOT-QT WORM!
Super Popup Blocker	U	popkill.exe	Saga Super Popup Blocker - pop-up stopper
SuperAdBlocker	U	SAdBlock.exe	SuperAdBlocker
SuperBar.Component	X	services.exe	Added by FakeMessage/AdRotator adware - NOTE - this file is placed in a Winnt\System32\Inetsrv or Windows\System32\Inetsrv folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Supercleaner	U	Supercleaner.exe	Supercleaner - all in one disk cleaner for your computer
SuperCool Compress Backup	U	Main.exe	"SuperCool Zip Backup software is a data backup,restore and file synchronization program"
SuperHeissSex	X	SuperHeissSex.exe	Added by the HeissSex premium rate adult content dialer!
supernews12	X	newsd32.exe	Adware, also detected as the TROJ/DLOADER-JN TROJAN!
Supernova	X	.exe	Added by the SURNOVA (or SUPOVA) VIRUS! <filename>.exe is the chosen name
superslut	X	msslut32.exe	Added by the SLUTER-A VIRUS!
SuperSpamKiller Pro	U	Ssk.exe	SuperSpamKiller_Pro email spam blocker
Supervisor.exe	?	Supervisor.exe	Has been reported to be associated with various antitrojan software like ATS and PC_Doorguard . If so it's required in Startup - any further information is welcome.
support-reverse-smileys	X	(TROJAN FILE NAME)	Added by the Backdoor.IRC.Litebot TROJAN!
supporter5	X	supporter5.exe	Part of eScorcher anti-virus software- responsible for updates of new virus bases each time you logon to the web. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
SureCleanProfessional	U	SRClean.exe	SureClean PC and Internet tracks cleaner
Sureshotpopupkiller	U	Stopthepop.exe	Stop-the-Pop-Up popup blocker
Sureshotpopupkiller	U	pusak.exe	Stop-the-Pop-Up popup blocker
SurfAccuracy	X	sacc.exe	SurfAccuracy adware
SurfBuddy	X	rundll32 [path] sbuddy.dll	SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!
SurfChoice	U	SCMan.exe	SCMan is a utility that can control services on WinNT from the command line. This utility can create, start, pause, stop, delete services. Furthermore it can retrieve a service's current state, get the displayname for a service and vice versa
Surfer lptt01 or Surfer ml097e	X	surfer.exe	Variant of the RapidBlaster parasite (in a "mssurfer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
SurfinGuard Pro	U	winsfcm.exe	SurfinGuard Pro - internet protection software
SurfSecret	U	ss2-full.exe	"House-cleaning utility that enables you to keep your computer usage to yourself. Runs quietly from the system tray, eliminating tell-tale files at a regular interval of your choosing. You can set it to clear your Internet cache files, cookies, history, temp folder, etc. It can also clear the history of your Run and Find menus, in addition to the AOL cache"
SurfSideKick 2	X	Ssk.exe	SurfSideKick adware
SurfSideKick 3	X	Ssk.exe	SurfSideKick adware
SurfStream	U	SurfStream.exe	Conceiva "SurfStream lets you surf the Web faster. It contains a fully featured proxy server that lets you surf the Web significantly faster. It also blocks all pop-up windows and banner ads from Web pages. An intelligent tune-up tool automatically analyzes and optimizes your computer's Internet connection and TCP/IP settings."
Surs	X	awab.exe	PurityScan/Clickspring adware
Surveysa	?	surveysa.exe	Found in the SonyVaiosurvey directory on a Sony Vaio PC - what does it do and is it required?
Susp	X	Susp.exe	Transponder parasite updater/installer
Sustem	X	explorer.exe	Undentified VIRUS!
SustemUpdate	X	explorer.exe	Undentified VIRUS!
SV00LSV	X	SV00LSV.EXE	Added by the GRAYBIRD-C TROJAN!
SVA Player	X	SVAplayer.exe	QuickFlicks Streaming Player - regarded as spyware. See here for details of how to disable or uninstall it
Svc	X	svc.exe	Hijacker, Clientman parasite variant, redirecting to madfinder.com. Detected by Symantec as the MADFIND VIRUS!
SVC	U	svchost.exe	ElfSpy keystroke logger/monitoring program - remove unless you installed it yourself! - this file should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
SVC Service	X	svcinit.exe	Added by the SINIT VIRUS!
SVC Service	X	svcpack.exe	CoolWebSearch parasite related.
SVC Service	X	svcinit.exe	CoolWebSearch parasite related.
SVC Service	X	svc32.pif	Added by the W32/Rbot-ASC WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SVC Socks	X	mstaskm.exe	CoolWebSearch parasite related.
svcdata.exe	X	svcdata.exe	Added by the W32.Spybot.ZIF WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Svced	X	Svced.exe	Added by the DELF.F VIRUS!
SVCH Service	X	svch32.pif	Added by the W32/Rbot-ASZ or W32/Rbot-ASY WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SvcH0st	X	msexploren.exe	Added by a BackDoor-CGZ trojan infection!
SvcH0st	X	SHCH.EXE	Added by the TROJ/BDOOR-EB TROJAN!
SvcH0st	X	SVCHST.EXE	Added by the TROJ/BDOOR-EB TROJAN!
SvcH0st	X	WINAGENT.EXE	Added by the TROJ/BDOOR-EB TROJAN!
SVCH0ST	X	spoo1sv.exe	Added by the Troj/VB-HF TROJAN!
SVCH0ST	X	SVCH0ST.EXE	Added by the Troj/VB-IK TROJAN! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
SVCH0TS	X	sp00lvs.exe	Added by the Troj/Lineage-AZ TROJAN! Note: This is not the legitimate Windows process spoolsv.exe (Notice the difference in the spelling). This trojan file (sp00lvs.exe) is also located in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
svchast	X	svchast.exe	Added by the Troj/Lineage-AV TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
SVCHOST	X	svchost.exe	System1060 homepage hi-jacker. Found in a WindowsSystem1060 directory. Note - this is not the valid svchost.exe as described here
svchost	X	svchost.exe	Added by the MORB or TARNO VIRUSES!. This is not the valid svchost.exe as described here. Located in the Windows directory, and not in Windows\System32
SVCHOST	X	mrowyekdc.exe	Added by the GOTORM VIRUS!. This is not the valid svchost.exe as described here
svchost	X	(path to trojan)	Added by the HAZZER VIRUS!. This is not the valid svchost.exe as described here
svchost	X	ADMAGIC.EXE	Added by the SMIBAG VIRUS!. This is not the valid svchost.exe as described here
Svchost	X	winhost.exe	Added by the LOLAWEB.A VIRUS!. This is not the valid svchost.exe as described here
Svchost	X	svchost.exe	Added by a W32/Moze-A worm infection
SVCHOST	X	var.txt.exe	Added by a PWSteal.Ldpinch.C trojan infection.
Svchost	X	svchosl.pif	Added by the W32.INZAE.A WORM!
svchost	X	[path] SETUP.EXE	Added by the SETCLO WORM!
SVCHOST	X	scvhost.exe	Added by the W32.Mytob.E or W32.Mytob.G WORM!
SVCHOST	X	taskgmr.exe	Added by the W32.Mytob.F WORM!
SVCHOST	X	taskmgr.exe	Added by the W32.Mytob.H WORM!
SVCHOST	X	SVCH0ST.EXE	Added by the Troj/MMThief-A TROJAN! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
svchost	X	svchost.exe /nosplash	Added by the Troj/Bancban-DH TROJAN!
svchost	X	olehelp.exe	Olehelp adware component
SVCHOST	X	updater32.exe	Added by the W32.RANTS.A WORM!
SVCHOST	X	SPOOLSV.EXE	Added by the W32/Baitap-A WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This worm\trojan file is found in the Windows or Winnt folder.
SvcHost	X	svchost32.exe	Added by the W32/Agobot-TM WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
svchost	X	svchost.exe	Added by the Troj/Bancban-HL TROJAN! Note: This trojan file is found in the Windows\config or Winnt\config folder.
SVCHOST Generic application	X	svchost.exe	Added by the Troj/Daemoni-O TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
svchost.exe	X	svchost32.exe	CoolWebSearch parasite related.
SVCHOST.EXE	X	SVCHOST.EXE	Added by the TROJ/WRMSCAN-A TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
svchost.exe	X	svchost.exe	Added by the Troj/PWSjx-A TROJAN!
svchost.exe	X	svchost.exe	Added by the Backdoor.Bifrose.D TROJAN! Note: This is not the legitimate Windows process. (Which is always found in the System32 folder.) This trojan file is found in the Root folder. (C:\), (D:\), (E:\) etc, etc.
svchost1	X	svchost1.exe	Added by the AGOBOT.ZZ WORM!
SvcHost32	X	svchost32.exe	Added by the W32.MIMAIL.I or W32.MIMAIL.J WORM!
svchost64	X	svchost64.exe	Added by the SDBOTER.G WORM!
svchosta	X	svchosta.exe	Added by the TROJ/SNIFFER-I TROJAN!
svchostb	X	svchostb.exe	Added by the TROJ/SNIFFER-J TROJAN!
svchostdll.scr	X	svchostdll.scr	Added by the Troj/Bancban-FM TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SvcHosto	X	v1rg1n.exe	Added by the W32/Agobot-TK WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
svchostr	X	svchostr.exe	Added by an unidentified WORM or TROJAN!
svchosts	X	svchosts.exe	Added by the Troj/Bancban-ADR or Troj/Bancban-DC or Troj/Banker-ED TROJANS!
svchosts.exe	X	svchosts.exe	Added by the W32/AGOBOT-JN WORM! or Troj/Bancban-GR TROJAN!
svchosts.exe	X	svchosts.exe	Added by Troj/Bancban-GX or Troj/Bancban-GV TROJAN!
svchosts.scr	X	svchosts.scr	Added by the Troj/Bancban-DQ or Troj/Bancban-GO or Troj/Bancban-GY TROJAN!
SVCHOT	X	SVCHOT.exe	Added by the Troj/QQRob-U TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
svcinfo	X	svcinfo.exe	Added by a CRYPTER.A trojan infection
Svclhost	X	svcchost.exe	Added by an unidentified WORM or TROJAN!
svcmon	U	svcmon.exe	Added by Spyware.PersonInspect surveillance software. Remove unless you installed it yourself!
svcroot	X	svcroot.exe	Added by the TROJ/KEYLOG-AC TROJAN!
SvcSys	X	[path to file]	Added by the PWSTEAL.BANCOS.Z TROJAN!
Svcsys Registry Manager	X	svcsysreg.exe	Added by a TROJAN.CLICKER - identified by Kaspersky antivirus as Trojan-Clicker.Win32.Agent.cv
svctask	X	svctask.exe	Added by the Troj/Chuckyb-A TROJAN!
svcwinprocess32	X	(path to worm)	Added by the UPERING VIRUS!
SVHOST	X	svhost.exe	Added by the W32.Mydoom.I WORM!
SVHOST	X	SVCHOST.EXE	Added by the W32.Zori.A VIRUS!
Svhost Loader	X	svshost.exe	Added by the AGOBOT.G WORM!
svhost updates	X	Svhost.exe	Added by a variant of the WIN32.RBOT WORM!
svhost windows services	X	svhost8.exe	Added by the W32/RBOT-WQ WORM!
SVIDC32M	?	SVIDC32M.exe	??
sVideo2	X	vxdrun6.exe	"Switch" premium rate adult content dialer
sviload32	X	sviload32.exe	Added by the W32/RBOT-AAS WORM!
SVM Pop	?	svmpop.exe	??
svnlitup32	X	svnlitup32.exe	Added by the RBOT.CBJ WORM!
svnloader	X	svnload32.exe	Added by the W32/RBOT-ACU WORM!
svphost.exe	X	svphost.exe	Added by the Troj/Proxyser-N TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
svrrun	X	svrrun.exe	adware hailing from Deskwizz.com
svsekin	X	svsekt.exe	Added by the TROJAN.PWS.QQPASS.G TROJAN!
svshost	X	svshost.exe	Added by the KELVIR.CP WORM!
svshost	X	messenger.exe	Added by the TROJ/LOONY-G TROJAN!
Svshost Update Service	X	svcbind.exe	Added by the MYTOB.LH WORM!
svshost32	X	msgrsv32.exe	Added by the WIN32.RANKY.AJ TROJAN!
svshost32	X	svshost32.exe	Added by a variant of the W32/SDBOT WORM!
svshostdriver	X	svshost.exe	Added by the TROJ/SDBOT-HN TROJAN!
svwin32	X	unninst32.exe	Added by the W32/AGOBOT-NF WORM!
SVX Control Service	X	svxhost.exe	Added by the W32/Rbot-K WORM!
Swap Nut	N	javaw.exe	SwapNut is a peer-to-peer file sharing and searching utility developed and marketed by File Metrics, Inc. Users can search for and find almost any type of digital file (audio, video, photos etc.) through a secure peer-to-peer network
SWCaller	X	SWcaller.exeSwcaller2.exe	Homepage hijacker - see here
SWClient	U	swsys.exe	ActivMonAgent Keyboard logger/monitoring program - remove unless you installed it yourself!
swcroot	X	swcroot.exe	Unidentified adware
swcroot	X	swcroot.exe	Added by the Troj/Soleno-A TROJAN!
SWd	N	winwd.exe	PC Security from Tropical Software - lock files, password protect, etc
Sweep95	Y	ICLOAD95.EXE	Part of Sophos ant-virus sofware
Swf32	X	AVupdate.exe	Added by the MERKUR VIRUS!
Swf32	X	_backup.exe	Added by the SYMTEN VIRUS!
SwimSuitNetwork	X	SwimSuitNetwork.exe	Advertising spyware
swingsys	X	SWINGSYS.EXE	Added by the Troj/Bancos-CX Trojan!
Switch Off	U	swoff.exe	Switch Off - tray-based system utility that can automatically perform various frequently used operations like shutdown or restart your computer, disconnect your current dialup connection, lock workstation, etc
Switchboard.com Toolbar	N	AtHoc.exe	Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com
Switcher.exe	?	Switcher.exe	Sony VAIO Wireless Switch Setting Utility - what does it do and is it required?
switp	X	switpa.exe	OfferAgent adware component
SWL	U	rundll32.exe [path] SWL.dll rdl	Added by the Stealth.Weblog surveillance software. Uninstall this software unless you put it there yourself.
sws.exe	X	.exe	Haldex type adult content dialler
sws.exe	X	svchost.exe	GlobalDialer premium rate adult content dialer. The file is located in a GlobalDialer or HaldexLtd folder in Program Files - Note - this is NOT the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
sws.exe	X	gd-dial.exe	Component of the "GlobalDialer" adult content premium rate dialer
SwTray	N	SWTRAY.EXE	MS SideWinder game controller system tray icon. Available via Start -> Programs. May have the version number after it
SXGDSENU	?	sxgdsenu.exe	Yamaha SXG soundcard driver
SxgTkBar	?	sxgtkbar.exe	Yamaha SXG soundcard driver
Sxplog	?	sxpstub.exe	Part of CA_Unicenter Software Delivery - manage software across various systems, from desktops and servers to PDAs and mobile phones, in a controlled and standardized way - is it required in startup?
sxrrv	X	sxrrv.pif	Added by the Troj/Vax-A TROJAN!
SyBot v2.1 By Sky-Dancer	X	HPSV.exe	Added by the ZOTOB.I WORM!
SYDNEY	X	(file path)	Added by the SYNEY VIRUS!
syelimS-esreveR-troppuS	X	[name of file]	Added by the BKDR_LITBOT.C TROJAN!
Syga432te Pe432rsonal Firewall	X	MrNo4236.exe	Added by the W32/RBOT-AQY WORM!
Sygate Peral Firewall	X	Syga.exe	Added by the W32/Rbot-AQK WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Sygate Personal 3	X	svrv.exe	Added by the W32/RBOT-XD WORM!
Sygate Personal Block	X	Studio.exe	Added by the W32/RBOT-TW WORM!
Sygate Personal Firewall	X	system32.exe	Added by the RBOT.VI WORM!
Sygate Personal Firewall	X	Win32x.exe	Added by a W32/Rbot-KZ worm infection
Sygate Personal Firewall	X	spoolsrv.exe	W32.SpyBot worm variant
Sygate Personal Firewall	X	sysgut.exe	Added by the SDBOT.WM WORM!
Sygate Personal Firewall	X	Sygate.exe	Added by the W32/Rbot-ASO WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Sygate Personal Firewall	X	Mcafeeupdate.exe	Added by the RBOT.YN WORM!
Sygate Personal Firewall	X	Sygate32.exe	Added by the SDBOT.WW WORM!
Sygate Personal Firewall	X	explorer1.exe	Added by a variant of the W32/SDBOT WORM!
Sygate Personal Firewall	X	sys.exe	Added by the W32/RBOT-ZC WORM!
Sygate Personal Firewall	X	service.exe	Added by a variant of the WIN32.RBOT WORM!
Sygate Personal Firewall	X	MSNSRV32.exe	Added by a variant of the WIN32.RBOT WORM!
Sygate Personal Firewall	X	t1ktik.exe	Added by the W32/RBOT-VP WORM!
Sygate Personal Firewall	X	host32.exe	Added by the W32/RBOT.ALD WORM!
Sygate Personal Firewall	X	syserror.exe	Added by the RBOT.UC WORM!
Sygate Personal Firewall	X	sexy.exe	Added by the W32/RBOT-XY WORM!
Sygate Personal Firewall	X	winxpstat.exe	Added by a variant of the WIN32.RBOT WORM!
Sygate Personal Firewall	X	wins.exe	Added by the RBOT.AOB WORM!
Sygate Personal Firewall	X	Sygat.exe	Added by a variant of the WIN32.RBOT WORM!
Sygate Personal Firewall	X	hostserv.exe	Added by the RBOT.BKO WORM!
Sygate Personal Firewall	X	msnmsgrs.exe	Added by the RBOT.XN WORM!
Sygate Personal Firewall	X	Syga.exe	Added by the W32/Rbot-AQD WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Sygate Personal Firewall Start	X	services32.exe	Added by a W32/Rbot-MB worm infection
Sygate Personal Firewall Start	X	servic.exe	Added by the W32/RBOT-RY WORM!
Sygate Personal Port	X	crss.exe	Added by the W32/RBOT-PX WORM!
Sygate Personal Port Blocker	X	winupdate.exe	Added by a variant of the WIN32.RBOT WORM!
Sygate Personal Port Blocker	X	volume.exe	Added by a variant of the WIN32.RBOT WORM!
Sygate Personals Firewalls	X	ccsrn.exe	Added by a variant of the WIN32.RBOT WORM!
SyGateService	U	sgserv95.exe	SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs
Symantec	X	ccapp.exe	Added by the W32.Reatle WORM! Note: This is not a Symantec file.
Symantec	X	Informe.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
Symantec Anti Virus	X	symantec32.exe	Added by a variant of the W32/WOOTBOT WORM!
Symantec Autoscan	X	(Random filename)	Added by the W32/Rbot-AJO WORM!
Symantec Configuration Loader	X	ccApp32.exe	Added by a variant of the GAOBOT.GEN WORM!
Symantec Core LC	Y	symlcsvc.exe	Part of Norton AntiVirus 2004. What does it do?
Symantec Fax Starter Edition Port	N	OLFSNT40.EXE	Offers a virtual printer as a fax machine. Can be run via a desktop shortcut
Symantec NetDriver Monitor	U	SNDMon.exe	Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadates but probably requireD if you leave them to run automatically - hence the "U" recommendation
Symantec NetDriver Warning	U	SNDWarn.exe	Part of Symantec Live Update - displays the warning when you need to update the firewall database.
Symantec Security	X	symantec32.exe	Added by the RANDEX.PR or RANDEX.YR VIRUSES!
Symantec Security Addon	X	nvsvc.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Symantec Security Routine Addon for Microsoft Windows	X	navpxaw32.exe	Added by the AGOBOT-GJ TROJAN!
Symantec Update	X	WinNT.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
SymAV	X	SymAV.exe	Added by the W32.NETSKY.U WORM!
SymKeepAlive	U	CKA.exe	Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive
Symlcs	X	(path to executable)	Added by the Troj/YaSpy-A TROJAN!
SymRun	X	ccApps.exe	Added by the Troj/Kagen-A TROJAN! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
SymRun	X	ccApps.exe	Added by the TROJ/KAGEN-B TROJAN!
SymTray - Norton SystemWorks	N	SYMTRAY.EXE	Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere here. Personally I only have Norton eMail Protect running which doesn't need SymTray
Sync Data	U	Hndsync.exe	Pocket Real Estate - mobile synchronization manager
Sync-It	U	Syncit.exe	Sync-It - synchronizes the system clock with time servers on the internet
SyncAgent	U	syncagent.exe	Ghost Keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
Synchronization Manage	X	rservers.exe	Added by the W32/Forbot-FM WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Synchronization Manager	N	mobsync.exe	Find more information about its use here
syncman	X	winsync.exe	Added by the Troj/MancSyn-A TROJAN!
SyncManager	X	msorunner.exe	Added by a variant of the WIN32.TACTSLAY TROJAN!
SyncMon	X	adslcomdos.exe	Added by the CLUNKY-A TROJAN!
SynSetup	?	SynTP.tmp RunOnce.exe	Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?
Syntax	X	windows32.exe	Added by the SDBOT.CQ WORM!
Syntax Script	X	systacq.exe	Added by the SDBOT.AI WORM!
SynTPEnh	U	syntpenh.exe	Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll
SynTPLpr	Y	syntplpr.exe	Synaptics touchpad driver helper. Required for touchpad features to work
sys	X	regedit /s sys.reg	Hijacker
sys	X	sysdllwm.reg	CoolWebSearch parasite related.
Sys Ren	X	SysRen.exe	Part of FlashEnhancer adware
sys************* ( * = random digit)	X	sys************.exe ( = random digit)	WINBO adware component
Sys*.exe ( = random char)	X	Sys*.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
Sys*32.exe ( = random char)	X	Sys*32.exe ( = random char)	CoolWebSearch/HomeSearch adware component - for examples, see this log
sys008	X	sys008.exe	Hijacker, also detected as the TROJ/STARTPA-GK TROJAN!
sys009	X	sys009.exe	Added by the Troj/StartPa-ZB TROJAN!
sys201	X	sys209.exe	Added by the Troj/StartPa-ZY TROJAN!
Sys29	X	win**32.exe ( = random char)	EliteBar adware
sys32	X	sys32.exe	Added by the FLUX.E Backdoor TROJAN!
sys32	X	sysx32.exe	Added by the W32/Kvex-A VIRUS!
sys32dll	X	sys32dll.exe	Added by the W32.Aimdes.B WORM!
sys32sql	U	sys32win.exe	Added by the Active_Keylogger surveillance software. Uninstall this software unless you put it there yourself.
SysA	X	win**32.exe ( = random char)	EliteBar adware
SysAgent	U	SysAgent.exe	SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
SysAI	X	SysAI.exe	AproposMedia adware - also creates SysAI folder in Program Files where the SysAI.exe is also located
SysBkup	U	[path to file]	Added by the Keyspy surveillance software. Uninstall this software unless you put it there yourself.
Sysbot	U	sysbot.exe	Spector - spying (or monitoring) software to record internet activity
syscfg	X	syscfg32.exe	Added by the KWBOT.S VIRUS!
syscfg34.exe	X	syscfg34.exe	Added by the ELECTRON VIRUS!
Syscheck	X	win.hta	Browser hijacker
syscheck	X	iexplorer.exe	Added by a Win32.Agent.dm downloader trojan infection. NOTE - This is NOT the Internet Explorer file, which is called Iexplore.exe, and will always be located in the Internet Explorer folder in Program Files!
sysclx	X	ntldrt.exe	Added by the W32/Jlok-A WORM!
syscm	X	Syscm.exe	Vanish adware
SysComp	?	mssdnl.com	Unknown but suspect as *.com are not usually run at start up and the name isn't recognized
syscon	X	syscon.exe	Added by the W32.APRILCONE.A WORM!
syscon lptt01 or syscon ml097e	X	syscon.exe	Variant of the RapidBlaster parasite (in a "Syscon" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
sysconfig	X	iexplorer.exe	Added by the CULT.C VIRUS!. Note - iexplorer.exe is not to be confused with Interrnet Explorer (iexplore.exe)
SysConfig	X	syscfg35.exe	Added by the KAZMOR.C VIRUS!
sysconfig	X	iexplorer.exe	Added by the CULT.H VIRUS! Note - iexplorer.exe is not to be confused with Internet Explorer (iexplore.exe)
SysConfig	X	wincfg32.exe	Added by the SDBOT.ZD WORM!
Sysconfig	U	Stealth KeySpy.exe	StealthKeySpy - keystroke logger/monitoring program - remove unless you installed it yourself!
Syscpy	X	Syscpy.exe	Firewall-bypassing, proxied spam relayer. Detected by Symantec as the HOGLE VIRUS!
SysCtl	X	sysctl.exe	Added by the AOK VIRUS!
Sysctrls	X	procdll.exe	Added by the WEEDBOTZ.14 VIRUS!
sysdat.dll	X	sysdat.dll.exe	Added by the Nishica 1.1 backdoor TROJAN!
SysData	X	[path to file]	Added by Troj/Ranck-BA TROJAN!
SysDesktop	X	fswan.exe	Added by the Troj/QQPass-AF TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SysDesktop	X	fswanQQ.exe	Added by the Troj/QQSend-A TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
sysdir	X	winrun.exe	Added by the WINBUR.B VIRUS!
sysdll	X	(Trojan file name)	Added by the Trojan.Hugesot TROJAN!
Sysdpt	X	sysdpt.exe	TrojanDownloader.Win32.Crypt
sysdxvid	X	sysdxvid.exe	Premium rate adult content dialer
sysdxvid	X	sysdxvid.exe /nocomm	Added by the Troj/Dluca-S TROJAN!
SysEQ	X	svclgx32.exe	Added by the TROJ/IRCBOT-AC TROJAN!
sysfiler	X	sysfiler.exe	Added by the RETSAM VIRUS!
SYSfit	X	SYSfit.exe	AdShooter adware variant
sysflg32	X	sysflg32.exe	Added by a Crypter.C trojan variant infection
sysformat	X	sysformat.exe	Added by the W32/BAGLE-BK WORM!
sysfrcx	X	sysfrcx.exe	Added by the KEYLOG-SCLOG TROJAN!
syshelp	X	syshelp.exe	Added by a variant of the LOVGATE WORM!
sysin	X	[path to file]	Added by the TROJ/DSRC-A TROJAN!
sysinfo	X	sysinfo.exe	Added by the BEDRILL VIRUS!
sysinfo.exe	X	sysinfo.exe	Added by the BEAGLE.V WORM!
SysInit	X	wininit32.exe	Added by the XABOT VIRUS!
sysinit	X	services.exe	Troj/NewIfrm-A trojan
Sysino	X	lsess.exe	Added by the W32/FORBOT-BF WORM!
sysint16	X	sysint16.exe	Added by a Crypter.A trojan variant infection
Syskey	X	sysinit.exe	Added by the W32.BEAGLE.AX WORM!
Syslib	X	Syslib.exe	Adult content related downloader trojan
Syslog lptt01 or Syslog ml097e	X	Syslog.exe	Variant of the RapidBlaster parasite (in a "Syslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
syslogin.exe	X	syslogin.exe	Added by a W32/Bagz-B worm infection
Sysman	U	Sysman	KeyTrap is a spyware program that records all keyboard activities. If you didn't install it yourself remove it.
sysmem	X	mmsete.exe	Added by the W32.Nopir.C Worm!
sysmem	X	outlookrem.exe	Added by the W32/Nopir-C Worm!
SysMemory manager	X	mdms.exe	Added by the Troj/Cimuz-D TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SysMetrix	U	SysMetrix.exe	SysMetrix - skinnable clock and metering application. It monitors and reports on a great number of statistics
sysmngr32	X	sys64mnger.exe	Added by a variant of the WIN32.RBOT WORM!
sysmod	X	sysmod.exe	Added by the W32/Spybot-DU WORM!
sysmon	X	sysmon.exe	Added by the BIZEX VIRUS!
Sysmon	X	rpcmon.exe	Added by the RANDEX.ATX VIRUS!
sysmon	X	sysmon44.exe	Added by a variant of the BackDoor-CBA TROJAN!
SysMon	X	wowexece.exe	Added by the Troj/Mulan-A TROJAN!
sysmon12	X	[various file names]	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
sysmonnt	X	sysmonnt	Transponder parasite related
sysmonnt	X	sysmonnt.exe	SearchPounder sends keywords typed into HTML forms and popular Internet search engines to a remote server
SysMonXP	X	SysMonXP.exe	Added by the W32.NETSKY.Q WORM!
sysnate	X	sysnate.exe	Added by the MEDIAS VIRUS!
Sysnet	X	snuninst.exe	Unidentified adware
sysnet	X	sysnet.exe	CasClient adware - also detected as the CMAPP TROJAN!
sysobj.exe	X	sysobj.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
SysOps	X	SysOps	Added by the MSNCORRUPT VIRUS!
syspare	X	syspare.exe	Added by the Troj/Bifrose-AN TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
syspath	X	drv.exe	Added by the SOBER VIRUS!
sysPersonalFirewall	X	msnmssgr.exe	Added by a variant of the WIN32.RBOT WORM!
sysPersonalFirewall	X	system.exe	Added by the WOOTBOT.FH WORM!
sysPersonalFirewall	X	tskm0nitor.exe	Added by a variant of the WIN32.RBOT WORM!
SysPilot	U	fdxxl.exe	G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here . Disable/remove if you didn't install it yourself!
sysPnP	X	bootconf.exe	Homepage hijacker, redirecting to coolwwwsearch.com; see for example here
SysPnP	X	rundll32 setupapi, InstallHinfSection.... oemsyspnp.inf	Search hijacker - see here
syspol	X	syspol.exe	Added by the TROJ/DREMN-B TROJAN! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
SysPool	Y	Mssvc.exe	StealthDisk - hides folders, files and applications. Will also encrypt them for better protection
SysPool	X	MSSVC32.EXE	Added by the Troj/Bancban-IO TROJAN! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
sysprocessor Update	X	sysprocessor.exe	Win32.Rbot worm variant
SysProtect	X	System.exe	Added by the NETSPY VIRUS!
syspw32.exe	X	syspw32.exe	Added by the W32.Appflet WORM!
Sysr	X	sysmd.exe	Ulubione adult content dialer
SysReg	X	SysReg.exe	Added by the CCINVADER2 VIRUS!
SysReg	X	SysReg.exe	SearchSeekFind textual marketing foistware
Sysres	X	Sysres.exe	Added by the LOGMOD VIRUS!
SysRes	X	TASKMANAGER.exe	Added by the W32.Elitper.A WORM!
SysRes	X	WWE DIVAS.exe	Added by the W32.Elitper.D WORM!
SysRes	X	IExpIore .exe	Added by the W32.ELITPER.E WORM!
SysScan	X	bvt.exe	Added by the AUTOUPDER VIRUS!
SysSearch	X	Regedit.exe -s [path] pcsearch.reg	Added by the StartPage-FN browser hijacker
SysSearch	X	REGEDIT.EXE -s [path] sysreg.reg	Added by the STARTPA-ME TROJAN!
SysSearch	X	[path] REGEDIT.EXE -s [path] sysreg.reg	Hijacker, also detected as the TROJ/STARTPA-ME TROJAN!
sysser	X	(path to file)	Added by the W32.RAHACK WORM! or the Troj/RaHack-B TROJAN!
SysService	X	SysService.exe	Added by the TROJ/BDFORM-A TROJAN!
SysService	U	SERVICES.EXE	NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! - NOTE - this file is placed in a C:\Program Files\NSkeylogger folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
SysService32	X	SysService32.exe, ln32k.dll	Added by the KINDAL VIRUS!
SysService32l	X	systask32l.exe	Added by the THEUG VIRUS!
SYSsfitb	X	SYSsfitb.exe	Searchforit browser hijacker
SysStart	X	**sysi6.exe ( = random char)	Added by ZenoSearch adware - filenames spotted include jdisysi6.exe, hjisysi6.exe, ffgsysi6.exe and more.
SysStart	X	1.exe	Added by ZenoSearch adware
syst	X	syst.exe	Added by the JOKE_DUMB.A "Joke" virus
System	X	run322.exe	Added by the LANFILT VIRUS!
System	X	system.exe	Added by a number of VIRUSES, including CHILI, NULLBOT, FULAMER.25, NETCONTROLL, NETCONTROLL, GATECRASH.A, GATECRASH.B, NTCONTROL.A, BUSHTRO122& VIVAEL
system	X	regedit -s system.dll	Homepage hijacker
system	X	systemsearch.hta	Jetseeker.com hijacker
System	X	dcomx.exe	Added by the CIREBOT VIRUS!
system	X	Explorer.exe	Added by the GRAYBIRD VIRUS! Note - this is located in this is located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP) rather than the valid Windows Explorer which is located in C:\Windows or C:\Winnt
System	X	YPager.exe	Added by the JUNTADOR.K VIRUS! Note! - this is not Yahoo! Messenger
system	X	outlook.exe	Added by the W32.MIMAIL.Q WORM! **Note - Microsoft's outlook.exe resides in the Program Files sub-directory whereas this resides in C:\Windows or C:\Winnt
System	X	Atira.exe	Added by the KOTIRA VIRUS!
SYSTEM	X	lsas.exe	Added by the SPYBOT.CJ worm
System	X	kernels32.exe	Added by the VICSFRAM TROJAN!
System	X	sysctrl.exe /a	Added by WinGuardian **Note: This Commercial_keylogger is no longer made or sold by Webroot but older copies may still be in existance, those copies will be identified as spyware.
System	X	csrss.exe	Added by the Troj/LdPinch-PT TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the Windows or Winnt folder.
System	X	svchost.exe	Added by the LDPINCH-AU or Troj/LdPinch-BD and Troj/LdPinch-BH TROJANS! - Note - this is NOT the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
system	X	lsasse.exe	Added by the W32/RBOT-YL WORM!
System	X	systray.exe	Added by the TROJ/PISABOY-A TROJAN! - NOTE - this is NOT the valid System Tray application as described here
System	X	cber.exe	Added by an unidentified TROJAN!
System	X	windowsps.exe	Added by a variant of the WIN32.RBOT WORM!
System	X	svch�st.exe	Added by the Troj/LdPinch-BF TROJAN!
System	X	WINL0G0N.EXE /nosplash	Added by the Troj/Bancos-DB TROJAN!
System	X	abcdefg.exe	Added by the W32/Harwig-B WORM!
System	X	wumgrd32.exe	Added by a variant of the WIN32.RBOT WORM!
System	X	serwin.exe	Added by the TROJ/LDPINCH-BN TROJAN!
System	X	system.exe (74295303)	Added by the W32/VB-IU WORM!
system	X	messenger.exe	Added by an unidentified WORM or TROJAN!
System	X	system23.exe	Added by the W32/Lebreat-D WORM!
System	X	SPOOLSU.EXE	Added by the Troj/Banker-FC TROJAN! Note: SPOOLSU.EXE (Notice it's spelled with a U) is not the legitimate Windows Process. The legitimate Windows Process (Spoolsv.exe) is found in the System32. This trojan file is found in the Windows or Winnt folder.
System	X	abcdefg.exe	Added by the W32/HARWIG-C WORM!
SYSTEM	X	d.exe	Added by the MYTOB.LP WORM!
SYSTEM	X	(Random filename)	Added by the W32/Mytob-FB WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
System	X	inetinfo.exe	Added by Troj/ParDrop-A TROJAN!
SYSTEM	X	wiinlogon.exe	Added by the W32/Rbot-AVG WORM! Note: This is not the legitimate Windows process winlogon.exe (Notice the difference in the spelling.) This worm\trojan file (wiinlogon.exe) is located in the System (95/98/ME) or System32 (NT/2000/XP) folder. Do not confuse the two files!
System 64 Driver for Games	X	sys64dvr.exe	Added by the SDBOT WORM!
System Applications Profile	X	sap.exe	Added by the W32/RBOT-QF WORM!
System Backup	X	msystem.exe	Adult content dialler
System backup	X	[random or different file name]	Added by the ADMINCASH.B TROJAN! - NOTE multiple different file names have been spotted; examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so on.
System Backup Services	X	backups32.exe	Added by a variant of the WIN32.RBOT WORM!
System Buffer Application	X	buffer32.exe	Added by the W32/SDBOT-UD WORM!
System Cache	X	SysCache.exe	Unidentified worm or trojan
System Check	U	Rundll32.exe SysDll32.dll, SystemCheck	XPCSpy Pro keylogger, surveillance and monitoring software
system check	X	updater.exe	Unidentified adware downloader
System Check	X	Rundll32.exe SysDll32.dll,SystemCheck	Added by XpcSpy SPYWARE!
System Checking	X	wasul.exe	Added by the RBOT.BHM WORM!
System Config	X	BF3.EXE	Added by the W32/Spybot-DT WORM!
System Config Manager	X	crss.exe	Added by the AGOBOT.GH WORM!
System Config Manager	X	smssl.exe	Added by the W32/Agobot-ZJ WORM!
System Configuration	X	iexplore.exe	Added by the RANDEX.AD VIRUS! Note that the real "iexplore.exe" is located in Program Files\Internet Explorer
System Configuration	X	syscfg32.exe	Added by the W32.Mytob.EA WORM!
system configure	X	svchost.exe	Added by the Troj/Lineage-C TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
System CPL manager	X	[random file name]	Added by the W32/RBOT-SR WORM!
System CSRSS Patch	X	scrtkfg.exe	Added by a variant of the WIN32.RBOT WORM!
System CSRSS Patch	X	SCRTKFG.EXE	Added by the W32/RBOT-ADA WORM!
System Database administration	X	systemDA.exe	Added by the W32.Derdero.B WORM!
System Database Administration Support Process	X	sysdasp.exe	Added by the W32.Derdero.C WORM!
System Diagnostics	X	sysdiag32.exe	Added by the SDBOT.GEN WORM!
System DLF	N	cpqdiaga.exe	Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start -> Programs
System DLL Resources	U	sysdll.exe	Added by the SnapKey SPYWARE! **Note if you did not intentionally install this remove it.
System Document Application	X	nmod.exe	Added by the W32/SDBOT-ABB WORM!
System Document Application	X	msdocument.exe	Added by the W32.Randex.COX WORM!
System Document Application	X	wins.exe	Added by the SDBOT.AUB WORM!
System driver	X	Messenger.exe	Added by the WOOTBOT.GI WORM!
System Drivers	X	wingmt.exe	Added by the W32/SDBOT-MG WORM!
System Efficiency Monitor	X	mscedit32.exe	Added by the SDBOT.P WORM!
System Efficiency Monitor	X	mscommand.exe	Added by the KWBOT.P VIRUS!
System Event Manager	X	secsvc.exe	Added by the RBOT.BMY WORM!
System Executable DLL Library	X	EXECDLL32.exe	Added by the RANDEX.AZ VIRUS!
System Failure Statistic	X	cnstat.exe	Added by a W32/Rbot-LF worm infection
System Failure Statistic	X	cnstat.exe	Added by the W32/RBOT-LF WORM!
System File Drivers	X	nvsysvc32.exe	Added by the AGOBOT.WJ WORM!
system firewall	X	makeini32.exe	Added by the W32/AGOBOT-PS WORM!
System Guard	X	mhguard.exe	Added by the W32/Rbot-AGU WORM!
System Handler	X	LSASS.EXE	Added by the NIMOS VIRUS! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!
System Host Manager	X	syshost.exe	Added by the W32/BANWORM-C WORM!
System Host Service	X	svchost.exe	Added by the CONE.F VIRUS! Note - this is not the valid svchost.exe as described here
System Information Manager	X	Navcpe.exe	Added by a W32/Sdbot-QB worm infection
System Information Manager	X	Msbb.exe	Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
System Initialization	X	msmsgri32.exe, payload.dat	Added by the RANDEX.D or ROXY or ROXY.B VIRUSES!
System Kernal Support	X	system.exe	Added by the SDBOT.BWV and W32/Rbot-AEA WORMS!
System Kernel	X	lsass.exe	Added by the Troj/VBbot-G TROJAN!
System LifeGuard Scheduler	U	Slsched.exe	System LifeGuard scheduler
System Log Event	X	csrss32.exe	Added by the W32/Agobot-JI WORM!
System Management Service	X	smsc.exe	Added by the W32/RBOT-ANN WORM!
System Manager	X	svchost.exe	Added by the TROJ/BANKER-AE TROJAN! Note - this is NOT the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
system manager	X	System.exe	Added by the W32/FORBOT-BO WORM!
System Manager	X	winsrv32.exe	Added by an unidentified WORM or TROJAN!
System Manager	X	sysmng.exe	Added by the W32/Tame-C WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
System Manager Updates	X	winsvc.exe	Added by the AGOBOT.AEM WORM!
System Mechanic Popup Stopper	U	Popupstopper.exe	Iolo "System Mechanic" popup stopper
SYSTEM MESSAGER	X	wmisg.exe	Added by the W32.Mytob.ES WORM!
System Messaging Queue	X	SMCSS.EXE	Added by a variant of the WIN32.RBOT WORM!
System Messenger	X	SYSMSG32.EXE	Added by the W32/SPYBOT-DK WORM!
System Monitor	U	SYSMON.EXE	Comes with some Aopen motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become abnormal
System Monitor	X	Sysmon16.exe	Added by the SDBOT WORM!
System MScvb	X	mscvb32.exe	Added by the SOBIG.C VIRUS!
System Net	X	sys32.exe	Added by the W32/Forbot-FX WORM!
System Net Database	X	sysnd.exe	Added by the W32/RBOT-AAW WORM!
System Networking	X	sysnet.exe	Added by the RBOT.API WORM!
System Power Managment	X	svcnost.exe	Added by W32/Dref-I WORM!
System Process	X	lsass.exe	Added by the TROJ/ADCLICK-AG TROJAN! - Note - this is NOT the legitimate Windows lsass.exe process, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
System Process	X	svchost.exe	Added by the TROJ/ADCLICK-AG TROJAN! - Note - this is NOT the legitimate Windows svchost.exe process, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
System Process	X	csrss.exe	Added by the TROJ/ADCLICK-AG TROJAN! - Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, located in the Winnt/System32 or Windows\System32 folder, and which should NOT figure in Msconfig/Startup!
System Process	X	CSRSR.exe	Added by the W32/AGOBOT-SQ WORM!
System Profile	X	Regsrv.exe	Added by the BDS/OPTIXPRO.12 VIRUS!
System Reboot	X	rebootsys.exe	Added by the W32/RBOT-WU WORM!
System Redirect	X	sysbho.exe	Downloader trojan, "Melkosoft" adware related
System Restore	X	svcnet.exe	Added by the W32.TIBICK WORM
System Restore Data	X	[path] repcale.exe [path] beird.exe	Added by the RANDON.AN WORM!
System Restore DLLs	X	ixplorer.exe	Added by a variant of the W32/SDBOT WORM!
System Service	X	MSREXE.EXE	Added by the AML VIRUS!
system service	X	spoolcrv.cpl	Added by the INSPIR.11 VIRUS!
System Service	X	systems.exe	Added by the AGOBOT.VZ WORM!
System service	X	system.exe	Added by the PWSteal.Bancos.AA TROJAN!
System Service	X	servicent.exe	Added by the W32/Rbot-AJI WORM!
System Service	X	exp0lrer.exe	Added by a variant of the WIN32.RBOT WORM!
System Service	X	coderxt.exe	Added by the W32/Rbot-ALD WORM!
System Service	X	servicez.exe	Added by the W32/Rbot-AOY WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
System Service	X	msnwindows.exe	Added by the W32.Spybot.YCL WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
System Service	X	teskmangr.exe	Added by W32/Rbot-AUV WORM!
System Service	X	msnxpexe.exe	Added by the W32/Rbot-AYC WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SYSTEM service helper	X	syshelp.exe	Added by a variant of the W32/MONKBD-A WORM!
SYSTEM service helper	X	svchelper.exe	Added by the W32/MONKBD-A WORM!
System service61	X	pokapoka61.exe	EliteBar adware component
System service62	X	pokapoka62.exe	EliteBar adware component
System service62	X	pokapoka63.exe	EliteBar adware component
System service63	X	pokapoka63.exe	EliteBar adware component
System service63	X	pokapoka64.exe	EliteBar adware component
System service63	X	pokapoka66.exe	EliteBar adware component
System service65	X	pokapoka65.exe	EliteBar adware component
System service66	X	pokapoka66.exe	EliteBar adware component
System service67	X	pokapoka67.exe	EliteBar adware component
System service68	X	pokapoka68.exe	EliteBar adware component
System service69	X	pokapoka69.exe	EliteBar adware component
System service69	X	pokapoka69.exe	Added by the Troj/Elitebar-O TROJAN! Note: This trojan file is found in the Windows\etb or Winnt\etb folder.
System service70	X	pokapoka70.exe	EliteBar adware component
System service71	X	pokapoka71.exe	EliteBar adware component
System service72	X	pokapoka72.exe	EliteBar adware component
System service73	X	pokapoka73.exe	EliteBar adware component
System service74	X	pokapoka74.exe	EliteBar adware component
System service75	X	pokapoka75.exe	EliteBar adware component
System service76	X	pokapoka76.exe	EliteBar adware component
System service77	X	pokapoka77.exe	EliteBar adware component
System service78	X	pokapoka78.exe	EliteBar adware component
System service78	X	[path to executable]	Added by Troj/Elitebar-T and Troj/Elitebar-U TROJAN!
System service79	X	pokapoka79.exe	EliteBar adware component
System service79	X	(Pathname of the executable)	Added by the Troj/Elitebar-V TROJAN!
System Services	X	connection.exe	Added by an unidentified WORM or TROJAN!
System Services	X	[random file name]	Added by a variant of the WIN32.RBOT WORM!
System Services	X	svcsenes.exe	Added by a variant of the WIN32.RBOT WORM!
System Services	X	svcsenes32a.exe	Added by the W32/Rbot-AFG Worm!
System Services	X	ssms.exe	Added by a variant of the WIN32.RBOT WORM!
System Session Manager	X	smss.exe	Added by the W32/Kalel-E WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
System settings	X	burndl32.exe	Added by the W32/SDBOT-ZO WORM!
System Setup	X	rpcxcmod.exe	Added by an unidentified WORM or TROJAN!
System Soap Pro	X	soap.exe	System Soap Pro internet cleaning software. Bundles foistware like HTTPER and Zipclix - best avoided
System startup	U	charmapx.exe	Only required if using an oriental language
System Startup	X	Voltio.exe	Added by a RBOT.NJ worm infection
System Startup	X	kimochi.exe	Added by a variant of the WIN32.RBOT WORM!
System Startup Manager	X	smcss.exe	Added by the RBOT.AMD WORM!
System Stats	X	SystemStats.exe	Added by a variant of the W32/WOOTBOT WORM!
System Support	X	system32.exe	Added by the W32/RBOT-AHA WORM!
System Support	X	syscfg.exe	Added by the W32/Rbot-AGQ WORM!
System Support	X	syssql.exe	Added by W32/Rbot-AUH WORM!
System Terminal	X	SYSTEM2.EXE	Added by a Troj/Spybot-BZ trojan infection
System time updator	X	CSysTime.exe	Added by the RANDEX.S VIRUS!
System Toolkit	X	Systools.exe	Added by the RONOPER-G VIRUS!
System Tray	X	msccn32.exe	Added by the W32/SOBIG.B Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com. Note - this is not the valid SystemTray ( SysTray.exe)
System Tray	X	systray.exe	Added by the W32/Fan-A WORM!
System Tray Services	X	spooles32.exe	Added by the AGOBOT.ZH WORM!
System Tray32	X	SysTray32.exe	Added by the REPAD VIRUS!
System Unix	X	syscfg32.exe	Added by the W32/RBOT-ZD WORM!
system updata	X	updata.exe	Added by the Troj/Lineage-C TROJAN!
System Update	X	(random file name)	Added by the Troj/Soromo-A TROJAN!
System Update	X	wupdmgr.exe	Added by a Troj/Soromo-A trojan infection
System Update	X	wauluclt.exe	Added by the SDBOT.EF WORM!
System Update Service	X	winupd32.exe	Added by the ADTODA-A TROJAN!
System Update Service	X	system.pif	Added by the W32/Rbot-ALL WORM!
System Update Service	X	update.pif	Added by the W32.Spybot.WOE WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
System Update2	X	wininet.exe	Added by the Autotroj-C TROJAN!
System Update2	X	update.exe	Added by the Autotroj-C TROJAN!
System Update2	X	taskmon.exe	Added by the Autotroj-C TROJAN!
System Update2	X	svchost.exe	Added by the Autotroj-C TROJAN!
System Update2	X	services.exe	Added by the Autotroj-C TROJAN!
System Update2	X	wupdmgr.exe	Added by the Autotroj-C TROJAN!
System Update2	X	winspool.exe	Added by the Autotroj-C TROJAN!
System Update2	X	webcheck.exe	Added by the Autotroj-C TROJAN!
System Update2	X	explorer.exe	Added by the Autotroj-C TROJAN!
System Update2	X	winlogon.exe	Added by the Autotroj-C TROJAN!
System Update2	X	system.exe	Added by the Autotroj-C TROJAN!
System Update2	X	taskman.exe	Added by the Autotroj-C TROJAN!
System Updated	X	svchoes.exe	Added by the W32/Rbot-ASF WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
System Updater Service	X	wmiprvsw.exe	Added by the GAOBOT.AFC WORM!
System Updates	X	winsci.exe	Added by a variant of the WIN32.RBOT WORM!
System Updates	X	unve.exe	Added by the W32/Rbot-AWG TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
System Updates	X	szwi.exe	Added by the W32/Rbot-AXE WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
System Updates 4	X	mssysfix.exe	Added by the W32/Rbot-ADU Worm!
System Updates Manager	X	winserv32.exe	Added by the W32/Agobot-AGA Worm!
System Updates Service	X	updates.pif	Added by the W32/Rbot-AMA WORM!
System Uptime Server	X	SYSENTRY.EXE, SYSENTRY32.EXE	Added by a RBOT.LK worm infection
system xp	X	acdsee demo.exe	Added by W32.SALGA.A WORM!
System-Config	X	msptmf32.com	Added by a Win32.Lioten.FA worm infection
System-Service	X	EXPLORER.SCR	Added by the BENJAMIN VIRUS! KaZaA file-sharing users beware!
system.	X	system..exe	Added by the OPTIXPRO.13.C VIRUS!
system...	X	system...exe	Added by the OPTIXPRO.13.C VIRUS!
system.exe	X	system.exe	Added by the PWSTEAL.JGINKO TROJAN!
system.exe	X	system.exe	Added by the Troj/Jginko-B TROJAN! Note: This trojan file is found in the Root folder. (C:\), (D:\), (E:\) etc, etc.
System132	X	Csrtss.exe	Added by the LANFILT-I TROJAN!
system23	X	notPad.exe	Added by the ESTEEMS.D TROJAN!
System32	X	system.exe	Added by the BUSHTRO122 VIRUS!
System32	X	System32.exe	Added by the MARI, SYSXXX and other VIRUSES!
System32	X	system32,1.exe	worm or trojan, as yet unidentified
System32	U	sysdiag.exe	SpyAgent.B surveillance software - uninstall this software unless you put it there yourself!
System32	X	system.exe	Added by a BushTro122 trojan infection
system32	X	NeT-BoT.exe	Added by the W32/AGOBOT-LJ WORM!
System32	X	lsasss.exe	Added by the W32/RBOT-XW WORM!
System32	X	crsvvc.exe	Added by the RBOT.BLY WORM!
system32	X	QQGame.exe	Added by the TROJ/QQPASS-AC TROJAN!
System32 PCI Manager	X	syspci32.exe	Added by the W32/Rbot-AFR Worm!
System32 TCP Manager	X	systerm.exe	Added by the RBOT.AFD WORM!
System32 TCP Manager	X	systcpm.exe	Added by a variant of the WIN32.RBOT WORM!
System32 Temp Service	X	systmp.exe	Added by the W32/Rbot-AET Worm!
system32.dll	X	systeminit.exe	CoolWebSearch parasite related.
system32.dll	X	sysdll32.exe	CoolWebSearch parasite related.
system32.exe	X	services32.exe	Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
system32.exe	X	system32.exe	Added by the Backdoor.Graybird.P TROJAN! Note: This worm/trojan file is found in the Windows or Winnt folder.
System32Check	X	.exe	Added by the Troj/Chast-A keylogging TROJAN! Note: This worm file is found in the Windows(95/98/Me/XP) or WINNT (Nt/2000) folder.
System32Dll	X	DLL32SYS.EXE	Added by a W32/Spybot-CZ worm infection
System32Ex	X	System32Ex.exe	Added by a Backdoor.IrcContact trojan infection
System32kfvw�	U	sysdiag.exe	SpyAgent.B surveillance software - uninstall this software unless you put it there yourself!
System33	X	FB_PNU.EXE	Added by the NICHELLO-A VIRUS!
System4224411	X	Virus	Added by the CAGER.A WORM!
System4224411	X	Systemdll.exe	Added by the W32/Yusufali-B WORM! Note: This worm\ file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
SystemAdministration	X	Wincmp32.exe	Added by the ASYLUM VIRUS!
SystemAgent	U	Sage.exe	"Microsoft Plus! System Agent automatically tunes your system, performing tasks such as disk optimization and error correction. It can also run any application at prescheduled times"
SystemB	X	MessengerStopper.exe	MessStopper adware
SystemBackup	X	mtx.exe	Added by the MTX VIRUS!
SystemBackup	X	MicroLog.exe	Added by the MICROLOG.A VIRUS!
SystemBoot	?	ladies.htm	Unknown but sounds very suspicious??
SystemBoot	X	Mshta.exe ...filename.hta	Adult content dialler
Systemboot	X	msnsngr.exe	Added by a variant of the WIN32.RBOT WORM!
SystemBoot	X	services.exe	Added by the W32.SOBER.P WORM! - NOTE - this file is placed in a "%Windir%\Help\Help" folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
SystemCheck	X	Systemcheck.exe	Added by the LAVITS VIRUS!
SystemCheck	X	SysCheckBop32.exe	WINBO adware component
SystemCheck	X	services.exe	Added by the W32/SOBER-M WORM! - Note - this file is placed in a %WINDOWS%\Config\system subfolder, and should NOT be confused with the legitimate Windows services.exe process, located in the Winnt/System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
SystemCheck	X	svchost.exe	Added by the TROJ/DELF-KR TROJAN! - NOTE - this file is placed in a C:\DriverLoad folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
SystemChecker	X	Syschk.exe	Added by the GAIL.F VIRUS!
SystemCONF98i	X	SystemCONF98i.exe	Added by the FROZEN BOT VIRUS!
SystemDebug	X	Sysdeb32.exe	Added by the SYSBUG VIRUS!
SystemDll	X	SystemDll.exe	Added by the LOXOSCAM TROJAN!
systemdll32.exe	X	systemdll32.exe	Added by the FEUTEL-F TROJAN!
SystemDriver	X	csrss.exe	Added by the ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, and which should NOT figure in Msconfig!
SystemDriverCheck	X	svchost.exe	Added by the TROJ/DELF-KR TROJAN! - NOTE - this file is placed in a C:\DriverLoad folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
SystemDriverLoad	X	svchost.exe	Added by the TROJ/DELF-KR TROJAN! - NOTE - this file is placed in a C:\DriverLoad folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
systemdrv	X	ms32sys.exe	WORM related - most likely GAOBOT
SystemEmergency	X		CoolWebSearch parasite related.
SystemExplorer	X	explore.exe	Homepage hijacker - file located in the "Services" folder in Common Files
SystemFile	X	SystemFile.exe	Added by the Troj/Dulldoor-A Trojan!
SystemFTP	X	VSENMB.exe	Malware (ie, malicious software). Also changes the system.ini Shell line to read Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well
Systemidle	X	stemIdle.exe	Added by the WOOTBOT.AO VIRUS!
SystemInit	X	iservc.exe	Added by the FIZZER VIRUS!
Systemiom Updater	X	Systemiom.exe	WORM_SPYBOT.TY
SystemLoad32	X	sysload32.exe	Added by the W32.MIMAIL.E WORM!
SystemManager	X	Sysman32.exe	Added by the DOWNLOADER-BW.B VIRUS!
SystemMap32	X	Netisp32.vbs	Added by the REDIST.C VIRUS!
SystemMD	X	md.exe	Homepage hijacker
SystemMonitor	X	Sysmon32.exe	Added by a AIDID.A worm infection
SystemMonitor	X	SYSMON32.exe	Added by the W32.Aidid VIRUS!
SystemNetwork	X	NETSERV.EXE	Added by the NETCONTROL VIRUS!
SystemNetwork	X	sysnet.exe	Added by a variant of the WIN32.RBOT WORM!
SystemNT	X	SystemNT.exe	Added by the TROJ/PWSVB-EG TROJAN!
SystemNT	X	SystemNT.exe	Added by the TROJ/PWSVB-EG WORM!
systemr	X	d11host.exe	Added by the Troj/VB-GX Trojan!
systemr	X	gedit.exe	Added by the Troj/StartPa-HC TROJAN!
systemr	X	gedit.exe	Added by the Troj/AdClick-AQ TROJAN!
SystemReg	?	PROCES.EXE	??
SystemReg	X	svchost.exe	Added by the DEWIN.E VIRUS! Note - this is not the valid svchost.exe as described here
SystemReg	X	WINREG.EXE	Added by the DEWIN.A VIRUS!
Systems	X	scchost.exe	Added by the Troj/Tofger-AK TROJAN! Note: This trojan file scchost.exe (Notice the difference in the spelling) is not the legitimate Windows Process. The legitimate Windows Process (svchost.exe) should not be seen in Msconfig or as a Startup item.
Systems	X	svch0st.exe	Added by the W32.MYDOOM.BI WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
Systems	X	Systems.exe	Added by the TROJ/BANKBOA-A TROJAN!
Systems	X	itDDD.exe	Added by the Troj/Dloader-PP TROJAN!
Systems	X	itDDD.exe	Added by the Troj/VIXUP-G WORM!
Systems Backups	X	windrives.exe	Added by the W32/AGOBOT-RB WORM!
Systems Restart	X	spchost.exe	Added by a variant of the BANCOS.RF TROJAN!
Systems Restart	X	slchost.exe	Added by the BANCOS.RF TROJAN!
Systems Restart	X	Rundll32.exe beem.dll, DllRegisterServer	Added by the Best_Search browser hijacker!
Systems Restart	X	Rundll32.exe snim.dll,DllRegisterServer	Added by the Startpage.I browser hijacker
Systems Restart	X	Rundll32.exe boln.dll,DllRegisterServer	Added by the StartPage.J TROJAN!
Systems Restart	X	Rundll32.exe zolk.dll, DllRegisterServer	Added by a variant of the StartPage.J TROJAN!
Systems.exe	U	Systems.exe	Keyboard Spectator - monitoring software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
systems.exe	U	Systems.exe	KGBSpy is a commercial spyware program. It logs keystrokes, Web sites visited, and clipboard activity. It also has a screen capture logger and can be run automatically in a silent, undetectable mode.
SystemSafe	U	Syssafe.exe	System Safety Monitor - system monitoring tool with additional application firewalling
SYSTEMSars32	X	csrss.exe	Added by the AHLEM.A VIRUS! Note - this is not the valid Client Server Runtime Subsystem (csrss.exe) process, which provides text window support, shutdown, and hard-error handling
SystemSAS	X	System32.exe	Added by the KWBOT.C VIRUS!
SystemSearch	X	regedit.exe -s c:\ie.reg	Installs a Seachxl.com browser page hijack
SystemSearch	X	regedit.exe -s c:\sys.reg	Installs a i--search.com browser page hijack
SystemService	X	msocfg.exe	Premium rate adult material dialer
SystemService	X	qservice.exe	Premium rate adult material dialer
SystemService	X	navchk.exe	Premium rate adult material dialer
SystemService	X	shman.exe	Premium rate adult material dialer
SystemService	U	nsserver.exe	NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!
SystemService	X	pokapoka62.exe	EliteBar adware component
SystemSettingf	X	TRUG.vbs	Added by the TRUG.B VIRUS!
SystemSuite Task Manager	U	MXTASK.EXE	vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro
SystemTasks	X	filez.exe, sexypicz.exe, loaded.exe	Adult content dialler
SystemTools	X	kernels32.exe	Added by the VICSFRAM TROJAN!
Systemtra	X	Systra.exe	Added by a variant of the LOVGATE WORM!
SystemTra	X	CDPlay.EXE	Added by a variant of the LOVGATE WORM!
SystemTray	X	SystemTray.exe	Added by the BIGFOOT TROJAN! Note - this is not the valid SystemTray ( SysTray.exe )
SystemTray	X	SysTray.exe	Added by the IRC.ALADINZ.P TROJAN! ** Note - Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
SystemTray or SysTray	U	SysTray.Exe	SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they\'re available via Start -> Settings -> Control Panel
SystemTraySD	X	SDSystemTray.exe	Max Secure Spyware Detector, bogus "Spyware remover" - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"
SystemTraySR	X	SRSystemTray.exe	Max Secure Spyware Detector, bogus "Spyware remover" - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "spywaredetector.net"
SystemUpd	N	SystemUpd.exe	Updater for Swapoo.com, a kind of Napster for games
SystemWideHook for Windows NT	X	%WinHook32.exe	Added by the W32.Mydoom.AC WORM!
SystemWizard Sniffer	U	Sniffer.exe	SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC
systemyom Updater	X	systemyom.exe	Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
SYSTEMZ Patch	X	SYSZ.exe	Added by the ALADINZ.P VIRUS!
System_Messages	U	pprsen.exe	TerminatorX - "offers an easy and effective method of stopping users running predetermined file sharing programs like KaZaA, messenger programs, chat rooms and the like"
Systes	X	jrdtifkkxbbsa.exe	Added by the W32/Rbot-ADC Worm!
Systesms.exe	X	systesms.exe	Added by a W32/Rbot-HI worm infection
Systest	N	Systest.exe	Clean Space temp files cleaner
systhread	X	winkernal.exe	Added by the LIAMED VIRUS!
SysTime	X	systime.exe	Troj/StartPa-CR , a CoolWebSearch parasite variant
Systmesy	X	Systmesy.exe	Added by a W32/Rbot-KQ worm infection
Systoan32	X	systoan.exe	Added as the result of an unidentified VIRUS!
systr32	?	systr32.exe	??
systrans	X	(Path of Trojan EXE)	Added by the Troj/StartPa-GZ TROJAN!
systrax	?	systrax.exe	??
Systray	X	Systray_.Exe	Added by the KERGEZ.A VIRUS!
Systray	X	a.exe, b.exe	Winfavorites adware
SYSTRAY	X	UNMT.EXE	Added by a W32/Sdbot worm infection
SYSTRAY	X	UNMT.EXE	Proxy-Agent trojan variant
SysTray	X	Snnpapi.exe	Added by an unidentified TROJAN!
SYSTRAY	X	UNMT.EXE	Added by the TROJ/DLOADER-LQ TROJAN!
Systray	X	w32explorer.exe	Added by the W32/Rbot-AJY WORM!
Systray	X	SteFanie.vbs	Added by the VBS.Stefan WORM! Note: Make sure you check the hyper link for VBS.Stefan, this one copies it's self to numerous dirves and folders.
Systray driver	X	systray.exe	Added by the IRC.MUTEBOT TROJAN! ** Note - this is not the legitimate systray.exe process.
SystrayServices	X	Msxpw.exe	Added by the CITOR VIRUS!
Systry	X	(path to worm)	Added by the AUTEX VIRUS!
SYStry	X	spoolsvr.exe	Added by the SDBOT.GN WORM!
Systryt	X	(path to worm)	Added by the AUTEX VIRUS!
systune	U	systune.exe	Added by AceSpy SPYWARE! ** Treat as an X if it wasn't intentionally installed.
Systweak Memory Optimizer	U	memtuneup.exe	Part of SysTweak Advanced System Optimizer
sysu	X	sysu.exe	Dynamic Desktop Media adware - see here
sysug32.exe	X	sysug32.ex	Added by an unidentified TROJAN or WORM!
Sysupd	X	Sysupd.exe	VirtuMonde adware
Sysvupex	X	Sysvupex.exe	Added by the MEDIAS VIRUS!
SysW8	U	csta.exe	Clean Space - privacy and perfomance enhancer
SYSWB6	U	SYSWB6.exe	We-Blocker - gives parents the opportunity to monitor their children's Internet access and provide them with age-appropriate content, while filtering out sites that contain adult content
SysWin	X	SysWin.exe	Added by a Backdoor.IrcContact trojan infection
Syswin32	X	syswin32.exe	Added by a Backdoor.IrcContact trojan infection
syswin32	X	syswin32.exe	W32.SpyBot worm variant
syswin32	X	syswin32.exe	Added by the SDBOT TROJAN!
Syswindow	X	Syswindow.exe	Added by the COW VIRUS!
SysWy	X	rundll32.exe	Added by the TROJ/LINEAGE-JH TROJAN! - NOTE: this file is found in the C:\Windows\System folder, and is not to be confused with the legitimate rundll32.exe file, always located in the Windows folder on Win 98 and ME systems, and in the Winnt\System32 or Windows\System32 folder in Windows XP and NT!
sysX3	X	sys22.exe	Added by the W32.RANTS.C WORM!
SYS_CLEAN	X	Service.exe	Added by the FLOPCOPY VIRUS!
Sys_Run	X	ghost.exe	Added by the Troj/Lineage-N Trojan!
sys_Runtt1	X	explorer.exe	Added by the LINEAGE-M TROJAN! - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in the Program Files folder!
SZMsgSvc.exe	U	SZMsgSvc.exe	StopZilla! - pop-up killer
t	X	xclean.exe	Flashtrack.B adware
T-DSL SpeedMgr	N	speedmgr.exe	T-Online ISP SpeedManager; shows upload and download speed; also checks for updates automatically.
Taakcontrole	U	taskmon.exe	Task Monitor (on Dutch language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
Taba	X	stte.exe	Clickspring spyware
Tablet	N	Tablet.exe	Loads the tablet drivers for the Wacom Graphics Tablet. This can be unchecked in msconfig without problems if you don't need the tablet functional all the time. Create your own shortcut if you need to run it ad hoc. If you forget to run it before running Paint Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b) On program exit, PSP does not terminate (you have to CTRL ALT DEL to close it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On program exit it takes noticeably longer to shut down (like 30-45 seconds)
tablet s	Y	tablet s	Starts the Wacom Penabled driver on Acer Tablet PCs (tablet icon with a green check appears during startup if successful)
Tablet Task	X	tabletsk32.exe	Added by the W32/Rbot-AJB WORM!
TabletTip	U	tabtip.exe	The Microsoft Tablet PC Input Panel converts handwriting to text dynamically, and you can make corrections quickly and easily before inserting text.
TabUserW	Y	TabUserW.exe	Wacom pen tablet driver
TAcelMgr	?	TAcelMgr.exe	TOSHIBA Acceleration Utilities related - what does it do and is it required?
Tad	N	tad.exe	From Turtle Beach's Santa Cruz on a Dell WinME system. Not required - works fine without it including keyboard hot controls for volume and mute
TAG	?	tag.exe	??
Tahni Deskmate	N	Tahni.exe	Tahni Deskmate - "Interactive cartoon character that lives on your Windows desktop"
TakeMP3	X	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related
TAKSMGN	X	taskmr.exe	Added by the W32/Rbot-AHS WORM!
TalkingReminder	N	TALKINGREMINDER.EXE	Talking Reminder from Software River Solutions - talking calendar reminder
talknow	?	talknow.exe	Could it be related to this or something similar?
Tango	?	Setup.exe	Tango Broadband access software. Is it required?
TangoManager	?	TangoManager.exe	Tango Broadband access software. Is it required?
TANG_INA_MO	X	AutoRun.bat	Added by the W32.Filukin.A WORM!
Tapicfg	X	Tapicfg.exe	CoolWebSearch parasite related.
Tapisys	X	tss.exe	Trojan.Win32.Small variant
TapiTNA	U	TapiTNA.exe	Telephony Location Selector allowing mobile users to change dialling locations - part of the Win95 Power Toys
Tardis	U	Tardis.exe	Tardis - time synchronization software
Task	X	tasker.exe	Added by the W32.Mydoom.R WORM!
Task Bar	X	TASKBAR.EXE	Added by the FRETHEM.J VIRUS!
Task BarClient	?	TaskBarClient.exe	Responsible for creating the System Tray icon and associated display system for theStarband satellite always on internet service
Task BarSvr	?	TaskBarSvr.exe	Part of the Starband satellite always on internet service. Not included on the current system. What does it do and is it needed?
Task Commander	X	regsvc32.exe	Added by the W32/AGOBOT-RX WORM!
Task Debugger	X	sysdll.exe	Added by the W32/RBOT-CQ WORM!
Task Help	X	wualcts.exe	Added by a variant of the WIN32.RBOT WORM!
Task Manager	X	taskmngr.exe	Added by a RBOT.Y worm infection
Task Manager	X	taskman.exe	Added by the W32/FORBOT-T WORM!
Task Manager	X	prcview.exe	Added by the W32/AGOBOT-RT WORM!
Task manager	X	TikTo.exe	Added by the RBOT.LV WORM!
Task manager	X	taskemngr.exe	Added by the W32/Rbot-AGA Worm!
Task Monitoring Service	X	svchost.exe	Added by the CONE.D VIRUS! This is not the valid svchost.exe as described here. Located in a Windows\Tasks directory, and not in Windows\System32
Task Scheduler Engine	X	schedsvc32.exe	Added by the W32/Rbot-ASJ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
task service	X	taskservices.exe	Added by a variant of the WIN32.RBOT WORM!
Task service	X	taskmgs.exe	Added by a variant of the WIN32.RBOT WORM!
TASK SETUP	X	tasksetup.exe	Added by the W32/RBOT-YR WORM!
Taskbar	N	Taskbar.exe	Taskbar icon for the Redline RegTweak overclocking program as supplied with Sapphire ATI graphics cards
TaskBar	N	CTLTask.exe	The Creative Sound Blaster Audigy Taskbar is used to choose between different types of EAX Effects - not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article.
Taskbar Display Controls	N	RunDLL deskcp16.dll, QUICKRES_RUNDLLENTRY	Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed
Taskbar Service	X	taskbar.svc	Unidentified adware
Taskbar System	X	tasksys.exe	Added by a variant of the W32/SDBOT WORM!
Taskbell.exe	X	Rund1.exe	Added as a resukt of the YIPID trojan
TaskList	X	tasklist32.exe	Added by the TROJ/BANCOS-DX TROJAN!
TaskMan	X	rundll32.exe	Added by the DVLDR VIRUS! Note - this is not the valid "rundll32.exe" as it\'s in the Windows\Fonts directory
taskmanager	X	taskmgr.com	Added by the BEREB VIRUS!
taskmanager	X	taskmanager.exe	Added by the W32/AGOBOT-TF WORM!
taskmanger	X	taskmanger.exe	Added by a variant of the WIN32.RBOT WORM!
Taskmgo	X	(path to file)	Added by the TROJ/BANCBAN-T TROJAN!
Taskmgr	X	Taskmgr.exe	System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a WindowsSystem1060 directory
Taskmgr	X	tskmgr32.exe	Homepage hi-jacker
taskmgr	X	taskmgr.exe	Added by the Startpage.G hijacker - NOTE: this is NOT the Windows Task Manager file!
Taskmgr	X	system.exe	Added by the TROJ_PAKES.G TROJAN!
taskmgr.exe	N	taskmgr.exe	Windows Task Manager in Windows XP. If run from the Startup folder, the tray icon will be put to the system tray after boot. Useful to check if XP has finished running the delayed services after boot. Available via a desktop shortcut
taskmgr.exe	X	paint.exe	Added by a variant of the WIN32.AGENT.AH downloader TROJAN!
taskmgr.exe	X	paintms.exe	Added by a variant of the WIN32.AGENT.AH TROJAN!
taskmgr.exe	X	mirc.exe	Added by a variant of the WIN32.AGENT.AH TROJAN!
TASKMGRU	X	TASKMGRU.EXE	Hijacker - recognized by Kaspersky antivirus as Trojan.Win32.Agent.cx
taskmngr	X	[path] msnve.exe [path] task.exe	Added by the FLOOD-EK TROJAN!
taskmngr lptt01 or taskmngr ml097e	X	taskmngr.exe	Variant of the RapidBlaster parasite (in a "Taskmngr" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
TaskMon	X	taskmon.exe	Added by the MYDOOM.A or MYDOOM.J WORMS! Note - this is not the valid Win98/Me file of the same name which resides in C:\Windows as this version resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP). It is not normally on a WinXP system
Taskmon driver	X	winampa.exe	Added by the LOONY-I TROJAN
taskmone		taskmone.exe	Added by the TROJ/SINGU-S TROJAN!
TaskMonitor	U	taskmon.exe	The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
TaskMrg	X	schwoch.exe	Added by a Troj/LDPinch-Y trojan infection
taskmrg.exe	X	taskimg.exe	Added by the TROJ/DLOADER-QZ TROJAN!
taskopen.exe	X	taskopen.exe	Added by the HackTool.Win32.Hidd.c TROJAN!
TaskPlus	N	TASKPLUS0.EXE, TASKPL~1.EXE	Task and calendar management software available as freeware or as a "Professional" version for sharing over a LAN
TaskReg	X	(random filename)	Added by the CBLAD VIRUS! <filename.exe> is the full path and name of the infected file
TaskS manager	X	taskmgrs.exe	Added by the AGOBOT.QU WORM!
Taskschd	X	TRAYWND.EXE	Added by the LITMUS.002 VIRUS!
TaskScheduler	U	TaskSch.exe	ProSeries accounting software related
taskswitch	N	taskswitch.exe	ALT TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
tasksys	X	tasksys.vbs	Added by the BYRON VIRUS!
Tasktray	N	CTLTray.exe	Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click -> Show Taskbar. The tasktray can be accessed via Start -> Programs -> Creative -> Sound Blaster Audigy -> Taskbar
Tasmgr	X	Taskmgr.bat	Added by the VBS.Ypsan.G WORM!
tat	X	tatss.exe	Delfin_Promulgate adware variant
Tau monitor	Y	Taumon.exe	"Tauscan is a powerful Trojan Horse detection and removal engine capable of catching every known type of backdoor that can threaten your system."
TAudEffect	?	TAudEff.exe	TOSHIBA Notebook related - what does it do and is it required?
TB2PROEXE	U	tb2start.exe	Timbuktu Pro - remote desktop access software
TBC Pro	U	tbcpro.exe	TitleBarClock Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on the right side of the title bar in any main window that has the mouse or keyboard focus
TBC.exe	U	Tbc.exe	TitleBarClock software
tbctray	N	tbctray.exe	Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
TBLFUNC	Y	tblmouse.exe	Aiptek HyperPen driver
tbon	X	tbon.exe	BestOffers adware
TBPanel	U	TBPanel.exe	Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
TBPS	X	TBPS.exe	WebSearch toolbar, HuntBar parasite variant
TBTray	N	tbtray.exe	VLSI/QSound ThunderBird PCI Control Panel. System Tray access to the settings for this and related soundcards. Available via Start -> Settings -> Control Panel
TB_setup	?	TB_ANI~1.EXE	??
TB_setup	X	tb_setup.exe	HuntBar parasite toolbar installer
tcactive	Y	tca.exe	Part of The Cleaner from MooSoft - stops virus trojans before they can do any damage
TCASUTIEXE	N	TCASUTI.exe	Associated with the 3COM diagnostic module (3COM NIC Doctor).�No further information is available
TCAUDIAG -off or TCASUTIEXE	N	tcaudiag.exe	Associated with the 3COM diagnostic module (3COM NIC Doctor). No further information is available
TCDPbtn	?	TCDPbtn.exe	Found on a Toshiba laptop
TCDPlay	?	TCDPlay.drv	Found on a Toshiba laptop - sounds like the driver for the CD-ROM but why doesn't it use the standard Windows drivers - any comments?
TClock	U	TCLOCK.EXE	Kazubon TClock. Utility that amongst other things synchronizes your system clock with Internet time servers. Available via Start -> Programs
TClockEx	U	TCLOCKEX.EXE	Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks
tcmonitor	U	tcm.exe	Part of The Cleaner from MooSoft - warns of changes to the registry
TCOYFReminder	U	tcoyftray.exe	My_ParenTime Fertility Planner Reminder. (The Calendar provides a quick overview of the status of your fertility.)
Tcp Application Manager	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Tcp Application Manager	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Tcp Application Manager	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Tcp Application Manager	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Tcp Application Manager	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Tcp Application Manager	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Tcp Application Manager	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Tcp Application Manager	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
tcp checker	X	tcpcheck.exe	Added by the TROJ/VBBOT-A TROJAN!
TCP Monitoring	X	LanNSvc.exe	Added by the RANDEX.AAS VIRUS!
tcpippui		tcpippui.exe	Added by the W32/Rbot-APS WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
tcpippui32	X	tcpippui32.exe	Added by the W32/RBOT-ART WORM!
TCPXP Update	X	tcpxp.exe	Added by the W32/RBOT-UL WORM!
tcupdater	X	tcupdater.exe	Topconverting.com/180Search adware updater
TDispVol	?	TDispVol.exe	??
TDKSTART	U	TDKSTART.EXE	Sets the spindown timeout and access speeds at startup and displays a splash screen for CD-RW.
TDKTASK	N	TDKTASK.EXE	Taskbar utility for a "control panel" for a CD-RW
TDockNUndock	?	N/A	Found on a Toshiba laptop - for use with a docking station?
TDS3	U	TDS-3.exe	DiamondCS TDS3 antitrojan . Can be used to scan on demand, but required in startup if you prefer real time protection
TDspOff	?	Tdspoff.exe	Found on a Toshiba laptop
Teach In Box	N	teachbox.exe	Tutoring program that comes with a SystemAX Computer
Tech-In-A-Box	Y	techbox.exe	Tech-in-a-Box "provides easy-to-use tools for various system maintenance tasks. From backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to stay up and running"
Telechips,Mass	U	patch.exe	Removable Disk Driver for the Muro MP3 player
Telemeter 3.0	N	telemeter3.exe	Internet connection bandwidth meter from a user ISP
Telepath	Y	telepath.exe	Drivers for the WinModem versions of the US Robotics "Telepath" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
Telnet24	X	(Random file name)	Added by the W32/Rbot-ARD WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
TELUS Security service	Y	freedom.exe	Freedom Internet Security, provided by TELUS Communications Inc
TempCom	X	(random name).com	Added by the TRAXG VIRUS!
TempCom	X	(random file name)	Added by the W32/Traxg-E WORM! Note: May be found in any of the following folders: \fonts, \help, \system, \temp, \web
TempRemove	U	terminator.exe	CB Predictor by Decisioneering
tempx	X	tempx.exe	Added by the TEMPEX.A TROJAN!
Tencent QQ	X	Rund1132.exe qq.dll, Rundll32	Added as the result of the QQPASS.F VIRUS!
Terminal Update	X	biosefui.exe	Added by the Troj/PPdoor-O TROJAN!
Terminate Popup	X	FPUK.exeZPU.exe	Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here
TEscKey	U	TEscKey.exe	Toshiba Escape Key handler. Enables you to program and use the <FN><Esc> key combination to perform a specific function
Tesco.net	N	rundll32 [path] RyDial.dll, QuickStart	Tesco.net dial-up ISP software - not required
Tesla	?	TESLA.EXE	??
test	X	i love you.exe	Added by the Troj/Singu-T TROJAN!
Testing 123	X	msdata.dat	Added by the W32.Nits.A WORM!
testit.exe	X	testit.exe	ISTbar/XXXToolbar adware component
TExBUtil Registry	?	TExBUtil.exe	??
TextAloud	N	TextAloudMP3.exe	TextAloud MP3 - convert text into spoken words and MP3s
Textbridge Instant Access OCR	N	telepath.exe	TextBridge from Scansoft. OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs
TEXTCONV	X	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe) process
TEXTCONV	X	winlogon.exe	Added by NEVEG.A WORM! Note - this is not the valid Windows Logon process winlogon.exe process. It should not appear in Msconfig/Startup!
TEXTCONV	X	lsass.exe	Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup
TFncKy	U	TFncky.exe	Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
TFNF5	U	TFNF5.exe	Toshiba Hotkey Utility for Display Devices. By pressing <FN> <F5>, a window appears showing the displays that can be chosen � LCD, LCD CRT, CRT, TV
tfswctrl	Y	tfswctrl.exe	Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
TFTP###	X	tftp###	Added by the SPYBOT VIRUS! where # can be any number
TFunckey	U	TFuncKey.exe	Deals with the <Fn> - <Function> key combinations on a Toshiba laptop
TgAddServer	N	tgfix.exe	Software from SupportSoft (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see here). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove, Charter offer some uninstallation instructions involving a registry patch that you may be able to modify for your proivder or try here
tgbcde	X	module32.exe	Added by the WIN32.REIGN.R TROJAN!
Tgcmd	U	tgcmd.exe	This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
tgcmdprovidersbc	U	tgcmd.exe	This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
TGCMG	N	??	Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work
TGDC IE Plugin	X	tgdc.exe	ShopForGood spyware - see here
tgkill	X	tgkill.exe	Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs
Tgsetsite	U	tgfix.exe	See TgAddserver and Tgcmd above. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
Thdetrf	N	thdetr32.exe	Appears to be related to Lycos advertising
ThE	X	wind0s.exe	Added by an unidentified WORM or TROJAN!
The Easy Bee's Hive	U	ATCEgSvr.exe	The Easy Bee is a software that allows you to record Internet navigation sequences, which can include form filling and button clicking and to attach a replay schedule to each sequence
The Ethernet	X	ethernet.exe	Added by a variant of the W32/SDBOT WORM!
The Intranet	X	intranet.exe	Added by a variant of the W32/SDBOT WORM!
TheMainStart	?	N/A	??
THGuard	U	TH_Guard.exe	Resident memory scanning for TrojanHunter
THGuard	U	THGuard.exe	Resident memory scanning for TrojanHunter
This is a virus, please delete it	X	bigbadvirus.exe	Added by the RANDEX.F VIRUS!
THOTKEY	U	THotkey.exe	Associated with the Fn keys on Toshiba laptops. When disabled some keys still worked, like the one that regulates the volume of the system beep, but others didn't, like the one that immediately blackens your screen
ThpSrv	?	thpsrv	TOSHIBA HDD Protection related - what does it do and is it required?
Threaded	X	intcp32.exe	Added by the RANDEX.UG VIRUS!
ThrustTSR	U	TMTMTSR.exe	Thrustmaster Thrustmapper. "The Thrustmapper - t-mapper - icon sits on your taskbar and automatically detects when the joystick is plugged in and configures it accordingly"
Thumbs Plus X.X	X	thmbplusXX.exe	Added by the W32/Agobot-AAF WORM! (XX is a combination of random digit and character.)
TI WLAN	U	TIWLANCu.exe	Texas_Instruments TI wireless LAN products
tibs3	X	tibs3.exe	Premium rate adult content dialer - see here
tibs5	X	tibs5.exe	Premium rate adult content dialer - see here
Tiger	X	Shine.exe	Added by the HAPPYLOW or W32/Nishe-A VIRUS!
TiKL	U	tikl.exe	TinyKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!
Time Manager	X	TimeManager.exe	Added by the W32/Mytob-BV WORM!
Time Zone Synchronization	X	wscript zshell.js	Added by the NETDEX-A VIRUS!
TimeCalendar	N	tc.exe	TimeCalender - calendar reminder
TimeCalendar	U	TC.exe	TimeCalendar digital planner
Timed Backups Manager Startup	N	BACKTIME.EXE	Backup Plus - backup software
TimeLeft	U	TimeLeft.exe	TimeLeft is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and time synchronization utility which uses Winamp skins to show digits and text.
Timemanager.exe	U	Timemanager.exe	Time_Manager will let you track billable and non-billable time by customer, by category and by associate and then integrate directly to our custom billing package.
TimeOnline	N	TIMEONLINE.EXE	Lightman Groups's TimeOnline monitor. For dial-up users to monitor time spent on the net. Available via Start -> Programs
TIMER	X	TIMER.EXE	Added by the TIMESE.AG VIRUS!
Timer	X	comm.exe	Added by the TROJ/BDOOR-IP TROJAN!
Timer	X	timed.exe	Added by the Troj/Bdoor-LV TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
TimeService	X	trun.exe	Added by the TlfLic-A premium rate adult content dialer.
TimeSink Add Client	X	TSADBOT.EXE	TimeSink Ad Client - advertising spyware
timessquare	X	timessquare.exe	Reported as Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus.
TimeSyncApp	X	TimeSynchronize.exe	DealHelper adware
TimeUp	N	Timeup.exe	TimeUp - internet online timer
Timezone	U	TimeZone.exe	Microsoft Daylight Saving Time Update Utility - see here
TINTSETP	N	TINTSETP.EXE	Part of Microsoft\'s Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word
Tiny AV	X	fooding.exe	Added by the W32.Netsky.I WORM!
Tiny Personal Firewall	Y	persfw.exe	Tiny Personal Firewall
tinySpell	U	tinyspell.exe	Tinyspell - "allows you to easily and quickly check the spelling of words in any Windows application. Monitors your typing on the fly, alerts you whenever it detects a misspelled word, and checks the spelling of every word you copy to the clipboard"
TiomanExe	U	Tioman.Exe	Agate Tioman - warm and hot swap removable bay device manager for IBM laptops
Tips	N	mousetips.exe	Suggests tips on using your mouse
TiTleBarClock	U	TiTleBarClock.exe	TitleBarClock displays the day/month/time and free physical RAM on the right hand side of an open window, replacing the system tray clock at startup
Tivoli	N	LCFEP.EXE	Tivoli �TME� System Tray icon - "\'lcfep\' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
TIxDSL	U	tidslmon.exe	Actiontec DSL modem. Associated with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB Modem. Available via Start -> Programs
TizzleTalk	X	TizzleTalk.exe	TizzeTalk is a dialect translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not recommended. From their EULA : "As a result of installing the Company's Software, you will see occasional banner ads, pop-up or pop-under ads, or other types of ads selected based on your online activities .../... Occasionally, we may automatically or through other remote means, update, upgrade, patch or uninstall the Company's Software, including the Company's advertising-supported software, without further notice to you. These upgrades also may include installation of additional applications from the Company as well as third party applications."
tjstartup	X	svchost.exe	Added by the CURDEAL TROJAN! **Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
tjstartup	X	(path to file)	Added by the BACKDOOR.TJSERV.C TROJAN!
TkBell.Exe	N	tkbell.exe	Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
TkBell.Exe	N	evntsvc.exe	Application Scheduler installed along with RealOne_Player Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
TkBell.Exe	N	realsched.exe	Application Scheduler installed along with RealOne_Player Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
TkBellExe	N	evntsvc.exe	Application Scheduler installed along with RealOne_Player Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
TkBellExe	N	realsched.exe	Application Scheduler installed along with RealOne_Player Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
TkBellExe	N	tkbell.exe	Application Scheduler installed along with RealOne_Player Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
TkBellExee	X	realschd.exe	Added by an unidentified downloader TROJAN!
TkNetDriver Monitor	X	lexbce.exe	Added by the W32/SDBOT-ADF WORM!
tkonnect	N	TKONNECT.EXE	Dialer for the Tiscali internet service provider. Available as a desktop shortcut
tlc	X	update13.js, update911.js	Hijacker installer
TlcR	?	avp.exe	??
TLogonPath	U	tb2logon.exe	Timbuktu Pro - remote desktop access software
TM Outbreak Agent	U	TMOAgent.exe	Trend Micro Internet Security anti-virus software virus outbreak warnings. Notifies users of virus outbreaks and offers to update the scanner
TMA distribution	U	cfinst.exe	Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
tmax	X	pupdate.exe	Adware pop-up generator
tmchook	X	tmchook.exe	Detected by Kaspersky as the TrojanDownloader.Win32.VB.aa VIRUS!
TMEEJME	?	TMEEJME.EXE	Found in a Toshiba\TME3 directory. Toshiba Mobile Extension related?
TMERzCtl	?	TMERzCtl.EXE	Found in a Toshiba\TME3 directory. Toshiba Mobile Extension related?
TMESBS	U	TMESBS21.exe	Toshiba Mobile Extension Selectable Bay Service for WinXP - support for docking stations. Not required if you don't use a docking station
TMESBS32	?	TMESBS32.EXE	Found in a Toshiba\TME3 directory. Toshiba Mobile Extension related?
TMESRV31	N	TMESRV31.EXE	Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
TMExLogon	U	TMESRV.EXE	Toshiba utility related to inserting and removing a laptop from a docking station. Not required if you don't use a docking station
Tmmkb	?	Tmmkysvr.exe	Toshiba multi-media keyboard software - possibly including creating keyboard shortcuts?
TmNetDriver Monitor	X	exbce.exe	Added by the W32/Sdbot-ABR WORM!
Tmntsrv32	X	Tmntsrv32.exe	Hijacker, detected by Norton antivirus as Trojan.StartPage.O
TMOUSE	U	tmouse.exe	Component of the Toshiba Mouse Control that allows users with an AccuPoint mouse to scroll MS-scroll-compatible documents by holding CTRL ALT and moving the AccuPoint up or down. It also allows zooming by holding CTRL SHIFT and moving the AccuPoint up or down. Disabling this item has no adverse effects, except disabling the scroll/zoom features of the AccuPoint
tmproxy	Y	tmproxy.exe	Trend Micro PC-cillin 2003 antivirus software
TMTMTSR	N	TMTMTST.exe	Installed with Thrustmaster game controllers. It launches the Thrustmapper utility. Not required if you install the "driver only" from Thrustmaster website
TNTClk	U	TNTCLK.exe	Overclocking program for TNT, TNT2, and other graphics cards. This program can overclock the graphics card manually after startup when needed, especially before starting a gaming session. However, for simplicity, it can be left checked to let it run once at startup to automatically overclock the graphics card. In this case, it doesn't even run in the background after doing its job
ToADiMon.exe	U	ToADiMon.exe	T-Online ISP software connection assistant
Tok-Cirrhatus	X	IDTemplate.exe	Added by the RONTOKBRO.A WORM!
Tok-Cirrhatus	X	smss.exe	Added by the RONTOKBRO.B WORM! - NOTE - this file is placed in the UserProfile%\Application Data folder, and should NOT be confused with the legitimate Windows smss.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Tok-Cirrhatus	X	[path to file]	Added by W32/Brontok-F WORM!
TomcatStartup	?	hpbpsttp.exe	Apache Tomcat web server, part of HP LaserJet "Printer Tools" software - what does it do and is it required?
Tommorrow	?	tomorrow.exe	??
ToPassSrv	?	Pktopass.exe	Related to Caere Pagekeeper scanning software (now taken over by Scansoft), Disabling is known to cause problems
TopDesk	U	TopDesk.exe	TopDesk; puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files.
ToPicks Starter	X	Idhost.exe	ToPicks parasite related
topmoxie	X	JavaRun.exe	Marketing software from TopMoxie
TopSearch	X	TopSearch.exe	TopSearch adware variant
tor anonymous proxy	X	tor32.exe	Added by the W32/Sdbot-ADR WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Torjan Program	X	services.exe	Added by the W32.Autex.C WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). The legitimate Windows process should not be seen in Msconfig or as a Startup item. This worm file is found in the Windows or Winnt folder, be sure to check the link for this one, it makes 11 other copies of it's self all with different file names and in four different folders!
Torjan Program	X	smss.exe	Added by the PWSteal.Wowcraft.B TROJAN! Note: This is not the legitimate Windows process smss.exe (Which is always found in the System32 folder.) This trojan file (smss.exe) is found in the Windows or Winnt folder.
TOSCDSPD	?	toscdspd.exe	Toshiba laptop related
Toshiba Fan	Y	fan.exe	Toshiba untilty to keep the fan on a laptop running if they fail to detect there is too much heat
Toshiba Key State	U	KEYSTATE.EXE	Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g., Toshiba) laptops which do not have a Caps Lock indicator light. Available via Start -> Programs
ToshibaPinger	N	pinger.exe	Pinger is the resident program for Toshiba Upgrades. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Disabling instructions here
TOSHIBSU	U	Toshibsu.exe	Reduces the power consumption when the laptop isn't being used to preserve battery power. Hibernate function doesn't work if this is disabled. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run off battery regularly
TosHKCW	U	TosHKCW.exe	Toshiba Hot Key Change/Control Wireless. Permits you to use a hot key to activate/deactivate built-in 802.11b wireless transmission on a laptop (if installed)
TosMem	Y	tosmem.exe	Toshiba laptop related. Win98/Me ACPI system can not hibernate or go on standby if all of the physical memory lower than 640KB is locked. This utility allocates and locks three pages on boot and then releases them on standby/hibernation for ACPI.SYS in order to solve the above problem
TosRotation	U	TRot.exe	TOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or desk
Total Security	Y	TScutyNT.exe	Omniquad Total_Security
TotalSecurityUpdate	Y	TSAtUdt.exe	Omniquad Total_Security updater
TotRecSched	U	TotRecSched.exe	Scheduler for Total_Recorder from High Criteria Inc - audio capture utility
ToUcamVProperty	Y	VProperty.exe	Philips Web Camera model name pcvc740k, ToUcam driver configuration tray icon.
Touch Manager	U	WinLED.exe	Dell keyboard utility. Disabling can result in loss of screen saver and power saver functionality
TouchED	U	TouchED.exe	TouchPad On/Off Utility on a Toshiba laptop
tour	N	regedit ..tour.reg	Edits registry values to keep the WinMe tour in Task Scheduler
Tour	N	wincool.exe	Component of WinME that's annoying as hell. Pop\'s up a prompt to play the C:\WINDOWS\Application Data\Microsoft\INTROCONTENT.HTA that plays a full screen version of the WinME product preview Windows Media video file that cannot be stopped to my knowledge until it finishes. That prompt will keep popping up after an install/reinstall of WinME until you give in and watch the thing. It also puts a task scheduler entry to run that annoying thing every 30 minutes, and don't bother deleting that entry, Windows puts it right back. Not only should you disable it from running, you should delete the thing altogether, as it, somehow can re-enable itself. Apparently you can try setting the file to read only
tourpath	N	regedit /s [path] tour.reg	Edits registry values to keep the Win 2000 "tour" in Task Scheduler
TP4EX	U	tp4ex.exe	Adds accessibility options for an IBM TrackPoint
tp4mon	?	tp4mon.exe	May be IBM Thinkpad mouse/trackpoint related, if so is it required?
tp4serv	U	tp4serv.exe	Supports the "pointer stick" on Thinkpads in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
TP98TRAY or TPTRAY	?	TP98TRAY.EXE	IBM Thinkpad related utility. What does it do and is it required?
TP98UTIL	N	TP98.EXE	IBM Thinkpad feature setup & configuration utility
tpcupdater	X	updatetc.exe	Adware, probably 180Solutions related
TpHotKey	U	TPHKMGR.EXE	Activates "ThinkPad Help" when the "Thinkpad key" is pressed on an IBM ThinkPad laptop. Also activates the audio buttons (volume up/down, mute) on models such as the Thinkpad T30
TPKMAPHELPER	?	TpKmapAp.exe	IBM ThinkPad related - what does it do and is it required?
TpKmapMn	U	TpKmapMn.exe	Create Keyboard combinations for special Thinkpad buttons when using an external keyboard, e.g. "Ctrl-arrow up" for "volume up". Only required when using an external keyboard. Available via Start -> Programs
TPNF	N	TPTray.exe	Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
tpopservice	U	tpopservice.exe	DirecWay two-way satellite internet service enhanced POP proxy server for email
TPP Auto Loader	U	Tppaldr.exe	Installed with DataStor's (and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the user to disconnect the external drive without an error message being displayed
Tprtray	U	Tprtray.exe	Displays the Power icon in the System Tray on a Toshiba laptop
TpShocks	Y	TpShocks.exe	Responsible for controlling the IBM Hard Drive Active Protection system found on newer models of IBM Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active Protection system is based on a technology similar to that used in automobiles to deploy airbags on contact: An accelorometer on the motherboard detects physical acceleration--such as when the notebook falls--and in response the system temporarily parks the hard drive's read/write head until stability returns
TPSmain	?	TPSMain.exe	Toshiba related; not sure whether required
TPTray	N	TPTray.exe	Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
TPwrMgr	?	TPwrMgr.exe	Found on a Toshiba laptop. Related to power management?
TPWRTRAY	Y	Tpwrtray.exe	Toshiba laptop's own Advanced Power Management system which disables Windows APM (greyed-out in Control Panel). You can't choose which of the 2 systems to use
tqrecv	U	tqrecv.exe	Tellique satellite broadcast reception software
Traceless	N	launch.exe	Traceless 2003 - clear your cookies, temp directories and browser history with a click of a button. It also clears the recent documents and the IE drop down auto complete box
Track4WinMonitor	U	STMonitor.exe	Track4Win is a spyware program that takes screenshots and logs user activity such as URLs and currently running processes. It uploads the logs and screenshots to a preconfigured server. If you didn't install this yourself remove it
Tracker	?	Tracker.exe	Possibly associated with My Deluxe Invoices program
TrackpointSrv	U	daemon.exe, tp4serv.exe	Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
TrackPointSrv	U	tp4mon.exe	Supports the "pointer stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the "scroll" button to work
Tracks Eraser or Tracks Eraser Pro	U	te.exe	Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity"
Tranicon	U	tranicon.exe	A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
Transparent	U	TransparentW.exe, TransparentD.exe, TransparentB.exe	Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop, W=white, B=black. Available from here
TransparentIcons	U	tranicon.exe	A Tweak-XP component (only in the registered version), makes Desktop icons transparent. Can be enabled/disabled via Tweak-XP -> System File Tweaks -> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons Transparent
TransTask	U	transtask.exe	Tweak-XP_Pro related; feature to make the Windows XP taskbar transparent
Trashgrd	U	TRASHGRD.EXE	Part of McAfee Nuts & Bolts. Protects all the files you delete, even files deleted in DOS or in 16-bit Windows applications, by sending them to the Recycle Bin
Tray Pilot Lite	U	TrayPlt.exe	Tray_Pilot allows you to hide the System Tray window.
Tray Temperature	N	Weatherbug.exe	Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
Traybar	X	lsass.exe	Added by the W32.Mydoom.L WORM!
traydate.exe	U	TRAYDATE.EXE	Displays the date as well as the time in the System Tray. Available from TUCOWS
TrayManager	U	Trayman.exe	TrayManager hides system tray icons (FreeCell won't work when TrayMan is loaded)
Traymon	U	traymon.exe	Netropa Internet Receiver traymonitor. Will only launch the bar if you are connected to the internet and there's new news
TraySantaCruz	N	tbctray.exe	Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
TrayServer	N	TrayServer.exe	For monitoring tray icons
TrayX	X	winppr32.exe	Added by the SOBIG.F VIRUS!
tray_helper	N	tray_helper.exe	Tray Helper is an Email checker with additional tools, including a popup window killer, pinger module to monitor hosts and an event reminder
Trend Micro Anti-Spyware	U	Tmas.exe	Trend_Micro_Anti-Spyware - required when using real time monitoring
TrendMicro Antivirus	Y	Aveagent.exe	Virus scanner
TrendMicro OfficeScan NT	Y	TMLISTEN.EXE	Virus scanner
Trickler	X	fsg.exe	Gator adware
Trickler	X	fsg_***.exe ( = random digit)	Gator adware
Trickler	X	fsg-ag_***.exe ( = random digit)	Gator adware
Trickler	X	gain_trickler_***.exe ( = random digit)	Gator adware
TridentTVIcon	Y	tvicon.exe	Trident Microsystems, Inc Display driver
TridTray	?	TridTray.exe	System Tray access to Trident 4DWave soundcards?
TridTray	?	TridTray.exe	System Tray access to Trident 4DWave soundcards?
Trillian	U	trillian.exe	Part of Trillian ICR client
trirot	Y	trirot.exe	Trident Microsystems 3D video driver
Trojancheck 6 Guard	U	tcguard.exe	TrojanCheck anti-trojan software
TrojanScanner	U	Trjscan.exe	Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed
TrojanShield	U	Init.exe	TrojanShield anti-hacker/anti-trojan software
TrojanShield Protector	U	Port.exe	TrojanShield anti-hacker/anti-trojan software
True Internet Color Icon	U	internetcolor.exe	Part of Colorific & 3Deep from LightSurf Technologies (nee E-Color). "With True Internet Color PCs can display the best color possible over the web. Enabled web sites will know how connected monitors display color and will send them color corrected images"
TrueFonts	X	fonts.hta	Browser hijacker - redirecting to Hugesearch.net
TrueSync Launcher	N	tstool.exe	Starfish TrueSync - for synchronization between Windows platforms and popular devices, applications and services
TrueVector	Y	VSMON.EXE	Even if you don't have ZoneAlarm or ZoneAlarm Pro run at start-up you do need this
trustras.exe	?	trustras.exe	Trust ADSL modem related - is it required?
TrustyHound-TS	X	TrustyHound-TS.exe	TrustyHound spyware
tsa	X	tsm.exe	TargetSaver adware
Tsa2	X	tsm2.exe	TargetSaver adware
Tsa2	X	tsm2.exe	TargetSaver adware
TsAdbot	X	TSADBOT.EXE	TimeSink Ad Client - advertising spyware
TSBxLogon	?	TMESBS2.EXE	Found on a Toshiba laptop. May be related to TMESBS?
TSE_PLUtil	U	PLBkMon.exe	Prolific USB Flash Disk Log On Application
Tsk Mng Hlp	X	wins32.exe	Added by the W32/AGOBOT-JB WORM!
tskdbg	X	tskdbg.exe	Added by the FLOOD.E VIRUS!
TSkrMain	?	TSkrMain.exe	TOSHIBA Acceleration Utilities related - what does it do and is it required?
Tsl	X	tsl.exe	Uploader-R adware
Tsl2	X	tsl2.exe	TargetSaver adware
TSMsger	N	TSMsger.exe	Epson scannner software - required for "one-touch" operation. Can be launched manually
TSPower	?	spower.drv	Found on a Toshiba laptop. Related to power management?
TSService	?	NSSERVICE.EXE	??
tsvcin	X	n20050308.EXE	Adware downloader/installer, Delphin_Media_Viewer related - also detected as the DELMED.A TROJAN!
tsyssmon	?	tsyssmon.exe	Found in a Toshiba\sysstability directory
TSystem	X	(original Trojan filename)	Added by the Troj/Nsys-A Trojan!
ttaa	X	tata.exe	Added by the TROJ/LINEAGE-T TROJAN!
ttasq	?	ttasq.exe	??
TTS Sync	X	testtts.exe	Added by the SDBOT.BVA WORM!
ttupt	X	ttupt.exe	eZula TopText adware component
Tukati	?	TukatiRedistributor.exe	Tukati Digital Content Distribution. Is it required?
tunebite.exe	N	tunebite.exe	Tunebite is an application that allows you to make unprotected copies of copy-protected music files by recording them while they are being played. Can be launched from it's Start Menu shortcut.
TuneUp MemOptimizer	U	memoptimizer.exe	Part of "TuneUp Utilities", specifically 2003 version. "Monitors and optimizes free memory in the background." Basically, it cleans RAM and also allows you to clear the clipboard
TurboExplorer	U	TE.exe	Web accelerator - "TurboExplorer� 2.x is a real-time web surfing accelerator specifically designed for Internet Explorer� 4/5 to achieve a faster and more effective approach to the internet". Only needed if you find it improves web browsing
TurboLaunch	U	Tlaunch.exe	TurboLaunch is a tool-bar style application that can be set up to run many programs and perform certain pre-programmed actions.
TurboMemoryCharger	U	turbomemorycharger.exe	Some users swear by memory management utilities such as Turbo Memory Charger but others say you don't need them - especially if you have Win98 or WinME. See this article and make up your own mind
TurboNote	N	tbnote.exe	Post-It's on your desktop. Available via Start -> Programs
TurboTop	U	TurboTop.exe	TurboTop - make any window "Always on top"
TV Media	X	Tvm.exe	CleverIEHooker hijacker variant
TV Scheduler	U	TVSCHL.EXE	ProLink PlayTVpro TV tuner software scheduler
TVMD	X	tvmd.exe	Total Velocity - "Secure commerce company that enables the �checkout� process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware
TvNow	U	TvNow.exe	Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts).
Tvs	?	TvsTray.exe	TOSHIBA Notebook related - what does it do and is it required?
tvs_b	X	tvs_b.exe	BroadcastPC adware variant
tvs_b	X	tvs_ln.exe	BroadcastPC adware variant
tvs_re	X	tvs_re_inst.exe	BroadcastPC adware variant
TVTMD	X	TVTMD.EXE	Total Velocity variant - autoinstalling spyware
TVWakeup	N	tvwakeup.exe	MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
Tvwatch	?	tvwatch.exe	Associated with the TV-oOut option on Asus AGP or Intel graphics cards. Is it required?
Twain image	X	mmp32.exe	DailyWinner adware related
TWarmBay	?	N/A	Found on a Toshiba laptop. Related to hotswap bay management?
TWarnMsg	U	twarnmsg.exe	Toshiba System Warning Function for Windows 98, Me, 2000 - provides notification dialog when the cooling fan stops
TWBbtn	?	N/A	Found on a Toshiba laptop
TWBrowse	?	TWBrowse.drv	Found on a Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see this?
Tweak Manager	?	WinManager.Exe	WinGuides Tweak Manager. Is this required for the live updates feature and/or if settings are changed?
Tweak UI	U	rundll32.exe tweakui.cpl, tweakmeup	Restores settings that can\'t be retained if you have Microsoft\'s Tweak UI "powertoy" installed
Tweak UI	U	rundll32.exe tweakui.cpl, tweaklogon	Automatically logs you on if you have Microsoft\'s Tweak UI "powertoy" installed
Tweak UI	X	RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup	Added by the SUBWOOFER VIRUS! Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup"
Tweak UI 1.33 deutsch	U	RUNDLL32.EXE TWEAKUI.CPL, TweakMeUp	Restores settings that can't be retained if you have Microsoft's Tweak UI "powertoy" installed - German version
Tweak-Me	U	TWEAK-ME.exe	3rd party version of Miscrosoft'sTweak UI "powertoy" with many more options and controls (plus full support), designed specifically to take advantage of features in WinMe/2K and above, available from here
Tweak-xp	U	Tweak-xp.exe	Main program for Tweak-XP - a WinXP tweaking utility
TweakDUN	U	tweakdun.exe	Utility to optimize your Internet Browser Software. TweakDUN promotes faster Internet data transfer rates and faster downloads by eliminating fragmentation of data packets
Tweaki4PU	U	twksup.exe	"Tweaki puts several Windows utilities into one easy to use program while adding hundreds of additional tweaks not found in other system tweakers"
tweakico	?	tweakico.exe	May be a HP program to control their icons?
TweakMASTER	U	TMTray.exe	TweakMASTER Internet Optimizer
twister	U	twister.exe	Twister "AntiTrojanVirus"
TwkSCardSrv	N	SCardS32.Exe	Used with Towitoko SmartCard Readers for card recognition
twunk service	X	twunk16.exe	Added by the RBOT.BAT WORM!
twunk_32	X	twunk_32.exe	Added by the BLACKMAL.C WORM! - This malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
Twunk_64	X	twunk_64.exe	System1060 homepage hi-jacker. Note - this is not a Windows file and is found in a Windows\System\1060 directory
tyack drive	X	tyack.pif	Added by the W32/Rbot-AMT WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
type32	N	type32.exe	For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings. Not required unless you have changed them
TypingSatellite	N	KBOOST.exe	Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs
Uate	X	oocs.exe	PurityScan/Clickspring adware
UBSShell	U	UBSShell.exe	UBS (United Bank of Switzerland) banking software
UCmore XP - The Search Accelerator	U	rundll32.exe UCMTSAIE.dll, DllShowTB	UCmore toolbar - search accelerator
UC_SMB	N	ucstart.exe	Part of IBM Update connector on IBM PCs for updating drivers on a new installation. Once you manually run the IBM Update connector program (shortcut) this entry is removed
uc_start	N	ucstartup.exe	Auto updater feature for IBM machines that tries to connect to IBM to see if there are any new drivers, patches and etc
UD Agent	U	UD.EXE	The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start -> Programs
Ueproc32	U	UEPROC32.exe	Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions
UFD Monitor9382	?	ufdlmon.exe	Part of USB Flashdisk software - what does it do and is it required?
UFD Utility9382	?	UFDTool.exe	Part of USB Flashdisk software - what does it do and is it required?
ugon	?	aockstrs.exe	??
Uidler	N	Uidler.exe	Uniloc Titlewave Browser used with some shareware
UIWatcher	N	UIWatcher.exe	Ashampoo Uninstaller Suite - installation watcher. Available via Start -> Programs
ujm	X	nm32.exe	Added by the Keylogger.Stranget KEYLOGGER! Note: This keylogger file is found in the Windows\fyt or Winnt\fyt folder.
UKVideo2	X	ukvideo2.exe	Adult content dialler
Ulead Photo Express x.0 Calendar	N	calcheck.exe	Ulead Calendar Checker - part of Ulead Photo Express, where "x" represents the version number. Automatically replaces your calendar desktop wallpaper on a weekly/monthly/yearly basis if you've created them. Not required - change them manually. See here for disabling instructions
UltimateZip Quick Start	N	uzqkst.exe	UltimateZip - file compression utility
Ultra Hal Assistant 4.5 Startup	N	HalAsst.exe	Zabaware Ultra Hal Assistant - artificial intelligence conversation simulator. It is capable of being your digital secretary and companion
UltraDVDMon	?	DVDMon.exe	UltraDVD DVD player software - is it required?
Ulubione	X	sys****.exe	Ulubione adware component
UMAX VistaAccess	N	vsaccess.exe	VistaAccess gives you quick and easy access to scanning functions right from your desktop
UMonit	U	umonit.exe	Alerts when USB device is plugged in
umxagent	Y	umxagent.exe	Tiny Personal Firewall V4 - main engine
umxldra	Y	umxldra.exe	User mode executive module DLL loader - part of Tiny Personal Firewall V4
UMXLDRW	Y	UMXLDRW.exe	Tiny Personal Firewall (pre V4)
un32info	X	un32info.Exe	Added by a CRYPTER.A trojan infection
UNERI	X	yujixit.exe	Added by the SDBOT.BOO WORM!
UnHackMe Monitor	U	hackmon.exe	UnHackMe allows you to detect and remove a new generation of 'invisible' Trojan programs called "rootkits".
uninstal	X	regsvr32 /u /s image.dll	CoolWebSearch parasite related.
Uninstall####	X	upd.exe	Adult content based screen saver where #### can be any number
UninstallAbility	N	uability.exe	UninstallAbility uninstaller
UninstallHL	X	PreUninstallHL.exe	LinkReplacer/FFinder adware component
UninstallQL	X	PreUninstallQL.exe	LinkReplacer/FFinder adware component
Uninstall_TBPS	X	TBuninst.exe /remove	WebSearch toolbar related, HuntBar parasite variant
Uninstall_WinTools	U	WTuninst.exe	WinTools adware uninstaller. Should only need to run once in order to complete uninstall; when done, disable.
UniPrint	U	SetDfltSettings.exe	Drivers for Uniprint, a printing help for Terminal Services and Citrix which recieves downloaded files from a Uniprint enabled server and prints them locally allowing for truly universal printing through Terminal Services or Citrix.
UniSc	U	Unisc.exe	McAfee UnInstaller
uniucu	?	uniucu.exe	??
Universal USB Service	X	svchost32.exe	Added by the W32.KELVIR.R WORM!
Unix File Support	X	init3.exe	Added by the W32/RBOT-ZN WORM!
unldr16	X	unldr16.exe	Added by a CRYPTER.C trojan variant infection
unldr32	X	unldr32.exe	Added by a Crypter.C trojan variant infection
UnSpyPC	X	UnSpyPC.exe	"Spyware remover" of dubious repute - see the authoritative SpywareWarrior_List of Rogue/Suspect Anti-Spyware Products & Web Sites
untray	Y	untray.exe	Part of Command AntiVirus
uoltray	N	exec.exe	Netzero free ISP software - not required
Up Service	X	up32.pif	Added by the W32/Rbot-ARI WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
UpConfgVer	N	UpgConf.exe	Panda Antivirus Platinum. Purpose unclear, but according to Panda Software not required for the AV to function.
UpData	X	wupdata.exe	Added by the TROJ/IRCBOT-AA TROJAN!
Update	X	(original file path)	Added by the LYNDEGG VIRUS!
Update	X	CDUpdater.exe	"Carpe Diem" adult premium rate dialler related
Update	X	Sysupd.exe	Added by the SLACKBOT VIRUS!
Update	X	mshtm.exe	Browser hijacker, redirecting to buldog-search.com
update	X	winis.exe	Added by the W32/RBOT-VD WORM!
update	X	r00t.exe	Added by the W32/RBOT-ACO WORM!
UpDate	X	RAuth.exe	Added by the TROJ/DLOADER-UL TROJAN!
Update	X	WinNT.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
UPDATE =	X	WinUpdater5.0.vbs	Added by the VBS/Gormlez-A Worm!
Update for Windows	X	(See description box.)	Added by the W32/Lerpa-A WORM! Note: The file name will be one of the following common.exe or common.pif or common.scr or Sexo.exe or Sexo.jpg.pif or ini_file__.pif or load_me__.tmp or msfile.pif or system_load_.pif or zipped.rar.pif
Update for Works	?	MSWkstz.exe	Maybe related to later versions of MS Works?
Update Grokster	N	WiseUpdt.exe	Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program, for instance, Grokster contains CyDoor
Update Install	X	Schost.exe	Added by the GAOBOT.AO WORM!
Update local	?	SetCPQLC.exe	Running on a Compaq desktop. Any ideas?
Update Manager	N	UpdateManager.exe	Searches for updates for the Rogers Yahoo!_Browser - can be run manually
Update MCafee	X	WinNT.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
update run dos	X	logon.exe	Added by a variant of the W32/SDBOT WORM!
Update Run MSword	X	LOGON.EXE	Added by the RBOT.TY WORM!
Update Service	Y	Update.exe	Loaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall
update service	X	svxhost.exe	Added by the RBOT-MG WORM!
update service	X	winx.exe	Added by a variant of the WIN32.RBOT WORM!
Update Service	X	winu32.exe	Added by the W32/RBOT-MG WORM!
Update Symantec	X	WinNT.exe	Added by the W32.Vig.C VIRUS! Note: Copies it's self to multiple Drives and folders.
Update TUT	?	WiseUpdt.exe	??
Update ver 1.0	X	Swap.exe	Added by the W32/SWAP-C WORM!
Update" -s setup	X	Zupdate.exe	B3d Projector foistware - periodically tries to access the internet. (1) Uninstall via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\Windows\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
Update.exe	X	ravseuper.exe	Added by the Troj/QQPass-P TROJAN!
Update32	X	configs.exe	Hijacker, also detected as the QURL-2 TROJAN!
UpdateCheck	X	winstall.exe	Added by the W32/SPYBOT-CY WORM!
UpdateComponent	X	CNF UPD.EXE	Added by the SPYBOT.GEN VIRUS!
UpdateFW	?	fwdload.exe	Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module?
UPDATEHOOK	?	Rundll32.exe	??
updatelavasoft	X	updatelavasoft.exe	CoolWebSearch related hijacker, redirecting to lalasearch.com
UpdateManager	U	sgtray.exe	StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
UpdateMedia	X	UpdateMedia.exe	MediaUpdate foistware
UpdateMgr	X	updmgr.exe	Added by the SouthBeachTel premium rate adult content dialer.
updatemgr.exe or UPDATE~1	N	updatemgr.exe UPDATE~1.EXE	Once a month, your EarthLink 5.0 Update Manager contacts EarthLink\'s servers to check for software updates. If an update is available for your EarthLink software, Update Manager will inform you and, with your permission, download and install the update. Can go to http://www.earthlink.net and download the updates manually
UPDATEMSN	X	svhost.exe	Added by an unidentified WORM or TROJAN!
updater	X	wupdater.exe	eUniverse/KeenValue adware
updater	?	updater.exe	??
Updater	X	adservernow.exe	AdServerNow adware
updater	X	wisvc.exe	Added by the TROJ/ORSE-A TROJAN!
Updater Service Process	X	svhost32.exe	Added by the AGOBOT.TY WORM!
updater32	X	winload32.exe	Added by the CULT.M WORM! **Note - not to be confused with the valid Windows "NOTEPAD" text editor
Updates	X	msupdate.exe	CoolWebSearch parasite related.
Updates from HP	N	backweb*****.exe	Automatically detects an internet connection and downloads any available updates - * is random digit
Updatestats	N	Updatestats.exe	Statblaster - "Get officially liscensed MLB pitch-by-pitch real time updates from every stadium around the league. StatBlaster provides live streaming statistics for each fantasy matchup you want tracked either in one league or across all your leagues"
updatev01	N	updatev01.exe	Ultra-networks.com software updater/downloader
Updatewiz	?	updatewiz.exe	??
upddateit	X	winit.exe	Added by the W32/RBOT-MS WORM!
Updmgr	X	updmgr.exe	eUniverse/KeenValue adware related
updmgr	X	rvupdmgr.exe	eUniverse/KeenValue adware
UpdReg	N	Updreg.exe	Reminder to register Creative Labs SoundBlaster Live! cards
UpdSys	N		Added by the BJ VIRUS!
Upgrade Sarvice	X	sxchost.exe	Added by a variant of the TROJ/TOFGER-I TROJAN!
Upgrade Service	X	sxchost.exe	Added by the TROJ/TOFGER-I TROJAN!
Upgrade Service	X	winupd.exe	Added by the TROJ/TOFGER-U TROJAN!
upme	X	(path to file)	Added by the W32.MUGLY.F WORM!
Upme	X	DLLMAN.EXE	Added by the MUGLY.I WORM!
UPnP Manager	X	upnpman.exe	Added by a variant of the Win32.Agobot.gen WORM!
UPNPService	X	WinSVCservice.exe	Added by the AGOBOT.UN WORM!
Upromise0	U	Upromise0.exe	Upromise college savings progrram
UPS	Y	ups.exe	PowerChute v5.02 - UPS Monitoring Module (which loads iconclnt - the tray icon)
UPS	X	UPS32.exe -v	Added by the W32.Femot.O Worm!
UPSentry 2000 or UPSlim	Y	upsd.exe	Used with Belkin UPS (Uninterruptable Power Supply) for support in the event of a power-loss
UPSMON	U	UPSMON.exe	UPSMON Power Management software
UPSUtl	X	web.exe	CoolWebSearch parasite related.
Uptimer4	U	Uptimer4.exe	Uptimer4 is an appbar which displays time, date, uptime, free ram, free pagefile, cpu usage, disk free space, battery power, IP addresses, TCP throughput, list of running processes, netstat and several more things
UpTimes service	X	WinUp.exe	Added by the W32/Rbot-AKB WORM!
UpToDate	X	uptodate.exe	BrowserAid/BrowserPal foistware
upyxo	X	yujixit.exe	Added by the SDBOT.BIX WORM!
URLLSTCK.exe	Y	UrlLstCk.exe	Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:\Program Files\Norton Internet Security. It is a URL Checklist. It should not be disabled"
URLMAP	N	Urlmap.exe	Installed by MS Money, and runs whenever you start IE. All it does is bring up an annoying sidebar (kind of like the search window) with 'financial links' when the web page supports it
UrtSvcExe	Y	Urt95Svc.exe	"Cisco Secure URT is a virtual LAN (VLAN) assignment service that enhances LAN security by actively identifying and authenticating users and then associating them only to their specific network services and resources"
Usb	?	Usb.exe	HP related - not sure whether it\'s required
USB 2.0 Driver	X	Winsys32.exe	Added by the W32/AGOBOT-QM WORM!
USB 2.0 Driver	X	updateXPSPC.exe	Added by the W32/AGOBOT-RJ WORM!
USB 2.0 Driver	X	updateXP.exe	Added by the W32/AGOBOT-QP WORM!
USB 2.0 Driver	X	winsystem.exe	Added by the W32/AGOBOT-QS WORM!
USB 2.1 Driver	X	winupdate1.exe	Added by a variant of the WIN32.RBOT WORM!
USB controller	X	Svcmm32.exe	SvcMM backdoor parasite downloader
USB Device	X	servicelog.exe	Added by the WOOTBOT.CB WORM!
USB Device	X	win32usb.exe	Added by the W32/FORBOT-BQ WORM!
USB Driver4	X	UpdateXP2.exe	Added by a variant of the W32/SDBOT WORM!
USB Driver4	X	UpdateXP6.exe	Added by a variant of the W32/SDBOT WORM!
USB Drivers1	X	msupdate.exe	Added by a variant of the WIN32.RBOT WORM!
USB Driverz2	X	msnplus1.exe	Added by the W32/SDBOT-XQ WORM!
USB Fix 1.1	X	wuservices.exe	Added by a variant of the W32/SDBOT WORM!
USB Fixes	X	wuafix.exe	Added by the W32/RBOT-ABV TROJAN!
USB Hardware Monitoring	X	USBhardware.exe	Added by the W32/RBOT-NN WORM!
USB Hardware326 Monitoring	X	USBhardware326.exe	Added by a variant of the W32.SPYBOT WORM!
USB Hardware32c Monitoring	X	USBHARDWARE32C.EXE	Added by the W32/RBOT-UU WORM!
USB Host Service	X	usbsvc.exe	Added by a W32/Rbot-GG worm infection
USB Hub Keyboard Patch	?	SKBPATCH.EXE	USB HUB Update
USB SECURITY DEVICE CoInstaller	Y	JupitCo.exe	ButterflyMedia USB Flash drive related - required for the password security feature to work.
USB Updates	X	mservices.exe	Added by a variant of the SDBOT WORM! - see here
USB Updates	X	msfirewalls.exe	Added by a variant of the WIN32.RBOT WORM!
USB Updates 2	X	wugfixx.exe	Added by a variant of the WIN32.RBOT WORM!
USBConfigration2	X	wmmndir.exe	Added by the W32/Agobot-SV Worm!
UsbD	X	iexplore32.exe	Unidentified worm or trojan
UsbD	X	svhost32.exe	Added by the TROJ_AGENT.IB TROJAN!
UsbD	X	smss32.exe	Adware downloader - recognized by Kaspersky antivirus as Trojan-Proxy.Win32.Agent.cj
Usbd	X	usb_d.exe	Added by the TROJ/CIDRA-A TROJAN!
UsbD	X	(Path of the trojan executable)	Added by the Troj/Cidra-F TROJAN!
USBDetector	U	USBDetector.exe	USBDetector sets up an icon in the System Tray for a USB card which is intended to be used to eject or unplug hardware
USBDetector	?	UDetect.exe	USB detector, apparently for an MP3 player - any further information appreciated!
USBDrives	X	msfirewalI.exe	Added by the W32/RBOT-ABP WORM!
usbdrv	X	servicetask.exe	Added by a variant of the W32/SDBOT WORM!
USBHWDRV	X	gam.exe	Added by a variant of the TROJ/LOWZONE-I TROJAN!
USBHWDRV	X	msdc.exe	Added by a variant of the TROJ/LOWZONE-I TROJAN!
USBHWDRV	X	sst4.exe	Added by a variant of the TROJ/LOWZONE-I TROJAN!
USBHWINFO	X	sst6.exe	Added by the TROJ/LOWZONE-I TROJAN!
USBHWINFO	X	mmc.exe	Added by the TROJ/LOWZONE-I TROJAN!
USBHWINFO	X	mac.exe	Added by the TROJ/LOWZONE-I TROJAN!
USBMMKBD	U	usbmmkbd.exe	USB multimedia keyboard for HP systems. Allows the use of special function keys on USB keyboards. The latest version (available here) no longer pings a server when on-line wheras the older version did but did not transmit any user information
USBMonit.exe	U	USBMonit.exe	Monitors USB ports for insertion of Sandisk USB flashdrives
usbn	X	usbn.exe	Adult content dialer, recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Small.afa
usbn	X	(path to Trojan)	Added by the Troj/Hogil-E TROJAN!
USBPNP	Y	USBPNP.exe	SiPix digital camera Twain USB driver
USBTA	N	usbtapnp.exe	System Tray access for the BeWAN Gazel 128 USB ISDN adapter
useful-soft	X	svchst.exe	Browser hijacker, redirecting to elite-glsex.net
user	X	user32.exe	Added by the Backdoor.Binghe TROJAN!
User Logger	U	UsrLog.exe	UserLogger is a commercial spyware program. It logs keystrokes, programs used and computer ID information. It also captures screenshots, can hide its presence on the computer and can be disguised in the Windows Task list.
User Manager	X	fcllls.exe	Added by the ZAGABAN-B TROJAN!
User Services	X	usersvc.exe	Added by the REVCUSS.A VIRUS!
User23.exe	X	DIAL.exe	This is a trojan trying to disguise itself as User32.dll
User32	X	(random filename)	Added by the NETTRASH VIRUS!
UserFaultCheck	N	dumprep 0 -u	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
userinit	X	winlogon.exe	Added by the Troj/Dloader-TP TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the Windows or Winnt folder.
Userinit	X	lsass.exe	Added by a variant of the Troj/Dloader-TP TROJAN! - NOTE - this file is placed in the Program Files\Common Files folder, and should NOT be confused with the legitimate Windows lsass.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Userinit	X	lsass.exe	Added by a variant of the Troj/Viran-A TROJAN! - Note: This file is placed in the "Program Files\Common Files\System" folder. This file should NOT be confused with the legitimate Windows lsass.exe process located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
UserInit StartUp	X	rpcxuisu.exe	Added by a variant of the W32/SDBOT WORM!
userint32	X	userint32.exe	Added by an unidentified TROJAN via an Instant Message that says, "This was cool, check it out here." Also contains Aurora popups
USERINTERFACE REPORT3R	X	M0USE.exe	Added by the MYTOB.HS WORM!
Userinterface Reporter	X	srv32.exe	ISTbar/XXXToolbar adware downloader
Userinterface Reporter	X	fuuuucktttttt.exe	Added by the W32/MYTOB-DK WORM!
UserSystem	X		CoolWebSearch parasite related.
ushli	X	sscbltqu.exe	Obtained from an MP3 search list site. Also generates random processes on reboot
usrgtway.exe	X	syswrun4x.exe	Added by the MITGLIEDER.E VIRUS!
USRobotics 802.11g Wireless Network Utility	N	USRWLANG.exe	USRobotics Wireless Network Utility - used to configure security settings for connecting to WEP encrypted Access Point through the USR Wireless adapter. You must uncheck "Use Windows to configure my wireless settings" for the program to work properly. Has Site Survey capabilities, and reports link quality and signal strength. Not required for proper operation of the device as the features given are accessible in the network connection properties
Usrobotics Online Registration	N	??	Pop-up reminding customers to register their products online at US Robotics
USRpdA	Y	[path] USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA	US_Robotics modem driver
Usrr	X	rncr.exe	PurityScan/Clickspring adware
Usrr	X	rpen.exe	PurityScan/Clickspring adware
USRSTA	?	USRSTA.exe	Wireless Card controller. What does it do and is it required?
USSShReg	N	USSSHREG.EXE	Registration reminder for Ulead SmartSaver Pro - compacts large graphics for web designers
Utility Ping	?	UTILIT~1.EXE	??
UtilityPro	N	UtilityPro.exe	IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search Solutions
UTILsInst	Y	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
Utopia Angel	N	Angel.exe	Calculator for the online Utopia game
uwyrl	X	uwyrl.exe	Added by the PHEL.A TROJAN!
uwyw.exe	X	yujixit.exe	Added by the SDBOT.BGB WORM!
V.92 Modem On Hold	U	Ltmoh.exe	Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
V128IID	Y	Rundll32.exe v128iitw.dll, STB_InitTweak	Loads drivers for some STB graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to experience lock-ups or error messages
V128IITV	?	??	Loads drivers for some STB graphics cards. May be related to such a card with a TV out option?
V66SHELL	?	V66SHELL.EXE	It looks to be part of the display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably a system tray quick access control?
va10key	U	va10key.exe	Only required if you use the 10 kay bay unit with a Sony Vaio laptop
Vaganza-XPloit-[User Name]"	X	[user name].exe	Added by the W32.GAVGENT.A WORM!
VAGCtrl	Y	VAGCTRL.EXE	Vexira Antivirus - virus scanner from Central Command
VAGuard	Y	VAGNT.exe	Vexira Antivirus - virus scanner from Central Command
VAIO Action Setup (Server)	U	VAServ.exe	Sony Vaio utility that auto-launches selected applications when you plug in a digital video camera, digital still camera, etc. via iLink (FireWire) or USB
VAIO Recovery	U	PartSeal.exe	System backup for Sony Vaio PCs. Adds a recovery mechanism for users over and above any System Restore features - allowing users to revert a drive back to the state it was when bought form the factory by hitting F10. The user obviously loses any data stored if not backed-up elsewhere
ValidData	X	(path to file)	RANKY.H backdoor WORM!
vb6	X	vb6.exe	Added by the W32.MUGLY.D WORM!
VBouncer	X	VirtualBouncer.exe	Virtual_Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code.
VbouncerDL	X	VBouncerInnerxxxx.exe	Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here and here. "xxxx" represents 4 random numbers
VbouncerDL	X	VBouncerInner.exe	Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself.
VBS.Ipnuker@mm	X	(original worm file name).vbs	Added by the VBS.Nukip Worm!
VBS_AUTO_UPDATE	X	0548656X.vbs	Added by the VBS/Gormlez-A Worm!
VBundleOuterDL	X	BundleOuter.EXE	VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs
VB_run	X	comctl_32.exe	Dubious downloader from densmail.com
VC5MediaPlayer	X	csmss.exe	Added by the W32/DEDLER-B WORM!
VC5Play	N	VC5Play.exe	Virtual CD drive emulator - version 5. Available via Start -> Programs
VCatch	X	Vcatch.exe	CommonSearch Vcatch - "antivirus" software which actually bundles spy/adware itself!
VCatch Premium	X	VCatchpre.exe	VCatch antivirus. Considered spyware itself - see here
VCDPlayer	N	VCDPlayer.exe	Virtual CD drive emulator. Available via Start -> Programs
vcdplayx	N	vcdplayx.exe	CD emulation part of GameDrive& VirtualDrive from Farstone. Not required as starting these programs load this automatically
VCDTower	U	VCDTower.exe	Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
VCDWATCH	?	VCDWATCH.EXE	Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do?
VCSPlayer	N	vcsplay.exe	Virtual CD drive emulator. Available via Start -> Programs
VCXD Settings	X	phqg.EXE	Added by the RBOT.BRF WORM!
VC_Log	U	keylog.exe	PaqKeylog is a spyware program that logs keystrokes and can run in stealth mode. If you didn't install this yourself remove it.
Vdat Update	X	lalaa.exe	Added by a variant of the WIN32.RBOT WORM!
VDI Manager (HP)	?	HPO0VDX05.exe	HP (Hewlett-Packard) related. Now - what does it do?
vdtask	N	vdtask.exe	Program part of GameDrive& VirtualDrive from Farstone. Not required as starting these programs load this automatically
Vegas Palms - Launcher	N	Launcher.exe	Vegas Palms on-line cassino
veja_fotos.exe	X	veja_fotos.exe	Added by the TROJ/MDROP-F TROJAN!
VERBATIM STORE 'N' G	U	verbatim store 'n' go.exe	Loads the driver for the Verbatim Store'n'Go� PRO USB Flash Drive - reportedly required only on systems running Windows 98 and Millennium
Verif	X	vxst.exe	Added by the NOPIR.B WORM!
Veritas Patch	X	veritas.exe	Added by the W32/RBOT-XT WORM!
Verizon Control Pad	N	cpad.exe	Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience
Verizon Online Support Center	U	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system\'s identity like your name email address, city, state, etc and gets written to a log file". Verizon Online Support Center is required to run with the Help and Support program. If you uncheck Verizon Online Support Center and and then run help and Support it will add another Verizon Online Support Center in the startup menu. If you remove the Verizon Online Support Center in the add/remove program some help menus in help and support will not be available. You decide
vern16.dll	X	regsvr32.exe [path] vernn16.dll	DailyWinner adware
vernn16.dll	X	[path] vernn16.dll	DailyWinner adware
versato	U	versato.exe	"Hot" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly Micro Innovations) keyboards
Version	X	Version.exe, manage.exe	JRAUN adware variant
version	X	adl_dh.exe	DealHelper adware related
version	X	[random filename]	DealHelper adware related
Vet Alert	Y	vetmsg9x.exe	Computer Associates "InnoculateIT" and Vet Anti-Virus virus software
Vet Alert	Y	VETMSG.EXE	Computer Associates Vet Anti-Virus software
Vet Start Up	Y	vet98.exevet32.exe	Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. This option will slow down your system, if set too aggressively. There is no need to scan every file when opened, closed, etc. Check in InoculateIT PE options
VetTray	U	vettray.exe	Computer Associates "InnoculateIT" and Vet Anti-Virus virus software. System Tray quicklaunch access, not really necessary but only occupies 36k resources
VFW Encoder/Decoder Settings	X	RUNDLL32.exe MSSIGN30.DLL ondll_reg	Added by a variant of the LOVGATE WORM!
VGA Startup	X	vgacard.exe	Added by a variant of the WIN32.RBOT WORM!
VgaDriver	X	RsrVga32.exe	Added by the TROJ/KEYLOG-AH TROJAN!
VGATune	X	VGATune.exe	Added by the W32/Rbot-AWM WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
VGAUtil	U	G-VGA.exe	Gigabyte VGA Utility - access card options (application needs to be run at startup, but is not system critical)
vid32cntl	X	vid32cntl.Exe	Added by a CRYPTER.A trojan infection
vidcntl	X	vidcntl.Exe	Added by a CRYPTER.A trojan infection
Vidcompat	X	Vidcompat.exe	Added by the GEMA TROJAN!
vidctrl	X	vidctrl.exe	Delfin_Promulgate adware variant
Video	X	explored.exe	Added by the GAOBOT.RF WORM!
Video	X	winamp32.exe	Added by the W32/AGOBOT-NG WORM!
Video Card Driver (do not remove)	X	tsasi.exe	Added by the W32/Spybot-EF WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Video Lan Player	X	VideoLanPlayer.exe	Added by the W32/RBOT-MY WORM!
Video Manager	X	videomgr.exe	Added by the PANDEM.C VIRUS!
Video Multimedia Driver	X	ndrives32.exe	Added by a W32/Rbot-DK worm infection
Video Proces	X	winaps.exe	Added by the AGOBOT.HD WORM!
Video Process	X	sysconf.exe	Added by the GAOBOT.GEN!POLY or GAOBOT.UM or GAOBOT.ADX WORMS!
Video Process	X	netsvcs.exe	Added by the AGOBOT.LH WORM!
Video Process	X	MS32x16.exe	Added by a RBOT.RH worm infection
Video Process	X	MSlti64.exe	Added by the AGOBOT.UE WORM!
Video Process	X	[random filename]	Added by the RBOT-LM WORM!
Video Process	X	winasp.exe	Added by the W32/AGOBOT-IS WORM!
Video Process	X	msn5.exe	Added by W32/Agobot-TW WORM!
Video Services	X	explore.exe	Added by a W32.Gaobot.GL worm infection
Video Services	X	videol_32.exe	Added by the W32/Agobot-DM WORM!
Video Services	X	sys32.exe	Added by the AGOBOT.PS WORM!
Videocntl	X	Videocntl.exe	Added by a variant of the Win32.GEMA.D TROJAN!
VideoDriver	X	(filename)	Added by the GSPOT20.A VIRUS!
VideoDriver	X	videodrv.exe	Added by the W32.MIMAIL.A WORM!
VideoDriver	X	gspotbot.exe	Added by the SPIGOT.C VIRUS!
Videool32	X	VIDEOL32.EXE	Added by the AGOBOT.EC WORM!
videoporno.exe	X	videoporno.exe	Premium rate adult content dialer
vidmon	X	VIDMON.EXE	Delphin_Media_Viewer adware related
VidSvr	N	vidsvr.exe	MS WebTV for Windows Channel Guide. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
vietato.exe	X	vietato.exe	Adult content dialler
VIEW POINT DRIVERS	X	phqghum.exe	Added by the RBOT.BRX WORM!
VIEW POINT DRIVERS FOR WIN32	X	phqghu.exe	Added by a variant of the WIN32.RBOT WORM!
ViewMgr	N	ViewMgr.exe	Viewpoint_Manager - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again
Vinny	?	??	??
Virt.exe	X	Virt.exe	Added by the REMADM-C TROJAN!
VirtuaGirl	U	Vg.exe	VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
VirtuaGirl2	U	VirtuaGirl2	VirtuaGirl is a shareware program featuring scantily dressed girls on your desktop. They say hi in the morning, remind you of your appointments and dance for you on request...
virtual	X	winit.exe	Added by a variant of W32.Mugly.A WORM!
virtual	X	winprotect.exe	Added by the W32.MUGLY.C WORM!
virtual	X	wini.exe	Added by the W32/RBOT-YX WORM!
Virtual Access Scheduler	U	VASCHD32.EXE	The scheduler for mail and usenet tool
Virtual Bouncer	X	VirtualBouncer.exe	Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here and here
Virtual CD v6	X	grplscd.exe	Added by the W32/Rbot-AXV WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Virtual CDROM	X	deamon.exe	Added by the RBOT.VP WORM!
virtual-ie	X	winlogi.exe	Malware - detected by Kaspersky antivirus as Trojan-Dropper.Win32.WinAD.h
virtual-machine	X	svchosts.exe	Added by the W32/RBOT-US WORM!
virtual-machine	X	winlogin.exe	Added by the W32/RBOT-VU WORM!
virtual-machine	X	wini.exe	Added by the W32/RBOT-WR WORM!
VirtualCloneDrive	N	VCDDaemon.exe	Virtual Clone Drive, part of CloneCD CD/DVD copying sofware; discontinued
VirtualDrive	N	VDTask.exe	VirtualDrive from Farstone - virtual CD drive emulator. Available via Start -> Programs
VirtuaReminder	U	VirtuaReminder.exe	VirtuaReminder is a tool allowing the user to create reminders for such things as important appointments, birthdays, etc.
Virtuele Katja	U	VKatja.exe	Virtuele_Katja - have an attractive moviestar parade on your Desktop and help you search the Dutch "Gouden_Gids" business directory too...
Virus	X	Anti.exe	Added by the WIN32.SEENBOT.O WORM!
Virus Protect	X	vrsprtc.exe	Added by the W32/RBOT-APR WORM!
Virus Removal Tool	X	(pathname of the Trojan executable)	Added by the Troj/Tometa-B Trojan!
Virus Scan	X	virscana.exe	Added by a VIRUS!
VirusCheckII	X	AVIRCHK.EXE	Added by the DASMIN VIRUS!
VirusScan Online	Y	mcvsshld.exe	McAfee VirusScan On-line. See also McAgentExe entry
VirusScan Online	X	mcagent.exe	Added by the TROJ/ANTIMCA-A TROJAN! - do NOT confuse with the McAfee VirusScan executable as described here
VirusScanMSC	?	VsStat.exe	Part of McAfee VirusScan. System Tray application as with previous versions (were also VsStat.exe), McAfee SecurityCenter integration or something else? Is it required?
Virus_Scanner	X	Virus_Cleaner.exe	Added by the PANOL VIRUS!
visionGS	N	VISIONGS.EXE	visionGS webcam software
Vistascan	N	vistascan.exe	Included in VistaScan are VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to scanning functions right from your desktop. For Windows users, you'll see a scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu opens
Visual Element FX5	X	[various file names]	ClearStream Accelerator adware
VisualStudio	X	msorunner.exe	Added by a variant of the WIN32.TACTSLAY TROJAN!
VITAL BOOT PROCESS	X	taskmnsgr.exe	Added by the W32/Rbot-VY WORM!
VITAL BOOT PROCESS	X	taskmngr.exe	Added by a variant of the WIN32.RBOT WORM!
Vital Load Process	X	Spoolsvr.exe	Added by the RBOT.AIF WORM!
VividGalut	X	VividGalut.exe	Adult content related web downloader
vmcleaner	X	gxlib.exe	Added by the TROJ/SMALL-HS TROJAN!
VMDFW	Y	vmdfw.exe	VirusMD Personal Firewall
vmlib	X	vmlib.exe	Added by the Troj/LowZone-AQ TROJAN!
Vmmon32	X	vmmon32.exe	browser hijacker
vmsnGraber	X	VMSNGRABER.EXE	Added by the ENVID.B WORM!
vmss	X	vmss.exe	Delfin_Media_Viewer or "Promulgate" adware variant
vmtuner	X	gclib.exe	Hijacker - detected by Kaspersky antivirus as Trojan-Clicker.Win32.Small.fh
vmtuner	X	gglib.exe	Added by the Troj/QLowZon-D TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
VnCplUpdate	X	msdm.exe	Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in this advisory
vnmispoisn_downloader.exe	X	vnmispoisn_downloader.exe	SearchBarCash adware variant
VOBID	U	InstantDrive.exe	Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer�s hard drive. Part of InstantCD/DVD burning software
VOBRegCheck	Y	VOBRegCheck.exe	Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn\'t use any resources so you can leave it enabled
VolControl	X	volumec.exe -i	Added by the Troj/Bckdr-CUP TROJAN! Note: This trojan file is found in the Windows(95/98/ME/XP) or WINNT (NT/2000) folder.
Voltage Manager	X	[random file name]"	Added by the W32.DREFFORT WORM!
Volume Controller	X	VolumeControl.exe	Added by the SDBOT.AYI WORM!
Vonage	U	click2call.exe	Vonage Voice over IP Internet phone service
VoodooBanshee	U	rundll32.exe 3DBBps.dll, BansheeLoadSettings	Loads the configuration settings for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of the settings from default you probably need this - otherwise maybe not
voowsmcr	?	huhdir.exe	??
Vortex Tray	N	asp4setp.exe	System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
VortexTray	N	au30setp.exe asp4tray.exe asp4setp.exe	System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
VoyetraTray	N	vtray.exe	This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32
VPCUserServices	U	VMUSrvc.exe	Part of "DOS_Virtual_Machine_Additions" for Microsoft Virtual_PC , software virtualization software that allows you to run multiple PC-based operating systems simultaneously on one workstation. This process provides additional functionalities such as Shared Folders.
VPCUserServices	X	VMUSrvc.exe	Added by an unidentified TROJAN!
Vpop3 Mail Server	U	vpop3.exe	Mail server from Paul Smith Computer Services. Runs in system tray to collect mail. Can be run from a shortcut and if it isn't running then it won't get your email!
vptray	U	vptray.exe	System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer here
Vrmon	Y	vrmonnt.exe	HAURI Anti-Virus
Vrmon	Y	vrmonnt.exe	HAURI Anti-Virus
VrSchedule	Y	Vrres.exe	HAURI Anti-Virus
VS.VSN	Y		Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added
vsadmin	X	smrs.exe	Added by the W32/AGOBOT-RC WORM!
Vsample	X	winxpsock.exe	Added by the SDBOT.BLK WORM!
vsc32cnf	N	vsc32cnf.exe	Part of Roland's Virtual_Sound_Canvas software synthesizer gives the "ability to turn MIDI files into a stereo wave file with the touch of a button"
vscanner	X	spooll32.exe	Added by the OPTIXPRO VIRUS!
vscvol	N	vscvol.exe	Part of Roland's Virtual_Sound_Canvas software synthesizer gives the "ability to turn MIDI files into a stereo wave file with the touch of a button"
VsEcomrEXE	N	VSECOMR.EXE	From McAfee VirusScan up to version 4.x. This executable is responsible for the periodic "update" prompts
Vshwin32EXE	Y	VSHWIN32.EXE	From McAfee VirusScan up to version 4.x and Dr Solomon\'s VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
VSN	N	VSN.exe	Software to share photographs across the internet
VSOCheckTask	Y	MCMNHDLR.EXE	Part of McAfee's SecurityCenter and Virusscan Online. Must be enabled for scanning to work
VSOCheckTask	X	mcagent.exe	Added by the TROJ/ANTIMCA-A TROJAN! - do NOT confuse with the McAfee VirusScan executable as described here
vspdfprsrv.exe	N	vspdfprsrv.exe	Visage PDF Printer
VsStatEXE	Y	VSSTAT.EXE	From McAfee VirusScan up to version 4.x and Dr Solomon\'s VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
vTPass	N	vtpassld.exe	Part of vTrails - a live media delivery solution. vTPass is the driver enabling the system to work. If unavailable via Start -> Programs, create your own shortcut for the "vtpass.exe" file
VTPreset	U	VTPreset.exe	Savage Pro S3 graphics software
vTTIMER	U	VTTIMER.EXE	A device driver for VIA/S3G UniChrome IGP graphics controller and VIA/S3G KM400/KN400 graphics card. It is located in \WINDOWS\SYSTEM\ on Windows 95/98/ME and \WINDOWS\SYSTEM32\ on Windows XP and \WINNT\SYSTEM32\ on Windows NT/2000 Viaarena
vTunerStartUp	N	vTuner.exe	vTuner - "an easy way to find and listen to radio and TV broadcasts over the Internet"
vuaaa	X	reg.exe	Added by a variant of the WIN32.RBOT WORM!
VVSN	X	VVSN.exe	SaveNow adware
vwin	X	Q4Keygen.exe	Added by the W32/Mircnuf-A WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
VZAccess Manager	U	VZAccess Manager.exe	Verizon Access manager for enterprises
W1NTASK	X	taskgmr.exe	Added by the W32/MYTOB-BZ WORM!
w32	X	w32.exe	Added by the SOKEVEN VIRUS!
W32.Scran	X	Scran.exe	Added by the W32.Narcs WORM!
w32alanis	X	mope.scr	Added by the SINALA VIRUS!
W32data	X	eworo.exe	Added by a variant of the WIN32.RBOT WORM!
W32Load	X	(random name).scr	Added by the CASPID VIRUS!
W32PluginsDownloaderXMLHTTPSelfClearing7520	X	wiper.exe	Added by the Troj/Proxyser-M TROJAN!
w32sup	X	w32sup.exe	Adult content dialler
W32Tc	X	WTC32.scr	Added by the VOTE.D or VOTE.K VIRUSES!
W3KNetwork	X	rundll32.exe w3knet.dll, dllinitrun	Advertising spyware. Check here for more info on this particular one
W75P2PSERVER	Y	W75P2PS.EXE	Printer utility which is required in order to make the printer work correctly
w98Eject	?	w98Eject.exe	Related to USB support for Sigmatel MP3 audio decoder -what does it do, and is it required?
wait4IP	U	wait4IP.exe	Packard Bell net2Plug allows you to network PCs anywhere in your house
wallchgr.exe wstart	U	Wallchgr.exe	Blue Tree Software
WallPaper	X	taskimgr.exe	Added by the Troj/Banker-GX TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Wanadoo Messenger.exe	N	Wanadoo Messenger.exe	Wanadoo ISP instant messenger client
WanMPSvc	Y	WanMPSvc.exe	An AOL component, the Wan miniport (ATW) service. If you delete this and logon, AOL reports a problem with your internet connection, and reinstalling AOL doesn�t help
WAPI	X	wts*.exe ( = random char)	PurityScan/Clickspring adware
war-ftpd.exe	N	WAR-FTPD.EXE	War FTP Daemon from JGAA's Internet - FTP client
Wardo	X	syslaunch.exe	Added by the ADLCICKER.G VIRUS!
WareOut	X	WareOut.exe	Malware masquerading as a spyware and dialer remover, see here
warez	N	warez.exe	Warez P2P client
Warner	U	warner.exe	Also known as "CyberWarner". From G-Tek Technologies and pre-installed on some Packard Bell PCs. Protects critical files
Warnet	U	warnet.exe	Warnet - system cleanup software
Warning: do not remove it!	U	fpplock.exe	Part of Folder Password Expert by ZQS Software Team - "a software program to restrict access to the folders that contain your sensitive data"
WARSVR	N	war-ftpd.exe	"War FTP Daemon - the original free FTP server for windows"
WashAndGo - Cleanup of old Backupfiles	U	checker.exe	WashAndGo - temp file cleaner
Washer	N	washer.exe	Windows Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Washerie.exe	N	washerie.exe	Cookie Washer for Internet Explorer from Webroot Software. Light version of Windows Washer, specific for cleaning the IE cache and cookies. Available via Start -> Programs
washindex	U	washidx.exe	Windows Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
Wast	X	wast.exe	Grokster ads updater
wast	X	wast2.exe	Grokster ads updater
Watch	N	watch.exe	Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted
Watch	?	1200UBWATCH.EXE	??
Watch Dog Program	N	watchdog.exe	For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do
Watchdog	N	Watchdog.exe	Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others), launches from the Startup folder in the Start Menu, but not required as they give instructions on removing it on their webpage
WaveTop Launcher	N	WaveTop.exe	WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
WaveTop Receiver 1	N	N/A	WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
WaveTop Receiver 2	N	N/A	WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
WaveTop Upload Manager	N	N/A	WaveTop - "Get push content from TV without an Internet connection" - now possibly a defunct system in the US included as an optional part of WebTV in Win98
Wbiff	N	Wbiff.exe	Wbiff! E-mail checker - automatically checks your e-mail and notifies you if any new e-mail has been received
Wbutton	?	Wbutton.exe	Related to the Wacom Penabled driver on Acer Tablet PCs. Appears to do nothing so is it required?
WCESCOMM	N	WCESCOMM.EXE	Active sync for use with Windows CE based palm PC
WCESMngr	X	WCEMNGR.EXE	Added by the W32/AGOBOT-QX WORM!
WCESMngr	X	spoolsb.exe	Added by the W32/AGOBOT-QZ WORM!
wcmdmgr	U	wcmdmgrl.exe	Checks for periodic updates of Wild Tangent Web Driver over the web. A multimedia extension/plug-in. Note that Wild Tanget's privacy policy states they also collect and share individuals information
wcmdmgr.exe	N	wcmdmgr.exe	It will periodically contact Wild Tangent servers to see if an update is available for your system and allows us to make the product exceptionally reliable. You can control its behavior, or disable it completely, inside your Windows Control Panel. Note that Wild Tanget's privacy policy used to stae they also collect and share individuals information, but this is no longer the case
WCOLOREAL	U	coloreal.exe	Makes colours sharper and brighter, but will only work with coloreal capable monitors
WCPC	X	wintsvcc.exe	PurityScan/Clickspring adware
WCPI	X	wintsvit.exe	PurityScan/Clickspring adware
WCPS	X	Wint*.exe ( = random char)	PurityScan/Clickspring adware
WCPT	X	wintsvtr.exe	PurityScan/Clickspring adware
wcsys	X	wcsys.exe	Added by the Troj/Keylog-AP TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
WD Button Manager	U	WDBtnMgr.exe	Button manager installed with a western digital external disk drive. Allows you to back up your system with one click.
WDInfo	X	wdinfo.exe	Added by the DOWNLOADER.DLUCA.B TROJAN!
WDNS SYSTEM	X	wdns33.exe	Added by the MYTOB.EV and W32/Mytob-BY WORMS!
WDNS SYSTEM	X	skybotx.exe	Added by the W32/Mytob-BY WORM!
WDNS SYSTEM	X	nibie.exe	Added by the W32/Mytob-BY WORM!
wdskctl	X	(path to file)	Added by a Waltun-A trojan infection
wdskctl	X	wdskctl.exe	IePlugin adware
wdwctrl	X	wdwctrl.exe	Added by the Troj/Dload-DC TROJAN!
WEATHER	N	WEATHER.EXE	Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
WeatherCast	N	Weather.exe	Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight
WeatherOnTray	X	WeatherOnTray.exe	Hotbar' s Weather Forecast tool for your desktop
Weatherscope	X	Weatherscope.exe	WeatherScope software - bundles Gain/Gator adware
WeatherWatcher	N	ww.exe	WeatherWatcher - weather reporting in the System Tray
web	X	*****.exe ( = random char)	Added by a variant of the Win32/TrojanDownloader.Easto.A TROJAN!
WEB DRIVERS FOR WIN32	X	phqgh.exe	Added by a variant of the WIN32.RBOT WORM!
Web Offer	X	EZSTUB22.EXE	eZula TopText adware
Web Offer	X	ezStub.exe	eZula TopText adware
Web Offer	X	vl_ezstub.exe	eZula TopText adware
Web Offer	X	ezPopStub.exe	Added by eZula ADWARE!
Web Search	?	??	??
Web Service	X	[random file name].exe	Added by the ADMINCASH TROJAN!
Web Service	X	sm.exe	Added by the W32/BUBE-F VIRUS!
Web Service	X	MSXMIDI.EXE	CoolWebSearch parasite variant, identified by Kaspersky_antivirus as TrojanDropper.Win32.Small.cw
Web2Pop	U	Web2Pop.exe	Web2Pop allows you to retrieve your web-based accounts messages to read them in your favorite e-mail client.
web3trap	Y	web3trap.exe	PC-Cillin 2000 anti-virus software -> ActiveX filter. Guards against malicious ActiveX programs, etc
webalize	X	webalize.exe	Searchcentrix hijacker
WebArmyKnife	N	WAK.exe	Web_Army_Knife , a suite of web site developer's tools.
webassist	X	webassist.exe	Adware popup generator
Webcam Go Sti Service Application	?	wbcgosvc.exe	Control software for the portable Creative Video Blaster Webcam Go digital camera/PC web cam. What does it do and is it required?
WebcamRT.exe	N	WEBCAMRT.exe	For Logitech Web Cams. Not required - camera works fine without it
Webcelerator	X	webcel.exe	Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Spyware and troublesome - see here
WebCheck	X	WebCheck.pif	Added by the CONE.C or CONE.F VIRUSES!
WebCpr0	X	WebCpr0.exe	Web_CPR/TopMoxie adware
Webdav.exe	X	webdav.exe	IRC DDoS bot which gives the hacker full control over your system
WebHancer Agent	X	whagent.exe	System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here
webHancer Survey Companion	X	whSurvey.exe	WebHancer foistware - traffic measurement service that uses a client agent that is stealth installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there
WebInstall, WebInstall2	X	WebInstall.exe	ClipGenie adware downloader
WebKey	N	WebKey.exe	WebKey from JB Utilities. Utility to keep track of login data required when browsing the internet
WebLink	N	WebLink.exe	Softex WebLink is a "cost-effective way to provide software updates, technical support or new product information to specific end-users - it can silently provide end-users with software updates, technical support and new product information customized to their specific needs through a a persistent link."
WebOutfitterTray	N	sttray.exe	Intel WebOutfitter service System Tray icon
Webposition Gold 2	N	wpsche~1.exe	Scheduler for Web Position Gold - utility to help optimize the position of web-sites in search engines
WebRebates0	X	WebRebates0.exe	WebRebates adware
WebRun	X	web.exe	Added by the Adwareloader TROJAN!
WebRun	X	wmplayer.exe	Added by the ADWARELOADER TROJAN!
WebRun	X	sm.exe	Added by the ADWARELOADER TROJAN!
WebRun	X	msxmidi.exe	Added by the ADWARELOADER TROJAN!
WebRun	X	[random file name]	Added by the ADWARELOADER TROJAN!
websaverlive	U	websaverlive.exe	WebSaver Live! is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle
WebSavingsfromEbates	X	WebSavingsfromEbatesrun.exe	"Web Savings" From Ebates Software, a shopping tool that opens pop-up windows
WebSavingsFromEbates0	X	WebSavingsFromEbates0.exe	"Web Savings" From Ebates Software, a shopping tool that opens pop-up windows
WebScan	N	DEFSCANGUI.EXE	eAcceleration Stop-Sign related; not recommended; see note
webscan	N	stopsignav.exe	eAcceleration Stop-Sign related; not recommended; see note
WebScanX	Y	WebScanX.exe	From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
websearch	X	wjview ...websearch.exe	"Web Savings" From Ebates Software, a shopping tool that opens pop-up windows
WebSecureAlert	X	WebSecureAlert.exe	WebSecureAlert. "Can help protect your browser security and privacy"; however, it's by GAIN Publishing, and will display pop up ads on your computer screen based on your online Web surfing behavior
WebSecureAlert	X	WebSecureAlert.exe	WebSecureAlert software - - bundles Claria/Gain/Gator adware
WebServer	?	VBI_SE~1.EXE	Related to a Pinnacle sound card. What does it do and is it needed?
Webshots	U	Webshots Tray.exe	Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web.
Webshots	U	Launcher.exe	Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web.
Webshots	U	websho~1.exe	Webshots - software that displays photos as your screensaver and wallpaper, and provides tools for sharing your personal photos on the web.
Website Administrator Info	X	webadmin.exe	Added by the W32/FORBOT-FY WORM!
WebSpecials	X	rundll32 [path] webspec.dll	WebSpecials adware downloader
Websx	X	Int*****.exe	Adult content dialler - where ***** are random
Webtrap	Y	webtrap.exe	Part of PC-Cillin anti-virus software. Checks web-sites for malicious Java and ActiveX elements in a similar way to McAfee WebScanX. A few users find it infuriating
WebTrapNT.exe	Y	WebTrapNT.exe	Part of PC-Cillin Anti-Virus software. Checks visited web-sites for malicious Java and ActiveX elements
WebWasher	U	wwasher.exe	Free Pop-up/ad/javascript filter program from Siemens. If not running then browsers will not be protected but will still work. Available via Start -> Programs
WeirdOnTheWeb	X	WeirdOnTheWeb.exe	Added by the Adware.WeirdOnTheWeb ADWARE!
Welcome	N	Welcome.exe	Launches the Welcome to Windows tutorial on boot up
WEPstat	?	Wepstat.exe	Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be "U". Can anybody confirm this?
wersds	X	doriot.exe	Added by the JECT.C VIRUS!
wesumu	X	wiustv.exe	Added by the Troj/QQPass-L TROJAN!
WetSock	N	wetsock.exe	RoboMagic Wetsock - weather reporting in the System Tray
WFGStartup	N	WFGStartup.exe	World Weather. "This midlet displays the current weather conditions for major cities around the world. This version is for memory limited mobile phones"
wfips	U	iphider.exe	ICQ (messaging/chat program) anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed." For more information about ICQ bombs see here
WFXCTL32.EXE	N	WFXCTL32.EXE	From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
wfxsnt40	Y	wfxsnt40.exe	WinFax 10.0 and maybe earlier versions. The program that opens the port for WinFax and not normally in the start menu. Needed if you want to run WinFax
WFXSwtch	?	WFXSWTCH.exe	Related to WinFax. What does it do and is it required?
WG511WLU	Y	WG511WLU.exe	Netgear configuration programme for the 54g wireless lan card - required to monitor and manage the lan card
WGWLocalManager	U	WGWLocalManager.exe	Part of Flash-Networks NettGain2000 product. NettGain 2000 is a combined hardware/software networking solution, which is designed to improve performance of satellite networks by increasing data transmission speeds and maximizing the existing bandwidth for complete utilization when sending TCP/IP applications over a satellite. It is needed when connecting to the internet via satellite to provide speed faster than 60k or so. It could be started by creating a shortcut, running it only when connecting to the internet. If internet is used often, it's recommended to leave it in startup so it starts with the system
whagent	X	whagent.exe	System Tray application that starts up Webhancer software. Software that optimizes your web browser and is also advertising spyware that you can find out about here
WhatPulse	U	WHATPU~1.EXE	WhatPulse keeps track of your keystrokes, allowing you to find out just how much you type a day.
WheelMouse	U	4DMAIN.EXE	Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn\'t be needed if you don\'t use any enhanced features it may provide
WheelMouse	U	AMOUMAIN.EXE	A4Tech wireless mouse driver and utility - required if you use non-standard Windows driver features
WheelsMouse	X	(Path to Trojan)	Added by the Troj/SocksPr-D TROJAN!
WhenUSave	X	Save.exe	SaveNow adware
WhenUSearch	X	Search.exe	SaveNow adware
WhenUSearchWHSE	X	whse.exe	SaveNow adware
Whistler	X	whismng.exe	Added by the WHISTLER-F TROJAN!
Whitechix	X	brightx.exe	Added by a variant of the W32/SDBOT WORM!
Whvlxd	X	Whvlxd.exe	Added by the W32.LXD.Mirc VIRUS!
WIAWizardMenu	N	RUNDLL32.EXE sti_ci.dll, WiaCreateWizardMenu	Still Image Class Installer - installed with a webcam
Widnows Xp Web scan	X	xpscan.exe	Added by a variant of the W32/SDBOT WORM!
wifeman	X	wifeman.exe	Unidentified malware
WildFlics	X	WildFlics.exe	Added by the Dial/Direct-B DIALER! Note: This is a premium rate dialer application for accessing sites containing adult material. The file is found in the Windows or Winnt folder.
WildTangent CDA	N	RUNDLL32.exe cdaEngine0400.dll",cdaEngineMain	WildTangent on-line games related; not required for the games to work.
WildTangent Web Driver updater	U	wcmdmgrl.exe	Checks for periodic updates of Wild Tangent Web Driver over the web. A multimedia extension/plug-in. Note that Wild Tanget's privacy policy states they also collect and share individuals information
Wildwire Monitor	N	WWMon.exe	This places a status icon on the taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the diagnostics utility for the DSL modem
Willow Road	N	WillowRoad.exe	Willow Road Screen Saver
win	X	regedit -s ..win.dll	Added by the SEEKER.K VIRUS!
win	X	xwinxrpc32.exe	Added by the W32/Agobot-MV WORM!
win	X	xwinxrpc.exe	Added by the AGOBOT-MV WORM!
WIN	X	ehshell.exe	Added by the W32/Mytob-CQ Worm\Trojan!
WIN	X	windows.exe	Added by the W32.Reatle.C WORM!
Win Chimes	U	winchi~1.exe	WinChimes - enhancement software for the system clock that runs in the system tray
Win Comm	X	WinComm.exe	WebRebates related adware
Win Command	X	command32.exe	Added by the AGOBOT.XQ WORM!
win ctl app	X	wuctl.exe	Added by a variant of the W32/SDBOT WORM!
Win Drivers SSL	X	hpws.exe	Added by the WIN32/IRCBOT.67098 WORM!
Win Drivers SSL	X	TASKMAN4.exe	Added by a variant of the WIN32.RBOT WORM!
WIN HOST PROCESS	X	WIN HOST PROCESS.EXE	Added by the KEYLOGGER.CLONE VIRUS!
Win l5oahder	X	winampa.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Win Login	X	winlogin.exe	Added by W32/Rbot-AWE WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Win Microsoft 98	X	win14.exe	Added by the W32/RBOT-AKX WORM!
Win Microsoft Config	X	wnmsconfig.exe	Added by a variant of the WIN32.RBOT WORM!
win name	?	stat.exe	??
Win Patch	X	ntldr.exe	Added by the W32/SDBOT-GS WORM!
Win Secure Update	X	(Random file name)	Added by the W32/Rbot-AGI WORM!
Win Security	X	msw32.pif	Added by the W32/RBOT-AQT WORM!
Win Server	X	winserv.exe	Added by the IMISERV.A TROJAN!
Win Server Updt	X	wupdt.exe	IEPlugin adware
Win Server Updt	X	winserver.exe	Added by a variant of the WIN32.IMISERV TROJAN!
Win Server Updt	X	pxckdla.exe	IEPlugin adware component
Win TaskLoader	X	msgmr.exe	Added by the W32.MYTOB.L WORM!
win update	X	wupda32.exe	Added by a SDBOT.J worm infection
win update	X	wapdate.exe	Added by a variant of the WIN32.RBOT WORM!
Win Update	X	SysUpdate.exe	Added by the W32/Agobot-TN WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Win Updater	X	WINUPDATER.EXE	Added by the RBOT.IP WORM!
Win Updator Services	X	ctfnom.exe	Added by a variant of the W32/WOOTBOT WORM!
WIN USB 2.0	X	usbsystem.exe	Added by an unidentified WORM of TROJAN!
WIN USB 2.0	X	winusb.exe	Added by a variant of the WIN32.RBOT WORM!
Win USB 2.0 USB Driver	X	HPPrint.exe	Added by the SPYBOT.DNB WORM!
WIN USB SUPPORT	X	grxsrv.exe	Added by a variant of the WIN32.RBOT WORM!
Win WinAmp	X	winamp.exe	Added by the RBOT.AGF WORM! NOTE - this is NOT the Winamp Media Player executable (WinAmpa.exe)
win************* ( * = random digit)	X	win************.exe ( = random digit)	WINBO adware component
WIN-BUGSFIX	X	WIN-BUGSFIX.EXE	Added by the LOVELETTER (I LOVE YOU) VIRUS!
win-xp	X	winis.exe	Added by the BROPIA.O WORM!
win-xp	X	winis.exe	Added by the W32.Bropia.N WORM!
win-xp	X	nvsc32.exe	Added by the W32.Bropia.N WORM!
win.exe	X	win.exe	Added by the Troj/Podrop-C TROJAN! Note: This trojan file is found in the Windows\temp folder or Winnt\temp folder. Read the link, rootkit type stealth involved.
win16.dll	U	win16dll.exe	Screenspy captures screenshots silently. If you didn't install this yourself, remove it.
Win2Drv	X	(worm filename)	Added by the WINTOO VIRUS!
WIN32	X	WIN32.EXE	Added by the WIN32/MYTOB.AD WORM!
win32	X	Shakira_1997_Part_1_.Mpeg_.scr	Added by the MYLIFE.N VIRUS!
win32	X	Setup_32.exeWinSetup.exe	Added by the EVILBOT.B VIRUS!
Win32	X	Win32.exe	Added by the ISRAZ.A VIRUS!
win32	X	winsrv32.exe	Added by the ADUENT VIRUS! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites
Win32	X	system32.vbs	Added by the VBS.SWERUN VIRUS!
Win32	X	Game.exe.vbs	Added by the VBS.Scafene WORM!
win32	X	winhost.exe	Added by the W32.BROPIA.J WORM!
Win32	X	arsetup.exe	Added by the WIN32.SPAZBOX.A TROJAN!
Win32 Bios	X	Winbios.exe	Added by the W32/SEMAPI-A WORM!
Win32 Configuration	X	videosd32.exe	WORM_SDBOT.TT
Win32 Configuration	X	dllhelp.exe	Added by a SDBOT.UL infection
Win32 Configuration	X	mplayer.exe	Added by the W32/FORBOT-BZ WORM!
WIN32 DDOSSER	X	dos.exe	Added by the W32.Kelvir.F WORM!
Win32 Debug Manager	X	Win32Debug.exe	Added by a variant of the W32/WOOTBOT WORM!
Win32 Debug Manager	X	microsoftupd.exe	Added by a variant of the W32/WOOTBOT WORM!
Win32 Device Loader	X	Win32ldr.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Win32 Driver	X	svchosts.exe	Added by the W32/Forbot-FD WORM!
Win32 Drivers	X	winlogons.exe	Added by the W32/Forbot-FG WORM!
Win32 DRK Driver	X	wdrk32.exe	Added by the WOOTBOT.CY WORM!
Win32 exe file	X	winstr32.exe	W32.SpyBot worm variant
Win32 Explorer	X	Explorer32.exe	StartPa-MN homepage hijacker
Win32 Firewall Driver	X	winfw.exe	Added by a variant of the WIN32.RBOT WORM!
Win32 FRT Driver	X	msfr32.exe	Added by a variant of the W32/FORBOT WORM!
win32 internet server	X	winserver.exe	Added by the TROJ/DERMON-D TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Win32 Kernel core component	X	Kernel32.pif	Added by the MOKS VIRUS!
Win32 LSA Driver	X	lsa.exe	Added by the W32/Forbot-FJ WORM!
Win32 Ms Auto Updater	X	AutomsUPD.exe	Win32.Rbot worm variant
Win32 NDIS Driver	X	xpndis.exe	Added by a variant of the WIN32.RBOT WORM!
Win32 Network Driver	X	crss.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Win32 NT Adv Services	X	taskmngr.exe	Added by the W32/Rbot-ADE WORM!
Win32 nvc	X	nvcva.exe	Added by the W32/RBOT-ABF WORM!
Win32 NVIDIA Driver	X	MSPMSPSU.EXE	Added by a variant of the WOOTBOT.Y WORM!
win32 regedit	X	msn32.exe	Added by an unidentified WORM or TROJAN!
Win32 Rundll Loader	X	Rundll32.exe	Added by the SDBOT.A WORM! Note: Rundll32.exe is a valid Windows application called "Run a DLL as an App" and stored in the C:\Windows directory. The version created by this virus is saved in the C:\Windows\System directory
Win32 Secure	X	msconfigsvc.exe	Added by a variant of the W32/SDBOT WORM!
Win32 Service	X	bazzi.exe	Added by the AHKER.E WORM!
Win32 Services Config	X	winwkys.exe	Added by the RBOT.BKY WORM!
Win32 Services1	X	wuamngr1.exe	Added by a W32/Sdbot-PV worm infection
Win32 Src Service	X	win32src.exe	Added by the W32/RBOT-SX WORM!
Win32 SSL Driver	X	winssv.exe	Added by the W32/FORBOT-BH WORM!
Win32 Svchosts Driver	X	svchosts.exe	Added by the W32/Forbot-FO WORM! Note: (svchosts.exe) is not the legitimate Windows Process. (Notice the difference in the spelling.) The legitimate Windows Process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
win32 system server	X	winserver.exe	Added by the TROJ/DERMON-C TROJAN!
Win32 System Spool	X	spoolsvc.exe	WORM_SDBOT.UK
Win32 Test	X	bleatest.exe	Added by a variant of the WIN32.RBOT WORM!
Win32 USB Driver	X	winxpinit.exe	Added by the SDBOT.AA WORM!
Win32 Usb Driver	X	svhosint32.exe	Added by the W32/FORBOT-BE WORM!
Win32 USB Driver	X	mvsecn.exe	Added by the W32/FORBOT-BK WORM!
Win32 Usb Driver	X	usb32.exe	Added by the W32/SDBOT-OV WORM!
Win32 USB Driver	X	winxpinit.exe	Added by the BACKDOOR.SDBOT.AA TROJAN!
Win32 Usb Driver	X	AvpG.exe	Added by the W32/FORBOT-BX WORM!
Win32 USB2	X	wins32.exe	Added by a variant of the WIN32.RBOT WORM!
Win32 USB2 Driver	X	smsc.exe	Added by the SDBOT.FO WORM!
Win32 USB2 Driver	X	sys32.exe	WORM_WOOTBOT.X
Win32 USB2 Driver	X	win32usb.exe	W32.Spybot.DHV worm
Win32 USB2 Driver	X	wind32.exe	W32/Forbot-AH worm
Win32 USB2 Driver	X	svchosting.exe	Added by a W32/Forbot.J or SDBOT.HU worm infection
Win32 USB2 Driver	X	winupdate.exe	Added by the AGOBOT.YE WORM!
Win32 USB2 Driver	X	sys32snd.exe	Added by a W32/Forbot-AN worm infection
Win32 USB2 Driver	X	updatemgr.exe	Added by a variant of the W32/FORBOT WORM!
Win32 USB2 Driver	X	winsnd32.exe	Added by a variant of the W32/SDBOT WORM!
Win32 USB2 Driver	X	msn.exe	Added by the W32/FORBOT-EX WORM!
Win32 USB2 Driver	X	syscfg32.exe	Added by the W32/FORBOT-R WORM!
Win32 USB2.0 Driver	X	386.exe	W32.IRCBot.D worm
Win32 USB2.0 Driver	X	w32usb2.exe	WORM_SPYBOT.DN
Win32 USB2.0 Driver	X	rundll16.exe	WORM_WOOTBOT.H
Win32 USB2.0 Driver	X	service.exe	Added by the W32/SDBOT-QF WORM!
Win32 USB3 Driver	X	win32tool.exe	Added by a variant of the WIN32.RBOT WORM!
Win32 Wmls Driver	X	winitr32.exe	Added by the WOOTBOT.B worm
Win32 Word Services	X	msword32.exe	Added by a variant of the WIN32.RBOT WORM!
win32.exe	X	win32.exe	Added by the STARTPAGE VIRUS!
Win32.exe	X	Win32.exe	Added by the BKDR_AWQ.A TROJAN!
win32app	X	winpup32.exe	Added by the ADCLICKER VIRUS!
Win32BaseServiceMOD	X	Wintask.exe	Added by the NAVIDAD VIRUS!
win32beta	X	win32sys4.exe	Added by the Troj/Banker-DA Trojan!
win32clf	X	win32clf.exe	Added by an unidentified VIRUS!
Win32DLL	X	Win32DLL.vbs	Added by the LOVELETTER (I LOVE YOU) VIRUS!
Win32dll	X	Win32dll.exe	Added by the BANPAES VIRUS!
WIN32DS	X	clienttimer.exe	Added by Eziin adware
Win32G	X	Kernel32.comScandisk.com	Added by the ESTRELLA VIRUS!
win32gb	X	win32gb.exe	All-In-One-Telcom (adult content dialler) variant
Win32Host Process	X	webemir.exe	Added by the Troj/Turgen-A TROJAN!
win32info	X	win32info.exe	Added by a Win32.Dluca.C downloader trojan infection
win32ini	X	systroy.exe	Added by the IRC.ALADINZ.C VIRUS!
WIN32io	X	clienttimer.exe	Added by Eziin adware
Win32R	X	Server.com	Added by the ESTRELLA VIRUS!
WIn32S Java DLL	X	kavsvx.exe	Added by the W32/AGOBOT-RZ WORM!
win32servv	X	ms1.exe	iSearch adware component
win32servv	X	load.exe	Added by an unidentified trojan or adware
WIN32SL	Y	Win32sl.exe	Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. The specific function of this is to load MIF's in order for Dell OpenManage Client to work
WIN32SNDS	X	banc.exe	Added by an unidentified WORM or TROJAN!
Win32system	X	(random filename)	Added by the DDV.B VIRUS!
Win32System	X	win32s.exe	Added by the W32.Mydoom.V WORM!
Win32SystemMonitor	X	**.exe ( = random char)	browser hijacker
Win32SysV	X	xin.exe	Added by the W32/FORBOT-EO WORM!
win32us	X	win32us.exe	All-In-One-Telcom (adult content dialler) variant
win32usbd	X	ssrs.exe	Added by the W32/RBOT-RA WORM!
WIN32WN	X	system_wc.exe	Added by Eziin adware
win32_i lptt01 or win32_i ml097e	X	win32_i.exe	Variant of the RapidBlaster parasite (in a "win32_i" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
Win386	X	Win386.exe	Added by the GOSUSUB VIRUS!
Win386	X	sp32.dll	Homepage hijacker. Not a dll but a regfile in disguise
WIN3S2SNDS	X	winabsmod.exe, winiprtx.exe	Added by a TrojanDownloader.Win32.Agent.dn infection; known to BOClean as "CWS/INDEX" , "shuts down anything that wants to open and is used as a spam proxy as well"
Win64 Compatibility Check	X	load win64.drv	CoolWebSearch parasite related.
WIN95DEFVIEW	X	csmss.exe	Added by the TROJ/DEDLER-D TROJAN!
win98 DNS	X	wingrd.exe	Added by a variant of the WIN32.RBOT WORM!
WinAC v4	X	klsuicbn.exe	Added by the W32/FORBOT-CS WORM!
Winacsr	U	Winacsr.exe	AceScreenSpy keystroke logger/monitoring program - remove unless you installed it yourself!
winactive	X	WINACTIVE.EXE	Active variant of LOP.com hijacker - see here
WinActiveJ	X	WinActiveJ.exe	Added by the ROTARRAN VIRUS!
Winad Client	X	Winad.exe	WinAd adware by eXact Advertising
WinAdCnt.exe	X	WinAdCnt.exe	Added by the TROJ/BANKER-BU TROJAN!
winadm	X	winadm.exe	Browser hijacker - redirecting to Search-World.net. Related to the SMALL.LR TROJAN!
WinAgent	?	WinAgent.exe	Standard Life Insurance program. Note: This file is legitimate. It is not known if it needs to run at startup.
Winahlp.exe	X	Winahlp.exe	Added by a variant of the VAGRNOCKER VIRUS!
winallap	X	winallap.exe	Added by the DELF.E VIRUS!
winallapu	X	winallapu.exe	Added by the DELF.E VIRUS!
Winamp	X	winamp.hta	re-directing to adult content sites. Note - this isn't the real Winamp
winamp	X	winamp.exe	Added by the AGOBOT-MC WORM! Note - this is NOT the Winamp Media Player (WinAmpa.exe)
WinAMP	X	winamp62.exe	Added by the W32/SDBOT-WN WORM!
Winamp Agent	X	winamp.exe	Added by the W32/POEBOT-I WORM! NOTE - this is NOT the Winamp Media Player executable (WinAmpa.exe)
Winamp media player	X	winapa.exe	Unidentified worm
WinAmp Player	X	winampp.exe	Added by the W32/Rbot-AQI WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Winamp to Google Talk	U	winamptogoogletalk.exe	Winamp to Google Talk, available here shows your current Winamp track in your Google_Talk status
Winamp Update		yhn.exe	Added by the W32/Sdbot-ACR WORM!
Winampa	U	WINAMPa.exe	Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs
Winampa	X	winampa.exe	Added by the W32/AGOBOT-GS WORM!
Winampa Agent	X	WINAMPA.EXE	Added by the W32/SPYBOT-BR WORM! - NOTE: this is NOT the Winamp Media Player, as described here
WinampAgent	U	WINAMPa.exe	Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs
WinAmpAgent	X	svchst.exe	Added by the TROJ/BDOOR-EB TROJAN! - NOTE: this is NOT a WinAmp mediaplayer file, as described here
WinAmpAgent	X	Winagent.exe	Added by the TROJ/BDOOR-EB TROJAN! - NOTE: this is NOT a WinAmp mediaplayer file, as described here
WinAmpAgent	X	Shch.exe	Added by the TROJ/BDOOR-EB TROJAN! - NOTE: this is NOT a WinAmp mediaplayer file, as described here
WinAmpAgent	X	Msexploren.exe	Added by the TROJ/BDOOR-EB TROJAN! - NOTE: this is NOT a WinAmp mediaplayer file, as described here
WinAmpAgent	X	winagent.exe	Added by the WIN32.TACTSLAY.B TROJAN!
WinAntiSpyware 2005	X	was5.exe	WinAntiSpyware: MALWARE, posing as a spyware remover - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "WinAntiSpyware 2005"
WinApi	X	winapix.exe	Added by a variant of the TIBSER.A downloader TROJAN!
WINAPLOGUPD	X	WINAPLOGUPD.EXE	Added by the W32/CAPSIDE-C WORM!
Winapp	X	winpup32.exe	Produces popup ads to adult content sites
WinApp32	X	msapp.exe	Added by the RSBOT VIRUS!
WinAppLog	U	svchost.exe	StingKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! - NOTE - this file is placed in a C:\Program Files\StingWare folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
WinAuth	X	winlogon.exe	Hijacker, also indentified as the STRTPAGE.BE TROJAN!
WinAwk	X	WinAwk.exe	Added by the 2/SDBOT-AYF WORM!
WinBackup Scheduler	U	Wbsched.exe	LIUtilities WinBackup scheduler - backup software
WinBar	U	WinBar.exe	"WinBar is a free and compact program that lets you monitor your system and provides easy access to frequently used controls"
winbar.pif	X	packe.pif	Added by the W32/Rbot-AVI WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
winbas12	X	winbas12.exe	Adware, CoolWebSearch parasite related - recognized by Kaspersky antivirus as TrojanDownloader.Win32.VB.du - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
winbas12	X	winbas12.exe	Adware, probably CoolWebSearch parasite related - recognized by Kaspersky antivirus as TrojanDownloader.Win32.VB.du
Winbed	X	winbed.exe	Hijacker
Winbin	X	swchost.exe	Added by the RBOT.CLS WORM!
winbin32	X	win32exe.exe	Added by the W32/RBOT-ZL WORM!
winbot	X	winbot.exe	Added by the Troj/Midrug-A TROJAN!
WinCheck	X	WinCheck.exe	Added by the PWS-CY VIRUS!
WinCheck	X	services.exe	Added by the W32.Sober.S WORM! Note: This worm file is found in the Windows\ConnectionStatus\Microsoft or Winnt\ConnectionStatus\Microsoft folder.
winchost	X	winchost.exe	Added by the Troj/Dloader-PV TROJAN!
WINCINEMAMGR	N	WinCinemaMgr.exe	WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
WINCINEMAMGR	N	WINCIN~1.EXE	WinCinema_Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
wincmap	X	wincmapp.exe	CasClient adware variant - also known as Trojan.Cmapp
wincms	X	wincms.exe	Added by the RBOT.CBR WORM! - NOTE: this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.
WinCRT32	X	wincrt32.exe	Added by the W32/Dogbot-D WORM! Note: This worm\trojan file is found in the System\CRT (95/98/ME) or System32\CRT (NT/2000/XP) folder.
WinCSRSS	X	MSGRT32.EXE	Added by the Troj/Rewindo-A TROJAN!
WINCX	X	wincore332.exe	Added by the W32/AGOBOT-MG WORM!
Wind Logd File	X	servicelogd.exe	Added by a variant of the WIN32.RBOT WORM!
Wind Security	X	mswi32.pif	Added by the W32/Rbot-ARH WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
wind.exe	X	wind.exe	This Trojan allows the infected computer to be used as a proxy mail server. Trojan horse Proxy.5.AP, TrojanProxy.Win32.Mitglieder.bd More info on TrojanProxy
WIND0WS	X	WIND0WS.exe	WORM_SPYBOT.DQ
WIND0WS	X	mella.bat	Added by the VBS.ALLEM WORM!
Wind0ws	X	wordpad.exe	Added by the W32/Agobot-TL WORM! Note: This is not the legitimate Windows application wordpad.exe (Which is found in the Program Files\Accessories folder.) The legitimate Windows application should not be seen in Msconfig or as a Startup item. This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Wind0ws Sharing	X	ssprotecter.exe	Added by the W32/RBOT-AHW WORM!
WinDates	N	windates.exe	WinDates is a calendar, date organizer and event reminder program from Rockin\' Software
windbs	X	winxtc.exe	Added by the W32/Agobot-WD WORM!
Winde	X	winde.exe	Added by the DLUCA VIRUS!
windef	X	Win32sp.vbs -quiet	Added by the W32.ANPES WORM!
windef	X	windef.exe	Added by the W32/Wurmark-O WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder, and replaces taskmgr.exe with the copy of itself.
Windeows NetStart Service2	X	tesakrmger.exe	Added by the W32/Rbot-AMY WORM!
windhost.exe	X	oswin32.exe	Added by an unidentified password-stealing "Banker" TROJAN!
windhost.exe	X	osrwin32.exe	Added by the BANKER-CB TROJAN!
windhost.exe	X	winos.exe	Added by the TROJ/PWSAGENT-A WORM!
windhost.exe	X	windhost.exe	Added by the TROJ/BANKER-BV TROJAN!
windir	X	winrun.exe	Added by the WINBUR.B VIRUS!
Windll	X	Windll.exe	Added by the TRYNOMA VIRUS!
WINDLL	U	WSYS.EXE	STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren\'t keyed in, all web sites visited, every program launched including the path to that program, and more"
windll	X	windll32.exe	Added by the ASTEF or RESPAN VIRUSES!
Windll.exe	X	Windll.exe	Added by the STEALER VIRUS!
Windll32	X	Windll32.exe	Added by the MSNPWS VIRUS!
WinDll32	X	_WIN32.EXE	Added by the LEGMIR.AQ TROJAN!
windllsys32.exe	X	windllsys32.exe	Added by a variant of the Win32.Mitglieder.by TROJAN!
WinDNS	X	windns32.exe	Added by the GAOBOT.WX WORM!
Windoes Kernel	X	kernel32.exe	Added by the KICKIN.A (or CYDOG.C) VIRUS!
Window	X	explore.exe	Added by the GAOBOT.ADW WORM!
Window Loader	X	Dos32.exe	Added by the GAOBOT.AO WORM!
Window Monitor	X	winmon32.exe	Added by a SDBOT.RT worm infection
Window service	X	[random file name]	Added by the W32/RBOT-ACH WORM!
Window Washer	U	wwDisp.exe	Webroot Window Washer - "Wash away online and offline traces of PC and Internet activity to protect your privacy and improve PC performance"
window.exe	X	window.exe	Added by the MITGLIEDER.H or MITGLIEDER.J VIRUS!
window2	X	ssvchost.exe	Added by the IRCBOT.H VIRUS!
WindowBlinds	U	wbload.exe	WindowBlinds from Stardock. Skin application to change the appearence on Windows desktops. Available as an individual download or as part of Object Desktop. Required to restore settings if you use it. Available via right-click on the Desktop -> Properties -> Skins
WindowEnhancer	X	Winex.exe	SCbar foistware variant
WindowFX	U	wfxload.exe	Stardock WindowFX - "Allows you to add an unprecedented number of special effects to windows"
windown	X	wiusyt.exe	Added by the Troj/QQPass-M TROJAN!
WindowRegKey update	X	wins.exe	Added by the SPYBOT.I WORM!
Windows	X	Kernel32.exe	Added by the TENDOOLF VIRUS!
Windows	X	msdos98.exe	Added by the PWSTEAL VIRUS!
Windows	X	Windows.exe	Added by the KAZMOR, BOBBINS& ALADINZ.D VIRUSES!
Windows	X	explorer.exe	Added by an unidentified VIRUS! Note - this is not the valid Windows Explorer (explorer.exe). It was found in the C:\Windows directory on a WinNT machine and the wheras the valid explorer.exe would be found in C:\Winnt
windows	X	(path to trojan)	Added by the AIMWIN VIRUS!
windows	X	hkey.exe	Added by the GAOBOT.AFW WORM!
Windows	X	services.exe	Added by the W32/Sober-Z WORM!
windows	X	system copy.exe	Added by the W23.SALGA.A WORM!
Windows	X	system.exe	Added by the W32.Spybot.OBB WORM!
Windows	X	run.exe	Added by the W32.SPYBOT.OFN WORM!
Windows	X	gearsec.exe	Added by the W32/STUBBOT-B TROJAN!
WINDOWS	X	\windows.exe	Added by the Troj/Monbot-A TROJAN!
Windows	X	explorer.exe	Troj/Bancban-HJ is a password-stealing TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows (random character)	X	diskcheck.exe	Added by the BACKDOOR.SINGU.B TROJAN!
Windows .Net Manager	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows .Net Manager	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Windows .Net Manager	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows .Net Manager	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows .Net Manager	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows .Net Manager	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows .Net Manager	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Windows .Net Manager	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
Windows 128 Module	X	win128.exe	Added by the W32/FORBOT-ES WORM!
Windows 2004	X	CSRSS.exe	Added by a Troj/Banker-DY trojan infection
Windows 32 Editor	X	Win32edit.exe	Added by the WOOTBOT.GQ WORM!
Windows 32 Rescue	X	win32resc.exe	Added by the W32/FORBOT-EU WORM!
Windows 32 Update	X	Windows-Update.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Accelerators	U	setup.exe	KeySpy keylogger (monitoring program). Given a "U" recommendation because it depends if you intentionally installed it. If you didn't treat it as "X" and uninstall or remove
Windows AdControl	X	WinAdCtl.exe	WindUpdates adware variant
Windows AdService	X	WinAdServ.exe	WindUpdates WinAdServ adware variant
Windows AdStatus	X	WinStat.exe	Added by the W32.Bleshare!dr VIRUS!
Windows AdTools	X	WinAdTools.exe	WindUpdates Windows_AdTools adware
Windows Anti-Virus Built 32	X	AntiVirus32.exe	Added by the SDBOT-BG WORM!
Windows API Control Task	X	apitsk32.exe	Added by the W32.MYTOB.HI WORM!
Windows Application Layer	X	walg32.exe	Added by the AGOBOT.ATN WORM!
Windows Application Layer Gateway	X	walg32.exe	Added by the W32/AGOBOT-AAZ WORM!
Windows ASN Service	X	[random file name]	Added by the W32/AGOBOT-TC WORM!
Windows ASN Service	X	rge.exe	Added by the W32/Rbot-AOK WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
windows auto update	X	penis32.exe	Added by the BLASTER (or MSBLAST.A) VIRUS!
windows auto update	X	msblast.exe	Added by the BLASTER.B VIRUS!
Windows Auto Update	X	winupdater.exe	Added by the SDBOT.TF WORM!
Windows auto update	X	bazzi.exe	Added by the AHKER.E WORM!
Windows auto update	X	LSASS.exe	Added by the W32.AHKER.G WORM! - Note - this is NOT the legitimate Windows lsass.exe process, which should NOT figure in Msconfig/Startup!
Windows Automatic Update	X	wuamgrder.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Automatic Updates	X	dvldr.exe	Added by the RBOT.MF WORM!
Windows AutomaticUpdater	X	runddls.exe	Added by a variant of the WIN32.RBOT WORM!
windows automation	X	mslaugh.exe	Added by the BLASTER.E VIRUS!
Windows Automation	X	msdspr.exe	Added by the SOLAME.A VIRUS!
Windows Autostart Loader	X	notepad32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows backup	X	systemss.exe	W32.SpyBot worm variant
Windows Backup Configuration	X	IEXPLORER.exe	Added by the GAOBOT.AZ WORM!. Note - iexplorer.exe is not to be confused with Internet Explorer (iexplore.exe)
Windows Ba�lang�� Dosyas�	X	sistem.exe	Added by the MUZK VIRUS!
Windows Bootup	X	ms-wks32.exe	Added by the W32/Rbot-AFM Worm!
Windows Bootup	X	Systemwks32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Bootup	X	task-mngr.exe	Added by the W32/Rbot-AWP WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Client Service 32	X	csrss.exe	Added by the W32/Rbot-ALB WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Windows Client/Server Runtime Server	X	csrs.exe	Added by the RBOT.KD WORM!
Windows Command	X	wincmd.exe	Added by the RBOT.ANV WORM!
Windows Communicator	X	wincomm.exe	Added by the AGOBOT-BH WORM!
Windows Compliant	X	winole.exe	Added by a variant of the W32/SDBOT WORM!
Windows Compliant	X	(random file name)	Added by a W32/Rbot-IR worm infection
Windows Config	X	SSYS.EXE	Added by a W32/Spybot-DA worm infection
Windows Config	X	wins.exe	Added by the SPYBOT.JR WORM!
Windows Config	X	RUNDLL.EXE	Added by the W32/SPYBOT-DX WORM! - - NOTE: this is NOT the Windows system file of the same name as described here
Windows Config Loader	X	Wincfg32.exe	Added by the SILVERFTP VIRUS!
Windows Config Manager	X	winconf.exe	Added by the W32/RBOT-AIT WORM!
Windows Configuration	X	wsys32.exe	Added by the GAOBOT.FB WORM!
Windows Configuration	X	wincfg32.exe	Added by the W32.Mytob.ED WORM!
Windows connection manager	X	Internet.exe	Added by the W32/Rbot-APN WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Make sue you check the link on this one, it copies it's self under three other file names and folder locations.
Windows Console Monitor	X	[path to worm]	Added by W32.Kedebe WORM!
Windows Console Monitor	X	gcasAV32.exe	Added by the W32/KEDEBE-A WORM!
Windows Control	X	Control.exe	Browser hijacker. NOTE - On Win9x systems it will overwrite the Windows file of the same name in the Windows directory, so therefore it will be necessary to extract a fresh copy of the file from the Windows setup cabs!
Windows ControlAd	X	WinCtlAd.exe	WindUpdates WinCtrlAd adware
Windows CPU host	X	winbog32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Data Server	X	autodisc.exe	Added by the W32/SPYBOT-CB WORM!
Windows Data Server	X	(Random name).exe	Added by the W32/Spybot-DS WORM!
Windows Database	X	WinDat.exe	Added by an unidentified WORM or TROJAN!
Windows Database	X	wiinsvc.exe	Added by the W32/AGOBOT-RU WORM!
Windows Dcom2 Fix	X	mscom32.exe	Added by the W32/RBOT-QT WORM!
Windows DDE Loader	X	windde32.exe	Added by the W32/SDBOT-UZ WORM!
Windows debug logging	X	winlogg.exe	Added by the W32/RBOT-OY WORM!
Windows debug logging	X	winloggs.exe	Added by the W32/RBOT-QN WORM!
Windows Debugger	X	windbg.exe	Added by an unknown worm or trojan infection!
Windows Debugger	X	msdbg32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Debugger	X	windbg32.exe	Added by the W32.Mytob.MC WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Debugging Tools	X	updatecfg.exe	Added by the W32/Rbot-AXU WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
WINDOWS DENEME	X	deneme.exe	Added by the W32/Mytob-CR WORM!
Windows Desktop Controler	X	windesktop.exe	Added by the W32/SDBOT-XH WORM!
Windows Desktop Daemon	X	winpadg.exe	Added by a variant of the W32.SPYBOT WORM!
Windows Dialup Service	X	dialup.exe	Added by the AGOBOT.AAH WORM!
Windows DLL host	X	winupd32.exe	Added by a variant of the W32.SPYBOT WORM!
Windows DLL Host	X	dllhost32.exe	Added by an unidentified WORM or TROJAN!
Windows DLL Loader	X	RUNDLL16.EXE, SYSCFG16.EXE	Added by the DOMWIS VIRUS!
Windows DLL Loader	X	PASSCFG16.EXE	Added by a W32/Domwis-C IRC backdoor worm infection
Windows DLL Loader	X	defragfat32z.exe	Added by the W32/EGGDROP-G WORM!
Windows DLL Loader	X	rundll32.exe	Added by the W32/WHIPSER-B WORM! - NOTE: This particular rundll32.exe file is placed in the Windows\System folder, wheras the legitimate Windows file of the same name is located in the Windows folder on Win 98 or ME systems, and in Winnt\System32 or Windows\System32 in Windows 2000 or XP
Windows DLL Loader	X	defragfat32pi.exe	Added by the W32/RBOT-QQ WORM!
Windows DLL Loader	X	defragfat39.exe	Added by the W32/POEBOT-C WORM!
Windows DLL Loader	X	defragfatz.exe	Added by the W32.LINKBOT.H WORM!
Windows DLL Loader	X	defragfatx.exe	Added by the W32/POEBOT-F WORM!
Windows DLL Loader	X	defragfat32.exe	Added by the W32/SDBOT-SS WORM!
Windows DLL Loader	X	defragfat32abc.exe	Added by the W32/RBOT-RG WORM!
Windows DLL Loader	X	wdevice.exe	Added by a variant of the W32/SDBOT WORM!
Windows DLL Loader	X	WINCFG32.EXE	Added by the W32/Agobot-TE WORM!
Windows DLL Loader	X	SYSCFG16.EXE	Added by the W32/Domwis-N WORM!
Windows DLL Services	X	winsvc32.exe	Added by the W32/RBOT-ZF WORM!
Windows DLL Services	X	system.exe	Added by the TSPY_AGENT.H spyware.
Windows DLL Tracker	X	spoolsrv.exe	Added by a variant of the W32/WOOTBOT WORM!
Windows DLL Verifier	X	xptl.exe	Added by a variant of the WIN32.RBOT WORM!
Windows DNS	X	windns.exe	Added by the W32/SDBOT-XU WORM!
Windows DNS Daemon	X	windnsd.exe	Added by the WOOTBOT.AS WORM!
Windows Domain Name Drivers	X	windns.exe	Added by the W32/FORBOT-EP WORM!
Windows DOS	X	dosw.exe	Added by the W32/Salay-A WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Download Manager	X	windlmngr.exe	Added by an unidentified TROJAN!
Windows Drive Compatibility	X	System32Driver32.exe	Added by the SUPOVA.Z VIRUS!
Windows Driver	X	winxpdriver.exe	Added by the WOOTBOT.EE WORM!
Windows Driver Adapter	X	svchost.exe /driver-auto	Added by the W32/Antinny-K WORM!
Windows Driver Services	X	msdrvs32.exe	WORM_WOOTBOT.L
Windows driver update	X	dmsvc32.exe	Added by a W32/Sdbot-GP worm infection
Windows drivers update	X	windowsupdate.exe	Added by the W32/RBOT-ACE WORM!
Windows Dynamic Loading Header	X	winDLL32.exe	Added by a variant of the W32/SDBOT WORM!
Windows Executable	X	winmys.exe	Added by the W32/RBOT-ABO WORM!
Windows ExpIorer	X	(Random filename)	Added by the W32/Rbot-AKO WORM!
Windows Explorer	X	(filename).exe	Added by the SDBOT WORM! Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Windows Explorer	X	Lsas.exe	Added by the GAOBOT.AO WORM! **Note - this is not the valid Windows Explorer (explorer.exe) which would only be in startups if you added it manually
Windows Explorer	X	olecom32.exe	Added by an unidentified WORM or TROJAN!
Windows Explorer	X	EEXPLORER.EXE	Added by a variant of the W32.SPYBOT WORM!
Windows Explorer	X	explorer.exe	Added by the W32/POEBOT-J WORM! - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt whereas this one is found in the C:\Windows\System folder (Win 98/ME) or in the C:\Winnt\System32 or C:\Windows\System32 subfolder (Windows 2000 and Win XP)
Windows Explorer	X	system32.exe	Added by the W32/Rbot-AJH WORM!
Windows Explorer	X	explorer.pif	Added by the W32/Rbot-AID WORM!
Windows Explorer Shell	X	Winexec32.exe	Added by the REDIST.B VIRUS!
Windows Explorer SP2	X	csrss.exe	Added by the Troj/Banker-DM Trojan!
Windows Explorer Update Build 1142	X	EXPLORER32.EXE	Added by the KaZaA based KWBOT or KWBOT.Y VIRUSES!
Windows Explorer-3212	X	WINRE16.EXE	Added by the HARDOC VIRUS!
Windows Eyes	N	??	For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -> Programs
Windows FAT 32	X	WINFAT32B.exe	Added by the W32/SPYBOT-AGT WORM!
Windows File Protection	X	winprotect.exe	Added by the AGOBOT.JB WORM!
Windows Firewal	X	Lsess.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Firewall	X	WindowsFirewall.exe	Added by the W32.MYTOB.AO WORM!
Windows Firewall Log	X	winlog.exe	Added by an unidentified WORM or TROJAN!
Windows Firewall Manager	X	msfw.exe	Added by the RBOT.WR WORM!
Windows Firewalll	X	sphost.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Firewalll	X	svvhost.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Firewalll	X	winmu.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Firewalll	X	scvhost.exe	Added by the W32/RBOT-EK WORM!
Windows Fix	X	integator.exe	Added by the SDBOT.ZAB WORM!
Windows Fixes Systems	X	elite.exe	Added by the W32.Mytob.EG WORM!
Windows FormatAd	X	WinForm.exe	Windupdates adware variant
Windows Frame Works	X	frmwrks32.exe	Added by a variant of the WIN32.RBOT WORM!
WINDOWS FUCK BY CLASIC	X	fuck.exe	Added by the ZOTOB.H or W32.Zotob.J WORM!
Windows Generic Proc	X	procmsg.exe	Added by the W32.ALLIM.B WORM!
Windows GMT32	X	wingmt32.exe	Added by the MYTOB.KM WORM!
Windows Graphics Loaders	X	wingraphics.exe	Added by the SPYBOT.JG WORM!
Windows Guardian	U	thehel1iawgrd32.exeFawgrd32.exe	Part of First Aid by Cybermedia who were subsequently bought by McAfee (Network Associates). Protects your Windows system from application failure and crashes
Windows Help	X	mailinfo.exe	Added by the MYTOB.JX WORM!
Windows Help File	X	winhelper32.exe	Added by the W32/SDBOT-QK TROJAN!
Windows Help Manager	X	svchost32.exe	Added by the W32/RBOT-OZ WORM!
Windows Help Service	X	winhelpsv.exe	Added by the W32/Rbot-LP WORM!
Windows Help Service	X	winhlp.pif	Added by the W32/Rbot-AKW WORM!
Windows Help System	?	Help.pif	??
Windows Host	X	hosts.exe	Added by the W32.KELVIR.U WORM!
Windows Host	X	winhost.exe	Added by the BACKDOOR.PRYSAT TROJAN!
Windows Host Device	X	hostsvc.exe	Added by a W32/Zooty-A worm infection
Windows Host Name	X	lmass.exe	Added by the GAOBOT.O WORM!
Windows Host Service	X	scvhosts.exe	Added by the W32.SPYBOT.NLI WORM!
Windows Host Service	X	host.exe	Added by W32.Kelvir.AN WORM!
Windows Host Service	X	svchosts32.exe	Added by the W32.KELVIR.AW WORM!
Windows Host Service	X	svchoste.exe	Added by the W32.KELVIR.BF WORM!
Windows Host Service	X	svchosts32.exe	Added by the W32/Kelvir-AK WORM!
Windows Host32 Starter	X	hostserv.exe	Added by the W32/SDBOT-WU WORM!
Windows Hosts	X	hosts.exe	Added by the KELVIR-O TROJAN!
Windows HTML file reader	X	Sysconf32.exe	Added by a NOOMY.A worm infection
Windows Icons Manager	X	wicomgr.exe	Added by the W32/Rbot-AIF WORM!
WINDOWS ID SYSTEM	X	wID32.exe	Added by the MYTOB.LN WORM!
Windows iMessenger Messenger	X	winimsg.exe	Added by the W32.ALLIM.A WORM!
Windows Incontext	X	InSearch.exe	Z-Quest adware downloader/installer variant
Windows installer	X	winstall.exe	SpySheriff malware. For more information on registry key changes see Troj/Spywad-G
Windows Installer	X	ntdll.exe	Added by an unidentified WORM or TROJAN!
Windows installer	X	winstall.exe	Added by Troj/Spywad-F TROJAN!
Windows Internet Protocol	X	winproc32.exe	CoolWebSearch parasite related.
Windows Internet Protocol	X	deinst_qfe001.exe	Added by a variant of the Win32.Small TROJAN!
Windows Internet Service	X	wininet.exe	Added by W32/Rbot-AUX WORM!
Windows IPv6 Drivers	X	wipv6.exe	Added by the W32/SDBOT-VJ WORM!
Windows Java Update	X	weatherBug32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows JavaScript Daemon	X	Winjsd.exe	Added by a WOOTBOT.AF worm infection
Windows Kernel 64	X	kernal64.exe	Added by the W32/Yimp-B WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows kev Messenger	X	mskev.exe	Added by the W32/SDBOT-XV WORM!
Windows Load	?	windows.com	??
Windows Loader	X	wstart32.exe	Added by the GAOBOT.CA WORM!
Windows Loader Service	X	civsc.exe	Added by a variant of the WIN32.RBOT WORM!
windows Loadxm	X	Win_.exe	Added by the Troj/Fodder-A TROJAN!
Windows Local Services	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Local Services	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Windows Local Services	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Local Services	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Local Services	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Local Services	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Local Services	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Windows Local Services	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
Windows Logger	X	winlog.exe	Added by the Troj/Nshadow-B TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows logging	X	winlogd.exe	Added by the W32/RBOT-ON WORM!
Windows Login	X	explored.exe	Added by the W32.Gaobot.SY worm
Windows Login	X	winlog.exe	Added by the AGOBOT.MG WORM!
Windows Login Folder	X	winzep.exe	Added by W32/Agobot-TZ WORM!
Windows Login Security	X	winlogin.pif	Added by an unidentified WORM or TROJAN!
Windows Login Service	X	winlog.exe	Added by the W32/Rbot-AFN Worm!
Windows Login Service	X	winlogin.pif	Added by the W32/Sdbot-ACU WORM! Note: This worm/trojan file (winlogin.pif) is found in the Windows or Winnt folder.
Windows Logon	X	winlogin.exe	Added by the TROJ/SPYBOT-C TROJAN!
Windows Logon Application	X	WinIogon.exe	Added by the "Cruel Intentionz" backdoor TROJAN!
Windows Logon Application	X	logon.exe	Added by the W32/POEBOT-J WORM!
Windows Logon Application	X	WinIogon.exe	Added by the W32.LINKBOT.M WORM!
Windows Logon Application	X	services.exe	Added by the Troj/Ciadoor-L TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the Windows or Winnt folder.
Windows Logon Manager	X	logon.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Logon Procedure	X	Svchoste.exe	Added by a variant of the W32.SPYBOT WORM!
Windows Logon Procedure	X	Svchosta.exe	Added by a variant of the W32.SPYBOT WORM!
windows logon procedure	X	winlogonpc.exe	Added by the "WinLogon" TROJAN!
Windows Logon Service	X	winlogon.pif	Added by the W32/Rbot-AOU WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows Management Instrumentation	X	mwd.exe	Added by the GRAPS VIRUS!
Windows Management Instrumentation	X	wmimgr.exe	Added by W32.Qdens.A Trojan!
Windows Management Instrumentation	X	[path to file]	Added by the W32/QEDS-A VIRUS!
WINDOWS MANAGEMENT SYSTEM	X	wm1exe.exe	Added by the W32/RBOT-VT WORM!
Windows Manager	X	winmants.exe	Added by the MANTAS VIRUS!
Windows Manager	X	winsrv.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Windows Manager Update Inc	X	tgb.exe	Added by the W32/Sdbot-ACM WORM!
Windows mangement	X	winlogonn.exe	Added by the RANDEX.FC VIRUS!
Windows Media AP	X	winmapp.exe	Added by an unidentified WORM or TROJAN!
Windows Media APP	X	wmapp.exe	Added by an unidentified WORM or TROJAN!
Windows Media Driver	X	msnger.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Media Player	X	wmediaplayer.exe	Added by the W32/AGOBOT-NQ WORM!
Windows Media Player	X	WMP23.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Media Player	X	MediaPIayer.exe	Added by the SDBOT-QO TROJAN! - (note, the executable is called 'MediapIayer', with an 'i' !)
Windows Media Player	X	msass43.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Media Player	X	msa.exe	Added by the W32/RBOT-SI WORM!
Windows Media Player	X	mcafe32.exe	Added by the W32/RBOT-YO WORM!
Windows Media Player	X	mpwe.exe	Added by the W32/RBOT-TT WORM!
Windows Media Player	X	wmplayer.exe	Added by the W32.Kelvir.G or W32.Kelvir.H or W32.Kelvir.I WORM!
Windows Media Player	X	50cent.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Media Player	X	msams.exe	Added by the RBOT.AHR WORM!
Windows Media Player	X	valentine-jessica.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Media Player 3.6	X	wmpa36.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Media Player 3.6b	X	WMPA36B.EXE	Added by the W32/RBOT-VV WORM!
Windows Media Player 3.6d	X	wmpa36d.exe	Added by the W32/RBOT-YA WORM!
Windows Media Player 3.6d	X	wmpa36d.exe	Added by the W32/RBOT-YA WORM!
Windows Media Player 3.9	X	wmpa36.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Media Player Update	X	[random filename]	Added by the RBOT-ET WORM!
Windows Media Powerpoint Helper	N	NSPPTHLP.EXE	German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs
Windows media service	X	crvss.exe	Added by the SDBOT.VP WORM!
Windows media service	X	crsss.exe	Added by the RBOT.ACY WORM!
Windows media services	X	cvrsss.exe	Added by the W32/RBOT-MW WORM!
Windows Media SP.2.37	X	(random filename)	Added by the LEMIR.C VIRUS!
Windows Media Updater	X	crease.exe	Added by the W32/Rbot-ATI and W32/Rbot-AVA WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Media Utility	X	wmediautil.exe	Added by a variant of the W32.SPYBOT WORM!
Windows Messenger	X	msmsgs.exe	Added by a W32/Forbot-BD worm infection
Windows messenger	X	messengers.exe	Added by the W32.Mytob.EI WORM!
Windows Messenger	X	msnsmgs.exe	Added by the W32/RBOT-ANJ WORM!
Windows Messenger Messenger	X	winmsg.exe	Added by W32.Velkbot.A WORM!
Windows Messenger Service	X	winsmsgr.exe	Added by the W32/RBOT-VW WORM!
Windows Messenger Service	X	kaspersky.exe	Added by the MYTOB.HY WORM!
Windows MeTaLRoCk service	X	metalrock.exe	Added by the TASTYRED VIRUS!
Windows Micro Drivers	X	wupdates32.exe	Added by the W32/Rbot-AEH Worm!
Windows Monitor	X	winmon.exe	Added by a SDBOT.VB worm infection
Windows Monitor	X	arsetup.exe	Added by the WIN32.SPAZBOX.A TROJAN!
Windows Monitor Services	X	winmonitor.exe	Added by the W32/RBOT-XX WORM!
Windows Monitoring Service	X	winmon.exe	Added by a variant of the W32/SDBOT WORM!
Windows More Choice	X	TopContext.exe	ZQuest adware
Windows Mouse Utilities	X	mouseutils.exe	Added by the W32/RBOT-ABU WORM!
Windows ms Drivers	X	msnup32.exe	Added by the W32/SDBOT-AAL WORM!
Windows MSConfig Startup Logger	X	winlog.exe	Added by the RBOT.BCU WORM!
Windows NetDDe	X	wrmana32.exe	Added by the W32.Mytob.IM WORM!
Windows Nets	X	WinNET.exe	Added by the W32/RBOT-MO WORM!
Windows NetStart Service	X	winsN2S.exe	Added by the W32/RBOT-ZX WORM!
Windows NetStart Service2	X	winsN2S.exe	Added by the W32/RBOT-ABN WORM!
Windows NetStart Service2	X	winsN2SD.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Network Controller	X	Mqguard.exe	Added by the W32/Forbot-CL WORM!
Windows Network Controller	X	WinxPupd.exe	Added by the W32/FORBOT-DK WORM!
Windows Network Controller	X	winmms32.exe	Added by the W32/FORBOT-ED WORM!
Windows Network Controller	X	wingmt.exe	Added by a variant of the W32/SDBOT WORM!
Windows Network Controller	X	Win9x.exe	Added by the WOOTBOT.I WORM!
Windows Network Firewall	X	firewall.exe	Added by the W32/POEBOT-J WORM!
Windows Network Service	X	winvc32.exe	Added by the RBOT.RY WORM!
Windows Networking	X	winsys32.exe	Added by the GAOBOT.FL WORM!
Windows Networks	X	netcog.exe	Added by the MYTOB.FH WORM!
Windows Nivedia Driver	X	sysMGT.exe	Win32.Rbot worm variant
Windows NNT	X	(path to trojan)	Added by the RANKY.E VIRUS!
Windows NT 32	X	ntlogin32.exe	Added by the W32.RANDEX.BRD WORM!
Windows NT Login	X	ntlogin32.exe	WORM_SDBOT.WG
Windows NT Login Session Manager	X	WNSM.EXE	Added by the RBOT.BIV WORM!
Windows NT Logon Application	X	winlogon.scr	Added by the W32/Rbot-ALP WORM!
Windows NT Service Name	X	winshock.exe	Added by the W32/RBOT-PK WORM!
Windows NT Update Manager	X	Winlogon.exe	Added by the AGOBOT-NU WORM! Note that those are zeroes in the filename and not capital "o"
Windows OEM Tools	X	winres32.exe	Added by a SPYBOT.FD worm infection
Windows OLE Automation Server	X	ole32aut.vbe	CoolWebSearch parasite related browser hijacker
Windows Online Updater	X	dllman.exe	Added by the W32/Rbot-TE WORM!
Windows Pc	X	winmgr.exe	Added by the W32/BIBOT-A WORM!
Windows PDG	X	winpdg.exe	Added by the W32/Rbot-ADW Worm!
Windows PNP	X	winpnp.exe	Added by the W32/Rbot-AKN WORM!
Windows PNP Server	X	pnpsrv.exe	Added by this variant of the W32/SDBOT WORM!
Windows Print Spooler	?	SCVHOSTS.EXE	Suspicious due to the similarity to the valid "svchost.exe" file
Windows Print Spooler	X	NavAgent32.exe	Added by an unidentified VIRUS!
Windows Print Spooler	X	SVEHOST.EXE	Added by the SPYBOT.H VIRUS!
Windows Process Manager	X	winproc.exe	Added by an unidentified WORM or TROJAN!
Windows Processe Manager	X	mspn32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Protectot	X	boxide.exe	Added by a variant of the W32/WOOTBOT WORM!
Windows Reg Services	X	ffservice.exe	Added by the Troj/Dloader-PL or Troj/Dloader-XM TROJAN!
Windows Reg Services	X	lncom.exe	Added by the TROJ/PRORAT-O TROJAN!
Windows Reg Services	X	lservice.exe	Added by the TROJ/PRORAT-O TROJAN!
Windows Reg Services	X	wservice.exe	Added by the TROJ/PRORAT-O TROJAN!
Windows Reg Services	X	fservice.exe	Added by the TROJ/PRORAT-D TROJAN
Windows Reg Services	X	dservice.exe	Added by the TROJ/PRORAT-D TROJAN
Windows Reg Services	X	ssservice.exe	Added by the TROJ/PRORAT-D TROJAN
WINDOWS REGISTER EDIT	X	registr32.exe	Added by an unidentified WORM or TROJAN!
Windows Register Settings	X	svmhost.exe	Added by a variant of the W32/FORBOT WORM!
Windows Registry	X	msnmsg.exe	Win32.Rbot worm variant
Windows Registry	X	winhost.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Registry Cleaner	X	winclean.exe	W32.SpyBot worm variant
Windows Registry Express Loader	X	regexpress.exe	Added by the W32/FORBOT-CJ WORM!
Windows Registry Manager	X	tasksmanagers.exe	Added by the W32.Mytob.ER WORM!
Windows Registry Name	X	winses.exe	Added by the W32/Rbot-ADB Worm!
Windows Registry Name	X	(Random filename)	Added by the W32/Rbot-AEB Worm!
Windows Registry Scan	X	regscan32.exe	WORM_RBOT.KE
Windows Registry Scan	X	regscan.exe	Added by a W32/Rbot-HA worm infection
Windows Registry Scan	X	timeupdate.exe	Added by the SPYBOT.JE WORM!
Windows Registry Scan	X	svcdll.exe	Added by the W32/RBOT-TP WORM!
Windows Registry Scan	X	regscan23.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Registry Security	X	crss.exe	Added by a variant of the BACKDOOR.IRC.BOT TROJAN!
Windows Registry Startup	X	wind32.exe	Added by the W32/Agobot-BZ WORM!
Windows Repair	X	toxikx.exe	Added by the W32/Sdbot-ADL WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows report	X	swchost.exe	Added by the Small-BD TROJAN!
windows run	X	system.exe	Added by the W32/ICPASS-A WORM!
Windows Run-Time 64bit	X	win64rt.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Runtime Help	X	win32hlp.exeWinRunHelp.wrh	Added by a variant of the AIMVISION VIRUS!
Windows Runtime Proccess	X	32RUNdll.exe	Added by the SDBOT.QW WORM!
Windows SA	X	omniscient.exe	BLAZEFIND adware
Windows Screensaver	X	Service.exe	Added by the W32.KELVIR.P or KELVIR-L WORMS!
WINDOWS SCREENSAVER	X	ssaver.scr	Added by the W32/Sdbot-YZ Worm!
Windows secure	X	setver32.exe	WORM_SPYBOT.EP
Windows Secure Connection	X	winsc.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Secure Messaging System	X	msnmsgrsrvc.exe	Added by the W32/RBOT-RE WORM!
WINDOWS SECURITY	X	wingrd.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Security	X	win.pif	Added by the W32/Rbot-APT WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Security	X	ms32.pif	Added by the W32/RBOT-ARN WORM!
Windows Security Assistant	X	rundll32.vbe	CoolWebSearch parasite related.
Windows Security Assistant	X	winsec.exe	CoolWebSearch parasite related.
Windows Security Authority Service	X	lsass.exe	Added by the W32/KALEL-A WORM! - NOTE - this should NOT be confused with the legitimate Windows lsass.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Windows Security Manager	X	winsecurity.exe	Added by the W32/AGOBOT-KI WORM!
Windows Security Manager	X	winsecure.exe	Affilred.B adware
Windows Security Module	X	module.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Security Service	X	[random file name]	Added by the W32/RBOT-ALV WORM!
Windows Security Update	X	security32.exe	Affilred.B adware
Windows Security Updater	X	WINFRW.exe	Added by the Solufina TROJAN!
Windows Serv Patch	X	Mcaffe2005.exe	Added by a variant of the WIN32.RBOT WORM!
Windows ServeAd	X	WinServAd.exe	WindUpdates WinAd adware
Windows Server Information	X	servinfo.exe	Added by the W32/FORBOT-EN WORM!
Windows Servic2	X	winsy.exe	Added by the W32/Rbot-AIA WORM!
Windows Service	X	prvdi.exe	Malware, recognized by Kaspersky antivirus as Trojan-Dropper.Win32.Small.rd
Windows Service	X	dddd.exe	Identified by Kaspersky Labs as PornWare.Dialer.Salc, also known to come with the Bube family trojans
Windows Service	X	pd7.exe	Added by the TROJ_SMALL.VZ TROJAN!
Windows Service	X	svvhost.exe	Added by the W32/AGOBOT-HL WORM!
Windows Service	X	private-zone.exe	Added by an unidentified TROJAN.CLICKER !
Windows Service	X	video.exe	Added by an unidentified TROJAN!
Windows Service	X	dstart4.exe	Added by an unidentified TROJAN!
Windows Service	X	pd14.exe	Adware, detected by TDS-3 as "TrojanDownloader.Win32.Delf.dg"
Windows Service	X	video2.exe	Added by the DOWNLOADER.SMALL.MY TROJAN!
Windows Service	X	services.exe	Added by the W32/KALEL-A WORM! - NOTE - this file should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
Windows Service	X	WINSVC.EXE	Added by the SDBOT.CL WORM!
Windows Service	X	r.exe	Added by a variant of the TROJ_SMALL.VZ TROJAN
Windows Service Controller	X	services.exe	Added by the W32/Kalel-B WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Windows Service Host	X	scvhost.exe	Added by the SDBOT.N WORM!
Windows Service Host	X	svchost.exe	Added by the CONE.B VIRUS! This is not the valid svchost.exe as described here. Located in a Windows\Tasks directory, and not in Windows\System32
Windows Service Host	X	svchost.exe	Added by the W32/Kalel-C WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the System folder.
Windows Service Host Process	X	[path to file]	Added by the W32/EZIO-A WORM!
Windows Service Loader	X	Window.exe	Added by the W32/RBOT-XO WORM!
Windows Service Manager	X	userint32.exe	Added by the W32/OSCABOT-C WORM!
Windows Service Manager	X	svcmgr32.exe	Added by the W32/OSCABOT-D WORM!
Windows Service Manager	X	msgs.exe	Added by the W32/OSCABOT-E WORM!
Windows Service Manager	X	msnmrg.exe	Added by the W32/OSCABOT-G WORM!
Windows Service Manager	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Manager	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Manager	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Manager	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Manager	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Manager	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Manager	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Manager	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
Windows Service Pack Auto Update	X	winworks.exe	Adware downloader, identified by eScan antivirus as Trojan-Clicker.Win32.Agent.bt
Windows Service Pack Auto Update	X	ballin.exe	Added by an unidentified WORM or TROJAN!
Windows Service Pack Auto Update	X	figgaz.exe	Added by a TROJAN.CLICKER - identified by Kaspersky antivirus as Trojan-Clicker.Win32.Agent.bt
Windows Service Pack Auto Update	X	del-me.exe	Adware, also detected as the Lowzones.BH TROJAN!
Windows Service Pack2	X	svchhost.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Service Pack2	X	WIN43.EXE	Added by the GAOBOT.G WORM!
Windows Service Support Call	X	SVSS32.EXE	Added by the W32/RBOT-XQ WORM!
Windows Service Utitity	X	winsrvc.exe	Added by the W32/Rbot-ASI or W32/Rbot-AUP WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Service XP	X	XpFirewall.exe	Added by the W32.MYTOB.AM WORM!
Windows Services	X	service.exe	Added by the RANDEX.R VIRUS!
Windows Services	X	Spool32x.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Services	X	Explorer.exe	Added by the W32/SDBOT-WT WORM! - NOTE - the valid "explorer.exe" file is located in C:\Windows or C:\Winnt, whereas this one is located in the Windows\System32 or Winnt\System32 folder!
Windows Services	X	scvhoste.exe	Added by W32.Spybot.OBZ WORM!
Windows Services	X	winsvc32.exe	Added by the W32/MYTOB-CB WORM!
Windows Services	X	scmsg.exe	Added by a variant of the W32/SDBOT WORM!
Windows Services	X	NetworkDriver32.exe	Added by the W32/RBOT-ACR WORM!
Windows Services	X	NetworkDrivers.exe	Added by the W32/Sdbot-YO Worm!
Windows Services	X	smsc.exe	Added by a variant of the W32/SDBOT WORM!
Windows Services Host	X	svchost.exe	Added by the CONE or CONE.E VIRUSES!. This is not the valid svchost.exe as described here. Located in the Windows directory, and not in Windows\System32
Windows Services Hosts	X	svhosts.exe	Added by the TROJ/SDBOT-YH TROJAN!
Windows Services Ink Platform Tablet Input Subsystem	X	wsiptis.exe	Added by the RBOT.APC WORM!
Windows Services Update	X	svch0st.exe	Added by a variant of the WIN32.RBOT WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
Windows Session Manager	X	smss32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Session Manager Subsystem	X	smss.exe	Added by the W32/Kalel-B WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Windows shell	?	win70.exe	??
Windows Shell	X	shell.exe	Added by the W32/MYTOB-CA WORM!
Windows Shell	X	taskgmr.exe	Added by the WIN32/MYTOB.BV WORM!
Windows Shell Library Loader	X	load shell.dll /c /set	CoolWebSearch parasite related.
windows shellext.32	X	mschost.exe	Added by the BLASTER.K VIRUS!
WINDOWS SKY	X	sky.exe	Added by the W32.MYTOB.CH WORM!
Windows Smart Manager	X	smart.exe	Added by the W32/RBOT-SL WORM!
Windows Socketheader	X	[random filename]	Added by the ANIXMA.A WORM!
Windows Sound Driver	X	SndMon32.exe	W32.SpyBot worm variant
Windows Sound Manager	X	SndMon32.exe	Added by the W32/FORBOT-BU WORM!
Windows Sound Manager	X	SndMon16.exe	Added by a variant of the W32/FORBOT WORM!
Windows SP2 Firewall	X	wfirewall7.exe	Added by a variant of the WIN32.RBOT WORM!
Windows SP2 Update	X	Sp2update.exe	Added by the WOOTBOT.BS WORM!
Windows SP2 Version Load	X	wuauclt32.exe	Added by the GAOBOT.CX WORM!
Windows SP4	X	directCC.exe	Added by the W32/RBOT-ACX WORM!
Windows Spool Server	X	spoolsrv.exe	Added by the W32/Sdbot-ACT WORM! Note: This is not the legitimate Windows process spoolsv.exe (Notice the difference in the spelling). This trojan file (spoolsrv.exe) is also located in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows SpoolaPrint Service	X	spoolasrv.exe	Added by the W32/Sdbot-AYD WORM!
Windows Spooler	X	SPOOLSRV.EXE	Added by the SPYBOT.P VIRUS!
Windows Spooler	X	spoolsv32.exe	Added by an unidentified WORM or TROJAN!
Windows Spooler Services	X	spool.exe	Added by the W32/AGOBOT-AMO WORM!
Windows SpoolPrint Service	X	spoolersrv.exe	Added by the W32/Sdbot-ZT WORM!
Windows Spools SV	X	winsv.exe	Added by W32/Rbot-AUQ WORM!
Windows spoolservr Service	X	spoolservr.exe	Added by the W32/Sdbot-AAN WORM!
Windows Spoolsre Service	X	spoolsre.exe	Added by the W32/Sdbot-AAE WORM!
windows spoolsrv service	X	spoolssv.exe	Added by the W32/Sdbot-AWV Worm!
Windows Spoolsrv Service	X	spoolmsv.exe	Added by the W32/Sdbot-ZS WORM!
Windows Spoolsurf Service	X	spoolsurf.exe	Added by the W32/SDBOT-ZZ WORM!
Windows SpooltPrint Service	X	spooltsrv.exe	Added by the W32/SDBOT-AYE WORM!
Windows Spoolvvv Service	X	spoolvvv.exe	Added by the W32/SDBOT-AAW WORM!
Windows sq Drivers	X	winmsn32.exe	Added by the W32/Rbot-ADI Worm!
Windows Sql Service For Windows 32 Bit	X	winsql32.exe	Added by the W32/FORBOT-FC WORM!
Windows SSH Client	X	winssh.exe	Added by the W32/Rbot-AXC WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows SSL File	X	winssv.exe	Added by the WOOTBOT.CA WORM!
Windows Stand Sound Drivers	X	Sounddrv.exe	Added by the W32/SDBOT-XF WORM!
Windows Standard Securty	X	(Random 3-letter filename)	Added by the W32/Rbot-ALF WORM! Note: May use DOZ.EXE for file name.
Windows Start Server 2000	X	traficy.exe	Added by the W32/Rbot-AHM WORM!
Windows Startup	X	winsta~1.exe	Go-Hip browser add-on
Windows Startup	X	Wdrun32.exe	Added by the GAOBOT.AO WORM!
Windows Startup	X	services21.exe	Added by the W32/Agobot-MX WORM!
Windows Startup	X	winstartup.exe	Go-Hip browser add-on
Windows Startup 32 Bits	X	sysrun32.exe	DarkSun trojan variant
Windows Streams Server	X	localsrv.exe	Added by the SDBOT.LN WORM!
Windows Subsys	X	winload.exe	Added by the NETSPREE.C WORM!
WINDOWS SVC	X	winsvc.exe	Added by the W32/MYTOB-EY WORM!
Windows SyncroAd	X	SyncroAd.exe	Windupdates adware variant
WINDOWS SYSTEM	X	nec.exe	Added by the W32/Mytob-L or W32/Mytob-CM and W32/Mytob-CN Worms!
WINDOWS SYSTEM	X	xxx.exe	Added by the W32.Mytob.CZ WORM!
Windows System	X	WINSYS.exe	Added by the W32/Mytob-M or W32/Mytob-EK WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
WINDOWS SYSTEM	X	beta.exe	Added by the W32.Mytob.DF WORM!
WINDOWS SYSTEM	X	test.exe	Added by the W32.Mytob.DJ WORM!
WINDOWS SYSTEM	X	test2.exe	Added by the W32.Mytob.DJ WORM!
WINDOWS SYSTEM	X	test3.exe	Added by the W32.Mytob.DV WORM!
WINDOWS SYSTEM	X	skybot.exe	Added by the W32/Mytob-CX or W32.Mytob.EB or W32/Mytob-BO or W32/Mytob-BP WORM!
WINDOWS SYSTEM	X	winsys33.exe	Added by the W32.Mytob.EK WORM!
WINDOWS SYSTEM	X	msdev32.exe	Added by the W32.Mytob.EH WORM!
WINDOWS SYSTEM	X	dcomuser.exe	Added by the W32.Mytob.EO WORM!
WINDOWS SYSTEM	X	winligon.exe	Added by the W32.Mytob.EP WORM!
WINDOWS SYSTEM	X	winvnc.exe	Added by the W32.Mytob.EU WORM!
WINDOWS SYSTEM	X	win.exe.exe	Added by the W32.Mytob.FA WORM!
Windows System	X	nibie.exe	Added by the W32.Mytob.FO WORM!
WINDOWS SYSTEM	X	nec.exe	Added by the W32/Mytob-BH Worm!
WINDOWS SYSTEM	X	ninfoie.exe	Added by the W32/Mytob-EP Worm!
WINDOWS SYSTEM	X	skybotx.exe	Added by the W32.Mytob.FT WORM!
WINDOWS SYSTEM	X	smoc.exe	Added by the W32.MYTOB.FU WORM!
WINDOWS SYSTEM	X	winxpserv.exe	Added by the W32/Mytob-BQ Worm!
WINDOWS SYSTEM	X	smsc.exe	Added by the W32/MYTOB-BR WORM!
WINDOWS SYSTEM	X	winmon.exe	Added by the W32.Mytob.GB WORM!
WINDOWS SYSTEM	X	lf66prc.exe	Added by the W32.Mytob.GC WORM!
WINDOWS SYSTEM	X	nibie.exe	Added by the W32/Mytob-BY WORM!
WINDOWS SYSTEM	X	skybotx.exe	Added by the W32/Mytob-BY WORM!
WINDOWS SYSTEM	X	wdns33.exe	Added by the W32/Mytob-BY WORM!
WINDOWS SYSTEM	X	winsvc32.exe	Added by the W32.MYTOB.HH WORM!
WINDOWS SYSTEM	X	winNTsys32.exe	Added by the W32/MYTOB-DM WORM!
WINDOWS SYSTEM	X	winaup.exe	Added by the W32/Mytob-DN WORM!
WINDOWS SYSTEM	X	logic.exe	Added by the W32.MYTOB.IC WORM!
WINDOWS SYSTEM	X	mtrnqs.exe	Added by the W32.MYTOB.IG WORM!
WINDOWS SYSTEM	X	gothica.exe	Added by the MYTOB.HU WORM!
WINDOWS SYSTEM	X	msnl.exe	Added by the W32.Mytob.IK WORM!
WINDOWS SYSTEM	X	botzor.exe	Added by the W32/ZOTOB WORM!
WINDOWS SYSTEM	X	per.exe	Added by the W32/ZOTOB.C WORM!
WINDOWS SYSTEM	X	\skybot.exe	Added by the MYTOB.JU WORM!
WINDOWS SYSTEM	X	twunk_65.exe	Added by the W32/MYTOB-EG WORM!
WINDOWS SYSTEM	X	servises.exe	Added by the W32/Zotob-I WORM! Note: (servises.exe) is not the legitimate Windows Process. (Notice the difference in the spelling.) The legitimate Windows Process (services.exe) should not be seen in Msconfig or as a Startup item.
WINDOWS SYSTEM	X	servce.exe	Added by the W32/Mytob-EI WORM! Note: This trojan/worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
WINDOWS SYSTEM	X	xpupdate.exe	Added by the W32/ZOTOB-G WORM!
WINDOWS SYSTEM	X	sky.exe	Added by the MYTOB.LB WORM!
WINDOWS SYSTEM	X	winsvc.exe	Added by the MYTOB.LM WORM!
WINDOWS SYSTEM	X	expI0rer.exe	Added by the W32/Mytob-FI WORM! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Also, please note the spelling of this file as it is different from the Windows system file explorer.exe.
WINDOWS SYSTEM	X	Win32IMAPSVR.exe	Added by the W32/Mytob-FQ WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows System 32-Bat Service	X	win32bat.exe	Added by the W32.Mytob.FI WORM!
Windows System Backup	X	SysBackup.exe	Unidentified malware
WINDOWS SYSTEM By FEnR	X	windasz-updote.exe	Added by the MYTOB.LR WORM!
WINDOWS SYSTEM Cleaner	X	h3.exe	Added by the W32.Mytob.EQ WORM!
WINDOWS SYSTEM CLEANER	X	iexplore.exe	Added by the W32.Mytob.ET WORM!
Windows System Configuration	X	SYSCFG16.EXE	Added by the W32/Domwis-N WORM!
Windows System Configuration	X	Winfrw.exe	Added by the BACKDOOR.SOLUFINA TROJAN or the W32/DOMWIS-J WORM!
Windows System Configuration	X	Passcfg16.exe	Added by the DOMWIS-E TROJAN!
Windows System Configuration	X	WINCFG32.EXE	Added by the W32/Agobot-TE WORM!
Windows System Configuration	X	WinNeth.exe	Added by the W32/Rethe-A WORM!
Windows System Configuration	X	wincfg.exe	Added by the AGOBOT.OP WORM!
Windows System Configuration	X	nether.exe	Added by the W32/Opanki-AB WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
WINDOWS SYSTEM Dns	X	windsns.exe	Added by the W32.Mytob.EY WORM!
WINDOWS SYSTEM DNSPOOL	X	hbmail.exe	Added by the W32.MYTOB.FW WORM!
Windows System File	X	cmxp.exe	Added by the W32.Spybot.KHO WORM!
WINDOWS SYSTEM FILE	X	winload.exe	Added by the MYTOB.DK WORM!
Windows System Gateway	X	SPOOLER.EXE	Added by a variant of the WIN32.RBOT WORM!
Windows System Init	X	winit32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows System Manager	X	winsystem.exe	Added by a W32/Rbot-AN worm infection
Windows System Manager	X	sysconf.exe	Added by the W32.MYTOB.AL WORM!
Windows System Manager	X	smsc.exe	Added by a variant of the WIN32.RBOT WORM!
Windows System Manager	X	crssm.exe	Added by the W32/Rbot-AFH Worm!
WINDOWS SYSTEM MANAGER	X	spoolsvc.exe	Added by the W32/Mytob-LY WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows System Manager Loader	X	smsls.exe	Added by the AGOBOT.TF WORM!
Windows System Manager Proc	X	winsmc.exe	Added by the RBOT.JH WORM!
Windows System Manager Proc	X	winsmc.exe	Added by the RBOT.JH WORM!
WINDOWS SYSTEM MEMORY LOADER	X	memloader.exe	Added by the W32/MYTOB-IN WORM!
WINDOWS SYSTEM mscdvvs	X	mscdvvs.exe	Added by the MYTOB.MD WORM!
windows system notepad	X	wnpsm.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
Windows System Restore Configuration	X	Sblhost.exe	Added by a variant of the SPYBOT.GEN VIRUS!
Windows System Restorer	X	SystemRestorer.exe	Added by the DULOAD.C VIRUS!
Windows System Security	X	winmp.exe	Added by the RBOT.IV WORM!
Windows System Security		sys32.pif	Added by the W32/Rbot-AOL WORM! Note: This worm\trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows System Security Monitor	X	(4 random letters).exe	Added by the W32.Pinkton.A Worm!
Windows System Serivce	X	winserv.exe	Added by a variant of the Win32.Rbot WORM!
windows system service	X	winsock.exe	Added by the W32/RBOT-MR WORM!
Windows System Tray	U	msni.exe	Iambigbrother monitoring software
Windows System Tray	X	swhost.exe	Unidentified worm or trojan
Windows System Tray	U	dlhost.exe	Related to IamBigBrother Internet monitoring software.
WINDOWS SYSTEM UPDATE	X	xDcc.exe	Added by the W32/Mytob-EH WORM!
Windows System32	X	windowsp.exe	Added by the MYTOB.GD WORM!
Windows System32	X	winsys32.exe	Added by the W32/Sdbot-AHS WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows System32 Kernel	X	system32.exe	Added by the W32/SDBOT-AAT WORM!
WINDOWS SYSTEMn	X	servicces.exe	Added by the W32/Mytob-EL WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows Systemnmg	X	stagmr.exe	Added by the W32.MYTOB.S WORM!
Windows Sz Host	X	winshvc.exe	Added by a variant of the W32/SDBOT WORM!
Windows Task Manager	X	taskmngr.exe	Added by the W32/Rbot-ANM WORM! Note: This worm/trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows Task Manager	X	ACCOUNT_DETAILS.DOC.exe	Added by the QUATERS.A VIRUS!
Windows Task Manager	X	taskmgn.exe	Unidentified malware, either a variant of the WIN32.RBOT WORM, or part of a Casino Palazzo foistware install.
Windows Task Manager	X	taskmrg.exe	Added by the W32.MYTOB.AV WORM!
Windows Task Manager	X	taskgmr.exe	Added by the W32.Mytob.BJ and W32/Mytob-AJ WORMS!
Windows Task Manager	X	taskmg.exe	Browser hijacker - identified by DrWeb antivirus as "Trojan.StartPage.601"
Windows Task Manager Emulator	X	kennewr.exe	Added by the W32/SPYBOT-FA WORM!
Windows Task Manager-Emulator	X	uswtme.exe	Added by a W32/Rbot-CG infection
Windows Task Scheduler	X	asijdie.exe	Added by an unidentified WORM or TROJAN!
Windows Task Service (32-bits)	X	tasksys.exe	Added by the DREFIR.D WORM!
Windows TaskAd	X	Wintaskad.exe	WindUpdates WinTaskAd adware variant
Windows Taskbar Manager	X	(path to file)	Added by the W32.PROTORIDE.B WORM!
Windows Taskbar Manager	X	internat.exe	Added by the PROTORIDE-H WORM!
Windows Taskmanager	X	lsassx.exe	Added by the W32.Kelvir.C or W32.Kelvir.E WORM!
Windows TCP/IP	X	wintcp.exe	Added by the W32/AGOBOT-ZH WORM!
Windows Telnet Server	X	wintel.exe	Added by the W32/AGOBOT-MW WORM!
Windows Time	X	winmgr.exe	Added by the W32/RBOT-XC WORM!
Windows Time Server	X	TimeSRV.exe	W32.Spybot.DNC worm
Windows TM	X	rundlI32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows TM	X	SVPHOST.exe	Added by a variant of the WIN32.RBOT WORM!
Windows TM	X	windowssys32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows TM	X	WinxSys.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Upate	X	rundll.exe	Added by the HAKO TROJAN! - NOTE: this is NOT the Windows system file of the same name as described here
Windows Update	X	(random filename)	Added by the NORIO VIRUS! Acts as a hi-jacker redirecting to adult content sites
Windows Update	X	iexplorere.exe	Added by the GAOBOT.AP WORM!
windows update	X	uddater.exe	Added by the LEOX VIRUS!
Windows Update	X	wudate.exe	Added by the AGOBOT.ML WORM!
Windows Update	X	wupdate.exe	Wengs adware
windows update	X	sychost.exe	Added by the LEOX.B VIRUS!
Windows Update	X	host32.exe	Added by the W32/RBOT-GU WORM!
Windows Update	X	Wuamgrd.exe	W32.SpyBot worm variant
Windows Update	X	inetinf.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Windows Update	X	host32.exe	Added by the W32/RBOT-GU WORM!
windows update	X	wuraclt.exe	Added by the W32/RBOT-PO WORM!
windows update	X	Wuanclt.exe	Added by the RBOT.XZ WORM!
windows update	X	Wruaclt.exe	Added by the RBOT.XZ WORM!
windows update	X	Wuacrlt.exe	Added by the RBOT.XZ WORM!
Windows Update	X	windows.exe	Added by the W32/RBOT-RB WORM!
Windows Update	X	ebay.exe	Added by the W32.GAOBOT.BUU WORM!
windows update	X	wuaurlt.exe	Added by the RBOT.ADG WORM!
Windows Update	X	wuampd.exe	Added by the RBOT.UM WORM!
windows update	X	wuaruclt.exe	Added by a variant of the WIN32.RBOT WORM!
windows update	X	wuaucrlt.exe	Added by the W32.SPYBOT.HUR WORM!
Windows Update	X	msnwinsb.exe	Added by the W32/RBOT-AAH WORM!
windows update	X	wuarclt.exe	Added by the W32/RBOT-OF WORM!
Windows Update	X	winupdate.exe	Added by the W32/SDBOT-WS WORM!
Windows Update	X	scvhost.exe	Added by the W32/SDBOT-XT WORM!
Windows Update	X	Update.exe	Added by the TROJ/DELF-FN TROJAN!
Windows Update	X	taskmr.exe	Added by the W32/Mytob-GZ Worm!
Windows Update	X	wininfo.exe	Added by the W32.Mytob.GA WORM!
Windows Update	X	winlogin.exe	Added by the Troj/Banker-DV or Troj/Banker-FY or Troj/Banker-GB TROJAN!
windows update	X	Microsoft.exe	Added by the TROJ_LMIR.A TROJAN!
windows update	X	msnsever.exe	Added by the W32/RBOT-AHN WORM!
Windows Update	X	update32.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Update	X	mplupdate.exe	Added by the W32.HLLW.MOEGA WORM!
windows update	X	logonuit.exe	Added by the Troj/LegMir-AO TROJAN!
Windows Update	X	qtask.exe	Added by the W32/RBOT-AKU WORM! - NOTE: do NOT confuse with the Quicken file of the same name as described here
windows update	X	real.exe	Added by the TROJ/LEGMIR-AU WORM!
Windows Update	X	msnupdates.exe	Added by the W32/Rbot-ALK WORM! Note: This file has nothing to do with Windows updates or MSN.
Windows Update	X	windowsx.exe	Added by the TROJ/BANCD-A TROJAN!
Windows Update	X	wupdmgr.exe	Added by the following Trojans: Troj/Banker-AHO - Troj/Bancban-FC - Troj/Bancban-GP - Troj/Bancban-GQ - Troj/Bancban-HB - Troj/Bancban-HC
Windows update	X	wudupdate.exe	Adware downloader - Istbar related
Windows Update	X	msnsupdate.exe	Added by the W32/Rbot-AXS WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows Update 32	X	winlogons.exe	Added by the W32/Forbot-FI WORM!
Windows Update 32	X	slsys.exe	Added by a variant of the W32/FORBOT WORM!
Windows Update 32	X	rempss.exe	Added by the W32/Forbot-FW WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Update 63	X	shupd64.exe	Added by the W32/Forbot-GA WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Update 64	X	WinV.exe	Added by the W32/FORBOT-FP WORM!
Windows Update 64	X	nbupd64.exe	Added by a variant of the W32/FORBOT WORM!
Windows Update Auto Update	X	wuaumgr.exe	Added by a variant of the W32.SPYBOT WORM!
Windows Update AutoUpdate Client Product	X	wuauct.exe	Added by the AGOBOT.ACL WORM!
Windows Update Center	X	svthx.exe	Added by the W32.STUBBOT.A WORM!
Windows Update Center	X	W32RSA.exe	Added by an unidentified WORM or TROJAN!
Windows Update Checker	X	random file names	adware downloader trojan
Windows Update Checker	X	deinst_qfe001.exe	Added by a variant of the Win32.Small TROJAN!
Windows Update Checker	X	deinst_qfe002.exe	Added by a variant of the Win32.Small TROJAN!
Windows Update Checker	X	msupdte32.exe	Added by the W32/Sdbot-AEF WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Update Client	X	wuclient.exe	Added by the WIN32.SMALL.RN downloader TROJAN!
Windows Update Client Service	X	windrvl32.exe	Added by the AGOBOT-MM WORM!
Windows update config	X	svhost.exe	Added by a W32/Sdbot-PF worm infection
windows update configurator	X	svghost.exe	Added by a variant of the W32.SPYBOT WORM!
Windows Update Controller	X	mwoffice.exe	Added by the TROJ/BATTRY-A TROJAN!
Windows Update Files	X	dnetc.exe	Unidentified VIRUS! Note - wupdmgr.exe is the real Windows Update
Windows Update Manager	X	wupdmngr.exe	Added by the W32.RANDEX.BTB WORM!
Windows Update Manager	X	Winlog0n.exe	Added by the TROJ/AGENT-BO TROJAN!
Windows Update Manager	X	wupdate.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Update Manager for NT	X	wupdmgr32.exe	Added by the BACKDOOR.SDBOT.AH WORM!
Windows Update Monitoring Service	X	winupdt.exe	Added by the W32/RBOT-PL WORM!
Windows Update Process	X	wmiprvsc.exe	Added by the W32/SDBOT-CB WORM!
Windows Update Service	X	csrs.exe	Added by the W32/AGOBOT-NI WORM!
Windows Update Service	X	smcg.exe	SDBOT.QY worm
Windows Update Service	X	regscv.exe	Added by the W32/AGOBOT-AM WORM!
Windows Update Service	X	SP00ISS.exe	Added by the W32/Sdbot-ZH Worm!
Windows Update Service	X	update32.pif	Added by the W32/Rbot-ALC WORM!
Windows Update Service 2004/2005	X	systemupdate.exe	Added by a Rbot-JE worm infection
Windows Update services	X	wservices.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Update services	X	wins32svcs.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Update Software	X	system.exe	Added by the TOFGER.BX TROJAN!
Windows Update System Shell	X	svhostcs32.exe	Added by the W32/RBOT-AAZ WORM!
Windows Update V6	X	(random file name)	Added by a W32/Rbot-KT worm infection
Windows Update.exe	X	N/A	Homepage hijacker, see here
Windows Updated	X	spoolsae.exe	Added by the W32/Rbot-APM WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Updated	X	updatr.exe	Added by the W32/Rbot-AYB WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Windows Updater	X	wupdmgr32.exe	Added by a variant of the DOS.AUTOCAT VIRUS!
Windows Updater	X	iexplorerrs.exe	Added by the W32/RBOT-TN WORM!
Windows Updater	X	svigost.exe	Added by the W32/RBOT-VS WORM!
Windows Updater	X	wupdate.exe	Added by the WOOTBOT.AJ WORM!
Windows Updater	X	sdsys.exe	Added by the W32/Forbot-JG WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Windows Updater Online	X	winupdatexx.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Updates	X	lsassx.exe	Added by a variant of the W32/SDBOT WORM!
Windows Updates	X	winupd32.exe	Added by the W32.MYTOB.CE WORM!
Windows Updates	X	w32dns.exe	Added by the W32/Sdbot-BFW Worm!
Windows Updating Service	X	updating.pif	Added by the W32/RBOT-ALW WORM!
Windows Updtee Mgnr	X	W1NT45K.exe	Added by the W32.Mytob.DC WORM!
Windows USB controler	X	winusb.exe	Added by the W32/RBOT-HR WORM!
Windows USB Driver Support	X	Windowsusb.exe	Added by a variant of the W32.SPYBOT WORM!
Windows USB Service	X	666.exe	Added by the W32.MYTOB.AR WORM!
Windows USBD	X	msifirewall.exe	Added by an unidentified WORM or TROJAN!
Windows User Mode Driver Manager	X	wdfmrg.exe	Added by W32/Sdbot-ZN Worm!
Windows User Starter	X	winuser32.exe	Added by the RBOT.SN WORM!
Windows Version Check	N	ver_chk.exe	Version checker for CyberAudioLibrary ("A new way to exchange information through the Internet")
Windows video	X	vide_32.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
Windows Video Acquisition (WVA)	X	wvsvc.exe	Added by the AGOBOT.YM WORM!
Windows Video Drivers	X	videons32.exe	Added by the GAOBOT.AZT worm
Windows Virus Control	X	plou.exe	Added by the W32/SDBOT-ACZ WORM!
Windows Web Services	X	spoolsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Web Services	X	svcadmin.exe	Added by the Troj/Dloader-NY Trojan!
Windows Web Services	X	tcpsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Web Services	X	netsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Web Services	X	websvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Web Services	X	localsvc.exe	Added by the Troj/Dloader-NY Trojan!
Windows Web Services	X	svcrun.exe	Added by the Troj/Dloader-NY Trojan!
Windows Web Services	X	svcman.exe	Added by the Troj/Dloader-NY Trojan!
Windows Workstation	X	mpci.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Workstation	X	msup32a.exe	Added by a variant of the W32/SDBOT WORM!
Windows Workstation Service	X	wkssvc.exe	Added by the W32/Sdbot-AED WORM! Note: Creates Multiple copies of it's self, Read the link.
Windows Workstation Service (32-bits)	X	wkssvc32.exe	Added by a variant of the W32/SDBOT WORM!
Windows Workstation Start Service	X	mslanmgr.exe	Added by a variant of the WIN32.RBOT WORM!
Windows Xp	X	nortonguard.exe	Added by the W32/Mytob-DZ WORM!
Windows XP Automatic Update	X	wXPupdate.exe	Added by the W32/Rbot-AFC Worm!
Windows Xp Service Pack 2	X	svchost.exe	Added by the Troj/Xplos-A TROJAN! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item.
Windows XP SP2 KeyGen	X	Windows XP SP2 KeyGen.exe	Added by the W32/TIBICK-C WORM!
Windows-System	X	System32.exe	Added by the LOGPOLE.C VIRUS!
Windows-TCP-IP	X	rfkampig.exe	Added by the GIPMA VIRUS!
Windows-XP-Service-Pack	X	xpspz.exe	Added by the W32/SDBOT-AAC WORM!
windows16	X	windows16.exe	Added by the Troj/VB-XU TROJAN!
Windows32	X	rundll.exe	Added by the AGOBOT-LK or AGOBOT-ND WORMS!
windows32	X	windows32.exe	Added by the Troj/VB-XU TROJAN!
Windows32	X	wuuaclt.exe	Added by the W32.Bratle.B WORM!
Windows32 Configuration Loader	X	msrf32.exe	Added by the W32/Sdbot-ABX WORM!
Windows32 Messenger Service	X	msmsgv.exe	Added by the RBOT.ANS WORM!
Windows32 Net Database	X	msnd32.exe	Added by the W32/RBOT-AAL WORM!
Windows32 Serivces	X	winser32.exe	Added by the SPYBOT.AAF WORM!
WindowsAgent	X	WindowsAgent.exe	Added by the GOP.G VIRUS!
WindowsAgent	X	sysexhook.exe	Added by the GOP keyboard logger/TROJAN!
WindowsAPI.DLL	X	Server5.exe	Added by the "Fear and Hope" trojan
WindowsBackup	X	"%Windir%\WINDOWSBACKUP.EXE"	Added by the W32.Stang WORM!
WindowsCRC	X	wscrc.exe	Added by the W32/SDBOT-VU WORM!
WindowsCriticalUpdate	X	windows_critical_update.exe	Added by the ASTEF or RESPAN VIRUSES!
WindowsDiskLog	X	cstsm.exe	Added by Troj/Stinx-C or Troj/Stinx-D TROJAN!
WINDOWSflashbrg	X	sqldata1.exe	Added by a variant of the AGENT-IC TROJAN!
Windowsfw	X	windowsfw.exe	Added by the W32/AGOBOT-TA WORM!
WindowsFY	X	wp.exe	Part of a "Security IGuard" parasite infestation - also detected as TROJAN.DESKTOPHIJACK and Troj/FakeAle-A Worm!
WindowsFY	X	bsw.exe	Added by a variant of the DESKTOPHIJACK TROJAN! - for removal see here
WindowsFZ	X	A5281300.so	Variant of the SmitFraud alias FAKEALE-C TROJAN!
WindowsFZ	X	zloader3.exe	Variant of the SmitFraud alias FAKEALE-C TROJAN!
WindowsFZ	X	(PATH TO EXECUTABLE FILE)	Added by the W32.Desktophijack Virus! Also see Trojan.Desktophijack.B Trojan!
WindowsKeyUpdate	X	master.exe	Added by the W32.JOSAM WORM!
WindowsMGM	X	Winmgm32.exe	Added by the SOBIG and LALA.C VIRUSES!
WindowsRegistration	X	(random filename)	Added by the W32/RBOT-NO WORM!
WindowsRegKey Autoupdate	X	Explorer.exe	Added by a variant of the WIN32.RBOT WORM! NOTE: THis is NOT the legitimate Explorer.exe!
WindowsRegKey Autoupdate	X	Iexplore.exe	Added by a variant of the WIN32.RBOT WORM! NOTE: THis is NOT the legitimate Internet Explorer file!
WindowsRegKey upd4te2d4te	X	********.exe ( = random char)	Added by the RBOT.XQ WORM!
WindowsRegKey update	X	Winupdate.exe	Added by the SDBOT.NT WORM!
WindowsRegKey update	X	win2kup2date.exe	Added by a SPYBOT.FK worm infection
WindowsRegKey update	X	Windowsup.exe	Added by the SDBOT.PU WORM!
WindowsRegKey update	X	[random or different file name]	Added by the RBOT.QT WORM!
WindowsRegKey update	X	svchostc.exe	Added by the RBOT.IF WORM!
WindowsRegKey update	X	windns.exe	Added by the RBOT.IE WORM!
WindowsRegKey update	X	16winupdate32.exe	Added by a variant of the WIN32.RBOT WORM!
WindowsRegKey update	X	WinUpdate32.exe	Added by a variant of the WIN32.RBOT WORM!
WindowsRegKey update	X	winupdatexx.exe	Added by the RBOT.LW WORM!
WindowsRegKey update	X	wdnupdate.exe	Added by the SDBOT.QX WORM!
WindowsRegKey update	X	svchoosts.exe	Added by the RBOT.ADB WORM!
WindowsRegKey update	X	WINUPDATES.EXE	Added by the W32/RBOT-MM WORM!
WindowsRegKey update	X	winupdat32.exe	Added by the W32/RBOT-AGW WORM!
WindowsRegKey update XP	X	windexv1.exe	Added by the W32/RBOT-ABM WORM!
WindowsRegKey%$ update	X	msi332.exe	Added by a W32/Rbot-IX worm infection
WindowsRegKey%update	X	ethernet32m.exe	Added by the W32/RBOT-EN WORM!
WindowsRegKeys update	X	winsysi.exe	Added by a SDBOT.WE worm infection
WindowsRegKeys update	X	windup.exe	Added by a variant of the WIN32.RBOT WORM!
WindowsSetup	X	(path to trojan)	Added by the EZBOT VIRUS!
WindowsSQL service	X	boner.exe	Added by the SDBOT.XRM WORM!
WindowsUpd	X	WindowsUpd4.exe	VirtuMonde adware
WindowsUpd1.exe	X	WindowsUpd1.exe	VirtuMonde adware
WindowsUpd2.exe		WindowsUpd2.exe	VirtuMonde adware
WindowsUpdate	X	windows_update.exe	Added by the LOHACK.B VIRUS!
WindowsUpdate	X	svchost.exe	Added by a number of worms and trojans: TROJ/AGENT-DR , ASTEF , RESPAN and others
windowsupdate	X	RPCX1sQ3.exe	Added by the IRCBOT.B VIRUS!
WindowsUpdate	X	USRINIT.EXE	Added by the MADDIS.B VIRUS!
WindowsUpdate	X	svchost.exe	Added by the TROJ/AGENT-V TROJAN!
windowsupdate	X	winupdate.exe	Added by the W32/WARPI WORM!
WindowsUpdate	X	svchost.exe /s	Added by the Troj/Bdoor-IK TROJAN!
WindowsUpdate	X	winnnint.exe	Added by an unidentified WORM or TROJAN!
WindowsUpdate	X	[path to file]	Added by Troj/Agent-EQ TROJAN!
WindowsUpdate	X	dupadupam2.exe	Added by the Troj/Dupa-B TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
WindowsUpdate Service	X	wuautlc.exe	Added by the W32/RBOT-NR WORM!
Windowsupdate Service	X	csrss.exe	Added by the BUCHON.E WORM! **Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling
WindowsUpdateDirect	X	dupadirect.exe	Added by the Troj/Dupa-C TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
WindowsUpdatem1	X	(Path of Executable)	Added by the Troj/Agent-AAJ TROJAN! Note: This trojan is a password stealing trojan.
WindowsUpdateNT	X	svwhost.exe	Added by the Troj/Shellot-B TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
WindowsXP Module	X	DirectX3D.exe	Malware, reportedly a keylogger - see here
WindowsXP Update	X	windowsxpupdate.exe	Added by the W32/RBOT-PB WORM!
WindowsXPserv	X	svcnxp32.exe	Addee by the NANINF-A TROJAN!
Windows_Protect	X	winregal.exe	Added by a variant of the WIN32.RBOT WORM!
Windows_Protect	X	winsystem.exe	Added by a variant of the WIN32.RBOT WORM!
Windows_Protect	X	wincontrol32.exe	Added by the W32/Rbot-ADK Worm!
Windows_Protect	X	lsas.exe	Added by the RBOT.ARO WORM!
Windows_Serivce	X	SERVICE.exe	Added by a WOOTBOT.AH worm infection
Windows_Updates	X	svthost.exe	W32.SpyBot worm variant
Windows_VXD	X	user32.exe	Added by the PWSTEAL.PPORT VIRUS!
Windowz	X	(original worm file name).vbs	Added by the VBS.Nukip Worm!
Windowz Update V2.0	X	Explorer.exe	Added by the YODO VIRUS! Note - the valid "explorer.exe" is located in C:\Windows or C:\Winnt whereas this one is located in the System32 sub-directory
Window_Protect	X	winsi32.exe	Added by a variant of the WIN32.RBOT WORM!
Windoxs Update Center	X	W32RfSA.exe	Added by a variant of the W32/SDBOT WORM!
WinDR	X	SysDre.exe	Added by the W32/Dref-H WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
WinDrg32	X	windrg32.exe	Added by the DRUDGEBOT.A WORM!
WinDriv32	X	WinDriv32.exe	Added by the SMALL-BA TROJAN!
WinDriver Configuration	X	windrvconf.exe	Added by the AGOBOT-LX WORM!
WINDRUN	X	taskgmrs.exe	Added by the W32/MYTOB-BT WORM!
windrv	X	windrv32.exe	Unidentified VIRUS - possibly a strain of OBLIVION or BIONET
WinDrv	X	windrvx.exe	Added by a variant of the TIBSER.A downloader TROJAN!
WinDSL MTU-Adjust	U	WinDSL_MTU.exe	Adjusts the registry setting of the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL Technologieberatung
WinDSL_MTU	?	WinDSL_MTU.exe	May be realted to Tiscali broadband, if so is it required?
WinDSNX	X	Win????.exe	Added by the DNSX VIRUS!
WindUpdates	X	WinUpdt.exe	Windupdates adware
WindUpdates	X	(path to trojan)	Added by the AGENT.BF VIRUS!
WINDVDpatch	N	CTHELPER.EXE	CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative�s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
WinDVR SchSvr	N	SchSvr.exe	WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
WinDVRCtrl	N	WinDVRCtrl.exe	Control center software for an AOpen VA1000 TV tuner card
WinDVRCtrl	Y	WDVRCtrl.exe	Driver task installed by the drivers for some TV capture cards; no further information available, so best left alone.
Windws Configuration Loader	X	LEXPLORE.exe	Added by the SODABOT VIRUS!
WinEssential	X	Keyhost.exe	Hijacker - hailing from jraun.com
WinEssential	X	keyword.exe	Jraun.com hijacker
WinEx	X	lexplore_.exe	Added by the Troj/MSNOpt-A TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
WinExec	X	Winexec.exe.vbs	Added by the AINESEY.A VIRUS!
WinExec	X	WinExec.exe	Added by the W32/Falus-A WORM!
WinExec32	X	WinExec32.exe	Added by the KAZWIN VIRUS!
WinFast Schedule	U	Wfwiz.exe	Leadtek WinFast TV tuner scheduler
Winfast2KLoadDefault	U	Rundll32.exe Wf2kcpl.dll, DllLoadDefaultSettings	Loads default settings for Leadtek Winfast graphics cards
Winfast_2K	U	WF2k.exe	System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
WinFast_Gamma	U	Rundll32.exe wfcpl.dll, DllLoadGammaRampSettings	Loads if you change the gamma settings on Leadtek WinFast graphics cards
WinFast_Taskbar	U	rundll32.exe wftask.dll,WFDllLoadDefaultSettings	Leadtek WinFast graphics cards related taskbar; can be launched manually.
WinFavorites	X	WinFavorites.exe1	Loudmarketing.com adware downloader
WinFax PRO Controller	N	WFXCTL32.EXE	From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
WinFaxAppPortStarter	Y	wfxsnt40.exe	WinFax 10.0 and maybe earlier versions. Used to initiate the WinFax port to enable printing to the WinFax printer (send a fax) from any application.
WinFire	X	WF.exe	Added by the Troj/Delf-SY TROJAN!
WinFixer 2005	X	wfx5.exe	"Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
WinFixer2005	X	uwfx5.exe	"Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
winfont	X	winfont.exe	Added by a Death backdoor trojan infection
WinFoxV2	U	WF2k.exe	System Tray application that starts up the Winfox utility for a Leadtek Winfast grpahics card to restore settings. Can be started manually from Start -> Settings -> Control Panel Display. Only needed if you wish to run things like the hardware monitor or overclock your card
WinFX	X	cssrs.exe	Added by the AGOBOT.FX WORM!
WinGate	X	WinGate.exe	Added by a variant of the LOVGATE WORM!
WinGate Engine Monitor	U	wgengmon.exe	WinGate Internet Client Dialup Monitor, component of WinGate proxy server software. Displays the status of the WinGate engine, and appears in the system tray of each workstation on the network reassuring clients that their workstations have connectivity with the WinGate Server.
WinGate initialize	X	WinGate.exe	Added by a variant of the LOVGATE WORM!
wingerver2.0.exe	X	wingerver2.0.exe	Added by the Troj/GrayBrd-AE TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
wingo	X	wingo.exe	Added by the W32.BEAGLE.AW or W32.BEAGLE.AV WORM!
WinGuage Pro	N	WGPRO32.EXE	Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
Winguard	Y	WGFE95.EXE	Dr Solomon's Virex antivirus
WinGuard Pro	U	wgp.exe	Winguard_Pro
WinHacker	N	rundll32.exe wh95.dll, HackMe	Tweaking utility by Wedge Software. There are far better tweakers and, unlike WinHacker, most are free
Winhelp	X	winhelp.exe	Added by a variant of the LOVGATE WORM!
Winhelp	X	winhe1p.exe	Added by the QQPASS.E VIRUS!
WinHelp	X	WinHelp.exe	Added by a variant of the LOVGATE WORM!
WinHelp	X	realsched.exe	Added by a variant of the LOVGATE WORM! **Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
Winhelp	X	TkBellExe.exe...	Added by a variant of the LOVGATE WORM!
winhelp	X	dns32.exe	Added by a variant of the WIN32.RBOT WORM!
winhelp	X	Updadv.exe	Added by the Troj/QQPass-N TROJAN!
winhlp.exe	X	winhlp.exe	Added by the PWSTEAL.FORMGLIEDER TROJAN!
winhlp3.exe	X	winhlp3.exe	Added by a variant of the Win32/TrojanDownloader.Easto.A TROJAN!
Winhlp32	X	Wscript.exe ..Msexec32.vbs	Added by the GANT.B VIRUS!
winhlp32.exe	X	winhlp32.exe	Added by the Win32/TrojanDownloader.Easto.A TROJAN!
winhlpp32.exe	X	winhlpp32.exe	Added by the GAOBOT.SY WORM!
Winhost	X	wintt.exe	Added by the LOLAWEB.B VIRUS!
Winhost	X	win.exe	Added by the Troj/Dloader-AP TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
Winhost	X	yahoo.exe	Added by the TROJ/DELF-KM TROJAN!
Winhost	X	winhost.exe	Added by the REATLE.F WORM!
winhost.exe	X	winhost.exe	Added by the TROJ/LOHAV-R TROJAN! or the W32.Beagle.BY WORM!
winhost32.exe	X	winhost32.exe	Added by the Troj/Banito-F TROJAN!
WinIeRun	X	winierun.exe	Added by the Troj/RNWatch-A Worm!
winimage	X	wvsvc.exe	Added by the RBOT.TX WORM!
WinINet	X	services.exe	Added by the SOBER.AC WORM! - NOTE - this file is placed in a "%Windows%\ConnectionStatus folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup! WORM! -
wininet	X	wininet.exe	Added by the W32/STUBBOT-C WORM!
wininet32	X	wininet32.exe	Troj/Raznew-A trojan
wininetd	X	wininetd.exe	Added by the WINET VIRUS!
wininit	X	wininit.exe	Added by the WOLLF.16 VIRUS!
WinInit	X	Win86.exe	Added by the TROJ/SMALL-PB TROJAN!
winint	X	winint.exe	Added by the W32/Sdbot-ADA WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
winipsec	X	winipsec.exe	Unidentified malware
WinIRXHelper	U	WinIRXHelper.exe	MSI� Media Center Deluxe software - see here
winis	X	winis.exe	Added by the W32/RBOT-WI WORM!
Wink*.exe	X	Wink*.exe	Added by a version of the KLEZ VIRUS! * represents any random characters
Winkb6	U	winkb6.exe	Part of We-Blocker, works in tandem with syswb6. Both files are needed to run WeBlocker. Required if We-Blocker is installed
WinKernel	X	WinKer.exe	Added by the MIRAB or SERVIDOR VIRUSES!
WinKernel	X		Added by the PLEA.A VIRUS!
winkernel32	X	wWin32.com	Added as the result of the BANSAP VIRUS!
WinKey	U	winkey.exe	Loads Copernic's WinKey. Used to map out Windows key hotkey combinations. Not required for the system, but is necessary for this to be running if you use these hotkey combos
winldr	X	[path to file]	Added by the VIDLO-P TROJAN!
winldr	X	Rechnung.pdf.exe	Added by the DOWNLOADER-ACS TROJAN!
winlgz2	X	winlgz2.exe	Added by the TROJ/KILLFIL-Q TROJAN!
winlibs.exe	X	winlibs.exe	EVAMAN.C worm
WinLibUpdate	X	libupdate.exe	Added by the BIONET series of VIRUSES such as BIONET.31 or BIONET.310
WinLibUpdate32	X	libupdate32.exe	Added by the BIONET.405 VIRUS!
WinLibUpdte	X	libupdte.exe	Added by the BIONET.318 VIRUS!
Winlink	X	winlink32.exe	Added by the GAOBOT.AAY WORM!
Winlme	X	windll.exe	Added by the GOP.F VIRUS!
WinLoad	U	Winload.exe	PCTattletale is a spyware program that monitors user activity, logs keystrokes, and takes screenshots. If you didn't install this yourself remove it.
WinLoader	X	(random filename)	Added by versions of the SUBSEVEN VIRUS!
winlocatorupdate	X	updatewinlocator.exe	Locator adult content toolbar related
winlog	X	winlog.exe	Unidentified adware - NOTE: this malware actually changes the default value data of the Registry Run and RunServices keys in order to force Windows to launch it at boot. Name field may be empty.
winlog manager	X	winlog.exe	Added by the DONBOMB.A TROJAN!
WINLOG0N	X	WINLOG0N.EXE	Added by the W32.MYDOOM.BI WORM!
WinLogin	X	winlogin.exe	Added by the AGOBOT-IX WORM!
winlogin	X	win32x.exe	Browser hijacker, also detetected as the TROJ/STARTPA-DF TROJAN!
winlogin.exe	X	logfile.exe	Added by the WIN32.AGENT.AH TROJAN!
Winlogin.exe	X	log.exe	Added by a variant of the WIN32.AGENT.AH downloader TROJAN!
winlogin.exe	X	mspaint.exe	Added by a variant of the WIN32.AGENT.AH TROJAN!
Winlogin.exe	X	steam.exe	Added by a variant of the WIN32.AGENT.AH TROJAN!
winlogoff	X	winlogoff.exe	Added by the W32/AGOBOT-TR WORM!
winlogon	Y	winlogon.exe	Windows Logon Process - handles user logons described here
winlogon	X	winlogon.exe	Hijacker or adult content dialler - file is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory, as is the case with the legitimate winlogon.exe file described here
winlogon	X	winlogin.exe	Added by the RANDEX.E or P2LOAD.A WORM!
winlogon	X	winlogon.exe	Added by the TRODAL VIRUS! - file is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory, as is the case with the legitimate winlogon.exe file
winlogon	X	msreg32.exe	Added by the SDBOT.EO WORM!
WinLogon	X	logon.exe	AdultBox foistware
winlogon	X	winlogon32.exe	Added by the WIN32/MASLAN.C WORM!
WINLOGON	X	wscript.exe (System or System32)\WINLOGON.vbs	Added by the VBS.Ypsan.F@ mm Worm!
winlogon	X	wpwlogon.exe	Added by an unidentified WORM or TROJAN!
winlogon service	X	urx.exe	Added by the SPYBOT.EN WORM!
Winlogon Shell	X	Explorer.exe %System%\1032\svchost.exe	Added by the W32.Kipis.M WORM!
Winlogon.exe	X	N/A	CoolWebSearch parasite related.
winlogon.exe	X	helper.exe	Added by the FAKESPY-A TROJAN!
winlogon.exe	X	msole32.exe	Adware, detected as the DOWNLOADER-ACZ TROJAN!
winlogon32_	X	(PATH TO FILE)	Added by the W32.Ruland.A WORM!
WinLsass	X	servicec.exe	Added by the SCANE VIRUS
WinLsass	X	(path to file)	Added by the W32/WORT-B TROJAN!
winltmpv	X	winln.exe	Added by the TCXMEDI-C TROJAN!
winltmpv	X	wutop.exe	Added by the TCXMEDI-C TROJAN!
Winmain	X	winmain.exe	One of the first of a new breed of malware. When run it immediately loads MSHTA.EXE from the Windows folder, placing it on "hot standby", ready to accept HTA scripting within a web page and then EXECUTE what is embedded IN the page as a program! In other words, it's possible for a "rogue" website to actually embed trojans, worms and/or viruses directly into a web page. BOClean's HTA Stop offers an easy way to toggle this capabiltity, or rather vulnerability, on and off. I suggest you leave it disabled!
WinManager	?	schost.exe	??
winmatrix.exe	U	WinMatrixXP.exe	WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop
WinMem	U	WinMem.exe	WinMem Cleaner, part of Ultra_WinCleaner_Utility_Suite . Makes more memory available for your programs and the Operating System. It also defragments your system's physical memory increasing the efficiency of your CPU and motherboard cache, which prevents crashes and accelerates your system's performance.
WinMenssage	X	winmax.exe	Added by the BANCOS.B VIRUS!
WinMessenger	X	syshost.exe	Added by the W32/OPANKI-E WORM!
WinMgmt	N	WinMgmt.exe	Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
WINMGR	X	taskgmgr.exe	Added by the W32.MYTOB.AN WORM!
Winmgr.exe	X	scvhost.exe	Added by the AGOBOT.AFG WORM!
WinMgr32	X	winmgr32.exe	Added by the W32.MIMAIL.P WORM!
WinMine	X	D4NG3.vbs	Added by the BISCUIT.A VIRUS!
winmodem	Y	wmexe.exe	Software for software based modems. Required if you have one of these. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
WinMoviePlugIn	X	WinMoviePlugIn.exe	Sfonditalia adult content premium rate dialer
WinMsrv32	X	WinMsrv32.exe	Added by the GAOBOT.AFJ WORM!
WinMX	N	WinMX.exe	WinMX file sharing application
winmysqladmin or WinMySQLadmin Tool	N	winmysqladmin.exe	Starts the MySQL database admin tool
winnet	X	winnet.exe	CommonName Toolbar spyware. To uninstall see here
WinNetDDE	X	[random characters].exe	Added by the NETDEPIX.B TROJAN!
WinNite	X	niteaim.exe	Added by the W32.Opanki.B Worm!
Winnov Menu	?	WnvMenu.Exe	Winnov Video Capture Card related. What does it do and is it required?
Winnov Remote	?	WnvRsvr.Exe	Winnov Video Capture Card related. What does it do and is it required?
Winnov Status	?	WvStatus.Exe	Winnov Video Capture Card related. What does it do and is it required?
winnt DNS ident	X	wuamgrd32.exe	Added by the W32/RBOT-BAU WORM!
winnt DNS ident	X	pidchk32.exe	Added by the W32/RBOT-ACY WORM!
winnt DNS ident	X	windowxp.exe	Added by a variant of the WIN32.RBOT WORM!
winnt DNS ident	X	winupdate32.exe	Added by a variant of the WIN32.RBOT WORM!
winnt DNS ident	X	iexplorer.exe	Added by a variant of the WIN32.RBOT WORM!
winnt DNS ident	X	wuamgrd33.exe	Added by a variant of the WIN32.RBOT WORM!
winnt DNS ident	X	Winupd32.exe	Added by the RBOT.AVU WORM!
Winnt DNS ident	X	windowsp.exe	Added by the RBOT.BAL WORM!
winNT updatc	X	wupgrd.exe	Added by a variant of the WIN32.RBOT WORM!
WinNtBB	X	WinntBB.exe	Added by the DULOAD.C VIRUS!
Winnup	X	win32nls.exe	Added by a variant of the W32.SPYBOT WORM!
winocx32	X	winocx32.exe	Added by the Win32.Protoride.I WORM!
WINOWS SYSTEM	X	winnt.exe	Added by the MYTOB.ID WORM!
WINP	X	winmic.exe	Added by the W32/Spybot-EB WORM! Note: This trojan file is found in the Windows (95/98/ME/XP) or WINNT (NT/2000) folder.
Winpack	X	winpack.exe	Adware downloader - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Agent.gg
WinPatrol	U	WinPatrol.exe	WinPatrol - "Manage Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs"
winphonics7536	X	(path) vbsystem35.exe (path) setups.exe (path) vb.vb	Added by a Mutin-C IRC backdoor trojan infection
winpipe	X	winpipe.exe	Browser hijacker redirecting to wow-access.com
WinPLOSION	U	WinPlosion.exe	WinPLOSION allows you to immediately view and select from all the windows running on your computer, just those of the active application, or to minimise all windows and display a clear desktop.
WinPoet	Y	WinPPPoverEthernet.exe	WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
WinPopup	N	WINPOPUP.EXE	Intranet chat software provided by windows for chat on small networks. Handy little LAN messaging utility. Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it won\'t set itself up to run unless the user specifically adds it to startup
winpopup	X	winupie.exe	Adware by Tradeexit.com
Winprocer32 Update	X	winprocer32.exe	Added by the RBOT.GW WORM!
winprocessor Update	X	winprocessor.exe	Added by the RBOT.IO WORM!
WinProfile	X	Command.exe	Added by the BUDDY VIRUS!
WinProfile	X	sndcfg16.exe	Win32.Sndc.A worm
winprofile	X	iexpiore.exe	Added by a variant of the MONCHER WORM!
WinProfile	X	iexpIore.exe	Added by Troj/Chum-C Trojan!
WinProt	X	Winprot.exeserver.exe	Added by the CHUPACABRA VIRUS!
winprotect	X	win32.exe	Added by the W32.MUGLY.E WORM!
winprotect	X	winprotect.exe	Added by the W32/SDBOT-SB WORM!
WinProxy	U	WinProxy.EXE	"WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP"
Winproxy Personal	X	WINPROXY.EXE	Added by the SDBOT.BMF WORM!
winpsd	X	winpsd.exe	Added by the W32.Mydoom.Q WORM!
winpup32	X	Winpup32.exe	Added by the ADCLICKER VIRUS!
WinPWD Manager	X	wpwdmgr.exe	Added by W32/Rbot-AUT WORM!
winrapid	X	winrapid.exe	Added by a variant of the WIN32.RBOT WORM!
winrar	X	winrar.exe	CoolWebSearch parasite related.
winrarshell	X	winrarshell32.exe	Added by the PWSteal.Salira TROJAN!
winReg	X	winReg.exe	Added by the YAHA.H or YAHA.J VIRUSES!
winregsrv	X	winregsrv.exe	Added by the SYNRG VIRUS!
winreg_32	X	svchosst.exe	Added by the BANCOS-CE TROJAN!
winreg_32	X	Vc030405.exe	Added by the TROJ/BANCOS-CT TROJAN!
winreg_32	X	(path to Trojan)	Added by the Troj/Banker-DB Trojan!
winreg_32	X	sysdll.exe	Added by the TROJ/DLOADER-IJ TROJAN!
WINREMOTE	U	WinRemote.exe	InterVideo WinCinema Manager - needed for the use of WinDVD_Remote_Control
Winres32vis	X	(path to file)	Added by the THRAX.A VIRUS!
winrestore1	X	winrestore.exe	Added by the TROJ/KILLFIL-Q TROJAN!
winreups	X	winreups.exe	Added by a variant of the WIN32.RBOT WORM!
winroute	N	winroute.exe	Win-Route 4.27. WinRoute Tray Icon for starting and stopping the WrCtrl.exe process, also to log in to the console to view logs and change settings. Can be unchecked and the engine still runs and functions normally. Can then use provided shortcuts for administration of the program. Loaded in SERVICES on Windows 2k
winrun	X	msconfig.exe	Added by the WINUR VIRUS! Note - this is not the real msconfig.exe
WINRUN	X	taskgmr32.exe	Added by the W32.MYTOB.AP WORM!
WINRUN	X	svchost32.exe	Added by the W32/MYTOB-AI WORM!
WINRUN	X	taskgmr.exe	Added by the W32/MYTOB-BX WORM!
WINRUN z	X	W1NT45K.exe	Added by W32.Mytob.BL WORM!
WinRunners	X	WinDrivers.exe	Added by the DULOAD.C VIRUS!
Wins Service Driver	X	winet.exe	Added by the W32/Rbot-APV WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Wins Update 32	X	services32.exe	Added by the W32/Forbot-FN WORM! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
Wins32 Online	X	cfgpwnz.exe	Added by the W32.Bropia.R WORM!
Winscheduler	U	WINSCH~1.EXE	InterVideo WinDVR scheduler
WinScMngr	X	winsmc.exe	Added by the W32/SDBOT-BPZ WORM!
WinSec	X	winsec16.exe	Added by the AGOBOT.ZF WORM!
winsecure	X	winsecure.exe	Browser hijacker, redirecting to specificsearches.com
Winsecure Antivirus	X	Secureantivirus.exe	Added by a variant of the W32.SPYBOT WORM!
WinSecured32	X	ssmr.exe	Added by a variant of the W32/FORBOT WORM!
Winserv	X	Winserv.ila	Added by the W32.NODMIN WORM!
winserver	X	Server.txt.vbs	Added by the DELTAD.A VIRUS!
Winservice	X	winmain.exe	porn related malware
winservice	X	svchost.exe	Added by the BACKDOOR-CVK TROJAN! - NOTE - this file is placed in a %WinDir% (typically C:\Windows or C:\Winnt) "Services" folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
WinService32	U	ssmgr.exe	007 Spy Software - "stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"
WinService32	X	svchost.exe	Added by the 007_Spy_Software keystroke logger/monitoring program. remove unless self installed! - NOTE - this file is placed in a Program Files\Common Files\Microsoft Shared\DAO\System32 folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
WinServices	X	WinServices.exe	Added by the YAHA.K or YAHA.M VIRUSES!
winservit	X	cassl.exe	Added by de RBOT.ASG WORM!
winservn	X	winservn.exe	PurityScan/Clickspring adware
winservs	X	winservs.exe	PurityScan/Clickspring adware
WinSetBrowse	X	BasicUpdate.dll.vbs	Added by the BISCUIT.A VIRUS!
Winshell	X	remote.exe	Added by the MYTOB.LJ WORM!
Winshoe	?	wuadfdqr.exe	Probably an unidentified VIRUS! Adds itself to 3 registry "Run" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed
winshost.exe	X	winshost.exe	Added by the Tooso or Tooso.B or Tooso.C or Tooso.D or Tooso.E and Trojan.Tooso.I TROJANS!
winshost.exe	X	winshost.exe	Added by several variants of the BAGLE TROJAN!
WinShowUpdate	X	copy C:\WINDOWS\winshow.new C:\WINDOWS\winshow.dll	Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version
WinSig	X	NetXP.exe	Added by the TROJ/BANKER-FN TROJAN!
winskype	X	winskype.exe	Added by the Troj/Brogger-C TROJAN! Note: This worm file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
winsock	X	svch0st.exe	Added by the SAGE-A WORM! Note: This is not the legitimate Windows Process. The legitimate Windows Process should not be seen in Msconfig or as a Startup item. Also there is a number "0" in the executable filename, not a lower/upper case O.
Winsock driver	X	winnt update.exe	Added by the TROJ/SPYBOT-DM TROJAN!
Winsock driver	X	winnt64.exe	Added by the W32/Spybot-DR WORM!
winsock2	X	netsvr.exe	Added by the AGOBOT.LY WORM!
Winsock2 driver	X	SDJOIJE.EXE	Added by the SPYBOT.DR VIRUS!
Winsock2 driver	X	MIRC32.exe	Added by the SPYBUZZ VIRUS!
Winsock2 driver	X	kgzgjkpcw.exe, ZONEALARM.EXE	Added by the SDBOT.T WORM! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program
Winsock2 driver	X	WINCFG.SCR	W32.SpyBot worm variant
Winsock2 driver	X	winupdate.exe	Added by a Spybot-BX worm infection
Winsock2 driver	X	SPOLSV.EXE	Added by the W32/SPYBOT-CM WORM!
Winsock2 driver	X	Zonealarmupdate.exe	Added by a variant of the W32.SPYBOT WORM!
Winsock2 driver	X	sysreq.exe	Added by the W32/SPYBOT-CC WORM!
Winsock2 driver	X	AMSNMGR.EXE	Added by a variant of the W32.SPYBOT WORM!
Winsock2 driver	X	WUAUMQR.EXE	Added by the W32/SPYBOT-DP WORM!
Winsock2 driver	X	wincfg.exe	Added by the SPYBOT.CO WORM!
Winsock2 driver	X	ntsys32.exe	Added by the W32/Spybot-DD WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Winsock2 driver	X	svchorsst.exe	Added by the W32/Spybot-EE WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Winsock2.dll	X	WINLODR.SCR	Added by an unidentified VIRUS!
Winsock32 driver	X	Testing.exe	Added by the SPYBOT.B VIRUS!
Winsock32driver	X	win32server.scr	Added by the HACARMY TROJAN!
Winsock32driver	X	ZoneAlarmPr0.exe	Added by a Hackarmy-B trojan infection
Winsock32driver	X	ZoneLockup.exe	Added by a Hacarmy.D trojan infection
Winsock32driver	X	sp2XPupdate.exe	Added by the BKDR_HACKARMY.S TROJAN!
Winsock32driver	X	win32server.exe	Added by the BackDoor-AZV TROJAN!
Winsock32driver	X	win32server.exe	Added by the HACARMY.F TROJAN!
Winsock32driver	X	winXPupdate.exe	Added by the HACKARMY.9728 TROJAN!
Winsock32driver	X	svchhost.exe	Added by the BKDR_HACKARMY.I TROJAN!
winsockdriver	X	tskmg.exe	Added by the SDBOT.GEN or WARPIGS.C WORMS!
winsockdriver	X	winsock2.2.exe	Added by a variant of the SPYBOT VIRUS!
winsockdriver	X	iexplor.exe	Added by the W32.BLATIC.A WORM!
winsockdriver	X	winsock3.exe	Added by the W32/SPYBOT-DO WORM!
winsockdriver	X	bot.exe	Added by the W32/WarPigs-D WORM!
WinSocketComponent	X	nthost.exe	Added by an unidentified VIRUS!
WINSOS VERIFY	U	WINSOS.EXE	WinSOS - "deletes spyware, optimizes your computer - backs up selected data"
WinSP	X	[path] REGEDIT.EXE -s [path] sysreg.reg	Hijacker, variant of the TROJ/STARTPA-ME TROJAN!
winspd32dll	X	winspd32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
WinSPF	X	windrv32.exe	Added by the W32.Mydoom.V WORM!
WinSPF	X	winspf32.exe	Added by the W32.Mydoom.P WORM!
Winspl	X	winsplx.exe	Added by a variant of the TROJ/TROLL-A TROJAN!
Winspool	X	spoolsvr.exe	Added by a variant of the W32/SDBOT WORM!
WinSrv	X	kn0x.exe	Added by the HOBBIT.F VIRUS!
WinSrv	X	SHIZZLE.EXE	Added by the HOBBIT.C VIRUS!
Winsrv	X	winsrv.exe	Added by the OPASERV.T VIRUS!
winsrv	X	winsrv.exe	Added by the Troj/Netsnak-B TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Please be aware that this trojan may steal passwords.
WinsSystem	X	syssmss.exe	Added by the BKDR_DELF.IG TROJAN!
WinStabilizer	X	WinStabilizer.exe	Added by the W32/Agobot-SW Worm!
WinStart	X	WinStart.exe	FromIGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
WinStart	X	Wscript.exe WinStart.vbs	Added by the CIAN.C VIRUS!
WinStart	X	winstart32.exe	Added by the PUROL VIRUS!
WinStart	X	WinStart.pif	Added by the CONE.E VIRUS!
WinStart	X	services.exe	Added by the W32.SOBER.O WORM! - Note - this file is placed in a "%Windir%\Connection Wizard\Status folder, and should NOT be confused with the legitimate Windows services.exe process, located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
winstart	X	winstart.exe	Added by the TROJ/SCKEYLO-AB TROJAN!
WinStart001 or WinStart001.EXE	X	WinStart001.exe	FromIGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge
winstats	X	winstats.exe	Added by the Trojan.Gargafx TROJAN! Note: This trojan file (winstats.exe) is found in the Windows or Winnt folder.
Winsta~1	X	winsta~1.exe	GoHip foistware
WinSth16	X	WinSth16.exe	Added by the CAKE VIRUS!
winstro	X	RUN32DLL.exe	Added by the FTP_ANA VIRUS!
winsupdater	X	winsupdater.exe	Added by an unidentified WORM or TROJAN!
WinSvc16.exe	X	WinSvc16.exe	Added by the BACKDOOR.SDBOT.FQ TROJAN!
winsvc32.exe	X	winsvc32.exe	Added by the GREPAGE TROJAN!
Winsvr manager	X	DDEsvr.exe	Added by the W32/TIRBOT-C WORM!
winsy32.exe	X	winsy32.exe	Trojan, CoolWebSearch parasite related
winsync	X	*****.exe reg_run ( = random char)	Added by a variant of the QOOLOGIC TROJAN!
Winsys	U	Winsys.exe	Win-Spy - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it. Remove/disable it unless you put it there yourself
WINSYS	X	(path to trojan)	Added by the TROJ/BANKER-ER TROJAN!
winsys	X	exploer.exe	Added by the TROJ/SPYVB-C TROJAN!
winsys	X	syschost.exe	Added by an unidentified TROJAN!
WinSys32	X	Winsys32.exe	Added by the CIGIVIP or RECKUS VIRUSES!
WinSys32	X	Winsys32.exe	Added by the BACKDOOR.CIGIVIP TROJAN!
WinSys32	X	Winsys32.exe	Added by the W32.HLLW.RECKUS or W32/SDBOT-YL WORMS!
winsys32 Driver	X	winsys32.exe	Added by a Loony-O trojan infection
WinSysAppMon	U	WinSysRM.exe	Home & Family Content Filter related. See here
winsyslog lptt01	X	winsyslog.exe	Variant of the RapidBlaster parasite (in a "Winsyslog" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
WinSysStartUpWKbLw	X	TaskSystemDll.Exe	Added by the BACKZAT.G VIRUS!
WinSyst32	X	winsyst32.exe	Added by the MORB VIRUS!
WinSystem	X	winsystem.exe	Added by the WHITEBAIT VIRUS!
Winsystem	X	winsystem.exe	Added by a BANCOS.CR trojan infection
WinSystem	U	WinSystems.exe	CMKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!
winsystem.sys	X	smss.exe	Added by the W32.Sober.K WORM! ** Note - this is not the legitimate Smss.exe system file should normally NOT figure in Msconfig/Startup!
WINT	X	wcpcc.exe, wcpsvit.exe, wcp***.exe ( = random char)	PurityScan/Clickspring adware
WinTask	X	Wintask.exe	Added by the HIPO or LEMIR.F VIRUSES!
WINTASK	X	taskgamr.exe	Added by the W32.MYTOB.AU WORM!
WINTASK	X	msmgrxp.exe	Added by the W32.MYTOB.AQ WORM!
WINTASK	X	sys32.exe	Added by the W32.MYTOB.K WORM!
WINTASK	X	taskgmr.exe	Added by the W32.MYTOB.I or W32.Mytob.BH and W32/Mytob-AC WORMS!
WINTASK	X	taskgmr32.exe	Added by the W32/MYTOB-AK WORM!
WINTASK	X	sys32.exe	Added by the W32/MYTOB-F WORM!
WINTASK	X	taskgmr32.exe	Added by the W32.Mytob.BU WORM!
WINTASK	X	iexplorer.exe	Added by the W32/MYTOB-CH WORM!
WINTASK	X	t4skgmr.exe	Added by the W32.MYTOB.CM WORM!
WINTASK	X	taskgmr32.exe or t4skmgr.exe	Added by the W32/Mytob-AK Worm!
WINTASK	X	taskgmrs.exe	Added by the W32.Mytob.DH WORM!
WINTASK	X	taskfile.exe	Added by the W32.Mytob.EF WORM!
WINTASK	X	taskgm.exe	Added by the W32/Mytob-AO Worm!
WINTASK	X	msvhost.exe	Added by the W32/Mytob-AR Worm!
WinTask	X	wintask.exe	Affilred.B adware
WINTASK	X	yahooicons.exe	Added by the W32/MYTOB-HM WORM!
WINTASK DLL	X	jusched32.exe	Added by the W32.MYTOB.AI WORM!
WINTASK DLL	X	RealPlayer Ath Check	Added by the W32.MYTOB.AG WORM!
WINTASK DLL32	X	smsrss.exe	Added by the W32.MYTOB.BS WORM!
WinTask driver	X	wintask.exe	Added by the TROJ/DLOADER-NA TROJAN!
WINTASK32	X	taskgmr32.exe	Added by the W32.MYTOB.BN WORM!
WINTASK32	X	taskgmrr.exe	Added by the W32.Mytob.FX WORM!
WINTASKMAN	X	taskman.exe	Added by the W32.Mytob.JW WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
WINTASKMANAGER	X	taskgmr.exe	Added by the W32/MYTOB-AF WORM!
WINTASKMGR	X	ccsrs.exe	Added by the W32.MYTOB.Q WORM!
WINTASKS	X	taskgmr.exe	Added by the W32.MYTOB.BO or W32.Mytob.DO or W32/Mytob-BM WORM!
WINTASKS	X	winxpro.exe	Added by the W32.Mytob.EZ WORM!
WinTasks DLL Library (32-bits)	X	winkll.exe	Added by the W32/Rbot-AJZ WORM!
WinTasks Traybar	U	wintasks.exe	WinTasks - "Efficient Resource and Task Management is absolutely critical if you want to achieve the highest system performance levels possible. WinTasks 4 will not only help you achieve this task, but will actually make your system run faster and more smoothly than ever before"
wintasks.exe	X	wintasks.exe	Added by the Evaman worm
Wintbp.exe	X	wintbp.exe	Added by the W32.Zotob.E WORM!
Wintbpx.exe	X	wintbpx.exe	Added by the W32.Zotob.F WORM!
wintective	U	wintective.exe	Wintective logs keystrokes, captures screenshots, and monitors Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself remove it.
winter	X	happy.exe	Added by the W32/SDBOT-YF WORM!
Wintercooler Pro	N	WINCOOL.EXE	Wintercooler Pro - utility that monitors CPU usage, RAM consumption and Internet connection speed
WinTidy	N	WinTidy.exe	Desktop icon manager from PC Magazine (Ziff-Davis) for Win95. Available via Start -> Programs
Wintime	X	Wintime.exe	Added by the Harnig TROJAN!
WinTime	U	wintime.exe	Added by WinTime Located in the Windows directory.
Wintime Wtxpload	N	Wxpload.exe Wintime	Part of the software to support a Dexxa USB graphics tablet. From a visitor - "This gets started anyway when you plug in the USB connector for the graphics tablet, if it's not already running. It then starts an application which manages the tablet messages. Since I leave the tablet unplugged unless I need to use it, I don't need this running at startup. I suspect that this program monitors a number of windows messages, so that when it's loaded, my regular mouse slows down - it acts like it 'sticks' entering and leaving windows. Certainly my performance returned to what I expected when I removed this item using MSCONFIG"
WinTimer	X	msupdate.cmd	Hijacker, detected by Kaspersky antivirus as Trojan.Win32.StartPage.tj
wintnask32.exe	X	wintnask32.exe	Added by the W32/Rbot-AFP Worm!
wintnl	X	wintnl.exe	Added by a variant of the W32.ZOTOB.K WORM!
wintnl.exe	X	wintnl.exe	Added by the W32.Zotob.K WORM!
wintnpx.exe	X	wintnpx.exe	Added by the W32.ZOTOB.H WORM!
WinTools	X	WToolsA.exe	WinTools adware
WinTOTAL Scheduler	N	guru.exe	WinTOTAL Real estate appraisal software related
WinTray	X	wintray.exe	Added by the LEGUARDIEN.B VIRUS!
wintsk32dll	X	wintsk32dll.exe	Added by the W32/RBOT-AAJ WORM!
winudll.exe	X	winudll.exe	Added by the Troj/Mitglie-CE TROJAN!
winui	X	z.exe	Added by the Kondeli TROJAN!
winupated.exe	X	winupated.exe	Added by a variant of the W32/SDBOT WORM!
winupd	X	RUNDLL32.EXE (random value).dll,_mainRD	Added by the MOTA.A VIRUS!
winupd.exe	X	winupd.exe	Added by the BEAGLE.M or BEAGLE.N WORMS!
WinUPD32	X	explorer.exe	Unidentified VIRUS!
winupdat	X	winupdat.exe	Win32.Canbot.A worm
WinUpdate	X	RBSKQQBO.EXE	Added by the VBS.Vbswg2b.A VIRUS!
WinUpdate	X	wmbem.exe	Added by the REVCUSS.B VIRUS!
WinUpdate	X	updsys.exe	Added by a variant of the WIN32.RBOT WORM!
winupdate	X	winupdate.exe /auto	Added by the WIN32.ALCAN.B WORM!
WinUpdate Loader	X	msnnm.exe	Added by the UPCHAN TROJAN!
winupdate********[1]	X	winupdate*******[1].exe ( = random digit)	Horseserver.net hijacker
winupdate.exe	X	winupdate.exe	Added by the RADO VIRUS!
winupdate2846	X	(path) vbsystem35.exe (path) msvbrun.exe	Added by a Mutin-C IRC backdoor trojan infection
WinUpdateB	X	breatle.exe	Added BY the W32.Bratle.A WORM!
winupdateconn	X	[path to file]	Added by the W32/COMBRA-A WORM!
winupdateconn_	X	Explorer.EXE	Added by the W32/Combra-B WORM!
winupdatefiv_	X	[path to file]	Added by the COMBRA.C WORM!
WinUpdateProtection	U	csrss.exe	ICE_Remote_Spy monitoring software, "secretly monitors everything your spouse, kids or employees do on the Internet and emails the data to you." - Note - this file is installed in a C:\Windowsupdate\Ufp\Irs7 folder, and it is NOT the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, and which is located in the System32 directory.
WinUpdateProtection	U	csrss.ex	EmployeeWatch is a commercial spyware program designed to monitor user activity on a computer.
winupdates	X	winupdates.exe /auto	Added by the W32.Alcra.B WORM!
winupdate_	X	[path to file]	Added by the W32.COMDOR.A WORM!
WinUpdsv	X	winupdsv.exe	Added by the X97M.DROPO Macro VIRUS!
winupdt	X	RUNDLL32.EXE [random.dll]	Added by the Mabutu.a WORM!
winupdtl	X	winupdtl.exe	SecondThought adware variant
winupdtl	X	winupdt.exe	2nd-thought adware variant
WinUpgrader	X	(path to EXE)	Added by the Troj/Agent-DZ Trojan!
winusb.dll	X	winguard.exe	Added by the W32/FORBOT-CN WORM!
WinUser32K	X	usr32wink.exe	Added by the Win32.VB.hk backdoor TROJAN!
WinUsr	X	WinUsr.exe K1S2	Added by the W32.CLUNK.A WORM!
Winux Piriax Service	X	PH32.EXE	Added by the RANDEX.G VIRUS!
winversion	X	winversion.exe	Browser hijacker, redirecting to specificsearches.com
WinVNC	U	WinVNC.exe	WinVNC is an application that allows you to remote control your PC from another PC somewhere on the internet
WinVNC	X	iexplorer.exe	Added by the EVIVINC VIRUS!
winvxd32	X	winvxd32.exe	Added by the W32.Gabloliz.A WORM!
winwan lptt01 or winwan ml097e	X	winwan.exe	Variant of the RapidBlaster parasite (in a "Winwan" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
winword	X	winword.exe	Added by the Troj/Torpid-C TROJAN!
winwsl.exe	X	winwsl.exe	Added by the W32/Zotob-J WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
winXP	X	33.exe/background	Added by the W32.ANPES WORM!
WinXP	X	plugin1.exe	Added by the Downloader-JW TROJAN!
WinXP fix	X	(path to file)	Added by the BACKDOOR.RANKY.P TROJAN!
WinXp Updater	X	winxp32.exe	Added by the W32/RBOT-HG WORM!
WinXP-98	X	CSRSS.exe	Added by the Troj/Banker-DS TROJAN! Note:This is NOT the legitimate Windows CSRSS.exe process, which should NOT figure in Startup!
winxpdll32.exe	X	winxpdll32.exe	Added by a variant of the Win32.SMALL downloader TROJAN!
WinXPHome	X	plugin2.exe	Added by the malicious VBS_INOR.T script!
WinXPLoad	U	Rundll32 LoadDll, LoadExe WinXPLoad.exe	Compaq hotkey related - required if you use the hotkeys
winxpusbd	X	winxp64.exe	Added by a variant of the WIN32.RBOT WORM!
WinZap Check	X	winzbp.exe	Added by the W32/Rbot-AWZ WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
winzip	X	(path to trojan)	Added by the BANCOS.G VIRUS! Note - not the popular WinZip file compression utility
Winzip	X	(See description box.)	Added by the W32/Lerpa-A WORM! Note: The file name will be one of the following common.exe or common.pif or common.scr or Sexo.exe or Sexo.jpg.pif or ini_file__.pif or load_me__.tmp or msfile.pif or system_load_.pif or zipped.rar.pif
WinZip Quick Pick	N	WZQKPICK.EXE	Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up
WinZip Update	X	WinZip.exe	Added by a variant of the WIN32.RBOT WORM!
Win_api_driver	X	system.exe	Added by the REVIRD VIRUS!
Win_BooT	X	(Path of Executable)	Added by the Troj/Banker-GI TROJAN! Note: This is a password stealing trojan.
Win_Library	X	INISvc.exe	Added by the ANARCH VIRUS!
win_spool2	X	win_spool2.exe	Added by the TROJ_SCKEYLOG.B TROJAN!
win_supp00.exe	X	Win Const.exe	Added by the Troj/Assasin-H TROJAN! Note: This trojan file is found in the Windows\Win Types or Winnt\Win Types folder.
win_upd.exe	X	WINdirect.exe	Added by the MITGLIEDER.M VIRUS!
win_upd2.exe	X	WINdirect.exe	Added by the BEAGLE.AO WORM!
Win_vader	X	Win_vader.vbs	Added by the INVASION.A VIRUS!
WIP Config GUI	X	Winipcfgs.exe	Added by the W32/RBOT-CN WORM!
Wireless PCI Card Configuration Utility	U	WMP11Cfg.exe	Utility used by the LINKSYS wireless PCI card (WMP11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
Wireless Provider Server	X	wpsvr.exe	Added by a W32/Forbot-AD worm infection
Wireless-G Notebook Adapter	Y	Gcc.exe	LinkSys Wireless-G Notebook Adapter diver
Wireless-G Notebook Adapter Utility	U	WPC54CFG.EXE	Utility used by the LINKSYS Wireless-G Notebook Adapter (WPC54G)
wise	X	clockwise.exe	Added by the Troj/Lazar-A TROJAN!
Wise-FTP Scheduler	U	WF_Scheduler.exe	WISE-FTP file transfer software scheduler
wjview	N	wjview.exe	MS tool used to view window-based Java applications from the command line
wkcalrem	N	wkcalrem.exe	Produces a pop-up reminder of events scheduled using the MS Works Calendar
WkDetect	N	WkDetect.exe	Checks for updates to MS Works
wkfud	N	wkfud.exe	A marketing program for MS Works
WksSb	N	WksSb.exe	The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file
WksSVC	X	EXPLORER.exe	Added by the W32/MYTOB-BW WORM! - NOTE - the valid "explorer.exe" will always be located in C:\Windows or C:\Winnt folder whereas this one is found in the C:\Windows\System folder (Win 98/ME) or in the C:\Winnt\System32 or C:\Windows\System32 subfolder (Windows 2000 and Win XP)
WkUFind	N	WkUFind.exe	MS Works Update Detection. MS Picture It! (versions 7 to current) use this automatic update feature during the log on process. It can also cause your system to automatically dial into your ISP as it tries to access the internet, if you have your system set to automatically dial when the internet is invoked. To manually update, go to Microsoft's Office/Works update site
Wlan Drier	X	Winusb2.exe	Added by the WOOTBOT.DC WORM!
Wlan Driver	X	avscan.exe	Added by the WOOTBOT.DH WORM!
WLAN Status Tray Applet	N	WLANSTA.EXE	System Tray icon for checking the status of a Wireless LAN
wlancfg	U	wlancfg.exe	Inventel wireless router related - required in order to automatically connect to the Net at bootup.
WLANSTA.EXE	N	WLANSTA.EXE	System Tray icon for checking the status of a Wireless LAN
WLAN_Cfg.exe	Y	WLAN_Cfg.exe	Linksys Instant Wireless USB Network Adapter driver
WM VCR	N	WMVCR.exe	WM_Recorder allows you to record Windows Media� streaming Video or Audio content. Can be accessed via Start Menu -> Programs
Wm24Pan	Y	Wm24Pan.Exe	ESI external sound card driver
wm41a398	X	rundll32.exe (path) wm41a398.dll,EnableRunDLL32	LZIO.com adware downloader
WMAudio	X	winlogon.exe	Neveg.A worm
WMAudio	X	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe) process
WMBoot	N	N/A	Associated with Logitech Wingman game controllers. Not required but what does it do?
wmcbaaca	X	rundll32.exe (path) wmcbaaca.dll,EnableRunDLL32	LZIO.com adware downloader
WMI Application Interface	X	wmiapi.exe	Added by the W32.SPYBOT.RBY WORM!
WMIEXE.exe	U	wmiexe.exe	NT component, used by Windows Millennium to detect Plug and Play-compliant IEEE 1394 devices during the startup process. Since this is important for the computer to work properly if you have these, Windows Millennium protects wmiexe.exe and will restore the file even if it's deleted or renamed. Check here for some details on what to do to stop it loading
Wminf	X	Wminf.exe	Added by the GEMA TROJAN!
Wminfo	X	Wminfo.exe	Added by the GEMA TROJAN!
wmiprv	X	wmiprv.exe	Added by the W32/RBOT-WM WORM!
wmon	X	jusched.exe	Added by the W32/AGOBOT-OW WORM!
WMP54Gv4	Y	WMP54Gv4.exe	Linksys WMP54G Wireless-G PCI Adapter driver
wmplayer.exe	X	wmplayer.exe	Added by the Troj/Bancban-CZ TROJAN!
WMPVer	?	WMPVer.EXE	Dritek System Inc. 3D Mouse related - is it required?
wmsys32	X	wmsys32.exe	Added by the BANPAES.B VIRUS!
wmv	X	winmonv.exe	Added by the TROJ/AGENT-DG TROJAN!
WM_LOGIN	?	MSGLOGIN.EXE	Part of McAfee Firewall. What is it for and is it needed?
WN Services	X	wnsvc.exe	Added by the W32/KBBot-A TROJAN! Note: This trojan file is found in the System (95/98/Me) or System32 (Nt/2000/XP) folder.
WNAD	X	WNAD.EXE	Spyware Added by running a program called "Yo Mama Osama" (osama.exe). See here for more and how to get rid of it. There are other ways this can show up on your system, and it will manifest itself by periodically opening a new browser window with advertising for copy DVD software and the like
wnddrv	X	svchost.exe	Aded by an unidentified TROJAN! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
WNILOGON	X	WNILOGON.exe	Added by the W32/Lewor-M TROJAN! Note: This trojan file is found in the Windows (95/98/ME/XP) or WINNT (NT/2000) folder.
WNSC	X	wns****.exe ( = random char)	PurityScan/Clickspring adware
Wnsck2 driver	X	wlogf.exe	Added by the W32/SPYBOT-AF WORM!
WNSI	X	wnscpsu.exe	PurityScan/Clickspring adware
WNSI	X	wnscpsv.exe	PurityScan/Clickspring adware
WNSI	X	wnscp*.exe ( = random char)	PurityScan/Clickspring adware
WNST	X	wns****.exe ( = random char)	PurityScan/Clickspring adware
wntlgns	X	wntlgns.exe	Added by a CoolWebSearch parasite related TROJAN!
Wnxpupdate	X	updatexp.exe	Added by the COMBRA.G WORM!
wnxupdate	X	updatexp.exe	Added by the W32/Combra-G WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
won update	X	WAPDATE.EXE	Added by the WIN32.RBOT.N WORM!
WooCnxMon	N	CnxMon.exe	Wanadoo ISP software related - not required - here's how to bypass it.
WOOTASKBARICON	N	TaskbarIcon.exe	Wanadoo ISP taskbar icon - not required
Woowatch	N	Watch.exe	Wanadoo ISP software, not required
word pair	X	bopotsvr.exe	Added by the TROJ/SHED-A TROJAN!
WordQ carat flag	Y	WordQcrs.exe	Related to WordQ Writing Aid Software
WordWeb	N	wweb32.exe	WordWeb - free theasaurus and dictionary. Start manually
Workflo	?	workflow.exe	Related to BroadJump Client Foundation - broadband troubleshooting software installed by various companies. Is it required?
Working System Analyzer	X	syswork.exe	Added by the W32/FORBOT-FZ WORM!
worknote1	X	[FILE NAME].exe	Added by the W32.Meetot WORM!
Works Calendar Reminder	N	wkcalrem.exe	Produces a pop-up reminder of events scheduled using the MS Works Calendar
WorksFUD	N	wkfud.exe	A marketing program for MS Works
Workstation Scheduler	U	wm95.exe	Desktop Management Scheduler. Part of Novell's Netware Client. Schedueles NDS events. If events have been schedueled, it is required, otherwise, it is useless and a memory hog
Workstation Services	X	wrkstn.exe	Added by the W32/RBOT-OJ WORM!
Workstation Ver 5.0	X	vmware.exe	Added by the W32/RBOT-AHB WORM!
WorldAntiSpy	X	worldantispy.exe	WorldAntiSpy, "rogue" spyware remover, installed as part of this_scam
Worm Detector	U	wd.exe	Worm Detector - antivirus add-on for Outlook 2K or XP for handling worms and spam
wormexe	X	winstart.exe	Added by the EARLYBIRD VIRUS!
wovax	X	wovax.exe	Win32.Daqa.A trojan
wow	X	bar.exe	Adware related downloader, detected as TrojanDropper.Win32.PurityScan.g
wow	X	wwf.exe	Added by the TROJ/LINEAGE-Y TROJAN!
Wpctrl or wpctrl95	N	wpctrlnt.exe wpctrl95.exe	WinPortrait plug-in for PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens, for example). Shortcut available via Display Properties
WPCycle.exe	Y	WpCycleWin.exe	Added when selecting Mplayer2 to open media files. Forces other codes to Wait for Previous instructions to end, preventing instability of your CPU (freezing)
wpds.exe	X	doriot.exe	Added by the TROJ/SMALL-KY TROJAN!
wpwmgrs	X	wpwmgrs.exe	Added by the W32/MYTOB-DH WORM!
WQK	X	WQK.exe	Added by a version of the KLEZ VIRUS!
wr	?	WR.EXE	??
WR Command	?	wr.exe	??
WrCtrl	N	WrCtrl.exe	Win-Route 4.27 NAT engine on Win2k Pro for connection sharing and security using Win-Route by Tiny Software. A connection sharing/Firewall Application. If service is disabled the program does not work, but you can manually start/stop the service with a shortcut the program installs at any time
WRDialer	X	WrDialer.exe	WinPoet DSL dialler
WRECK GUARD	?	??	??
WregBios	?	wregbios.exe	Desktop Management BIOS (DMI BIOS) related. Apparently invokes the DosBios.exe file. Is it required?
wrexec	U	wrexec.exe	Watch Right - monitoring program, part of the PowerTools add-on for AOL. Records instant messages, E-mail, chat. Watch Right appears to be, and functions as an online clock updater which connects with the U.S. National Institute of Standards and Technology. It was designed for parents who wish to keep an eye on what their children are doing online
wriste	?	wriste.exe	??
Write DVD-R!	U	saimon.exe	Saimon's WriteDVD! "gives total support for DVD-RAM drives. It provides many functions such as setting partitions on DVD-RAM disks and FixDVD! can diagnose and repair UDF formatted disks".
ws2help	X	ws2help.exe	Added by a variant of the TROJ_SMALL.AN downloader TROJAN!
ws2_32	X	svchst.exe	Added by the TROJ/VOKEN-A TROJAN!
WSAConfiguration	X	svchostt.exe	Added by the AGOBOT.ZT WORM!
WSAConfiguration	X	wmon32.exe	Added by the W32.Gaobot.BAJ WORM!
WSAConfiguration	X	winlogon32.exe	Added by the W32/AGOBOT-WC WORM!
WSAConfiguration	X	rpcxmn32.exe	Added by the AGOBOT.ABG WORM!
WSAConfiguration	X	win32upd.exe	Added by a variant of the WIN32.RBOT WORM!
WSAConfiguration	X	drrss.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
WSAConfiguration	X	ntguard32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
WSAConfiguration	X	csrsvcs.exe	Added by the AGOBOT.VI WORM!
WSAConfiguration1	X	csass.exe	Added by the AGOBOT.WH WORM!
wsbklite	?	wsbklite.exe	Related to the Acer Soft Button on Acer Tablet PCs. Appears to do nothing so is it required?
WScheduler	U	WScheduler.exe	Windows Scheduler - "schedule unattended running of applications, batch files, scripts and much more. Also, you can schedule popup reminders so you'll never forget reminders, tasks and other events."
wscript.exe	X	vabian.vbs	Added by the VABI VIRUS!
wscsvc.exe	X	wscsvc.exe	Added by a password stealing Banker TROJAN!
Wsdata service	X	WSconf.exe	Added by the SDBOT.ZU WORM!
wserver	X	wserver.exe	Added by the W32.NETSKY.AC WORM!
WService	U	WService.exe	Tablet client Driver for UC-Logic Pen/Graphics Tablet
wsg32	U	wsg32.exe	GoldenKeylog keystroke logger/monitoring program - remove unless you installed it yourself!
wskrnl	U	wskrnl.exe	Added by the Spyware.ActMon surveillance software. Uninstall this software unless you put it there yourself.
wsock32	X	svchost.exe	Added by the TROJ/HORST-A WORM! - NOTE - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows svchost.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
wsock32	X	wsock32.exe	Added by an unidentified WORM or TROJAN!
wsrv32	X	wsrv32.exe	Added by a TROJAN.CLICKER - identified by Kaspersky antivirus as Win32.Agent.ep
WSSAConfiguration	X	wmmon32.exe	Added by the W32/Agobot-KC WORM!
wssys	U	wssys.exe	WebPI logs keystrokes and captures screenshots. If you didn't install this yourself remove it
Wstat32 driver	X	Wstat32.exe	Added by the LOONBOT VIRUS!
wstimeb	Y	wstimeb.exe	Used with NEC printers. You can disable it before printing but it re-loads itself when printing so you may as well leave it
WSVCS	U	SERVICES.EXE	WALogger is a spyware program that logs keystrokes. If you didn't install this yourself remove it.
wswpd	Y	wswpd.exe	Used with some models of Panasonic, Epson and NEC printers. Some older drivers known to have a "memory leak". Needed for printing to work
wsys.exe	U	wsys.exe	SpyloPCMonitor is a spyware program that monitors user activity, logs keystrokes, and takes screenshots. It ends the processes of anti-spyware programs. If you didn't install this yourself remove it.
WT Game Channel or WT GameChannel	N	GameChannel.exe wtgamechannel.exe	Wild Tangent GameChannel - notification of new games, quick access to games and fast and easy game downloads. Note that Wild Tanget's privacy policy used to state they also collect and share individuals information, but that is no longer the case
WTF Test	X	wtftest.exe	Added by the W32/RBOT-ACM WORM!
WTIndicator	U	SchedInd.exe	WinTask - software that automates a variety of routine tasks quickly and simply
WTSI	X	wapisvit.exe	PurityScan/Clickspring adware
WTSS	X	wapicc.exe	PurityScan/Clickspring adware
WTSS	X	wapisvsu.exe	PurityScan/Clickspring adware
WTSS	X	wapisu.exe	PurityScan/Clickspring adware
WTSS	X	wapiit.exe	PurityScan/Clickspring adware
WTSS	X	wap**.exe ( = random char)	PurityScan/Clickspring adware
WTST	X	wapisvtr.exe	PurityScan/Clickspring adware
wuanguard	X	wuanguard32.exe	Added by the W32/RBOT-AAF WORM!
wuauon	X	(Random Filename).exe	Added by the Troj/Bdoor-MC TROJAN!
WUOLService	Y	WUOLService9x.exe	Remote wakeup status agent. Part of Novell's ZenWorks. Processes Wake-up on LAN requests (turn on a computer remotely on LAN)
wuosdial	X	wuosdial.exe	Added by a variant of the WIN32.RBOT WORM!
WUPD	X	iglmtray.exe	Added by the TZET VIRUS!
wupd	X	win32.exe	Added by the TROJ/ORSE-C TROJAN!
wupd	X	symcsvc.exe	Added by the ABWIZ.C TROJAN!
wupdate	X	wisvccz.exe	Added by the TROJ/ORSE-B TROJAN!
wupdate	X	wi32.exe	Downloader trojan, detected by Panda antivirus as Adware/Trustbid
Wupdate driver	X	[various file names]	Added by a variant of the W32.SPYBOT WORM!
Wupdm32	X	Wupdm32.exe	Added by the W32.MIDLAK WORM!
wupdmgr32.exe	X	wupdmgr32.exe	Added by the Troj/Certif-I TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
wupdt	X	wupdt.exe	Added by the IMISERV.A TROJAN!
WUSB11B.exe	Y	WUSB11B.exe	Linksys WUSB11 WLAN USB adapter
WUSB54Gv2	Y	InvokeSvc3.exe	Wireless-G USB Wireless Network Adapter related - would appear to be required
WUSB54Gv4	Y	WUSB54Gv4.exe	Wireless-G USB Wireless Network Adapter related - would appear to be required
wuviewer	X	wuviewer.exe	Added by a Proxy_Trojan variant
WUx_RegSvr	?	RegSvr32.exe	x is any number??
wvsvc	X	wvsvc.exe	Added by the AGOBOT.YM WORM!
WWKS	X	wsass.exe	Added by the W32/SDBOT-BT WORM!
www.hidro.4t.com	X	enbiei.exe	Added by the BLASTER.F VIRUS!
www.symantec.com	X	oz11111.exe	Added by the W32.Mydoom.W WORM!
WXcmeinst	X	[path to file]	Added by the RANCK-CD TROJAN!
Wxp4	X	Norton Update.exe	Added by the W32.ERKEZ.D WORM!
WXProcMgr Module	N	WXprocMgr.exe	TVTonic from Wavexpress - "enjoy 3 full-screen, DVD-quality video channels for FREE". Allows data content to be downloaded and synchronized on your system
wzhelper	X	wzhelper.exe	Searchcentrix hijacker
wzservice	X	hess.exe	Added by the Backdoor.Win32.Hackarmy.w TROJAN!
X Server	U	X.exe	"XoftWare for Windows" enables you to run network-based UNIX programs ("X programs" or "clients") side-by-side with Windows applications on your personal computer. You can also share programs and computing resources with host computers connected to your PC over a network
x(Number from 1 to 7)	X	x1.exe	Added by the Troj/Dadobra-A TROJAN!
x(Number from 1 to 7)	X	x2.exe	Added by the Troj/Dadobra-A TROJAN!
x(Number from 1 to 7)	X	x3.exe	Added by the Troj/Dadobra-A TROJAN!
x(Number from 1 to 7)	X	x4.exe	Added by the Troj/Dadobra-A TROJAN!
x(Number from 1 to 7)	X	x5.exe	Added by the Troj/Dadobra-A TROJAN!
x(Number from 1 to 7)	X	x6.exe	Added by the Troj/Dadobra-A TROJAN!
x(Number from 1 to 7)	X	x7.exe	Added by the Troj/Dadobra-A TROJAN!
X-Cleaner Deluxe	U	xcleaner.exe	X-Cleaner_Deluxe - privacy and anti-spy application
X-Cleaner Freeware	U	XCLEAN~1.EXE	X-Cleaner_Freeware
X-Grabber	N	sswizard.exe	ScreenShot Wizard
X10 Device Network Service	U	x10nets.exe	Belongs to X10 video streaming device(s).
X10Weax	X	WTHRTRAY.EXE	WeatherCheck "bring the latest local weather to your desktop". Not recommended as it reportedly pops ads, and contains no uninstaller.
x3watch	U	x3watch.exe	"program helping with online integrity. Whenever you browse the internet and accesses a site which may contain questionable material, the program will save the site name on your computer. Approximately every 30 days, a person of your choice (an accountabiltiy partner) will receive an e-mail containing all possible questionable sites you may have visited within the month. This information is meant to encourage an open and honest conversation between friends and help us all be more accountable"
x3yy	X	(path to trojan)	Added by a TANNICK trojan infection
Xanadu	N	Xanadu.exe	Xanadu - free language and translation wizard from Foreignword
xBrotherMeCom	?	BrMeCom.exe	Related to Brother MFC-9200c printer. What does it do and is it required?
xbtl	U	bootldr.exe	Added by the WSLogger surveillance software. Uninstall this software unless you put it there yourself.
Xcpy1	X	Xcpy1.exe	BroadcastPC adware variant
xdxqa	X	dewa.exe	Added by the W32/SDBOT-YB WORM!
XE 8x LM Status	U	lmsxxe.exe	Xerox XE8 series laser printer status monitor
Xecuter.bat	X	psexec.bat	Added by the BOOHOO VIRUS!
XemiCo	N	ADC.EXE	XemiComputers Active Desktop Calendar
Xfire	N	Xfire.exe	Terratec DMXFire 1024 soundcard controlpanel
xflash	X	xflash.exe	Added by the TROJ/BANCJ-A TROJAN!
xflash	X	xflash.exe	Added by W32/YURIST-K WORM!
xftpGraber	X	Xftpgraber.exe	Added by the W32.ENVID.C WORM!
XGIWatchDog	?	XWatDog.exe	Related to XGI Technology's Volari graphics cards - what does it do and is it required?
xhi	X	xhi.exe	Added by the Troj/SCLog-A TROJAN!
xhrmy	X	Xhrmy.exe	HyperLinker adware
xicon	?	xicon.exe	Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required?
XiD	X	mmx.exe	Added by the ANALOGX VIRUS!
XircWinModem4	Y	ltcm000c.exe	WinModem drivers. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
xitami	U	Xiwin32.exe	Xitami Multiplatform Open Source web server
xkstartup	?	RunDll32 InstZ82.dll, SetUsbPrinterPort	On a system with a Lexmark printer
xload32	X	netdd.exe	Added by the NETSPY TROJAN!
XML Service	X	msxml.exe	Added by the W32/RBOT-HD WORM!
XNSearchAssistant	X	SrchAsst.exe	iWon Search Assistant - spyware
XoftSpy	U	XoftSpy.exe	XoftSpy antispyware software
xor	X	svchost.exe	Added by the XORDOOR TROJAN! This is not the valid svchost.exe as described here
xp	X	winis.exe	Added by the W32/RBOT-WO WORM!
xp service pack 2	X	xpsp2.exe	Sdded as result of a W32/Rbot-KW worm infection
xp32win	X	xpupdater02.exe	Added by the TROJ/MOSUCK-A TROJAN!
Xpagent	?	xpagent.exe	Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required?
xpcfg	?	xpcfg.exe	??
Xpclient	?	xpclient.exe	Part of the IBM/XPoint Rapid Restore utility. What does it do and is it required?
XPCPHOST Settings	X	xpcphost.exe	Added by a variant of the WIN32.RBOT WORM!
xpiupdate	X	xpiupdate.exe	Added by the W32/RBOT-AAB WORM!
xpiupdate	X	xpiupdate.exe	Added by the W32/RBOT-AFY WORM!
XPSoft	X	CVDAsDW.exe	Added by the W32/SDBOT-SY WORM!
XPSP2 Firewall	X	xpsp2fw.exe	Added by the WIN32.SMALL.RN downloader TROJAN!
xpstart	X	wini.exe	Added by the W32.PICRATE.A WORM!
xpstat	X	winlogins.exe	Added by the W32/RBOT-AAR WORM!
XPsys	X	XPsys.exe	Added by the DELF-KQ or Troj/Dloader-SG TROJAN!
xpsystem	X	services.exe	CoolWebSearch parasite related.
xpsystem	X	MSXMIDI.EXE	CoolWebSearch parasite variant, identified by Kaspersky_antivirus as TrojanDropper.Win32.Small.cw
xpsystem	X	y.exe	CoolWebSearch parasite related
xpupdate	X	updates.exe	Added by the W32.Bropia.L WORM!
xp_system	X	services.exe	Krepper-G TROJAN, a CoolWebSearch parasite variant or Troj/Krepper-R Note - this is NOT the legitimate services.exe process, which should NOT figure in Msconfig/Startup!
xp_system	X	winlogon.exe	Krepper-G trojan, a CoolWebSearch parasite variant - Note - this is NOT the legitimate Windows winlogon.exe process, which should NOT figure in Msconfig/Startup!
xp_system	X	services.exe	Added by the W32.Conycspa.G WORM!
xserv	X	(Trojan executable)	Added by the Troj/Stumpy-A TROJAN!
XStop95	U	XStop95.exe	XStop - internet filter
xswin	N	xswin.exe	Installed with a Xerox Work Centre Pro 555. Unchecking it removes an "out of system memory" error
XTCsgloader	?	XTCsgloader.exe	Another Xupiter toolbar variant??
XTN Service Drivers	X	winxtn.exe	Added by the W32/Sdbot-YK WORM!
XTNDConnect PC - 3CmPlm	U	Autodet.exe	Component of EasySync Pro. Synchronisation between Palm PDAs and Microsoft Outlook
XTNDConnect PC - ErPhn2	U	ErPhn2.exe	Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
XTNDConnect PC - ErTray	U	ErTray.exe	Component of EasySync Pro. Synchronisation between SonyEricsson mobile phones and Microsoft Outlook
XTNDConnect PC - LtNts4	U	NtsAgnt.exe	Component of EasySync Pro
Xtray	X	xtray_link.exe	TROJ_VB.JL trojan
XtreamLok License Manager	U	xl.exe	License manager for xLok (XtreamLok) - prevents software being reverse engineered
Xtrem parental control	U	pcx.exe	Added by the ParentXtreme SPYWARE! **Note - If you didn't intentionally install this software remove it.
XTServiceUpdate	X	XTServiceUpdate.exe	hahame.net adware downloader
XtTb.exe	X	XtTb.exe	Top-banners.com adware
xuio.exe	?	xuio.exe	??
Xupiter Startup	X	XupiterStartup.exe	Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here
XupiterCfgLoader	X	XTCfgLoader.exeBWCfgLoader.exe	Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here
xupiterstartup2003	X	xupiterstartup2003.exe	Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here
XupiterToolbarLoader	X	XupiterToolbarLoader.exe	Xupiter - adware and homepage hijacker. To remove Xupiter go here and to prevent it re-installing in the future see here
xv_ctrl	U	v_ctrl.exe	3dfx Underground Tools - "Gives direct hardware control to your video graphics adapter"
xware	X	xware.exe	Malware downloader from xxsware.com, causes porn popups
xware	X	cskware.exe	Malware downloader from xxsware.com, produces porn popups.
XWMSUSBAPI	?	XWMSAPI.EXE	Part of the installation of a Xerox WorkCentre printer/scanner. Is it required?
xxcm	X	sys.exe	Added by the W32/KRISWORM-A WORM!
xxsrSrv32	X	xxsrsrv.exe	Added by the TROJ/BANCSDE-E TROJAN!
XXXmpeg	X	XXXmpeg.exe	Adult content dialler
xxxvideo	X	xxxvideo.exe	AccessPlugin premium rate adult material dialer
Y!TunnelBasic	U	YTBasic.exe	Y!TunnelBasic software provides additional features to Yahoo! Messenger.
Y!TunnelPro	U	YTunnelPro.exe	Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
Y!TunnelPro	U	YTPro.exe	Spam, bot and ad blocker for Yahoo! Messenger from Digital Asphyxia
yaemu.exe	X	yaemu.exe	Added by the WIN32.DNSCHANGER.S TROJAN!
yahoo groups	X	upgrdmgr.exe	Added by a variant of the WIN32.RBOT WORM!
Yahoo HP Reminder 1.1	?	yr.exe	??
Yahoo Instant Messengar	X	YahooMsgr.exe	Added by the WIN32.SDBOT.GEN TROJAN!
Yahoo Messenger	X	Yahoomsg.exe	Added by an unidentified WORM or TROJAN!
Yahoo Messenger	X	YPager.exe	Added by the W32/RBOT-QO WORM!
Yahoo Update	X	Yahoo.exe	Added by the Yahoo! TROJAN!
Yahoo Updater	X	Messenger.exe	Added by the W32/Forbot-FE WORM!
Yahoo! Pager or ypager	N	ypager.exe	Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
Yahoo2000	X	Anti.exe	Added by the RBOT.ATK WORM!
YahooStock	X	ystckAO32.exe	Adtomi adware
YahooStock	X	Prmvr.exe	Adtomi adware
yahoo_toolbar lptt01 or yahoo_toolbar ml097e	X	yahoo_toolbar.exe	Variant of the RapidBlaster parasite (in a "yahoo_toolbar" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here
YAMAHA AC-XG Power Utility	?	yacpower.exe	YAMAHA AC-XG Power Utility - what does it do and is it required?
YAMAHA DS-XG Launcher	N	dslaunch.exe	System Tray access for the features of the Yamaha DS-XG soundcard unless you regularly change set-ups
Yankee Clipper III	N	YankClip.exe	Yankee Clipper III - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface'. Freeware
YBrowser	N	ybrwicon.exe	SBC Yahoo! Browser system tray icon
yeahdude.exe	X	hallowelt.exe	Added by the GAOBOT.RS or GAOBOT.SA WORMS!
YOP	N	yop.exe	Dashboard Module for SBC Yahoo! Online_Protection
You've Got Pictures Screensaver	U	ygpsstra.exe	AOL You've Got Pictures� Screensaver
YOW tuner	?	WatchPNM.exe	??
YPC	U	ypc.exe	Yahoo Parental controls - "Let you decide what type of sites and Yahoo! services your kids can access"
YTrayMagic Lite 1	Y	YTRAYMAGIC.EXE	YTrayMagic from YoconSoft automatically restores your tray icons after an Explorer(the windows shell) crash. Leave to run at startup since only those icons that are in the taskbar after YTrayMagic has initialized will be restored
Yugoslavia	X	yugoslavia.exe	Premium rate adult content dialer
Yumgo's Homepage Protector V1	U	YumgoHomepageProtector.exe	Yumgo's Homepage Protector
ywwvc.exe	X	ywwvc.exe	Added by the Troj/StartPa-HR TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ywzizdon	X	ywzizdon.exe	Free_Scratch_Cards foistware
yx	X	uu.exe	Added by the W32/Agobot-YX WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
yyyyyyyy	X	(path to trojan)	Added by the MUMUBOY.B VIRUS!
yz.exe	X	yz.exe	Added by the VARDO VIRUS!
YZH	X	YZH.exe	Added by the W32/LegMir-BM Virus! Note: This Keylogging virus file is found in the Windows or Winnt folder.
YZH.SYS	X	YZH.exe	Added by the W32.SOPHILY VIRUS!
z-WrDialer	U	WrDialer.exe	WinPoet DSL dialer
ZaCker	X	(filename).PIF	Added by the HOLAR.A VIRUS! where <filename> is the worm filename
Zacker	X	Zacker.exe	Added by the GEMEL VIRUS!
zango	X	zango.exe	180Solutions/N-Case adware variant
Zango SiteFinder	X	ZangoSiteFinder.exe	180Solutions ZangoSearch adware variant
Zango TvTimes	X	ZANGOT~1.EXE	ZangoSearch adware
zanu	X	zanu.exe	180Solutions/N-Case adware variant
Zapro	Y	Zapro.exe	Firewall program from Zonelabs - paid for version
zBrowser Launcher	U	iTouch.exe	For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn\'t have them
zBrowser Launcher	U	Commandr.exe	For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc. if it doesn't have them
Zcfgsvc	U	ZCfgSvc.exe	Zero Config MFC Application, part of Intel�s ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing �Not Responding� or �End this Program� shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have Windows XP/2003, try setting the �Wireless Zero Configuration� service to Disabled.
zcproo	X	qssstiej.exe	Possible homepage hijacker installing a toolbar: http://tdko.com/ ,Lop.com in disguise. see this thread
ZDConfig	?	ZDConfig.exe	Related to various brands of Wireless USB LAN Adapter - what does it do and is it required?
zdnet	N	kontiki.exe	Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
Zebus	N	msdc32.exe	Runs a HTML tutorial on the Zebus web-site
Zekio Startups	X	znksvc32.exe	Added by the W32/AGOBOT-AGI WORM!
Zen.A	X	(path to trojan)	Added by a Perl/Zoomen-A trojan infection
Zenet	X	rundll32 CNBabe.dll, DllStartup	CommonName Toolbar spyware. To uninstall see here
Zeno	X	sys**.exe ( = random char/digit)	Added by ZenoSearch adware - filenames spotted include rsyssx2d.exe, rsyssx2d.exe, rsystu2d.exe, ysysyz2d.exe and so on.
ZENRC	Y	zenrc32.exe	The main component of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management".Leave well alone
ZENRC Tray Icon	Y	zentray.exe	Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management".Best left alone
ZENworks Imaging Service	Y	ZISWin.exe	Imaging Agent. Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management"
ZeroAds	U	0	ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually
ZeroAds	U	LAS0Ads.exe	ZeroAds - culls ads, cookies and pop-ups. Required for the cookie interception to work
ZeroSpyware	U	ZeroSpyware.exe	FBM Software ZeroSpyware 2004 spyware detector and remover
zervpack2	X	update2.exe	Added by the SDBOT.WD WORM!
zerzvpack2	X	uzpdate2.exe	Added by a Rbot-KA worm infection
ZGNUBI	?	ZGNUBI.exe	??
Zi5	X	AntiVirus Update.exe	Added by the W32.Erkez.G WORM! Note: This worm file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
ZIBMACC	X	rundll.exe -> ZIBMACC.INF	ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
ZingSpooler	U	ZingSpooler.exe	Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums
Zinio DLM	N	ZDLM.EXE	Zinio - used to read magazines in digital rather than paper format
Zip Driver Loader	X	msload32.exe	Added by the OBLIVION TROJAN!
Zip Driver Loader	X	ZipLoader.exe	Added by the OBLIVION TROJAN!
ZipDisk Icons	U	IMGICON.EXE	Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
ZipGenius Clean	N	zg.exe	ZipGenius file compression utility
ziphelp	X	ziphelp.exe	CoolWebSearch parasite related.
ZipMagic	N	zm32.exe	Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first
zlclient or Zone Labs Client	Y	zlclient.exe	Firewall program from Zonelabs. Pro version inlcudes other online security options
ZLH	U	ZLH.EXE	System Tray icon for Norman Antivirus
Zonavirus	X	0	Added by the KITRO.D (or ARGEN.A) VIRUS!
Zone Alarm	X	vsmon.exe	WORM_RBOT.BO
Zone Labs Client Ex	X	svchost.exe	Added by the W.32NETSKY.F WORM! **Note This is not the valid svchost.exe as described for WinXP or Win2K . Located in a Windows directory, and not in Windows\System32
Zone system	X	szchost.exe	Added by the TROJ/MULTIDR-AC TROJAN!
ZoneAlarm	Y	zonealarm.exe	Firewall program from Zonelabs - free version
zonealarm	X	mcmm.exe, random file names	Added by an unknown worm or trojan infection
Zonealarm	X	Removeme.exe	Added by the W32/FORBOT-BG WORM!
ZoneAlarm Plus	Y	zaplus.exe	Firewall program from Zonelabs - paid for version
ZoneAlarm Pro	Y	Zapro.exe	Firewall program from Zonelabs - paid for version
Zoom	U	zoom.exe	Zoom - speeds up Windows startup and manages startup applications
ZoomingHook	?	ZoomingHook.exe	Related to the Toshiba Zooming Utility for Tablet PC - what does it do and is it required?
ZPOINT32	Y	ZPOINT32.exe	USB graphics/writing tablet driver
zSearch	X	Zstb.exe	TotalVelocity zSearch parasite
zsms	X	smss.exe	Added by the BANCOS-CK TROJAN! - Note - this file is placed in the Winnt or Windows folder, and should NOT be confused with the legitimate Windows smss.exe process, located in the Winnt/System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
zsmsgs	X	iservice.exe	Added by the TROJ/BANCOS-BU TROJAN!
zsmss	X	smss.exe	Added by the Troj/Bancos-DD TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) The legitimate Windows Process should not be seen in Msconfig or as a Startup item. This trojan file is found in the Windows or Winnt folder.
zSPGuard	U	Spguard.exe	"StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known 'invaders'."
ZStart	X	[various file names]	Adware, probably VX2/Transponder related - filenames spotted include rdxregpp.exe, tdxregrs.exe and more.
Zstart	X	cxdxregt.exe	ZenoSearch adware component
ZtgServerSwitch	X	server.vbs	ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware
Zupdate	X	Zupdate.exe	B3d Projector - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in C:\Windows\System. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
zzb	X	zzb.exe	IAGold_adware downloader
zzb2	X	zzb2.exe	IAGold_adware downloader
zzgshp	X	gshp.vbs	Homepage hi-jacker that re-defines your IE or Netscape start page
zztp	X	svchost.exe	Added by the TANNICK.B TROJAN! - Note - this is NOT the legitimate Windows svchost.exe process, which should NOT figure in Msconfig/Startup!
zzz-hpi-boot	?	hpi-boot.exe	Associated with HP Photosmart printers
zzzCamlnSuitelll	?	setup.exe 46***	??
zzzhpsetup	?	setup.exe	??
[default]	X	[original folder]\DrWatson32.exe	Added by the Dremn TROJAN!
[default]	X	"%System%\syscache\DrWatson32.exe"	Added by the Dremn TROJAN!
[Ephemeral 2.5] by TreeHugger	X	(Path to worm)	Added by the W32/Lemoor-C WORM!
[Ephemeral 2.x] by TreeHugger	X	(path to worm)	Added by the LEMOOR.A WORM! where "x" represents 3 or 4
[file name]	X	[path to file name]	Added by the PWSteal.Reanet.B TROJAN!
[filename]	X	svchost.scr	Added by the BANKER-CC TROJAN!
[random characters]Srv32	X	\[random characters]srv.exe	Added by the PWSteal.Botuk TROJAN!
[random name]	X	w?nlogon.exe	PurityScan adware variant
[random name]	X	r?ndll32.exe	PurityScan adware variant
[random name]	X	??xplore.exe	PurityScan adware variant
[random name]	X	w?nword.exe	PurityScan adware variant
[random name]	X	??oolsv.exe	PurityScan adware variant
[random name]	X	se?vices.exe	PurityScan adware variant
[random name]	X	??chost.exe	PurityScan adware variant
[random name]	X	t?skmgr.exe	PurityScan/Clickspring adware
[random name]	X	l?gonui.exe	PurityScan/Clickspring adware
[random name]	X	w?auboot.exe	PurityScan/Clickspring adware
[random name]	X	w?auclt.exe	PurityScan/Clickspring adware
[random name]	X	??erinit.exe	PurityScan/Clickspring adware
[random name]	X	r?gsvr32.exe	PurityScan/Clickspring adware
[random name]	X	n?tepad.exe	PurityScan/Clickspring adware
[random name]	X	w?wexec.exe	PurityScan/Clickspring adware
[random name]	X	w?crtupd.exe	PurityScan/Clickspring adware
[random name]	X	??plorer.exe	PurityScan/Clickspring adware
[random name]	X	?hkdsk.exe	PurityScan/Clickspring adware
[random name]	X	d?dplay.exe	PurityScan/Clickspring adware
[random name]	X	m?iexec.exe	PurityScan/Clickspring adware
[random name]	X	?hkntfs.exe	PurityScan/Clickspring adware
[random name]	X	j?vaw.exe	PurityScan/Clickspring adware
[random name]	X	n?pdb.exe	PurityScan/Clickspring adware
[random name]	X	n?lookup.exe	PurityScan/Clickspring adware
[random name]	X	m?config.exe	PurityScan/Clickspring adware
[random name]	X	?ttrib.exe	PurityScan/Clickspring adware
[random name]	X	l?ass.exe	PurityScan/Clickspring adware
[random name]	X	??anregw.exe	PurityScan/Clickspring adware
[random name]	X	d?xplore.exe	PurityScan/Clickspring adware
[random name]	X	w?aclt.exe	PurityScan/Clickspring adware
[random name]	X	dexplore.exe	PurityScan/Clickspring adware
[random name]	X	wucrtupd.exe	PurityScan/Clickspring adware - do NOT confuse with the Windows Critical Update Notification application as described here
[random name]	X	dvdplay.exe	PurityScan/Clickspring adware
[random name]	X	??ool32.exe	PurityScan/Clickspring adware
[random name]	X	spoolsv.exe	PurityScan/Clickspring adware
[random name]	X	??rvices.exe	PurityScan/Clickspring adware
[random name]	X	chkdsk.exe	PurityScan/Clickspring adware - unlike this file, the legitimate Windows chkdisk.exe will in Windows XP/2000/NT always be located in the Winnt\System32 or Windows\System32 folder, and ought moreover NOT to figure among the startups!
[random name]	X	?ti2evxx.exe	PurityScan/Clickspring adware
[random name]	X	??rss.exe	PurityScan/Clickspring adware
[random name]	X	r?gedit.exe	PurityScan/Clickspring adware
[random name]	X	scanregw.exe	PurityScan/Clickspring adware
[random name]	X	wuauboot.exe	PurityScan/Clickspring adware = NOTE: Do NOT confuse with the legitimate wuauboot.exe file, which should not figure in Msconfig/Startup!
[random name]	X	n?tdde.exe	PurityScan/Clickspring adware
[random name]	X	r?ndll.exe	PurityScan/Clickspring adware
[random name]	X	ping.exe	PurityScan/Clickspring adware - NOTE - do not confuse with the Microsoft utility of the same name as described here
[random name]	X	w?nspool.exe	PurityScan/Clickspring adware.
[random name]	X	CXTPLS_LOADER.EXE	AproposMedia adware
[random name]	X	m?dtc.exe	PurityScan/Clickspring adware
[Random service name]	X	"%System%\[Random file name]"	Added by the W32.Namshare WORM!
[System Mechanic Professional Update [Incinerator.dll]	N	REREG: [path] Incinerator.dll	System_Mechanic's "Incinerator" feature securely deletes files and folders from your PC so they can never be recovered again.
[various filenames]	X	qtsks.exe	Added by the WEBDOR.Y TROJAN
[various names]	X	SYSTRAV.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	control64.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	newbreed.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	stuffmon.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ParisM.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	RtlFindVal.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	cmon14.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	EXE32EXE.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ms-its.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	iehelper.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	_ctcp.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	bnui.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	bingo9.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Testimonials.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	TorontoMail.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	gabber.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	NsCplTray.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ActionScr.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	progmen.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	sound64.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	dstart2.exe	Adware - recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Small.alw
[various names]	X	msdos32.exe	Added by a variant of the WIN32.AGENT.AH downloader TROJAN!
[various names]	X	sitebar.exe	Added by an unidentified TROJAN!
[various names]	X	tmservice.exe	Added by a variant of the WIN32.RBOT WORM!
[various names]	X	driver32.exe	Added by a variant of the W32/SDBOT WORM!
[various names]	X	Uint32.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	backorif.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	bhoserv.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	hyandex.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Shaitan1678.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	34763.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	MNTP.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	WinInitDll.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	zxc.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Dest068.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	xxtoolbar.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	killall.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Kargo.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	sysmon12.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	dialer423.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	srbho.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	prgsys0984.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	sysconf16.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	media64.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	StartCpl.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	abrek.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	scanSYS.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Trayz.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	MsNetHelper.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	install2.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	br0ken.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	atl_helper.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	DCC_send.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	UserSp1.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ftbar.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	clamav.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	slamm.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	new32.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Preliminary.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	panel_its.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Bogobot.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	SAPSTR.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	cmon14.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Brong32.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	diskserv.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	awinrar.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	TRPT.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	moniter.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	XTermInit.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	NSYSCPLSTR.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	barint.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	uio.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	LOPTCON.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	WTFCTF.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	zantu.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	DTOURS.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	avpmondll.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	SetupExeDll.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	typeconf.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	msag.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	pizda.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	prcmon.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	expoler.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	10010.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	KeywordFinder.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	cnftips.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	wormexe.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	init32.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ExchangeMaster.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	SpyElim.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	BoundRec.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	321102.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	openstre.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	forces_elite.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	NopeZ.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	Serviceprocess.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	utsgmon.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	startman.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	jopplerg.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ssweeper.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	backd.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	mozilla-text.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	MON76234.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	FLKPT.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	keybdll.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	sbin.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	TemplateDongle.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	syspanel.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	teqq32.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	nmdllw.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	InpriseMon.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	SysEntry.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	defect08.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	AppMasterCenter.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	WhatsNewBot.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	CToolBar.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ERTYDF.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	driver64.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	iesetupdll.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	borlandg.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	AliceSD.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	PrcIdle.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	trycrt.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	vxdman.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	StatusCheck.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ATLIEHELPER.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	321102.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	corrida.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	NukeSpan.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	powerdll.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	qwe.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	SysSupport.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	TForm1.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	xwiz.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	JAguAr.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	ABCXYZ.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	dePloy.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	exe81.exe	MediaMotor/Popuppers adware variant. Names spotted include SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on.
[various names]	X	seli.exe	MediaMotor/Popuppers adware variant. Names spotted include SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on.
[various names]	X	exe82.exe	MediaMotor/Popuppers adware variant. Names spotted include SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on.
[various names]	X	MSTCPDLL.exe	TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here
[various names]	X	80d0.exe	MediaMotor/Popuppers adware variant. Names spotted include 80d0, SWOD, g$p$, elos, seli, "piz, :C=e, resU and so on
IEService.exe	X	IEService.exe	FastFind parasite variant
Pribi.exe	X	Pribi.exe	FastFind adware variant
\TOOLS.exe	X	tools.exe	Lycos SideSearch/Fastfind.org adware
^`d}qZxu	X	~`d}qzxu3zYF	Added by the GAOBOT.GEN!POLY WORM!
_AntiSpyware	U	MssCli.exe	McAfee AntiSpyware
_Cat1	X	nmmst.exe	Added by the TROJ_SMALL.SD TROJAN!
_Cat2	X	nmstt.exe	Added by the TROJ/SMALL-DT downloader TROJAN!
_Cat3	X	msmsgrxp.exe	Added by a variant of the TROJ/SMALL-DT downloader TROJAN
_Cat4	X	msmsgr2.exe	Added by the TROJ/SMALL-EB TROJAN!
_Hazafibb	X	(path to file name)	Added by a ZAFI.B WORM! infection
_ntrdlhost	X	_Ntrdlhost.exe	Added by the TROJ/DLOADER-JV TROJAN!
_ntrRescueService	X	_ntrrs.exe	Added by the TROJ/DLOADER-JV TROJAN!
_pnd_Panda Antivirus	X	_pnd_****.exe ( = random char/digit)	Malware! - detected by ESET's Nod32 antivirus as Win32/TrojanDropper.Agent.NAK
_Setv	X	Setv.com	Added by the W32.Besam WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
_svchost.con	X	svchost.com	Added by the W32.ERKEZ.C WORM!
_SystemBoot	X	services.exe	Added by the TROJ/SOBER-Q TROJAN!! - NOTE - this file is placed in a "%Windir%\Help\Help" folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
_SystemDriver	X	csrss.exe	Added by the ASCETIC.B TROJAN - Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, and which should NOT figure in Msconfig!
_System_Run	X	_svchost_.exe	Added by the Troj/Lineage-Z TROJAN!
_tdiserv_	X	_tdicli_.exe	Added by the W32/Tdibd-A WORM!
_tdiserv_	X	_tdicli_.exe	Added by the W32.TDISERV.A WORM!
_winadm	U	winadm.exe	Parents Friend - "Log any activity and protect programs with a password. Further more you can lock the pc any hour in the week you want with the main password. You can also give users allowed programs in their program-lists and you can limit the maximal daily hours and maximal weekly hours user spend on the PC"
_WinCheck	X	services.exe	Added by the W32.Sober.V WORM! Note: This worm file is found in the Windows\ConnectionStatus\Microsoft or Winnt\ConnectionStatus\Microsoft folder.
_Windows	X	services.exe	Added by the W32.Sober.X WORM! Note: This is not the legitimate Windows process services.exe (Which is always found in the System32 folder.) This worm file (services.exe) is found in the Windows\WinSecurity or Winnt\WinSecurity folder.
_WinMain	X	winexec.exe	Added by the Troj/Dloader-XX TROJAN! Note: Copies itself to the Windows (95/98/ME/XP) or WINNT (NT/2000) folder.
_WinStart	X	services.exe	Added by the W32.SOBER.O WORM! - Note - this file is placed in a "%Windir%\Connection Wizard\Status folder, and should NOT be confused with the legitimate Windows services.exe process, located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
_winsystem.sys	X	smss.exe	Added by the W32.Sober.K WORM! ** Note - this is not the legitimate Smss.exe system file should normally NOT figure in Msconfig/Startup!
_x-Finder	X	_x-Finder.exe	Disconnects and redials an ISP modem to an adult content site
__ZF5	X	(Path to worm file)	Added by the W32.Erkez.F WORM! Note: Be sure to check the link for this one, it use's 5 and 11 digit random file names and Anti-Virus vendor folder names.
{0228e555-4f9c-4e35-a3ec-b109a192b4c2}	U	gnotify.exe	Google Gmail_notifier . Alerts you when you have new Gmail messages.
{12EE7A5E-0674-42f9-A76B-000000004D00}	X	rundll32.exe stlb2.dll,DllRunMain	BrowserAid/Startium parasite
{2CF0B992-5EEB-4143-99C0-5297EF71F444}	X	rundll32.exe stlbdist.dll, DllRunMain	BrowserAid/Startium parasite
{2CF0B992-5EEB-4143-99C2-5297EF71F44B}	X	rundll32.exe stlbupdt.DLL, DllRunMain	BrowserAid/Startium parasite
{357AA41A-B7A8-4632-A27D-5B980B25CF43}	X	(Path to Trojan executable)	Added by the Troj/Small-EP TROJAN!
�Windows Update	X	svchosts.exe	Added by the FRUTCA TROJAN!

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Engine Version 2.0 by CastleCops


	2002-2005 � Computer Cops LLC. All rights reserved. Acceptable Use Policy. Use signifies your agreement. RSS 0.91, RSS 1.0, RSS 2.0, Coffee Mug 296ppm Engine ALL(534.228s) phpbb(0s) SQL(0.079s) FUNC(0s) MARKER(-1133461074.81s) GT(531.394s) PT(0s)