NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

• "Y" - Normally leave to run at start-up
• "N" - Not required - typically infrequently used tasks that can be started manually if necessary
• "U" - User's choice - depends whether a user deems it necessary
• "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
• "?" - Unknown

	Startup Name	Process Name	Details
X		pathex.exe	"Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.dll	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.exe	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.js	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		ajsha5.exe	"Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field"
	Note - not be mistaken for the MSN Messenger file of the same name!"
	Note the filename has a ""0"" rather than an upper case ""o"""
Y	!1_pgaccount	pgaccount.exe	"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system and this is essential for PG to work properly"
Y	!1_ProcessGuard_Startup	procguard.exe	"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background as well as a variety of other attacks"
U	!AVG Anti-Spyware	avgas.exe	"Part of AVG Anti-Spyware from Grisoft"
N	!NoLoad	winrecon.exe	"WinRecon keystroke logger/monitoring program - remove unless you installed it yourself!"
U	"aimb.exe"" -h"	aimb.exe	"IMSufSentinel is a spy program which can record IM conversations log keystrokes record URLs visited and take screenshots. If you didn't install this yourself remove it"
X	"Vaganza-XPloit-[User Name]"""	[user name].exe	"Added by the GAVGENT.A WORM!"
X	$sys$crash	$sys$sonyTimer.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$crash	$sys$sos$sys$.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$crash	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$umaiyo	$sys$sonyTimer.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$umaiyo	$sys$sos$sys$.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$umaiyo	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
X	$WindowsRegKey%update	IEXPLORE.EXE	"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
U	%FP%012-L2TP FWPortal.exe	FWPortal.exe	012.Net.il Israeli ISP dial-up software
U	%FP%1776 Internet FWPortal.exe	FWPortal.exe	1776 Internet US ISP dial-up software
N	%FP%AIRTEL fts.exe	fts.exe	"Bharti Airtel Broadband - Indian ISP software front-end"
N	%FP%Barak013 fts.exe	fts.exe	Barak013 Israeli ISP software front-end
U	%FP%Barak013 FWPortal.exe	FWPortal.exe	Barak013 Israeli ISP dial-up software
X	(*)API Machine	winSOCKS.exe	"Homepage hijacker see here (* = any digit)"
X	(*)Run	win32API.exe	"Homepage hijacker see here (* = any digit)"
X	(Default)	media_driver.exe	"Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	Shania.vbs	"Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	NOTEPAD.exe	"Added by the RUSTY WORM! Note - not to be confused with the valid Windows ""NOTEPAD"" text editor! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	[random filename].exe	"Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	twunk_32.exe	"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winhelp.exe	"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	spolsvr2.exe	"Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winbas12.exe	"Adware CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	Systrsy.exe	"Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	llsass.exe	"Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	syspol.exe	"Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winlog.exe	"Unidentified adware. Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(default)	rundll32.exe [path to DLL file]Do98Work	"Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winligom.exe	"Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	5640.exe	"Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	fada.exe	"Detected by Trend Micro as the VB.HEI TROJAN! See here. Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	Mcafee.exe	"Detected by Kaspersky as the AGENT.AY TROJAN! See here. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	QQUpdate.exe	"Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	*Bandook	msdll.exe	"Added by an unidentified TROJAN - see here"
X	*JanisRuckenbrodII	janis.com	"Added by the POPS WORM!"
X	*Microsoft Update	ctxma.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	cxma.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	wstcl.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	wucxt.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	wuytc.exe	"Added by the STMU TROJAN!"
X	*MS Setup	[random filename]	"Virtumondo adware also known as the VUNDO TROJAN!"
X	*MSConfig32	aecache.exe	"Detected by F-Secure as the OBFUSCATED.GP TROJAN!"
Y	*StateMgr	statemgr.exe	Windows ME default for System Restore. Do NOT disable!
N	*WerKernelReporting	WerFault.exe	"Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here"
X	*windows update	wrauclt.exe	"Added by the RBOT-QU WORM!"
X	*windows update	wuanclt.exe	"Added by the RBOT-PG WORM!"
X	*windows update	wuaucrlt.exe	"Added by the SPYBOT.HUR WORM!"
X	*windows update	wuraclt.exe	"Added by the RBOT-PO WORM!"
X	*windows update	wurauclt.exe	"Added by the RBOT-SY WORM!"
X	*windows update	wsctl.exe	"Added by the SPYBOT.PR WORM!"
X	*windows update	wkmst.exe	"Added by the SDBOT.AVD WORM!"
X	*windows update	wscxt.exe	"Added by the RBOT.AOS WORM!"
X	*windows update	waurclt.exe	"Added by a variant of the RBOT WORM!"
X	*Windows [filename] Checker	[filename]	"Added by the KEDEBE-B WORM!"
X	*WindowsAudio	systemupd.exe	"Added by the AGENT-TH WORM!"
X	*WinLogon	[trojan path] ren time:[random number]	"Added by the VUNDO TROJAN!"
X	*winstats	winstats.exe	"Added by the GARGAFX TROJAN!"
X	*wuauclt.exe	w****.exe [* = random char]	"Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe wtmsv.exe wxmst.exe wmsvc.exe and so on..."
X	-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+	ISASS.exe	"Added by the ASSIRAL.B WORM!"
X	..	ABC2007.exe	"Added by the DLOADR-ASH TROJAN!"
X	.mscdr	lassa.exe	"Added by the WEBUS.C TROJAN!"
X	.msfupdate	msveup.exe	"Added by the ALLOCUP.A WORM!"
X	.protected	N/A	"Smitfraud variant"
X	.TEXTCONV	lsass.exe	"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder"
X	.WMAudio	csrss.exe	"Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	.WMAudio	lsass.exe	"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder"
N	/l:eng	N/A	Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file but it's easily available using the search function
?	00DSKSVR00	desksaver.exe	"Related to Advanced Desktop Shield"
?	00DSKSVR01	desksaver.exe	"Related to Advanced Desktop Shield"
Y	00PCTFW	FirewallGUI.exe	"PC Tools Firewall Plus - ""powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network"""
Y	00TCrdMain	TCrdMain.exe	Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
U	0190 Warner	WARN0190.EXE	"Anti-dialer program (Germany)"
U	0900 Warner	WARN0900.EXE	"Anti-dialer program (Germany)"
X	0mcamcap	0mcamcap.exe	"Added by the COSIAM-H TROJAN!"
X	0utlook Express	*****.exe [* = random char]	"Added by the RBOT-CC WORM! Note the first letter is actually the digit ""0"" and not a capital ""o"""
X	1	lsass.scr	"Added by the BANCOS.V TROJAN!"
N	1&1 EasyLogin	EasyLogin.exe	"1&1 EasyLogin - quick access to webhost 1&1's Control Panel Web-Mail and other applications via the System Tray"
X	1-sukarno	sukarno.exe	"Added by the BRONTOK-CR WORM!"
X	1029BB4B-16A9-4E77-AA3D-96930BD68EEC	sysockeu.exe	"Detected by McAfee as the FAKEALERT-AH TROJAN! See here"
X	1111swapmgr.exe	1111swapmgr.exe	"Added by the BDOOR-IC BACKDOOR!"
X	1234klsjdc uiar924c af	sxgnsvuxct.exe	"Detected by McAfee as the FAKEALERT-AM TROJAN! See here"
X	1234klsjdc uiar924c af	sysvtypkbjx.exe	"Detected by McAfee as the FAKEALERT-AM TROJAN! See here"
X	123Monitor	SpywareFreeMonitor.exe	"1-2-3 Spyware Free rogue spyware remover - not recommended see here"
U	12Ghosts Backup	12backup.exe	"12Ghosts Backup - ""Automatic Backups HyperBackup for Multiple Versions Registry Backup"""
U	12Ghosts JustAWindow	12window.exe	"12Ghosts JustAWindow - ""Cover annoying ads animated gifs things you don't want to see"""
U	12Ghosts SaveLayout	12autosl.exe	"12Ghosts SaveLayout - ""Always (always!) keep the layout of your desktop icons"""
U	12Ghosts TrayProtect	12srvc.exe	"12Ghosts TrayProtect - ""Hide tray icons restore after a crash"""
U	12Ghosts Wash	12wash.exe	"12Ghosts Wash - ""Protect your privacy clear browser history delete and overwrite cache files"""
?	17779Proj2002	N/A	"??"
X	180adsolution	180adsolution.exe	"NCase adware"
X	180ax	180ax.exe	"NCase adware"
X	180ClientStubInstall	stubinstaller****.exe [* = digit]	"180Solutions adware related"
X	180ClientStubInstall	[path to trojan]	"180Solutions adware related"
X	180ClientStubInstall	******.tmp [* = random digit/char]	"180Solutions adware related"
N	1A:MacVisionTrayMonitor	TrayMonitor.exe	Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Y	1A:Stardock MCP	mcpserver.exe	Master Control Program for Stardock apps in development. People should leave it running if they're using any of the Stardock applications
Y	1A:Stardock TrayMonitor	TrayServer.exe	For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
?	1CmailS	NETMAIL.EXE	"??"
U	1Srv32	SpyAgent4.exe	"SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC.""
X	1WinCfg32	WebMailSpy.exe	"WebMailSpy spyware"
X	2-suharto	suharto.exe	"Added by the BRONTOK-CR WORM!"
X	2020Downloader	mssvr.exe	"2020Search Toolbar"
X	2177F056-0AA6-4D6C-A944-13F71F341C29	sysokuaw.exe	"Detected by McAfee as the FAKEALERT-AH TROJAN! See here"
U	24Online Client	CyberoamClient.exe	"Related to Cyberroam from Elitecore Technologies Ltd"
X	2Search	main.exe	"2Search adware"
X	2thousandbuck	[path to file]	"Added by the RANKY.L TROJAN!"
U	2wSysTray	2portalmon.exe	"2Wire Homeportal user interface"
X	3-habibie	habibie.exe	"Added by the BRONTOK-CR WORM!"
Y	36X Raid Configurer	JMRaidSetup.exe	"JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers"
X	388529725448	AutomaticUpdates.exe	"Added by the SDBOT-DEN WORM!"
Y	3capplnk	3capplnk.exe	US Robotics Modem driver
N	3ComDMIAgent	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y	3cpipe-USRpdA	USRmlnkA.exe	Modem driver files from US Robotics
U	3Deep Control Panel	3DeepCTL.EXE	"3Deep® from E-Color corrects lighting shading and color for all your 2D and 3D games. Now superseded by 3DxWizzard™"
X	3Dfx Acc	GFXACC.EXE	"Added by the GIBE WORM!"
N	3dfx Task Manager	3dfxMan.exe	System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
?	3Dlabs Taskbar Display Manager	3DLman.exe	"3DLabs graphics driver related. System Tray access to display settings?"
U	3DLabsHelperDemon	3dldemon.exe	Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore) so it should take zero CPU time and virtually zero memory since it will all be paged out to the hard drive." In most cases it can be safely disabled
Y	3ware 3DM	3dm.exe	Monitors status of the disk array on 3ware IDE RAID controllers
X	4da92ad5.exe	4da92ad5.exe	"Added by the DLOADR-WZ TROJAN!"
X	4wd!!!	Natal!.pif	"Added by the OPASERV.AI WORM!"
X	5-1-61-96	members-area.exe	Adult content dialler
X	5-megawati	megawati.exe	"Added by the BRONTOK-CR WORM!"
X	5p4m	[path to trojan]	"Added by the LITEBOT-C TROJAN!"
X	666	Ska.exe	"Added by the PIPES TROJAN!"
X	678	lsas32.exe	"Added by the SLSORVE-B TROJAN!"
X	756349DC-6D9E-4F2A-9B24-269661F073C3	sysoghcx.exe	"Detected by McAfee as the FAKEALERT-AH TROJAN! See here"
U	802.11b+g USB Wireless LAN Utility	ZDWlan.exe	802.11b+g USB Wireless LAN Utility
U	802.11g Wireless Adatper	Monitor.exe	"Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to ""Wireless Connection Status"" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled"
X	852EBF20-A95D-4F1F-B9C2-B2CD24350F3E	sysodkcs.exe	"Detected by McAfee as the FAKEALERT-AH TROJAN! See here"
Y	9xadiras	9xadiras.exe	"Allied Telesyn AT series router/modem related - apparently required"
X	9xHtProtect	AVprotect9x.exe	"Added by the NETSKY.M WORM!"
X	;Rundll	[filename]	"Added by the PWSLEGMIR.E TROJAN!"
X	?ekio Startups	?nksvc32.exe	"Added by the AGOBOT-OV WORM where ? is a random character"
N	@Hoc Toolbar	AtHoc.exe	"One-click activated browsing toolbar used by various web-sites. See here for more info"
N	@loha	reminder.exe	"Registration reminder for @loha@home E-mail utility"
X	a	a.exe	Commercials file that registers itself in the system registry and redirects IE to a certain commercial website
X	a	jesse.exe	"Added by the MELO-A WORM!"
X	A New Windows Updater	w32NTupdt.exe	"Added by the MYTOB.BM WORM!"
N	A Note	A Note.exe	"""A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"""
U	A Verizon App	VERIZO~1.EXE	"Part of Verizon Online Support Manager"
U	a-squared	a2guard.exe	"a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature"
Y	a-squared Anti-Dialer	a2adguard.exe	"a-sqaured Anti-Dialer"
Y	a-winpoet-service	winpppoverethernet.exe	"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion WinPoET is attractive to equipment providers modem suppliers RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking"
U	A1000 Settings Utility	cpqa1000.exe	Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan print copy and fax. Only required if you use these features
U	A4Proxy	A4Proxy.exe	"Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites"
X	A5118r	_default32142.pif	"Added by the BRONTOK-AK WORM and variants!"
X	A5118r	j6321422.exe	"Added by the BRONTOK-AK WORM and variants!"
X	A70F6A1D-0195-42a2-934C-D8AC0F7C08EB	rundll32.exe E6F1873B.DLL D9EBC318C	"BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
U	a?	a2guard.exe	"a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature"
X	aa bbcc dde effgghh jj	update.exe	"Added by a variant of the IRCBOT BACKDOOR!"
?	AAACLEAN	AAACLEAN.INF	"??"
?	AAAKeyboard	??	"??"
N	AAATraySaver	TraySaver.exe	"System Tray management utility from Mike Lin which allows you to hide show restore icons that are lost in an Explorer crash remove dead tray icons minimize any window to the System Tray"
U	AAK	aak.exe	"Advanced Anti-Keylogger - ""Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"""
U	aaLDISCN32	LDISCN32.EXE	"LANDesk® Management Suite software component"
U	aaLDTaskCompletion	amclient.EXE	"LANDesk® Management Suite software component"
X	AAMSFree702	Avengine.com	"Added by the DELF.LJ TROJAN!"
X	AAMSFree702	sys.exe	Added by the BACKDOOR-CPC TROJAN!
X	Aaou	amee.exe	"PurityScan/Clickspring adware"
X	Aapp	adprot.exe	"AdBlaster adware"
?	aauclient	ACNUpdater.exe	"Appears to be related to software from Accenture.com"
U	AAW	Ad-Aware.exe	"Ad-Aware SE Personal from Lavasoft - popular spyware/adware removal tool. Now superseded by Ad-Aware 2008 Free"
U	AAWTray	AAWTray.exe	"System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool"
?	ab EazyScheduler	ezsched.exe	"??"
X	abass	abass.exe	"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
N	ABBYY Community Agent	CAGENT.EXE	Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
U	ABC	keylogger.exe	Keystroke logger/monitoring program - remove unless you installed it yourself!
X	abcdefgh	abcdefgh.exe	"EPJ TROJAN!"
U	ABIT uGuru	uGuru.exe	"ABIT ?Guru - on motherboards incorporating the ?Guru processor this provides quick access to ""hardware monitoring overclocking BIOS flashing and audio tweakin"
N	ABITEQ	abiteq.exe	Monitoring utility for ABIT Motherboards. Displays system voltages temperatures and fan speeds
X	Abrada WIN32	abrada.exe	"Added by the DERMON-G TROJAN!"
Y	ABRegmon	ABregmon.exe	"Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?"
U	Absolute Shield	dseraser.exe	"Absolute Shield Evidence Eliminator - internet history eraser"
U	Absolute StartUp monitor	ASMon.exe	"Absolute Startup - startup monitor from F-Group Software"
U	AbsoluteShield Internet Eraser	cseraser.exe	"AbsoluteShield Internet Eraser - ""protects your privacy by cleaning up all the tracks of your Internet and computer activities"""
X	ABsr	absr.exe	"Added by the AUTOUPDER TROJAN!"
X	absr	mwsvm.exe	"SeekSeek search hijacker related - see here"
X	abtu	mp3serch.exe	"Loads the executable for Lop.com - final version"
X	abtu	lopsearch.exe	"Loads the executable for Lop.com - beta version"
U	AbyssWebServer	abyssws.exe	"Abyss web server"
X	Ac97Sound	snddrv.exe	"Detected by Kaspersky as the VB.AXG TROJAN! See here"
U	AcBtnMgr_X63	AcBtnMgr_X63.exe	"""Lexmark Scan & Copy Control Program"" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan scan to E-mail copy etc"
U	AcBtnMgr_X63.exe	AcBtnMgr_X63.exe	"""Lexmark Scan & Copy Control Program"" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan scan to E-mail copy etc"
U	AcBtnMgr_X73	AcBtnMgr_X73.exe	"""Lexmark Scan & Copy Control Program"" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan scan to E-mail copy etc"
U	AcBtnMgr_X83	AcBtnMgr_X83.exe	"""Lexmark Scan & Copy Control Program"" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan scan to E-mail copy etc"
U	AcBtnMgr_X84-X85	AcBtnMgr_X84-X85.exe	"""Lexmark Scan & Copy Control Program"" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan scan to E-mail copy etc"
U	acc	acc.exe	"Advanced Call Center - ""full-featured yet easy-to-use answering machine software for your voice modem"""
X	ACCDEFRAGINFO	[path to worm]	"Added by the DARBY-O WORM!"
U	Accelerate	accelerate.exe	Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
X	Access Control App	winsto.exe	"Detected by Kaspersky as the AGENT.DGO TROJAN! See here"
N	Access Ramp Monitor	armon32.exe	Monitors your progress on the internet; hang-ups connection speeds internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
X	Access WebControl	[path to file]	"Added by the PPDOOR-M TROJAN!"
U	AccessManager	AccessMgr.exe	"Part of SmartPipes SecureSite software. ""SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management access control management and key management"""
X	AccessMedia P2P Loader	amp2pl.exe	My AccessMedia toolbar related stealth installed!
U	AccessoriesPlus	clockplus.exe	"Clock Plus part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock"
N	AccessRamp Monitor01	ARMon32a.exe	From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
N	AccessRampLAN01	ARUpld32.exe	Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
U	AcctMgr	AcctMgr.exe	"Norton? Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information and retrieves the data needed for email logins shopping orders banking and other online activities - all from the safety of your own PC"
N	AccuWeather.com® Desktop	AccuWeatherDesktop.exe	"Desktop weather from AccuWeather"
N	AccuWeatherDesktopAlerts	AccuWeatherDesktopAlerts.exe	"Weather alerts for AccuWeather.com Desktop which ""provides you with the most accurate late-breaking weather conditions for the United States"""
X	accwizz.exe	accwizz.exe	"Added by the RULAND.A WORM!"
X	accwizzz.exe	accwizzz.exe	"Added by the RULAND.A WORM!"
X	acdllib3	bcdlmem.exe	"Added by the MAILBOT-BA TROJAN!"
N	ACDSee	ACDSee8Pro.exe	"ACDSee 8 photo software. Organize manage enhance and share all your valued photo memories"
?	Ace bows	Ace bows.exe	"??"
N	AceGain LiveUpdate	LiveUpdate.exe	"""AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates driver updates or full product updates and automatically download and install them according to user configuration"""
U	Acer ePower Management	Acer ePower Management.exe	"Part of Acer Empowering Technology. ""Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles or to create their own customized profiles"""
N	Acer ePresentation HPD	ePresentation.exe	Allows you to connect your Acer laptop to a projector
N	Acer Product Registration	ACE1.exe	Acer Product Registration - remove when registration is completed
N	Acer Tour Reminder	Reminder.exe	Popup reminder to take the tour of your new Acer laptop
U	AcerGoto	AcerGoto.exe	"Acer Computer ""Goto Drive"" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files or easy importation of data from user's previous computer"
U	AcerNotebookManager	almxptray.exe	System Tray access on some Acer Notebooks to give faster access to system settings
U	AcerPowerkey	Powerkey.exe	PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
X	Acess2007a	access2007a.exe	"Added by the GAOBOT.PQA WORM!"
X	Aceu	[random filename]	"PurityScan/Clickspring adware"
Y	acEventServ	acevtsrv.exe	"ActivCard Gold from ActivIdentity Inc. Smart card-based strong authentication software - for photo IDs proximity badges for facility access and as digital identification and authentication"
U	AClntUsr	AClntUsr.exe	"Altiris AClient Service Windows Tray Icon"
N	Acme.PCHButton	pchbutton.exe	Used by HP Instant Support
U	ACMonitor_X63	ACMonitor_X63.exe	"Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X63.exe"""
U	ACMonitor_X63.exe	ACMonitor_X63.exe	"Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X63.exe"""
U	ACMonitor_X73	ACMonitor_X73.exe	"Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X73.exe"""
U	ACMonitor_X83	ACMonitor_X83.exe	"Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X83.exe"""
U	ACMonitor_X84-X85	ACMonitor_X84-X85.exe	"Button monitor for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Works in conjunction with the ""Lexmark Scan & Copy Control Program"" button manager whose filename is ""AcBtnMgr_X84-X85.exe"""
X	acocash	fastdown.exe	Adult content dialler
X	acocash	FASTFOWN.EXE	Adult content dialler
U	Acombo3dmouse	Acombo3d.exe	Mouse driver - required if you use non-standard Windows driver features
X	Aconti	aconti.exe	Adult content dialler
U	acoustic	acoustic.exe	"Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained"
N	acpart	agpart11.exe	Program for finding trucks on-line
X	Acrobat	acrmon32.exe	"Added by the SMALL-ECT TROJAN!"
U	Acrobat Assistant *.*	ACROTRAY.EXE	"Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the ""U"" recommendation. *.* represents the version"
X	Acrobat Read	acroup32.exe	"Added by the VANBOT-BQ TROJAN!"
N	Acrobat Speed Launch	acrobat_sl.exe	"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
U	ACROMOUSE	ACROMAPP.exe	"Related to ACROMOUSE Laser mouse control"
U	Acronis Popup Blocker	RunDll32.exe [path] Blocker.dll Run	"Part of Acronis Privacy Expert - anti-spyware and security suite"
U	Acronis Scheduler Helper	schedhlp.exe	"Part of Acronis True Image backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
U	Acronis Scheduler2 Service	schedhlp.exe	"Part of Acronis True Image - backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
U	Acronis True Image	TimounterMonitor.exe	"Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive"
N	Acronis True Image Monitor	TrueImageMonitor.exe	"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
N	Acronis TrueImage Monitor	TrueImageMonitor.exe	"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
N	Acronis*True*Image Monitor	TrueImageMonitor.exe	"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
U	AcronisTimounterMonitor	TimounterMonitor.exe	"Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive"
N	AcronisTrueImage Monitor	TrueImageMonitor.exe	"Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage"
U	Act! Preloader	Act8.exe	"Sage Software's ACT! ""enables individuals and small business customers to instantly access key contact and customer information manage and prioritize activities and track all contact-related communications so you can grow productive business relationships"""
N	Action Manager 32	am32.exe	Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
?	ActionAgent	actionagent.exe	"""A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client"". Is it required?"
N	Activation	Activation.exe	Part of Microsoft Money
U	Activboard	MMKeybd.exe	Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock Caps Lock Scroll Lock keys
X	Active Bit Station	abs.exe	"Added by the MYTOB.BZ WORM!"
N	Active CPU	acpu.exe	"Active CPU - ""easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"""
U	Active Desktop Calendar	ADC.EXE	"XemiComputers Active Desktop Calendar"
U	Active Email Monitor	aem25.exe	"Active Email Monitor checks multiple accounts for email serves as a SPAM filter and can also protect you from harmful items that can be sent via email"
U	Active shield	Activeshield.exe	"Active Shield is ""an heuristic screen that actively protects your computer from trojans spyware adware trackware dialers keyloggers and even some special kinds of viruses"""
X	ActiveDesktop	systray32.exe	"Added by the DABOOM WORM!"
X	ACTIVEDS	ACTIVEDS.EXE	"Added by the OPASERV.T WORM!"
N	ActiveEyes	ActiveEyes.exe	ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs create your own shortcut
U	ActiveKeys.AAB635BD7D054a37A576	akeys.exe	"""Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"""
U	ActiveMenu	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
U	ActivePlus	activeplus.exe	"Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)"
X	ActiveScan Antivirus	ActiveScan.exe	"Added by the RBOT-FKQ WORM!"
X	ActiveScript32	nod.exe	"Added by the SOHANA-AJ WORM!"
Y	ActiveShield	MCVSSHLD.EXE	McAfee VirusScan On-line. See also the McAgentExe entry
N	ActiveSpeed	AS.exe	"Ascentive ActiveSpeed internet optimizer - not recommended see here and here"
X	ActiveSync	wcescom32.exe	"Added by the MANCSYN-E TROJAN!"
N	ActiveWords	AWMonitor.exe	"ActiveWords from ActiveWord Systems Inc. Like macro programs ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord it takes the associated action such as replacing your keystrokes with the text you?ve defined"
X	ActiveX File Registration Service	filereg.exe	"Added by the RBOT-DVD WORM!"
X	ActiveX Streamer	msgfix.exe	"Added by the SDBOT.NQ WORM!"
X	ActiveXUpdate	svcss.exe	"Added by a variant of the DEDLER.C TROJAN!"
U	Activity	actik.exe	"ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself!"
N	ActivSurf	backweb*****.exe	Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
U	ActMaker	ActMak25.exe	"""ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding nor are you required to know a lot about the computer"""
U	ActMaker	ActMaker25.exe	"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload"
U	ACTray	ACTray.exe	"System Tray icon for ThinkVantage Access Connections - ""allowing users to seamlessly switch between wired and wireless environments managing security settings printers home page and other location-specific settings automatically"""
U	Actual Window Manager	ActualWindowManagerCenter.exe	"Actual Window Manager from Actual Tools - ""an innovative desktop organization application which introduces unconventional window controls and also automatic general window operations making your work more productive convenient and enjoyable"""
U	Actual Window Minimizer	ActualWindowMinimizerCenter.exe	"Actual Window Minimizer - ""allows minimizing any window to task tray notification area or to the edge of the screen"""
X	ACTX1	v1201.exe	"Added by the VB.IS TROJAN!"
U	ACU	ACU.exe	"Atheros wireless Client Utility"
U	ACU_QSB	ACU.exe	"Atheros wireless Client Utility"
U	ACWLIcon	ACWLIcon.exe	Related to IBM ThinkVantage Connectivity Solution
U	Ad Arrest	adarrest.exe	"Ad Arrest IE popup killer from GameFools"
U	Ad Blocker	blocker.exe	"Ad Blocker - blocks popups and also removes banners image ads and flash ads"
U	Ad Blocker Pro	Ad Blocker Pro.exe	Ad Away popup and banner remover
U	Ad Muncher	AdMunch.exe	"Ad Muncher removes adverts pop-ups and general annoyances in your browser file-sharing and messenger programs. Causes conflicts with Outlook game sites and web-building applications"
?	Ad Online Guide	adonlineguide.exe	"??"
U	Ad-Aware	Ad-Aware.exe	"Ad-Aware from Lavasoft - popular spyware/adware removal tool"
X	Ad-Aware	Ad-Aware.exe	"Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%"
X	Ad-Eliminator	ad-eliminator.exe	"Ad-Eliminator spyware remover - not recommended see here"
U	Ad-Muncher	ADMUNCH.EXE	"Ad Muncher removes adverts pop-ups and general annoyances in your browser file-sharing and messenger programs. Causes conflicts with Outlook game sites and web-building applications"
U	Ad-Protect	ad-protect.exe	"Ad-Protect spyware and spam monitoring tool"
U	Ad-watch	Ad-watch.exe	"Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system"
U	AD2KClient	AD2KClient.exe	"Executable for Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk"
N	Adaptec DirectCD	Directcd.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
N	AdaptecDirectCD	Directcd.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
X	AdAware	wini.exe	"Added by the RBOT-XN WORM!"
U	Adaware Bootup	Ad-aware.exe	"Ad-Aware from Lavasoft - popular spyware/adware removal tool"
X	Adaware lptt01	adaware.exe	"RapidBlaster variant (in a ""Adaware"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware"
X	Adaware ml097e	adaware.exe	"RapidBlaster variant (in a ""Adaware"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware"
U	AdBin	AdBin.exe	"AdBin - ""Free and easy solution to managing your Window's hosts file. A fun way to block ads"""
X	Add**.exe [* = random char]	Add**.exe [* = random char]	"CoolWebSearch/HomeSearch adware - for examples see this log"
X	Add**32.exe [* = random char]	Add**32.exe [* = random char]	"CoolWebSearch/HomeSearch adware - for examples see this log"
X	AddClass	AddClass.exe	"CoolWebSearch Addclass parasite variant"
X	AddClass	[Installation_Path]	"Added by the STARTPAGE.F hijacker"
X	AddClass	[path to trojan]	"Added by the SECDL-A TROJAN!"
U	AdDelete	AdDelete.exe	Banner advertisment blocker
X	AdDestroyer	AdDestroyer.exe	"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose ""custom"" uninstall as ""automatic"" may remove other programs - see here"
X	ADDITIONAL Services	pkgadd.exe	"Added by a variant of the IRCBOT TROJAN!"
?	addproxy	addproxy.exe	Related to Adobe Photoshop
?	ADG	ADG.exe	" SoundBlaster Audigy related?"
N	ADGJdet	ADGJDet.exe	Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
X	aDir	adirss.exe	"Added by the SPAMSRV-E TROJAN!"
Y	Adiras	Adiras.exe	ADSL USB modem related
X	adirka	adirka.exe	"Added by the TIBS-QT TROJAN!"
U	AdKiller	AD Defender.exe	"Part of Advanced Spyware Remover anti-spyware tool"
X	adlhidp	psncc32.exe	"Detected by Kaspersky as the SLAPER.AI TROJAN! See here"
X	ADM Library Loader	admlib32.exe	"Added by a variant of the SDBOT TROJAN!"
X	Admanager Controller	AdManCtl.exe	Adware probably a Windupdates variant
X	Admilli Service	AdmilliServ.exe	Windupdates adware variant
X	Administrator	svchost.scr	"Added by the NOVACAL TROJAN!"
X	Administrator	winlogon.exe	"Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
X	Administrator di Dago	Dago.exe	"Added by the PUNYA-B WORM!"
X	AdminSoft	sysfile.vbs	"Added by the STARGRUB-A WORM!"
U	admtray.exe	admtray.exe	"Related to Acer Inc. destop tray"
X	Adobe	Adobe.exe	Added by an unidentified VIRUS WORM or TROJAN!
X	Adobe	sysconfig.exe	Added by an unidentified WORM or TROJAN!
X	adobe	gam.exe	Added by an unidentified WORM or TROJAN!
X	Adobe	sysbat32.exe	"Added by the LOWZONES.T TROJAN!"
X	Adobe	zteam.exe	Added by an unidentified TROJAN!
N	Adobe Acrobat	READER~1.EXE	"Speeds up the time it takes to load the Adobe Reader application. Your choice but not required for Adobe Reader to function properly"
X	Adobe Acrobat Distiller Application	acrotray.exe	"Added by the RANDEX.DFJ WORM!"
X	Adobe Acrobat Reader CFG	[random filename]	"Added by a variant of the RBOT WORM!"
N	Adobe Acrobat Speed Launcher	acrobat_sl.exe	"Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards"
X	Adobe Filter Platform	afilterplatform.exe	"Added by the RBOT-OP WORM!"
U	Adobe Gamma Loader	Adobe Gamma Loader.exe	Adjusts monitor colours across all programs including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
N	Adobe Photo Downloader	apdproxy.exe	"Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)"
N	Adobe Reader Speed Launch	READER~1.EXE	"Speeds up the time it takes to load the Adobe Reader application. Your choice but not required for Adobe Reader to function properly"
N	Adobe Reader Speed Launch	Reader_sl.exe	"Speeds up the time it takes to load the Adobe Reader application. Your choice but not required for Adobe Reader to function properly"
N	Adobe Reader Speed Launcher	Reader_sl.exe	"Speeds up the time it takes to load the Adobe Reader application. Your choice but not required for Adobe Reader to function properly"
U	Adobe Reader Synchronizer	AdobeCollabSync.exe	"Adobe Synchronizer - installed along with Adobe Reader 8.x. ""Synchronizer is a small application that runs in the background providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it."" See the link for more information"
U	Adobe Version Cue CS2	VersionCueCS2Tray.exe	"File manager that's part of Adobe Creative Suite 2 - ""find files fast track versions across applications link files together and share them in creative collaboration without fear of overwriting someone else's work"""
X	AdobeA	adobes.exe	"Added by the FLOOD.BA TROJAN!"
X	AdobeFonts	fonts.hta	Browser hijacker - redirecting to Hugesearch.net
X	AdobeManager	rundtl.exe	"Detected by Trend Micro as the INJECT.IB TROJAN! See here"
X	adobemgr	adobemgr.exe	"Added by the ADCLICKER TROJAN!"
X	AdobeReader	msni.exe	"Added by the RBOT.DAO TROJAN!"
X	AdobeReaderPro	msnxpsp.exe	"Added by the RBOT-ASK or RBOT-AUS WORMS!"
X	AdobeReaderPro	ntkernell32.exe	"Added by the RBOT-ATY WORM!"
X	AdobeReaderPro	msnserve.exe	"Added by the SDBOT-AKH WORM!"
X	AdobeReaderPro	updt.exe	"Added by the IRCBOT-VQ WORM!"
X	AdobeReaderProfessional	msx64.exe	"Added by the RBOT-GAT WORM!"
X	AdobeReaderPros	sysmsn.exe	"Added by the RBOT-BGH WORM!"
N	AdobeUpdater	AdobeUpdater.exe	Automatic updater for Adobe software - run manually
N	AdobeVersionCue	VersionCueTray.exe	"""An exclusive feature of the Adobe? Creative Suite Version Cue? helps you find files fast track multiple versions of your files and share your files for creative collaboration"""
?	Adobe_ID0EYTHM	VERSIO~2.EXE	"Part of an Adobe product. What does it do and is it required?"
X	adodemaster	adodemaster.exe	"Downloader of Korean origin detected as ADOD.28672"
X	Adope File Manager	lsasv.exe	Added by an unidentified WORM or TROJAN!
X	adp	adp.exe	Spyware installed by Net2Phone Limewire Cydoor Grokster KaZaa etc
X	AdPopup	dcf5678.exe	"Added by the AGENT-FZ TROJAN!"
X	adprot	adprot.exe	"AdBlaster adware"
N	ADQuickAccess	Adtray.exe	After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
X	ADriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	AdRoarUpdate	ARUpdate.exe	"AdRoar adware updater"
X	AdRotator.Application	[path to csrss.exe]	"Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	AdRotator.Application	services.exe	"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
X	ADS Adware Remover	ADS Adware Remover.exe	"ADS Adware Remover - not recommended see here"
X	AdsBlocker	stopAds.exe	"AdsBlocker - detected by NOD32 as DIALER.DW!"
U	AdsCleaner	AdsCleaner.exe	"""AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad kill popup) guard your online privacy"""
U	ADService	ADService.exe	"Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98/ME"
U	AdsGone	Adsgone.exe	"AdsGone - pop-up stopper"
N	ADSL Diagnostic Tools	mapiicon.exe	System tray access to ADSL modem diagnostic tools. Available via Start -> Programs
?	ADSLSYSTEMTRAY	SystemtrayV100B.exe	"Apparently Annex A ADSL modem related. What does it do and is it required?"
Y	AdslTaskBar	rundll32.exe stmctrl.dll TaskBar	ISP software initializes DSL modem
X	AdslTaskBars	taskmng.exe	"Added by the RBOT-AXZ WORM!"
?	ADSL_A2	A2Installed	"Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?"
Y	ADSS	ADSS.exe	"ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied"
X	adstartup	automove.exe	"Adlogix adware variant"
X	Adstartup	Adstartup.exe	"Adlogix adware"
X	AdStatus Service	AdStatServ.exe	"WindUpdates AdStatus Service adware"
U	AdSubtract	adsub.exe	"AdSubtract blocks ads cookies pop-up windows animations music and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseded by
X	adtech2005	adtech2005.exe	"Detected by Kaspersky as the STARTPAGE.AW TROJAN!"
X	adtech2006	adtech2006.exe	"Detected by Kaspersky as the VB.KC WORM!"
X	Adtools Service	AdTools.exe	"Windupdates Adware"
?	ADU	adu.exe	"Related to Cisco Aironet wireless products. What does it do and is it required?"
X	AdultX	AdultX.exe	Adult content dialler and hijacker
X	Adult_Chat	Adult_Chat.exe	Adult content dialler
X	Adult_Chat1	Adult_Chat1.exe	Adult content dialler
X	AdUpdater	sysupudt.exe	Unidentified adware downloader/updater
U	ADUserMon	ADUserMon.exe	"Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk"
X	Advanced DHTML Enable	exo32.exe	"Added by the RANCK-FI TROJAN!"
X	Advanced DHTML Enable	[path to trojan]	"Added by the AGENT.GLQ TROJAN!"
X	Advanced Internet Protocol	cerf.exe	"Added by a variant of the SPYBOT WORM!"
X	Advanced Protection System	advpsys.exe	"Added by a variant of the RBOT WORM!"
U	Advanced Spyware Remover	Asr.exe	"Advanced Spyware Remover anti spyware tool"
U	Advanced SystemCare 3	AWC.exe	"Advanced SystemCare from IObit - ""helps protect optimize clean and repair your computer and Registry."" The PRO version adds automation anti-spyware privacy protection and performance tune-ups"
X	Advanced Tool Checks	advchks.exe	"Added by a variant of the RBOT WORM!"
N	Advanced Tools Check	ADVCHK.EXE	Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
U	Advanced Uninstaller PRO Installation Monitor	monitor.exe	"Innovative Solutions Advanced Uninstaller PRO - ""easy-to-use suite for uninstalling applications and keeping your computer fast clean and in its best shape"""
X	AdvancedCleaner Free	UADC.exe	"AdvancedCleaner misleading security software - not recommended see here"
X	AdVantage	AdVantage.exe	"MediaAdVantage adware"
X	advap32	[path to trojan]	"Detected by Trend Micro as the MUTANT.AT TROJAN! See here"
X	Advapi	Advapi.exe	"Added by the NETDEVIL.12 WORM!"
N	ADVCHK	ADVCHK.EXE	Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
U	Advertising Killer	Akiller.exe	"Advertising Killer - popup stopper"
X	advmon32	advmon32.exe	"Added by a variant of the CRYPTER.C TROJAN!"
U	Adware Agent	adware agent.exe	"Adware Agent popup blocker"
X	Adware Spy	AdwareSpy.exe	"Adware Spy adware remover - not recommended see here"
U	AdwareAlert	AdwareAlert.Exe	"Adware program previously not recommended (see here). It has now been delisted so make sure you have the latest version"
X	AdwareDelete	adwaredelete.exe	"AdwareDelete adware remover - not recommended see here"
X	AdwareKiller_schedules	schedules.exe	"EAdwareKiller spyware remover - not recommended see here"
X	AdwareKiller_tray	tray.exe	"EAdwareKiller spyware remover - not recommended see here"
X	AdwareProMFC	Ad-Ware Pro.exe	"Ad-Ware Pro rogue security software - not recommended see here"
X	AdwareProMFC	AntiTrojan Pro.exe	AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro
X	AdwareRemover2007	AdwareRemover2007.exe	"AdwareRemover2007 spyware remover - not recommended see here"
?	Aeiwlsta.exe	Aeiwlsta.exe	"IBM High Rate Wireless LAN Adapter driver. Is it required?"
N	AELaunch	AELaunch.exe	"Audio Applications Launcher for the Philips Acoustic Edge soundcard"
X	AERVICESN	AERVICESN.exe	"Added by the RANDON-AO WORM!"
N	AeXAgentLogon	AeXAgentActivate.exe	"Altiris Agent transmits information about your machine for the purpose of asset management and deployment"
?	AeXSWDUsr	AeXSWDUsr.exe	"Altiris Express NS Client Manager software. Is it required?"
U	AEZBProc	aptezbp.exe	IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation volume control and few quickstart buttons. Keyboard will work without it but you lose the special functions
U	AFAFilter	windefault.exe	"AFAFilter - internet filter software"
X	afskfask8	fsfjasj8.exe	"Added by the ONLINEG-L TROJAN!"
N	AGEIA PhysX SysTray	TrayIcon.exe	"System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution etc regularily use Control Panel -> Display Properties or right-click on the desktop"
N	Agent	Agent.exe	"Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this otherwise can be disabled. Available via Start -> Programs"
X	Agent	alsys.exe	"Added by the DREF-V VIRUS!"
X	agent	ppl.exe	"Added by the DREF-U VIRUS!"
X	Agent Browser	[random filename]	Added by the PPdoor.M-bdr backdoor TROJAN!
X	Agent Explorer	[random filename]	Unidentified adware
?	Agente	Remupd.exe	"Part of an older version of Panda Antivirus. Is this an update reminder (guess because of the name) virus definition update reminder or something similar?"
X	agentsvr	agentsvr.exe	"Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder"
U	AgfaCLnk	AgfaCLnk.exe	For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
X	agp	agp32.exe	"Added by the GAOBOT.SY WORM!"
Y	AGRSMMSG	AGRSMMSG.exe	IBM AMR modem driver
N	AGSatellite	AGSatellite.exe	Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
U	ahfp	ahfp.exe	"Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view delete or modify them either""
U	ahfprog	ahfp.exe	"Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view delete or modify them either""
Y	AHNSD	AhnSD.exe	"AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis"
?	AHNUE	AHNUE.exe	"??"
X	ahost	ahost.exe	"Added by a variant of the SDBOT WORM!"
N	AHQInit	ahqinit.exe	Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
X	Ahst	iebs.exe	"PurityScan/Clickspring adware"
X	AHU	[path to worm]	"Added by the ANACON-B WORM!"
X	AHU	ANACON.EXE	"Added by the NACO.A WORM!"
X	ahui32.exe	ahui32.exe	"Added by the CERTIF-M TROJAN!"
U	Ai Nap	AiNap.exe	"Part of the ""Ai Suite"" utility supplied with some Asus motherboards. ""With AI Nap users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away"""
U	Ai Quicker Help	AsRc.exe	"ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away such as the M2N DH. ""ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"""
X	Aica	tuaa.exe	"PurityScan/Clickspring adware"
X	Aida	ttuh.exe	"PurityScan/Clickspring adware"
X	Aida	eetu.exe	"PurityScan/Clickspring adware"
?	AidemHotKey	DVMAIN.EXE	"Keyboard related"
?	AidemHotKey	KEYAPP.EXE	"Keyboard related"
U	aiepk	aiepk2.exe	"Another IE Popup Killer - pop-up stopper"
N	AIM	aim.exe	AOL Instant Messenger. If connected to the internet automatically runs up AIM. Convenience more than anything. Available via Start -> Programs
U	AIM	AIM+.exe	AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software
X	AIM Instant Message Cookies	[random filename]	"Added by the RBOT-AFV WORM!"
N	AIM Logger	AIMLogger.exe	"AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM"
X	Aim Plugin	aimplugin.exe	"Added by the GUAP-F WORM!"
X	AIM reminder	AIM reminder.exe	"Added by the BUDDY.E TROJAN!"
N	Aim6	AOLLaunch.exe	"AOL Instant Messenger - start it when you want to use it"
N	Aim6	aim6.exe	"AOL Instant Messenger - start it when you want to use it"
X	AIM95 Startup	aim95.exe	"Added by the AGOBOT.AEE WORM!"
X	aimaol lptt01	aimaol.exe	"RapidBlaster variant (in a ""Aimaol"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	aimaol ml097e	aimaol.exe	"RapidBlaster variant (in a ""Aimaol"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
N	AimingClick	AimingClick.exe	"AimingClick from AimingTech. Web searching tool. Available via Start -> Programs"
U	AIMPro	aimpro.exe	"AIM Pro - secure instant messaging video conferencing on-line meetings and desktop and file sharing"
N	AIMster	??	Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
N	AIMWDInstall	AIMWDInstall.exe	"Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
Y	Aiptek Graphics Tablet (USB)	atwtusb.exe	USB interface for Aiptek Graphics Tablet (USB)
X	aircity	aircity.exe	"Related to ""Prutect"" malware from e2Give"
U	AirPort Base Station Agent	APAgent.exe	"Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. ""Wireless solution for home school and business. As it blankets your space with a blazing-fast secure wireless network it opens up a world of possibilities for home entertainment backups printing and more"""
U	AJC Active Backup	AJCActBk.exe	"AJC Active Backup from AJC Software - ""Instantly backup files you change on your PC and keep multiple versions to undo"""
X	AKEYNAME	WinServ.exe	"Added by the EVILBOT.C TROJAN!"
U	akeys	akeys.exe	"""Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"""
X	akgkagaksad9	fsakfask9.exe	"Added by the ONLINEG-M TROJAN!"
U	AKiller	akiller.exe	"Advertising Killer - popup stopper"
U	ala.exe	ala.exe	"Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer"
U	Alarm Manager	Alarmapp.exe	Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop
?	AlarmWatcher	AlarmWatcher.exe	"Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?"
N	Album Fast Start	ABMTSR.EXE	Scanner software not required for scanner to work
?	AlcFDMonitor	ALCFDRTM.EXE	"RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?"
?	ALCFDRTM16	ALCFDRTM16.com	"RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?"
X	Alchem	Alchem.exe	"ClickAlchemy adware"
U	Alcmtr	Alcmtr.exe	"Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the ""U"" recommendation"
U	Alcohol	Alcohol.exe	"Alcohol 120% - CD/DVD emulation/writing/copying software"
U	Alcohol Autorun	Alcohol.exe	"Alcohol 120% - CD/DVD emulation/writing/copying software"
U	AlcoholAutomount	axcmd.exe	"Alcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition the program lets you store your most used CDs as images on your computer so you can call them up at the click of a button. This part automounts images disc images"
?	Alcom PCL Capture	FMW_PCAP.EXE	"??"
N	AlcWzrd	ALCWZRD.EXE	RealTek High Definition audio driver related - detects new devices when plugged in then pops up a dialog box. If everything works as expected you should be able to disable this one
U	AlcxMonitor	Alcxmntr.exe	"Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the ""U"" recommendation"
X	aldefr ere service	tay0x.exe	"Added by the RBOT-XS WORM!"
X	alerter	alerter.exe	"MAHA.F spyware"
X	Alevir	Alevir.exe	"Added by the OPASERV-A WORM!"
X	AlevirOld	[worm filename]	"Added by the OPASERV WORM!"
N	Alexa	alexa.exe	"Related to Alexa. Note - collects and stores information about the web pages you view the data you enter in online forms and search programs and with versions 5.0 and higher the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended"
X	AlexaToolbar	alt.exe	"Detected by Ewido Security Suite as the DELF.EB hijacker!"
X	AlfaCleaner	AlfaCleaner.exe	"AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware"
U	AlfaClock Classic	AlfaClock.exe	"AlfaClock Free Edition from AlfaSoft Research Labs - ""enhances your taskbar clock (tray clock) with fully customizable clock display alarms time synchronization and more"""
U	AlfaClock2	AlfaClock2.exe	"AlfaClock2 from AlfaSoft Research Labs -""enhances your tray clock functionality. Of course you can customize the look adjusting fonts colors backgrounds and more. But the main goal of this program is to extend your tray clock functionality"""
?	ALFY Accellerator	AlfyAC~1.exe	"??"
X	ALG.EXE	iexplorer .exe	"Added by the DEMOTRY-B WORM!"
X	ALG32	ALG32.EXE	"Added by the STARTPAGE.K hijacker"
X	algchk.exe	algchk.exe	"Detected by Kaspersky as the VB.ATE TROJAN!"
X	ALGU	ALGU.EXE	"Added by the CWS-I TROJAN!"
X	ALGU.exe	ALGU.exe	"Added by the STARTPAGE.O TROJAN!"
U	ALi5289	ALi5289.exe	"Related to Uli Integrated Drivers from Uli Electronics Inc"
N	Alias SketchBook Snapshot	ALIASS~2.EXE	Screen-capture utility for Alias Sketchbook
N	AlienAutopsy	Test_BS.exe	"Alienware computer technical support software"
Y	ALiSndMgr	ALiSndMg.exe	ALi AC97 Sound driver
?	AliUSBfix	GREENMK.exe	"May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?"
X	Alive SYstem	scchost.exe	"Added by the TOFDROP-B TROJAN!"
X	Alive SYstem	scchostc.exe	"Added by the TOFDROP-B TROJAN!"
X	alkasr	?????.exe	"Added by the BALKART TROJAN!"
U	All Aboard Status	stswin.exe	"All Aboard! Internet Connection Sharing status icon"
X	All Sea screen saver	TaskTray.exe	Free screensaver installs lots of foistware - remove it
X	All Sea web link	FWLink.exe	Free screensaver installs lots of foistware - remove it
N	AllerCalc	AllerCalc.exe	"AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually"
X	Allopassw	[path to trojan]	"Added by the RANKY.CU TROJAN!"
U	AllSeeingEye	ase.exe	"All-Seeing_Eye security software - ""monitors everything that takes place on your computer and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening providing the user with alternatives for possible actions"""
U	allSnap	allSnap.exe	"""allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"""
U	AllToTray	ALLTOTRAY.EXE	"AlltoTray from DNTSoft - minimize any program to your System Tray"
X	Alogrithm Link Queue	alq.exe	"Added by a variant of the SDBOT WORM!"
U	Alogserv	Alogserv.exe	From McAfee VirusScan for logging scanning activities. In some cases if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6 this is a critical component of McAfee and disabling it can cause a PC to lock up
U	ALPass	ALPass.exe	"ALPass password manager"
X	alpha	svchost.exe	"Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
Y	Alps Electric USB Server	Monserv.exe	"Alps Electric USB Server - required according to this article"
U	AlpsPoint	Apoint.exe	Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
?	ALServ	ALServ.exe	"Altec Lansing AMS speaker related. What does it do and is it required?"
X	Altnet	points manager.exe	"Altnet TopSearch adware"
X	AltnetPointsManager	points manager.exe	"Altnet TopSearch adware"
U	AltoMB_service	AltoMBsrv.exe	"Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
U	ALTOOLS	AccessL.exe	"ALTools family of PC utilities"
X	AltPayments	AltPayments.exe	"WeirdOnTheWeb adware"
N	ALU Scheduler Service	ALUSchedulerSvc.exe	Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
U	ALUAlert	ALUNotify.exe	Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
N	Aluria Security Center	SecurityCenter.exe	"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU the well known adware company see here"
U	Aluria's Pop-Up Stopper	eps.exe	Aluria Pop-Stopper
N	Aluria's Spyware Eliminator	ASE.exe	"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU the well known adware company see here"
U	AlwaysOnTopMaker	AlwaysOnTopMaker.exe	"Always On Top Maker - utilty to enable an application to always be displayed ""on top"" of others on the desktop"
N	AlwaysReady Power Message APP	ARPWRMSG.EXE	"Related to HP and Compaq Desktop PCs. Read this article"
X	AmazingTens	AmazingTens.exe	Premium rate adult content dialler
U	AMD PowerNow!	GemBack.exe	"AMD PowerNow! - ""an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life while delivering performance on demand"""
Y	amd_dc_opt	amd_dc_opt.exe	"AMD Dual-Core Optimizer - ""can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"""
N	America Online *.* Tray Icon	aoltray.exe	Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
N	AME_CSA	rundll32 amecsa.cpl RUN_DLL	Loads ADSL modem Control Panel applet
U	AModemLockDown	ModemLockDown.exe	"ModemLockDown - allows you to supervise internet access by disabling the modem protects againt dialers accessing dial-up connections etc"
Y	Amon	AMON.EXE	"Monitoring part of Eset's NOD32 virus-scanner"
Y	Amonitor	amon.exe	"Tiny Personal Firewall"
U	AMP WinOFF	winoff.exe	"WinOFF is "" a utility designed to shut down Windows computers automatically in a fully configurable way"""
U	AMSG	Amsg.exe	"Part of the IBM ThinkVantage Productivity Center. ""The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"""
X	amsgupdate	ams.exe	Added by a variant of the MAILBOT TROJAN!
N	AMSN	amsn.exe	"aMSN Messenger is a multiplatform MSN messenger clone"
X	amsn	amsn.exe	"Added by the BANKER-BNZ TROJAN!"
X	amva	amvo.exe	"Added by the SILLYFDC-BR WORM!"
N	Anapod Manager	anamgr.exe	"Anapod Explorer from Red Chair Software ""is the most advanced Windows iPod® software available offering iPod® management through full Windows Explorer integration under My Computer"""
X	anbv32	nabv32.exe	"Added by the TITOG.C WORM!"
X	angeleyes	msdll.exe	"Detected by Kaspersky as the VB.PI TROJAN! See here"
Y	ANIWZCS2Service	WZCSLDR2.exe	"ALPHA Networks wireless driver"
?	ANIWZCSService	WZCSLDR.exe	D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
?	AnnotateCheck	AnnCheck.exe	"Genius Wizard Pen Tablet driver related. Is it required?"
N	Announcements	Annclist.exe	MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
N	Anntext	Anntext.exe	Caere Pagekeeper text annotation server
U	AnonymityGateway	Anonymity Gateway.exe	"Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers"
U	Anonymizer Total Net Shield	AnonTns.exe	"Anonymizer Total Net Shield - ID protection and privacy software"
U	ANONYMIZER_SPYWAREKILLER	SpyWareKiller.exe	"Anonymizer Spyware Killer - now Anti-Spyware"
U	ANONYMIZER_SPYWAREKILLER	AnonAntiSpyware.exe	"Anonymizer Spyware Killer - now Anti-Spyware"
U	Another Internet Explorer Popup Killer	aiepk2.exe	"Another IE Popup Killer - pop-up stopper"
X	ansjava	[path to worm]	"Added by the RANDON-AN WORM!"
X	Anskya	PYSKY.NET.exe	"Added by the DLOADER-MW TROJAN!"
X	Answer Problem	dSAFsqs.exe	"Added by the SDBOT-SC WORM!"
U	AnswerTool	AnswerTool.exe	"AnswerTool - save your E-mail replies in AnswerTool then reuse them again and again"
X	Anti	Isass.exe	"Added by the BROPIA.K WORM!"
X	Anti Spam Service	spamsvc.exe	"Added by the MYTOB-BK WORM!"
N	Anti-Blaxx Manager	Anti-Blaxx.exe	"Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives"
U	Anti-keylogger check	antikey.exe	"Anti-keylogger - protects against keylogger programs monitoring your keystrokes"
U	Anti-Trojan-Watch	ATWatch.exe	Anti-Trojan Watch - trojan detector
X	Anti-Virus	vpms.exe	"Added by a variant of the SLAPER TROJAN!"
X	Anti-Virus	[random filename].exe	"Added by the CAPROBAD-A TROJAN!"
X	Anti-Virus Product Sync	[unprintable character][3 characters]log.exe	"Added by the KEDEBE.D WORM!"
X	Anti-Virus Update Scheduler	[path to trojan]	"Added by the SPAMMIT-A TROJAN!"
X	Anti-Virus Update Scheduler	winsp3.exe	"Malware - detected by Kaspersky as the AGENT.FP TROJAN!"
X	Anti-Virus Update Scheduler V1.39.12R	[path to trojan]	"Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe kaspersky.exe nrton.exe wins.exe gah32.exe 1.tmp syste.exe alg.exe socks.exe winxpsp2.exe tek9.exe sks.exe hihi.exe s.exe xps2.exe dns2.exe ikav32.exe and more..."
X	AntiClicker	SVCHST32.EXE	"Added by the CBH TROJAN!"
U	antidialer.co.uk	Dialer_Watcher.exe	"Dialer_Watcher is an application that allows you to detect dialers on your computer"
X	antihost	ahr.exe	"Added by the BANCBAN-QJ TROJAN!"
X	AntiMalwareGuard	amg.exe	"AntiMalwareGuard rogue spyware remover - not recommended see here"
U	AntiPopUp	AntiPopUp.exe	"AntiPopUp for IE - pop-up stopper"
X	antispy	ANTIVIR.exe	"IE AntiVirus rogue security software - not recommended see here"
X	antispy	ANTIVIRUS.exe	"IE AntiVirus rogue security software - not recommended see here"
X	antispy	ieav.exe	"IE AntiVirus rogue security software - not recommended see here"
X	antispy	scan.exe	"IE AntiVirus rogue security software - not recommended see here"
X	AntiSpyCheck	AntiSpyCheck.exe	"AntiSpyCheck rogue spyware remover - not recommended see here"
X	AntiSpyCheck 2.1.0	AntiSpyCheck.exe	"AntiSpyCheck rogue spyware remover - not recommended see here"
X	AntiSpyKit *.*	AntiSpyKit *.*.exe	"EAdwareKiller spyware remover where *.* represents the version number - not recommended see here"
X	AntispyStorm	AntispyStorm.exe	"AntiSpyStorm misleading security software - not recommended see here"
X	AntiSpyware	Antispyware.exe	"AntiSpywareApp spyware remover - not recommended see here"
X	AntiSpywareBot	AntiSpywareBot.exe	"AntiSpywareBot spyware remover - not recommended see here"
X	AntiSpywareExpert	ase.exe	"AntiSpywareExpert rogue spyware remover - not recommended see here"
X	AntiSpywareMaster	asm.exe	"AntiSpywareMaster spyware remover - not recommended see here"
X	AntiSpywareShield	AntiSpywareShield.exe	"AntiSpywareShield spyware remover - not recommended see here"
X	AntiVerminser	AntiVerminser.exe	"AntiVerminser spyware remover - not recommended see here"
X	antiviirus	antiviirus.exe	Added by a variant of the AGENT.KEU TROJAN!
X	Antivir	svchst.exe	"Added by the RAGRUK-A TROJAN!"
X	AntiVir	scvhost.exe	"Added by the AGENT-DSF TROJAN!"
X	AntiVir	winlog.exe	"Added by the IRCBOT-TJ TROJAN!"
Y	AntiVir XP	AVwin.exe	"AntiVir® PersonalEdition Classic - antivirus"
X	Antivir64	Antivir64.exe	"Antivir64 rogue security software - not recommended see here"
X	AntiVirGear *.*	AntiVirGear *.*.exe	"AntiVirGear misleading security software where *.* represents the version number - not recommended see here"
X	Antivirus	av.exe	"Added by the SINKIN TROJAN! Resets IE start page to realphx.com"
X	Antivirus	maja.exe	"Added by the NETSKY.H WORM!"
X	Antivirus	iexpl0res.exe	Added by an unidentified WORM or TROJAN!
X	AntiVirus	kaspery.exe	"Added by a variant of the RBOT WORM!"
X	AntiVirus	AntiVirus.exe	"Added by the BANKER-EHB TROJAN!"
X	Antivirus	antvrs.exe	"Antivirus 2008 rogue security software - not recommended see here"
X	Antivirus	avm.exe	"Antivirus Master rogue security software - not recommended see "
X	Antivirus	vav.exe	"Vista Antivirus 2008 rogue security software - not recommended see here"
X	Antivirus Installer	[path to trojan]	"Added by the BADGENT-A TROJAN!"
X	AntiVirus Process	virprot.exe	"Added by a variant of the SDBOT WORM!"
X	Antivirus Protection Services	ccapp2.exe	"Added by the RBOT.EXI WORM!"
X	AntiVirus Update	updates.exe	"Added by the RBOT-JF WORM!"
X	AntiVirus Update	antivirus.exe	"Added by the RBOT-IF WORM!"
X	Antivirus-2008.exe	Antivirus-2008.exe	"Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!"
X	antivirus-2008pro.exe	antivirus-2008pro.exe	"Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!"
X	Antivirus-Golden	Antivirus-Golden.exe	"Antivirus-Golden misleading security software - not recommended see here"
X	Antivirus2008y	antvrs.exe	"Antivirus 2008 rogue security software - not recommended see here"
X	antivirus32	antivirus.exe	"Added by the SPYBOT.KAI WORM!"
X	AntivirusGold	AntivirusGold.exe	"AntivirusGold malware"
X	AntiVirusPro	AntiVirusPro.exe	"AntiVirusPro misleading security software - not recommended see here"
X	AntiVirusProMFC	Antivirus Pro.exe	"AntiVirusPro misleading security software - not recommended see here"
?	AntiVirusProtection	qumk.exe	"??"
X	AntiVituS	Base.exe	"Added by the BAS.A WORM!"
X	antiware	elite***32.exe [*** = random char]	"Added by the DLOADER-HW TROJAN!"
U	AntiWindowsMessenger	AntiMsMsg.exe	"Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory"
X	anti_troj	anti_troj.exe	"Added by the LODEAR.D TROJAN!"
Y	AnVir	AnVir.exe	"AnVir Task Manager - protects computer against viruses and manages running processes and startup files"
Y	AnVir Task Manager	AnVir.exe	"AnVir Task Manager - protects computer against viruses and manages running processes and startup files"
U	anvshell	anvshell.exe	System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
U	Any To-Do List	anytodo.exe	"Any To-Do List ""the ultimate software solution to keep yourself organized and reminded"""
?	anycom bluetooth	ftflauncher.exe	"Associated with an Anycom bluetooth wireless card. What does it do and is it required?"
U	AnyDVD	AnyDVD.exe	"AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the ""U"" recommendation"
U	AnyDVD	AnyDVDtray.exe	"System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts"
U	AnyTime	Atw.exe	"AnyTime Organizer Deluxe from Individual Software Inc - ""all the tools you need to organize your calendar to-do list and address book are combined in a familiar interface with hundreds of printable calendars detailed expense reports and a full range of programmable alarms"""
U	AnyTime Organizer	AtDem.exe	"AnyTime Organizer Deluxe from Individual Software Inc - ""all the tools you need to organize your calendar to-do list and address book are combined in a familiar interface with hundreds of printable calendars detailed expense reports and a full range of programmable alarms"""
U	AnyTime Organizer	Atw.exe	"AnyTime Organizer Deluxe from Individual Software Inc - ""all the tools you need to organize your calendar to-do list and address book are combined in a familiar interface with hundreds of printable calendars detailed expense reports and a full range of programmable alarms"""
N	AO Tray	AOTray.Exe	System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Y	aol	avp.exe	"AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory"
X	AOL 9.0 Optimized	AOLClient.exe	"Added by the SPYBOTER.A TROJAN!"
U	AOL Broadband Check-Up	matcli.exe	"""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address city county etc and gets written to a log file"". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in ""add/remove programs"" some help menus in help and support will not be available. You decide"
N	AOL Companion	companion.exe	Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process and is installed for ease of use
X	Aol Configuration Loader	aimsng.exe	"Added by the SDBOT-XE WORM!"
?	AOL Fast Start	AOL.exe	"AOL ISP software related. What does it do and is it required?"
X	AOL Instant Messanger	aim.exe	"Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility"
X	AOL Instant Messengar	aol.exe	"Added by the AGOBOT-FN WORM!"
X	AOL Instant Messenger	AlM.EXE	"Added by unidentified malware. Note - there ia a lower case ""L"" between the A and M in the filename"
X	Aol Instant Messenger	aolmsg.exe	"Added by the KELVIR.AL WORM!"
X	AOL Instant Messenger	aimsgr.exe	"Added by the IRCBOT.N TROJAN!"
X	AOL Instant Messenger 7.213	aim9283.exe	"Added by the SDBOT-ZF WORM!"
X	Aol Instant Messenger Fix	aolfix.exe	"Added by the SDBOT-ABJ WORM!"
X	AOL Messenger	[random filename]	Added by an unidentified VIRUS WORM or TROJAN!
X	AOL Messenger	aolmsngr.exe	"Added by the SDBOT-JF WORM!"
X	AOL Messenger Optimized	AOLOpt.exe	"Added by the AOLOPT TROJAN!"
X	AOL Services Hosts	aolserviceshosts.exe	Added by an unidentified WORM or TROJAN!
U	AOL Spyware Protection	AOLSP Scheduler.exe	AOL's spyware protection program
U	AOL TopSpeedMonitor	aoltsmon.exe	"AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up"
Y	AolAcsDaemon1	Acsd.exe	AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
Y	AolAcsDaemon1	AOLACSD.EXE	AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
?	AOLCC	ACCAgnt.exe	"AOL ISP software related file located in a ""AOL Computer Check-Up"" folder. What does it do and is it required?"
X	AolCon	config.com	"Added by the TAPLAK WORM!"
N	AOLDialer	AOLDial.exe	AOL ISP software dialer - can be activated through a desktop shortcut
N	AolFix	AolFix.exe	Run on Gateway Astra computers and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once
X	AOLRegKey32	AOREGSVR512.EXE	"Unidentified malware - see here"
?	AOLSAV	AOLAgent.exe	"AOL ISP related. What does it do and is it required?"
X	AOLStart	AOLStart.exe	"Added by the KRAIMER.12 TROJAN!"
X	aolupdater.exe	aolupdater.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Aornum	aornum.exe	"Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware"
N	AOTray	AOTray.Exe	System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
X	aouei	sysrtmvs.exe	"Chivio dialer"
Y	APC UPS Status	Display.exe	"APC PowerChute® Personal Edition status icon"
U	APC_SERVICE	mainserv.exe	"APC PowerChute® Personal Edition - ""safe system shutdown software with sophisticated power management functions."" Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98"
Y	apc_tray	apc_tray.exe	Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
X	APD123	APD123.exe	"PacerD Media/Pacimedia.com adware"
X	Api**.exe [* = random char]	Api**.exe [* = random char]	"CoolWebSearch/HomeSearch adware - for examples see this log"
X	Api**32.exe [* = random char]	Api**32.exe [* = random char]	"CoolWebSearch/HomeSearch adware - for examples see this log"
X	API32	api32.exe	"Added by the IRCBOT-B TROJAN!"
X	APIClass	lexplore_.exe	"Added by the MSNOPT-A TROJAN!"
X	APIMon	apimonx.exe	Added by the TIBSER.A downloader TROJAN!
X	APIMon	winapix.exe	Added by a variant of the TIBSER.A downloader TROJAN!
X	APIMon	msreg.exe	"Added by the DROPPER.Z TROJAN!"
X	apisvc.exe	apisvc.exe	"Added by a variant of the LAMEBOT TROJAN!"
U	APL	APL.exe	"Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup view load and dialog load times in some areas of the application"
?	Apmsrv9x	APMSRV9X.EXE	"Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?"
U	Apoint	Apoint.exe	Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
X	App**32.exe [* = random char]	App**32.exe [* = random char]	"CoolWebSearch/HomeSearch adware - for examples see this log"
X	App.EXEName	[path to worm].exe	"Added by the BODIRU WORM!"
U	Appcon	vAppCon.exe	"Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established"
X	appconn	appconn.exe	"Added by the CARGAO WORM!"
U	AppExtender	AppExtCB.exe	"Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received"
X	appis.exe	appis.exe	"Added by the AGENT-BC TROJAN!"
N	AppleSyncNotifier	AppleSyncNotifier.exe	"From WinPatrol PLUS by BillP Studios - ""This file installs with iTunes and is used when syncing your iPhone iTouch iPod etc."" See here for more information"
X	AppletINIT	INITIATE.EXE	"Added by the AGOBOT.XV TROJAN!"
Y	Application	mdmsetsp.exe	"Aztech Labs modem driver"
X	Application Adapter	abvsvc.exe	"Added by the CHECKOUT WORM! See here"
U	Application Explorer	Naldesk.exe	"Novell Zenworks Application Explorer Executable. ""For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."""
U	Application Explorer	NalView.exe	"Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications"
U	Application Launcher	Application Launcher.exe	Application launcher from the Sony Ericsson PC Suite for their mobile phones
X	Application Layer Browser	abgsvc.exe	"Added by the ULPM.FX TROJAN!"
X	Application Layer Browser	apnsvc.exe	"Added by the CHECKOUT WORM! See here"
X	Application Layer Gateway Service	algs.exe	"Added by the LINKBOT.M WORM!"
X	Application Layer Scheduler	agtsvc.exe	"Detected by PCTools as the IRCBOT.BJJ TROJAN! See here"
X	Application Layer Services	avrsvc.exe	"Detected by PCTools as the IRCBOT.BJM TROJAN! See here"
X	Application Manager	acnsvc.exe	"Added by a variant of the IRCBOT TROJAN!"
X	ApplicationProtocolRun	smsbvl32.exe	"Added by the IRCBOT-CX TROJAN!"
U	AppPlus	AppPlus.exe	"AppPlus - ""menu bar or tray launcher that docks to your desktop floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs Websites e-mail addresses or folders (which open in the AppPlus Menu System)"""
Y	Apvxd	APVXDWIN.EXE	"Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection"
Y	Apvxdwin	APVXDWIN.EXE	"Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection"
Y	APVXDWIN	ClShield.exe	"""Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam spyware dangerous or time-wasting content phishing scams hackers and intruders"""
Y	Apwheel	Apwheel.exe	Wheel support for an Alps mouse
X	apyginapygin	simenu.exe	"Added by the SDBOT.BTR WORM!"
U	AQ3HelperStartUp	AQ3HEL~1.EXE	"ScreenScenes ""Aquatica Water Worlds"" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
X	aqadcup.exe	aqadcup.exe	"Added by the AGENT.BG WORM!"
Y	Aqua Dock	Aqua Dock.exe	"Aqua Dock - 'free program that allows you to have an ""OS X"" style nice animated launchbar/taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure'"
X	Aqujyjax	[path to file]	"Added by the RANCK-CQ TROJAN!"
X	Aqujyjax	aqujyjax.exe	"Added by the SDBOT-YC WORM!"
X	ara-key	[random filename]	"Added by the ANTINNY WORM!"
?	ArabLionZ Drive	ArabLionZ.Drive.exe	"ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required?"
Y	ArcaCheck	ArcaCheck.exe	"Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do?"
X	arcaderockstar	arcaderockstar32.exe	"Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer"
X	Archive	archive.exe	"Adware - detected by Kaspersky as the CENTIM.A TROJAN!"
X	ARCHIVE CONTROL	fixupdattr.exe	"Added by the MYTOB.GU WORM!"
N	ARCSolo Recovery	N/A	Backup software by Computer Associates - no longer supported
U	Ardamax Keylogger	akl.exe	"Ardakey keystroke logger/monitoring program - remove unless you installed it yourself!"
N	ares	ares.exe	"""Ares is a free open source file sharing program that enables users to share any digital file including images audio video software documents etc"""
N	areslite	AresLite.exe	"""Ares is a free open source file sharing program that enables users to share any digital file including images audio video software documents etc"""
U	Argentum Backup	ab.exe	"Argentum Backup - a small backup program that lets you easily back up your documents and folders"
X	Aritima	aritima.exe	"Added by the ARITIM WORM!"
U	ARMOR2NET	Armor2net.exe	"Related to Armor2net personal firewall (possibly contains or is related to a product known as ArmorWall - which is a known rogue see here - hence the ""U"" recommendation)"
X	aromis	aromis.exe	"Added by the NUWAR.JQ WORM!"
N	AROReminder	aro.exe	"Advanced Registry Optimizer - ""scan identify clean and repair errors in your Windows registry with a single click"". Reminder that states that you are in trial mode"
N	ARPWRMSG	ARPWRMSG.EXE	"Related to HP and Compaq Desktop PCs. Read this article"
U	Artera	arteraui.exe	"Artera Turbo Internet Accelerator - ""surf faster boost download speed"". Only required if you find it helps improve your performance"
?	AS00 Gear511	Gear511.exe	"Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?"
N	AS00_Gear511	Gear511.exe	Netgear wireless LAN configuration utility
U	AS00_WN511B	WN511B.exe	"Netgear RangeMax NEXT wireless adapter configuration utility"
?	AS00_WPN511	WPN511.exe	"NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?"
X	ASDPLUGIN	dsldbaccess.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	canada.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	france.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	fullgames.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	100171be.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	100176br.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	adult1.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	Austria.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	belgium_nm.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	czech.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	dbaccess.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	dslgeaccess.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	Finland.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	geaccess.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	mexico.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	netherlands.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	turkey.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	uk_nm.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	Xadult1.exe	"AsdPlug premium rate adult content dialer"
X	ASDPLUGIN	temp532.exe	"AsdPlug premium rate adult content dialer"
X	asdsaxcxz13	dasxcsx13.exe	"Added by the LEGMIR-ARF TROJAN!"
X	asdx	xwinrpc32.exe	"Added by the AGOBOT.VO WORM!"
N	ASE Scheduler	ASE Scheduler.exe	"Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU the well known adware company see here and here"
Y	Ashampoo FireWall	FireWall.exe	"Ashampoo FireWall Free version"
Y	Ashampoo FireWall PRO	FireWall.exe	"Ashampoo FireWall PRO version"
U	Ashampoo PopUpBlocker	PopUpKiller.exe	"Ashampoo popup blocker part of Magical Security (was Privacy Protector Plus)"
Y	ashAvast	ashAvast.exe	"Part of Avast antivirus"
Y	ashDisp	ashDisp.exe	"System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner right-click access to other options and event notifications"
X	ashDsp.exe	ashDsp.exe	"Added by a variant of the SDBOT WORM!"
X	ASHLT	Ashlt.exe	"Ashlt adware"
Y	ashMaiSv	ashmaisv.exe	"Part of Avast! anti-virus software - E-mail scanner"
X	Asicfc	icfca.exe	"Added by the AGENT.AAJE WORM!"
U	AsioReg	regsvr32.exe ctasio.dll	"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
U	AsioThk32Reg	rregsvr32.exe ctasio.dll	"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
U	ASK	rundll32.exe [path] ASK.dll rdl	"Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
X	asl	Aslru.exe	"Added by the BANCOS-CU TROJAN!"
U	ASM	ASMonitor.exe	"Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses spyware and other dangers and learn what steps you can take to improve your protection"
U	Asmw Soft Popups Burner	popups burner.exe	"Popup blocker part of Asmw Soft PC Optimizer"
X	asnconsole	msasn.exe	"Added by the RBOT.EVU TROJAN!"
X	ASocksrv	SocksA.exe	"Added by the VB.CBW WORM!"
X	asp-srvc	asp-srvc.exe	"Added by the AGOBOT-KG WORM!"
X	ASP.NET State Service	csrss.exe	"Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	ASP.NET State Service	crsass.exe	"Added by the BANLOAD-M TROJAN!"
X	ASP.NET State Service	servicos..exe	"Added by the DADOBRA-I TROJAN!"
N	asp4tray	asp4tray.exe	System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Y	AspireTimeMachine	acertmb.exe	System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP allowing you to restore a PC back to a working state with minimal re-entry
X	asrupdate.exe	asrupdate.exe	"Added by the VB.ATZ TROJAN!"
X	assistse	ASSISTSE.EXE	"CnsMin (Chinese Keywords) hijacker related"
X	AST	AST	"Added by the VB.AH TROJAN!"
X	AST	AST.exe	"AutoStarter parasite"
U	ASTART	astart.exe	ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
X	AStart	AStart	"Added by the VB.AH TROJAN!"
N	asTray	Astray.exe	"Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer"
N	Astro	Astro.exe	Checks for updates to Quicken on a system reboot
?	ASUS Camera ScreenSaver	ASScrProlog.exe	"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%"
N	ASUS Live Update	ALU.exe	ASUS Live Update utility for their motherboards
N	ASUS Probe	AsusProb.exe	ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
?	ASUS Screen Saver Protector	ASScrPro.exe	"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe according to PREVX and InCode Solutions. Can any ASUS owners with this file confirm? File is located in %Windir%"
U	ASUS SmartDoctor	VGAProbe.exe	ASUS video card fan/thermal monitor
U	ASUS TweakEnable	astart.exe	ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
N	ASUSGamerOSD	GamerOSD.exe	"GamerOSD by ASUSTek - for ""real-time overclocking benchmarking and video capturing in any PC game."" Free for ASUS graphics cards 30-day trial for non-ASUS graphics cards"
N	ASUSKey	V38SHELL.EXE	System tray Icon for quickly changing video modes
U	asustweakenable	ATweak.exe	ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
N	ASWDP	ASWDP.exe	"MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market"
X	ASWnk	aswnk.exe	Adult content dialler
U	AT&T Self Support Tool	matcli.exe	"AT&T Resolution Assistant. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address city state etc and gets written to a log file"". Resolution Assistant is required to run with the Help and Support program. If you uncheck Resolution Assistant and and then run Help and Support it will add another Resolution Assistant in the startup menu. If you remove the Resolution Assistant in the add/remove program some help menus in help and support will not be available. You decide"
U	AT-Watch	ATWatch.exe	Anti-Trojan Watch - trojan detector
X	atapidrv	atapidrv.exe	"Added by the AGOBOT-SL WORM!"
U	atchk	atchk.exe	"AMT Status Message from Intel. Users can manage this read the article. See here for more information on Intel AMT"
U	Athan	Athan.exe	"Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world"
X	ATI Active Graphics Card Monitor	atievx.exe	"Added by the IRCBOT-TL WORM!"
X	ATI AS Filter	msnse.exe	"Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines preventing access to the virus cleaning websites"
N	ATI Catalyst™ System Tray	CLI.exe SystemTray	"System Tray access to ATI's Catalyst™ CONTROL CENTER. Note that this has ""SystemTray"" appended to CLI.exe in the ""Command"" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop"
N	ATI DeviceDetect	ATIDtct.EXE	Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
X	ATI Display	ATIDisplay.exe	"Added by the BDOOR-AFH BACKDOOR!"
X	ATI Display Driver	atixd.exe	"Added by the RBOT-FOV WORM!"
X	Ati Display Settings	atividx.exe	"Added by the RBOT-GAS WORM!"
N	ATI GART Set-up Utility	Atigart.exe	Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one once installed it shouldn't be needed
U	ATI Launchpad	launchpd.exe	Convenient way to start all your Multimedia Center applications (DVD Video CD CD Audio File Player). You can right-click LaunchPad and uncheck Load on Startup in the menu
X	ATI Rage3d Pro	AtiRage4dPro.exe	"Added by the AGOBOT-OG WORM!"
Y	ATI Remote Control	ATIRW.exe	"Driver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it"
Y	ATI Remote Control	ATIX10.exe	"ATI Remote Wonder? - PC wireless remote control driver. Required if you use it"
N	ATI Scheduler	Atisched.exe	Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
N	ATI Task Application	Atitkad.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
N	ATI Task Application (Atikey)	Atitask.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
X	ATI Technology Startup	techstart.exe	"Added by the RBOT-AEU WORM!"
X	ATI Video Driver Control	atigfx.exe	"Added by the RBOT-FWL WORM!"
X	ATI Video Driver Control	btorrent.exe	"Added by a variant of the IRCBOT TROJAN!"
X	ATI Video Driver Controls	[path to worm]	"Added by the SDBOT-DDS WORM!"
X	ATI VIDEO REGKEY	ati2vid.exe	"Added by the SDBOT.UR WORM!"
?	Ati2cwxx	Ati2cwxx.exe	"For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it"
X	Ati2evxx	Ati2evxx.com	Added by the BACKDOOR-CPC TROJAN!
X	ati2f104	ati2f104.exe	"Added by the DLOADR-BBW TROJAN!"
U	Ati2mdxx	Ati2mdxx.exe	System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
N	ATICCC	cli.exe runtime	"ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has ""runtime"" appended to cli.exe in the ""Command"" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows"
N	ATICCC	CLIStart.exe	Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs
X	aticpaxx.exe	aticpaxx.exe	"Added by the RBOT-XP WORM!"
U	AtiCwd	AtiCwd.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd	AtiCwd32.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd	Ati2cwad.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd32	AtiCwd.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd32	AtiCwd32.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd32	Ati2cwad.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
X	AtiDisplayDrv	atidrvxx.exe	"Added by the RBOT-VZ WORM!"
X	atidriver	reaIplayer.exe	"Added by the WARPIGS-E WORM! Note the uppercase ""I"" in the filename rather than a lower case ""L"""
N	AtiGart	Atigart.exe	Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one once installed it shouldn't be needed
N	AtiKey	AtiKey32.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
N	AtiKey	atiptkad.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Control Panel → Display
N	Atikey	Atitask.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
U	ATIMACE	MACE.exe	ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst™ Environment (MACE) component
U	ATIModeChange	Ati2mdxx.exe	System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
X	AtiPanel	atip.exe	"Added by the TACTSLAY.U TROJAN!"
X	atipatxx	atipatxx.exe	"Added by the SMALL-ED TROJAN!"
U	ATIPOLAB	ati2evxx.exe	ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
U	ATIPOLAB	ati2evae.exe	ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
U	ATIPOLL	ati2evxx.exe	ATI External Event Utility EXE Module. This task can comsume lots of CPU resources on some computers but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
U	AtiPTA	Ati2ptxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution colour depth etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	AtiPTA	Atiptaxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution colour depth etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	AtiPTA	Atiptaab.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution colour depth etc. Available via Start → Settings → Control Panel → Display. Some users may need it if they have optimised their settings
U	AtiPTAAA	Ati2ptxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution colour depth etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	AtiPTAAA	Atiptaxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution colour depth etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	atiptaxx	Ati2ptxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution colour depth etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	atiptaxx	Atiptaxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution colour depth etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
X	atiptext	atiptext.exe	"Added by the COSIAM-A TROJAN!"
U	AtiQiPcl	AtiQiPcl.exe	Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
U	ATISmart	ati2s9ag.exe	"ATI's ""SMARTGART"" which is included with the Catalyst™ drivers. When the system boots it runs a couple of bus tests & tries to apply the most stable settings"
U	AtiSound	csrss.exe	"WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""ComRoot"" subfolder"
X	atisrc2	windfind.exe	"Added by the WINDFIND-A TROJAN!"
X	ATITech	Active.exe	"Added by the ROAMER-A TROJAN!"
U	atitray	atitray.exe	ATI Tray Tools - allows quick access to ATI graphics card settings
U	AtiTrayTools	atitray.exe	ATI Tray Tools - allows quick access to ATI graphics card settings
X	atiupdate	ATIUPDATE5.EXE	"Added by the DEBESKI.A TROJAN!"
X	atiupdate	msshed32.exe	Added by the DELF.EP downloader TROJAN!
X	ATIUpdater	atiupdxx.exe	"Added by the RBOT-ABX WORM!"
X	Atiupdpl	atiupdpl.exe	"Added by the SMALL.AOS TROJAN!"
X	ativopen	ativopen.exe	Premium rate adult content dialler
Y	ATIX10	atix10.exe	"ATI Remote Wonder? - PC wireless remote control driver. Required if you use it"
?	ATKMEDIA	DMEDIA.EXE	"ATK Media utility for ASUS laptops - what does it do and is it required?"
X	Atl**.exe [* = random char]	Atl**.exe [* = random char]	"CoolWebSearch/HomeSearch adware - for examples see this log"
X	Atl**32.exe [* = random char]	Atl**32.exe [* = random char]	"CoolWebSearch/HomeSearch adware - for examples see this log"
X	ATM Control	adpn.exe	"Added by the MMS.A WORM!"
N	ATnotes	atnotes.exe	Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
U	Atomic Time Synchronizer	TimeSync.exe	"TimeSync - lets you synchronize your computer's clock with any internet atomic clock"
X	Atomic-x27	Atomic-x27.exe	"Added by the KATOMIK-A WORM!"
X	Atomic-x27C	AtomicpartC.exe	"Added by the KATOMIK-A WORM!"
U	Atomic.exe	Atomic.exe	"Atomic Clock Sync - synchronizes your computer's time with the NIST time server"
N	Atomica	atomica.exe	"Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key"
U	AtomicTime	ATOMICTIME.EXE	"AtomicTime - utility that synchronizes your PC clock to an atomic clock"
U	Atrack	atrack.exe	New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker an instant notification feature. The Alert Tracker displays information about events as they happen. This way when a rule has been triggered or an access to the Internet made you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
U	Atray	Atray.exe	"Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons"
U	ATSpooler	AppsTraka.exe	"DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!"
U	ATTBroadbandUpdate	SAUpdate.exe	"Big Brother from Quest Software. System and network monitor"
U	ATTRedUpdate	AutoUpdate.exe	Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
X	AttuneClientEngine	attune_ce.exe	"Aveo Attune automated helpdesk software - adware/spyware"
X	AttuneContentUpdater	attune_cu.exe	"Aveo Attune automated helpdesk software - adware/spyware"
X	AttuneDiscovery	attune_di.exe	"Aveo Attune automated helpdesk software - adware/spyware"
X	Attunel	Attunel.exe	"Aveo Attune automated helpdesk software - adware/spyware"
X	AttuneSystray	attune_st.exe	"Aveo Attune automated helpdesk software - adware/spyware"
N	aTuner	atuner.exe	"aTuner - tweak tool for GeForce based graphics cards"
Y	atwtusb	atwtusb.exe	USB interface for Aiptek Graphics Tablet (USB)
X	AtxBrw	Iexplor.exe	"""Pop Marketing"" adware"
U	au	DealioAu.exe	"Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products"
U	AU Agent	AUagent.exe	"Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon"
X	au.exe	au.exe	"Added by the BEAGLE.B WORM!"
Y	AUCBPNP	aucbnpn.exe	Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
X	Aucompat	Aucompat.exe	"Added by the GEMA TROJAN!"
X	Audcntr	audcntr.exe	"Added by the GEMA TROJAN!"
?	AudCtrl	RunDll32 AudCtrl.dll RCMonitor	"Audio control panel?"
X	audi32	audi32.exe	"Added by the RANCK-FL TROJAN!"
X	AUDIO	SOUND.exe	"Added by the PLOYB-A TROJAN!"
X	Audio Device Manager	winfp.exe	"Detected by PCTools as the IRCBOT.BIV TROJAN! See here"
X	Audio Device Manager	WinNT.exe	"Added by the BANKER.BTG TROJAN!"
X	Audio Device Manager	WNDXP.exe	"Detected by Kaspersky as the IRCBOT.AJL TROJAN! See here"
X	audiocfg.exe	audiocfg.exe	Added by the VB.ATE WORM!
X	Audiocntl	audiocntl.exe	"Added by a variant of the CRYPTER.C TROJAN!"
N	AudioDeck	ADeck.exe	ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
X	Audiodrv	audiodrv.exe	"Added by the CRYPTER-C TROJAN!"
U	AudioDrvEmulator	DLLML.exe AudDrvEm.dll	"Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system but should not be terminated unless suspected to be causing problems"
N	AudioHQ	Ahqtb.exe	For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
X	AudioHQ	audiohq.exe	"Added by the BANKER-EHK TROJAN!"
N	AudioHQU	AHQTBU.EXE	System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs
X	audioinf	audioinf.exe	"Added by a variant of the CRYPTER.C TROJAN!"
X	AudioMan	Explorer.sm1	"Added by the HUPIGON.IFZ BACKDOOR!"
X	audlmne32	dcmsxe.exe	"Added by the MAILBOT-CF TROJAN!"
X	auloadplx	mplprogsm.exe	"Added by the SLAPER.K TROJAN!"
X	AUNPS2	RUNDLL32 AUNPS2.DLL _Run@16	"AUNPS adware"
X	aupd	symcsvc.exe	"Added by the ABWIZ.D TROJAN!"
X	aupd	sysvcs.exe	"Added by the ABWIZ.C TROJAN!"
X	aupd	sywsvcs.exe	"Added by the ORSE-M TROJAN!"
Y	Aureal A3D Interactive Audio	sa3dsrv.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Y	Aureal A3D Interactive Audio Init	A3dInit.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
X	ausvc	ausvc.exe	"Added by the AUTOUPDER TROJAN!"
X	Auth Starter Ident	startauth.exe	"Added by the RBOT-WP WORM!"
Y	Authentic-ID Toolbar	wintmr.exe	"System Tray access to Child Control parental control software by Salfield"
Y	Authentic-ID Toolbar	rundll32.exe [path] ToolbarATL.dll LoadTrayIcon	"Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic for example"
X	authz	authz.exe	Added by an unidentified VIRUS WORM or TROJAN!
X	auto	win32.exe	"Added by the SMALL!SD5 TROJAN!"
X	Auto CD-ROM Startup	cdaccess.exe	"Added by the SPYBOT.BLA WORM!"
U	Auto EPSON Stylus C45 Series on X	E_S4I3T1.EXE	"Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C48 Series on X	E_S10IC2.EXE	"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C48 Series on X	E_S4I091.EXE	"Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C60 Series on X	E_S10IC2.EXE	"Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C62 Series on X	E_S10IC2.EXE	"Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C64 Series on X	E_S4I2C1.EXE	"Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C82 Series on X	E_S0HIC1.EXE	"Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C84 Series on X	E_S4I2D1.EXE	"Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus C87 Series on X	E_FATIABL.EXE	"Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX3200 on X	E_S10IC2.EXE	"Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX3600 Series on X	E_FATI9BE.EXE	"Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX3800 Series on X	E_FATIACA.EXE	"Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX4200 Series on X	E_FATIAEA.EXE	"Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status checking ink levels etc etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX4500 Series on X	E_FATI9AP.EXE	"Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX5000 Series on X	E_FATIBVA.EXE	"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX5400 on X	E_S4I2G1.EXE	"Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX6000 Series on X	E_FATIBIA.EXE	"Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX6400 on X	E_S4I2L1.EXE	"Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX6600 Series on X	E_FATI9EE.EXE	"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX6600 Series on X	E_FATI9EA.EXE	"Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX7400 Series on X	E_FATICDA.EXE	"Epson Status Monitor 3 for the Stylus CX7400 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX7800 Series on X	E_FATIACA.EXE	"Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus CX9400Fax Series on X	E_FATICFA.EXE	"Epson Status Monitor 3 for the Stylus CX9400Fax Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus D78 Series on X	E_FATIBGE.EXE	"Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus D88 Series on X	E_FATIABE.EXE	"Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus DX3800 Series on X	E_FATIACE.EXE	"Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus DX4800 Series on X	E_FATIADE.EXE	"Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus DX6000 Series on X	E_FATIBIE.EXE	"Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo 820 Series on X	E_S10IC2.EXE	"Epson Status Monitor 3 for the Stylus Photo 820 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R1800 on X	E_FATI9LA.EXE	"Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R200 Series on X	E_S4I2H1.EXE	"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R200 Series on X	E_S4I0H2.EXE	"Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R220 Series on X	E_FATIAIE.EXE	"Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R2400 on X	E_FATI9SA.EXE	"Epson Status Monitor 3 for the Stylus Photo R2400 printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R260 Series on X	E_FATIBNA.EXE	"Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R300 Series on X	E_S4I2F1.EXE	"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R300 Series on X	E_S4I0F2.EXE	"Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R320 Series on X	E_FATI9FA.EXE	"Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo R800 on X	E_FATI9YE.EXE	"Epson Status Monitor 3 for the Stylus Photo R800 printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo RX420 Series on X	E_FATI9CE.EXE	"Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo RX500 on X	E_S4I2K1.EXE	"Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Photo RX600 on X	E_S4I2M1.EXE	"Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
U	Auto EPSON Stylus Pro 7600 on X	E_S10IC2.EXE	"Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status checking ink levels etc. ""X"" represents the computer's network name ie PAULS-PC PETES-LAPTOP etc"
X	Auto File System Conversion Utility	scricon.exe	"Added by the SDBOT.EYB WORM!"
X	auto repair system	qualityx.exe	"Added by an unidentified WORM or TROJAN - probably a SPYBOT variant"
U	Auto Run Software for Photo Frame	PhotoManager.exe	"Management software for Philips digital PhotoFrame range. Used to edit photos and transfer them directly from a PC via a USB cable. Start manually when you connect the device"
U	Auto Switch	TASKBAR.exe	Related to 2-port Bitronics AutoSwitch kit from Belkin
N	Auto T Bar	autotbar.exe	If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
X	Auto Updat	WindowsSys32.exe	"Added by a variant of the FORBOT WORM!"
X	Auto updat	crcss.exe	"Added by the SDBOT.AAG WORM!"
X	Auto Update	AUP.exe	Added by an unididentified WORM or TROJAN!
X	Auto Update	dma.exe	"Added by the RBOT-AVO WORM!"
X	Auto Update	svchost.exe	"Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	Auto Updates	svchost.exe	"Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
X	Auto WinUpdate	taskmrg.exe	"Added by the RBOT-AFA WORM!"
X	AutoAdministrator	SERVICES.EXE	"Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!"
U	Autobar	autobar.exe	Connect buttons on the keyboard for internet direct access etc. on HP computers
U	AutoCAD Startup Accelerator	acstart16.exe	"Preloads some libraries that are used by AutoCAD in order to make the software load faster"
U	autoclk	autoclk.exe	"Autoclik is a Windows utility ""that allows you to perform all mouse activity with absolutely no clicking"""
X	AutoDiscovery/AutoPurge (ADAP) Service	wmiadapi.exe	"Added by the RBOT.FLT WORM!"
N	AutoEA	Ahqrun.exe	For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
X