v

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

Fatal error: Maximum execution time of 30 seconds exceeded in /home/iamnotag/domains/iamnotageek.com/public_html/startup/search.php on line 252

	Startup Name	Process Name	Details
X		svchost.exe	"Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.exe	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.dll	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.js	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
Y	!AVG Anti-Spyware	avgas.exe	"System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware"
ME"	"MS Java Applets for Windows NT	X	javaapplets.exe
NT	"Ms Java for Windows 98	ME & XP"	X
NT	"Ms Java for Windows 98	XP & ME"	X
XP & ME	"MS Java for Windows NT	X	xpjavams.exe
Version	"NVIDIA Compatible Windows Vista Display driver	U	"RUNDLL32.EXE NvCpl.dll
Version	"NVIDIA Compatible Windows7 Display driver	U	"RUNDLL32.EXE NvCpl.dll
Version	"NVIDIA Driver Helper Service	U	"RUNDLL32.EXE nvsvc.dll
Version	"NVIDIA nView Control Panel	N	nwiz.exe
please	"This is a virus	X	bigbadvirus.exe
X	"Vaganza-XPloit-[User Name]"""	[user name].exe	"Added by the GAVGENT.A WORM!"
X	$sys$crash	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$drv	$sys$drv.exe	"Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
X	$sys$momomomochin	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$umaiyo	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
U	$Volumouse$	volumouse.exe	"Volumouse from Nirsoft. ""Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"""
X	(Default)	media_driver.exe	"Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	Shania.vbs	"Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	spolsvr2.exe	"Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(L4r1$$4) (4nt1) (V1ruz)	SP00Lsv32.pif	"Added by the ASSIRAL.B WORM!"
X	Intelli Mouse Pro Version 2.0B	ncsjapi32.exe	"Added by the BUZUS-O WORM!"
X	-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+	ISASS.exe	"Added by the ASSIRAL.B WORM!"
X	.mscdr	lsvchost.exe	"Added by the WEBUS.D TROJAN!"
X	.mscdsr	lsvchost.exe	"Added by the BDOOR-CR BACKDOOR!"
X	.mscsbl	svhost.exe	"Added by the CMQ TROJAN!"
X	.msfupdate	msveup.exe	"Added by the ALLOCUP.A WORM!"
X	.nvsvc	smss.exe	"Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!"
X	.nvsvcb	smssb.exe	"Added by the BOXED.CG TROJAN!"
X	.Prog	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	.svchost	CSRSS.EXE	"Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	.TEXTCONV	csrss.exe	"Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!"
X	.TEXTCONV	lsass.exe	"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
?	00DSKSVR00	desksaver.exe saskda	"Part of Advanced Desktop Shield
U	00DSKSVR01	desksaver.exe tray	"System Tray access to Advanced Desktop Shield
X	0_AVD32	xzboot.exe	"Added by the AGENT-IWI TROJAN!"
X	1	svchost.scr	"Added by the BANCOS.X TROJAN!"
X	1234klsjdc uiar924c af	sxgnsvuxct.exe	"Added by the FAKEALERT-AM TROJAN!"
X	1234klsjdc uiar924c af	sysvtypkbjx.exe	"Added by the FAKEALERT-AM TROJAN!"
U	12Ghosts SaveLayout	12autosl.exe	"12Ghosts SaveLayout - ""Always (always!) keep the layout of your desktop icons"""
U	12Ghosts TrayProtect	12srvc.exe	"12Ghosts TrayProtect - ""Hide tray icons
N	12Voip	12Voip.exe	"12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
N	1:00	hpdrv.exe	HP utility for monitoring when and how many recoveries have been done
U	1A:MacVisionTrayMonitor	TrayMonitor.exe	"Part of MacVision by Jeff Bargmann - an discontinued program that makes your PC's desktop look and feel incredibly like that of a Macintosh OS8 computer. Handler that puts the icons that are in your system tray into the MacVision taskbar
Y	1A:Stardock MCP	mcpserver.exe	"Master Control Program for Stardock apps
Y	1A:Stardock TrayMonitor	TrayServer.exe	For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
U	1Srv32	SpyAgent4.exe	"SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC.""
X	2020Downloader	mssvr.exe	"2020Search Toolbar"
X	27	slsorve.exe	"Added by the SLSORVE-A TROJAN!"
X	32-bit Thunking service	thunk32.exe	"Added by the DERDERO.A WORM!"
X	32.exe	nvscv32.exe	"Added by the AGENT-LOL TROJAN!"
X	333	svchost.exe	"Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Syswm1i"" directory"
Y	3dfxv2ps.dll	3dfxv2ps.dll	Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
X	9UmxQPSiTJMbA	NVUKZ.exe	"Added by the AGENT-LMN TROJAN!"
X	9xHtProtect	AVprotect9x.exe	"Added by the NETSKY.M WORM!"
X	?ekio Startups	?nksvc32.exe	"Added by the AGOBOT-OV WORM where ? is a random character"
X	a	MsSvrdll.vbs	"Added by the MUTAFROG!INF WORM!"
U	A Verizon App	VERIZO~1.EXE	"Part of Verizon Online Support Manager"
Y	a-winpoet-service	winpppoverethernet.exe	"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion
?	a2dservice	a2dservice.exe	"Related to the Air2Data Wireless HISA (High-Speed Internet Access) service. What does it do and is it required?"
X	a9z1eizA1e	atulabov.exe	"Added by the AGENT-GWD TROJAN!"
N	AAATraySaver	TraySaver.exe	"System Tray management utility from Mike Lin which allows you to hide
X	AAMSFree702	Avengine.com	"Added by the DELF.LJ TROJAN!"
X	absr	mwsvm.exe	"SeekSeek search hijacker related - see here"
U	AbyssWebServer	abyssws.exe	"Abyss web server"
X	Ac97Sound	snddrv.exe	"Added by the VB.AXG TROJAN!"
N	AceGain LiveUpdate	LiveUpdate.exe	"""AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates
Y	acEventServ	acevtsrv.exe	"ActivCard Gold from ActivIdentity
U	Acronis Scheduler2 Service	schedhlp.exe	"Part of Acronis True Image - backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
N	Activation	Activation.exe	Part of Microsoft Money
U	Activboard	MMKeybd.exe	"Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock
U	ACTIVBOARD	ABoard.exe	"Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock
X	Active Bit Station	abs.exe	"Added by the MYTOB.BZ WORM!"
N	Active CPU	acpu.exe	"Active CPU - ""easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"""
U	Active Desktop Calendar	ADC.EXE	"XemiComputers Active Desktop Calendar"
U	Active Email Monitor	aem25.exe	"Active Email Monitor checks multiple accounts for email
X	Active Security	asecurity.exe	"Active Security rogue security software - not recommended
U	Active shield	Activeshield.exe	"Active Shield is ""an heuristic screen that actively protects your computer from trojans
X	ActiveDesktop	systray32.exe	"Added by the DABOOM WORM!"
X	ACTIVEDS	ACTIVEDS.EXE	"Added by the OPASERV.T WORM!"
N	ActiveEyes	ActiveEyes.exe	"ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small
U	ActiveKeys.AAB635BD7D054a37A576	akeys.exe	"""Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"""
U	ActiveMenu	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
U	ActivePlus	activeplus.exe	"Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)"
X	ActiveScan Antivirus	ActiveScan.exe	"Added by the RBOT-FKQ WORM!"
X	ActiveScript32	nod.exe	"Added by the SOHANA-AJ WORM!"
Y	ActiveShield	mcvsshld.exe	"ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed
N	ActiveSpeed	AS.exe	"Ascentive ActiveSpeed internet optimizer - not recommended
X	ActiveSync	wcescom32.exe	"Added by the MANCSYN-E TROJAN!"
N	ActiveWords	AWMonitor.exe	"ActiveWords from ActiveWord Systems
X	ActiveX File Registration Service	filereg.exe	"Added by the RBOT-DVD WORM!"
X	ActiveX Streamer	msgfix.exe	"Added by the SDBOT.NQ WORM!"
X	ActiveXUpdate	svcss.exe	"Added by a variant of the DEDLER.C TROJAN!"
U	Activity	actik.exe	"ActivityKey keystroke logger/monitoring program - remove unless you installed it yourself!"
N	ActivSurf	backweb*****.exe	Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
X	ACTX1	v1201.exe	"Added by the VB.IS TROJAN!"
X	ADDITIONAL Services	pkgadd.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Admilli Service	AdmilliServ.exe	Windupdates adware variant
X	Administrator	svchost.scr	"Added by the NOVACAL TROJAN!"
X	AdminSoft	sysfile.vbs	"Added by the STARGRUB-A WORM!"
U	Adobe Version Cue CS2	VersionCueCS2Tray.exe	"File manager that's part of Adobe Creative Suite 2 - ""find files fast
X	AdobeReaderPro	msnserve.exe	"Added by the SDBOT-AKH WORM!"
X	AdobeReaderPro	svxhost.exe	"Added by a variant of the RBOT WORM - see here"
X	AdobeReaderPro	rvdjlefr.exe	"Added by the RBOT-CQZ WORM!"
X	AdobeReaderPro	msnservex.exe	"Added by the RBOT.AKM BACKDOOR!"
X	AdobeReaderPro	msnsrcdv.exe	"Added by the INJECT-H WORM!"
X	AdobeReaderPro	service.exe	"Added by the RBOT-BCA WORM!"
N	AdobeVersionCue	VersionCueTray.exe	"""An exclusive feature of the Adobe® Creative Suite
?	Adobe_ID0EYTHM	VERSIO~2.EXE	"Part of an Adobe product. What does it do and is it required?"
X	Adope File Manager	lsasv.exe	Added by an unidentified WORM or TROJAN!
X	ADriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	AdRotator.Application	services.exe	"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
X	ADS Adware Remover	ADS Adware Remover.exe	"ADS Adware Remover
U	ADService	ADService.exe	"Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98/ME"
?	ADSLSYSTEMTRAY	SystemtrayV100B.exe	"Apparently Annex A ADSL modem related. What does it do and is it required?"
X	adstartup	automove.exe	"Adlogix adware variant"
X	AdStatus Service	AdStatServ.exe	"WindUpdates AdStatus Service adware"
X	Adtools Service	AdTools.exe	"Windupdates Adware"
X	Advanced DHTML Enable	exo32.exe	"Added by the RANCK-FI TROJAN!"
X	Advanced DHTML Enable	[path to trojan]	"Added by the AGENT.GLQ TROJAN!"
X	Advanced Internet Protocol	cerf.exe	"Added by a variant of the SPYBOT WORM!"
X	Advanced Protection System	advpsys.exe	"Added by a variant of the RBOT WORM!"
X	Advanced Spyware Remover	Asr.exe	"Advanced Spyware Remover rogue spyware remover - not recommended
X	Advanced Spyware Remover Pro	Asr.exe	"Advanced Spyware Remover rogue spyware remover - not recommended
U	Advanced SystemCare 3	AWC.exe	"Advanced SystemCare from IObit - ""helps protect
X	Advanced Tool Checks	advchks.exe	"Added by a variant of the RBOT WORM!"
N	Advanced Tools Check	ADVCHK.EXE	Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
U	Advanced Uninstaller PRO Installation Monitor	monitor.exe	"Innovative Solutions Advanced Uninstaller PRO - ""easy-to-use suite for uninstalling applications and keeping your computer fast
X	AdvancedCleaner Free	UADC.exe	"AdvancedCleaner rogue security software - not recommended
X	advanceddefender	advanceddefender.exe	"Advanced Defender rogue security software - not recommended
X	AdvancedPrivacyGuard	apg.exe	"AdvancedPrivacyGuard rogue privacy program - not recommended
X	AdvancedPrivacySuite	APS.exe	"AdvancedPrivacySuite rogue privacy program - not recommended
X	AdVantage	AdVantage.exe	"MediaAdVantage adware"
X	AdVantage Setup	AdVantageSetup.exe	"MeMedia.Advantage adware - optionally installed with older versions of the DAEMON Tools Lite CD emulation tool (if you don't uncheck the ""DAEMON Tools sponsor ad module"" option during install) and possibly others"
X	advap32	[path to trojan]	"Added by the MUTANT.AT TROJAN!"
X	Advapi	Advapi.exe	"Added by the NETDEVIL.12 WORM!"
N	ADVCHK	ADVCHK.EXE	Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
U	Advertising Killer	Akiller.exe	"Advertising Killer - popup stopper"
X	advmon32	advmon32.exe	"Added by a variant of the CRYPTER.C TROJAN!"
X	AdwareRemover2007	AdwareRemover2007.exe	"AdwareRemover2007 rogue security software - not recommended
X	Adwarz Spy Remover	ADWARZ.EXE	"Added by the SPYBOT-EV WORM!"
X	AERVICESN	AERVICESN.exe	"Added by the RANDON-AO WORM!"
N	AeXAgentLogon	AeXAgentActivate.exe	"Altiris Agent transmits information about your machine for the purpose of asset management and deployment"
X	agentsvr	agentsvr.exe	"Detected by Kaspersky as Monker.A adware. Note - do not confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the Windows\Msagent folder"
?	AidemHotKey	DVMAIN.EXE	"Keyboard related"
?	Air2Data	a2dservice.exe	"Related to the Air2Data Wireless HISA (High-Speed Internet Access) service. What does it do and is it required?"
U	AJC Active Backup	AJCActBk.exe	"AJC Active Backup from AJC Software - ""Instantly backup files you change on your PC and keep multiple versions to undo"""
X	AKEYNAME	WinServ.exe	"Added by the EVILBOT.C TROJAN!"
N	Alcohol Soft Development Team	axcmd.exe	"Part of Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
X	aldefr ere service	tay0x.exe	"Added by the RBOT-XS WORM!"
X	Alevir	Alevir.exe	"Added by the OPASERV-A WORM!"
X	AlevirOld	[worm filename]	"Added by the OPASERV WORM!"
X	algv.exe	algv.exe	"Added by the AUTORUN-BEA WORM!"
X	Alive SYstem	scchost.exe	"Added by the TOFDROP-B TROJAN!"
X	Alive SYstem	scchostc.exe	"Added by the TOFDROP-B TROJAN!"
X	All Sea screen saver	TaskTray.exe	"Free screensaver
U	Alogserv	Alogserv.exe	"From McAfee VirusScan for logging scanning activities. In some cases
X	alpha	svchost.exe	"Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies"
X	AlphaAV	AlphaAV.exe	"Alpha Antivirus rogue security software - not recommended
Y	Alps Electric USB Server	Monserv.exe	"Alps Electric USB Server - required according to this article"
U	ALServ	ALServ.exe	Utility that enables a user to control the volume and surround sound and select Pro Logic/Stereo on 2 satellite speakers and subwoofer of old Altec Lansing speaker systems. The right-side speaker has 4 controls on top providing same functionality
U	AltoMB_service	AltoMBsrv.exe	"Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
N	ALU Scheduler Service	ALUSchedulerSvc.exe	Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
X	Amie Release V6.9D	services.exe	"Added by the VB-EAN TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	amircivil	svchost.exe�	"Added by the AMIRECIVEL WORM!"
X	amva	amvo.exe	"Added by the SILLYFDC-BR WORM!"
X	anbv32	nabv32.exe	"Added by the TITOG.C WORM!"
Y	ANIWZCS2Service	WZCSLDR2.exe	"ALPHA Networks wireless driver"
?	ANIWZCSService	WZCSLDR.exe	D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
X	ansjava	[path to worm]	"Added by the RANDON-AN WORM!"
X	Anti Spam Service	spamsvc.exe	"Added by the MYTOB-BK WORM!"
X	Anti-Virus	vpms.exe	"Added by a variant of the SLAPER TROJAN!"
X	Anti-Virus	[random filename].exe	"Added by the CAPROBAD-A TROJAN!"
X	Anti-Virus Product Sync	[unprintable character][3 characters]log.exe	"Added by the KEDEBE.D WORM!"
X	Anti-Virus Update Scheduler	[path to trojan]	"Added by the SPAMMIT-A TROJAN!"
X	Anti-Virus Update Scheduler	winsp3.exe	"Malware - detected by Kaspersky as the AGENT.FP TROJAN!"
X	Anti-Virus Update Scheduler V1.39.12R	[path to trojan]	"Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe
X	AntiClicker	SVCHST32.EXE	"Added by the CBH TROJAN!"
X	antispy	ANTIVIR.exe	"IE AntiVirus rogue security software - not recommended
X	antispy	ANTIVIRUS.exe	"IE AntiVirus rogue security software - not recommended
X	antispy	ieav.exe	"IE AntiVirus rogue security software - not recommended
X	AntiVer2008	pgs.exe	"AntiVer2008
X	AntiVermeans	AntiVermeans.exe	"Variant of the Antivermins rogue security software - not recommended
X	AntiVermins	AntiVermins.exe	"Antivermins rogue security software - not recommended
X	AntiVermins 3.0	AntiVermins 3.0.exe	"Antivermins rogue security software - not recommended
X	AntiVermins 3.3	AntiVermins 3.3.exe	"Antivermins rogue security software - not recommended
X	AntiVerminser	AntiVerminser.exe	"Variant of the Antivermins rogue security software - not recommended
X	AntiVerminsPro	AntiVerminspro.exe	"Antivermins rogue security software - not recommended
X	antiviirus	antiviirus.exe	Added by a variant of the AGENT.KEU TROJAN!
X	Antivir	svchst.exe	"Added by the RAGRUK-A TROJAN!"
X	AntiVir	scvhost.exe	"Added by the AGENT-DSF TROJAN!"
X	AntiVir	winlog.exe	"Added by the IRCBOT-TJ TROJAN!"
X	AntiVir	smss.exe	"Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%"
Y	AntiVir XP	AVwin.exe	"AntiVir® PersonalEdition Classic - antivirus"
X	Antivir64	Antivir64.exe	"Antivir64 rogue spyware remover - not recommended
X	AntiviralGolden	AntiviralGolden.exe	"AntiviralGolden rogue security software - not recommended
X	AntiVirGear 3.7	AntiVirGear 3.7.exe	"AntiVirGear rogue security software - not recommended
X	AntiVirGear 3.8	AntiVirGear 3.8.exe	"AntiVirGear rogue security software - not recommended
X	AntiVirProtect	AntiVirProtect.exe	"AntiVirProtect rogue security software - not recommended
X	Antivirus	av.exe	"Added by the SINKIN TROJAN! Resets IE start page to realphx.com"
X	Antivirus	maja.exe	"Added by the NETSKY.H WORM!"
X	Antivirus	iexpl0res.exe	Added by an unidentified WORM or TROJAN!
X	AntiVirus	kaspery.exe	"Added by a variant of the RBOT WORM!"
X	AntiVirus	AntiVirus.exe	"Added by the BANKER-EHB TROJAN!"
X	Antivirus	Antvrs.exe	"AntiVirus 2008 rogue security software - not recommended
X	Antivirus	avm.exe	"Antivirus Master rogue security software - not recommended
X	Antivirus	vav.exe	"Vista Antivirus 2008 rogue security software - not recommended
X	Antivirus	aav.exe	"Advanced Antivirus rogue security software - not recommended
X	ANTIVIRUS	AVS.exe	"Antivirus Sentry rogue security software - not recommended
X	ANTIVIRUS	microAV.exe	"Micro Antivirus 2009 rogue security software - not recommended
X	Antivirus	MSA.exe	"MS Antivirus rogue security software - not recommended
X	ANTIVIRUS	UltraAV.exe	"Ultra Antivirus 2009 rogue security software - not recommended
X	Antivirus	xpa.exe	"Xpert Antivirus Enterprise rogue security software - not recommended
X	Antivirus	SPP.exe	"Spyware Preventer rogue security software - not recommended
X	Antivirus	sav.exe	"System Antivirus 2008 rogue security software - not recommended
X	Antivirus	uav.exe	"Ultimate Antivirus 2008 rogue security software - not recommended
X	Antivirus	wav.exe	"Windows Antivirus 2008 rogue security software - not recommended
X	Antivirus 2009	av2009.exe	"AntiVirus'09 rogue security software - not recommended
X	Antivirus 2009 plus	Antivirus 2009 plus.exe	"AntiVirus Plus rogue security software - not recommended
X	Antivirus Agent Pro	aap.exe	"Antivirus Agent Pro rogue security software - not recommended
X	Antivirus Installer	[path to trojan]	"Added by the BADGENT-A TROJAN!"
X	Antivirus PC 2009	avpc2009.exe	"Antivirus PC 2009 rogue security software - not recommended
X	Antivirus Pro 2009	AntivirusPro2009.exe	"AntiVirus Plus rogue security software - not recommended
X	Antivirus Pro 2010	AntivirusPro_2010.exe	"Antivirus Pro 2010 rogue security software - not recommended
X	AntiVirus Process	virprot.exe	"Added by a variant of the SDBOT WORM!"
X	Antivirus Protection Services	ccapp2.exe	"Added by the RBOT.EXI WORM!"
X	AntiVirus Update	updates.exe	"Added by the RBOT-JF WORM!"
X	AntiVirus Update	antivirus.exe	"Added by the RBOT-IF WORM!"
X	Antivirus Updates	avupdchk.exe	"Added by the AGOBOT-IP WORM!"
X	Antivirus-2008.exe	Antivirus-2008.exe	"Antivirus 2008 rogue security software - not recommended. Detected by Sophos as the FAKEAV-BK TROJAN!"
X	antivirus-2008pro.exe	antivirus-2008pro.exe	"Antivirus 2008 PRO rogue security software - not recommended. Detected by Sophos as the FAKEAV-AW TROJAN!"
X	Antivirus-Golden	Antivirus-Golden.exe	"Antivirus-Golden rogue security software - not recommended"
X	Antivirus.exe	Antivirus.exe	"Antivirus rogue security software - not recommended
X	Antivirus2008y	antvrs.exe	"AntiVirus 2008 rogue security software - not recommended
X	antivirus32	antivirus.exe	"Added by the SPYBOT.KAI WORM!"
X	AntivirusBEST	Installer.exe	"Installer for the AntivirusBEST rogue security software - not recommended. Removal instructions here"
X	AntivirusBEST	abest.exe	"AntivirusBEST rogue security software - not recommended
X	AntivirusDoc	AntivirusDoc.exe	"AntivirusDoc rogue security software - not recommended
X	AntivirusFiable	pgs.exe	"AntivirusFiable
X	AntivirusForAll	pgs.exe	"AntivirusForAll rogue security software - not recommended
X	AntivirusGold	AntivirusGold.exe	"AntivirusGold rogue security software - not recommended
X	AntivirusGold 5.1	AntivirusGold 5.1.exe	"AntivirusGold rogue security software - not recommended
X	AntiVirusLab2009	AntiVirusLab2009.exe	"Antivirus Lab 2009 rogue security software - not recommended
X	AntivirusOrdi	pgs.exe	"AntivirusOrdi
X	AntivirusPCPakke	pgs.exe	"AntivirusPCPakke
X	AntivirusPCSuite	pgs.exe	"AntivirusPCSuite rogue security software - not recommended
X	Antiviruspertutti	pgs.exe	"Antiviruspertutti rogue security software - not recommended. A member of the AVSystemCare family"
X	AntiVirusPro	AntiVirusPro.exe	"Anti Virus Pro rogue security software - not recommended"
X	AntiVirusProMFC	Antivirus Pro.exe	"AntiVirus Pro rogue security software - not recommended"
?	AntiVirusProtection	qumk.exe	"??"
X	AntivirusProtection	antivirusprotection.exe	"Antivirus Protection rogue security software - not recommended
X	Antivirusscherm	pgs.exe	"Antivirusscherm
X	AntivirusXP.exe	AntivirusXP.exe	"Antivirus XP Pro rogue security software - not recommended
X	AntiVirus_ProNET	AntiVirus_Pro.exe	"AntiVirusPro rogue security software - not recommended
X	AntiVituS	Base.exe	"Added by the BAS.A WORM!"
U	AnVir	AnVir.exe	"AnVir Task Manager - ""is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work"". Monitors and manages startup programs
U	AnVir Security Suite	AnVir.exe	"AnVir Security Suite - ""is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work"". Monitors and manages startup programs
U	AnVir Task Manager	AnVir.exe	"AnVir Task Manager - ""is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work"". Monitors and manages startup programs
U	AnVir Task Manager Free	AnVir.exe	"AnVir Task Manager Free - ""is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work"". Monitors and manages startup programs
U	AnVir Task Manager Pro	AnVir.exe	"AnVir Task Manager Pro - ""is a tool that controls everything running on computer and provides Windows enhancements that help in every-day work"". Monitors and manages startup programs
U	anvshell	anvshell.exe	System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
X	AnvTrgr	AnvTrgr.exe	"AntivirusTrigger rogue security software - not recommended
U	AnyDVD	AnyDVD.exe	"AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the ""U"" recommendation"
U	AnyDVD	AnyDVDtray.exe	"System Tray access to AnyDVD from SlySoft - which descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts"
Y	aol	avp.exe	"AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory"
N	AOL Service Libraries	AOLSoftware.exe	"Quoted from AOL Beta Team
X	AOL Services Hosts	aolserviceshosts.exe	Added by an unidentified WORM or TROJAN!
X	AOLRegKey32	AOREGSVR512.EXE	"Unidentified malware - see here"
?	AOLSAV	AOLAgent.exe	"AOL ISP related. What does it do and is it required?"
X	AOLSPYWAREREMOVER32	AOLSPYWARECLEANER32.EXE	"Added by the SPYBOT-HJ WORM!"
X	aouei	sysrtmvs.exe	"Chivio dialer"
U	APC_SERVICE	mainserv.exe	"APC PowerChute® Personal Edition - ""safe system shutdown software with sophisticated power management functions."" Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98"
X	apisvc.exe	apisvc.exe	"Added by a variant of the LAMEBOT TROJAN!"
?	Apmsrv9x	APMSRV9X.EXE	"Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?"
U	Appcon	vAppCon.exe	"Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established"
X	Application Adapter	abvsvc.exe	"Added by the CHECKOUT WORM!"
U	Application Explorer	NalView.exe	"Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications"
X	Application Layer Browser	abgsvc.exe	"Added by the ULPM.FX TROJAN!"
X	Application Layer Gateway Service	algs.exe	"Added by the LINKBOT.M WORM!"
X	Application Layer Scheduler	agtsvc.exe	"Added by the IRCBOT.BJJ BACKDOOR!"
X	Application Layer Services	avrsvc.exe	"Added by the IRCBOT.BJM BACKDOOR!"
X	Application Manager	acnsvc.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Application Manager	apnsvc.exe	"Added by the SMALLTRO.FN TROJAN!"
X	ApplicationProtocolRun	smsbvl32.exe	"Added by the IRCBOT-CX TROJAN!"
Y	Apvxd	APVXDWIN.EXE	"Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection"
Y	Apvxdwin	APVXDWIN.EXE	"Part of Panda Antivirus and Internet Security. Required to enable permanent virus protection"
Y	APVXDWIN	ClShield.exe	"""Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam
?	ArabLionZ Drive	ArabLionZ.Drive.exe	"ArabLionZ Drive - part of ArabLionZ XP Tools. What does it do and is it required?"
X	Archive	archive.exe	"Adware - detected by Kaspersky as the CENTIM.A TROJAN!"
X	ARCHIVE CONTROL	fixupdattr.exe	"Added by the MYTOB.GU WORM!"
N	ArcSoft Connection Service	ACDaemon.exe	"Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia
N	ARCSolo Recovery	N/A	Backup software by Computer Associates - no longer supported
U	Arovax AntiSpyware	arovaxantispyware.exe	"Part of Arovax AntiSpyware from Arovax
Y	Arovax Shield	ArovaxShield.exe	"Part of Arovax Shield from Arovax
U	arovaxantispyware	arovaxantispyware.exe	"Part of Arovax AntiSpyware from Arovax
Y	ArovaxShield	ArovaxShield.exe	"Part of Arovax Shield from Arovax
X	ASC-AntiSpyware	WinAntivirus.exe	"Win Antivirus Vista/XP rogue security software - not recommended
Y	Ashampoo AntiVirus Service	GuardGui.exe	"System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
Y	ashAvast	ashAvast.exe	"Part of Avast antivirus"
X	ashcap	servirsess.exe	"SpySure spyware"
Y	ashMaiSv	ashmaisv.exe	"E-mail scanning part of avast! Antivirus. Starts via a registry ""Run"" key on Windows 98/Me and as a service on Windows 2K/XP/Vista"
U	AsioReg	regsvr32.exe ctasio.dll	"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
U	AsioThk32Reg	rregsvr32.exe ctasio.dll	"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
X	ASocksrv	SocksA.exe	"Added by the VB.CBW WORM!"
X	asp-srvc	asp-srvc.exe	"Added by the AGOBOT-KG WORM!"
X	ASP.NET State Service	csrss.exe	"Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	ASP.NET State Service	crsass.exe	"Added by the BANLOAD-M TROJAN!"
X	ASP.NET State Service	servicos..exe	"Added by the DADOBRA-I TROJAN!"
?	AspireService	AspireService.exe	"Found on Acer laptops
?	ASUS Camera ScreenSaver	ASScrProlog.exe	"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe
N	ASUS Live Update	ALU.exe	ASUS Live Update utility for their motherboards
?	ASUS Screen Saver Protector	ASScrPro.exe	"Either a valid program on some ASUS laptops - such as the F3 and F5 series or unsafe
U	ASUS SmartDoctor	VGAProbe.exe	ASUS video card fan/thermal monitor
?	AsusACPIServer	AsAcpiSvr.exe	"Part of the ACPI driver for the Asus Eee PC range. What does it do and is it required?"
N	ASUSKey	V38SHELL.EXE	System tray Icon for quickly changing video modes
X	asussvc	asussvc.exe	"Added by the AGENT-FPB TROJAN!"
X	atapidrv	atapidrv.exe	"Added by the AGOBOT-SL WORM!"
X	ATI Active Graphics Card Monitor	atievx.exe	"Added by the IRCBOT-TL WORM!"
N	ATI DeviceDetect	ATIDtct.EXE	Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
X	ATI Display Driver	atixd.exe	"Added by the RBOT-FOV WORM!"
X	Ati Display Settings	atividx.exe	"Added by the RBOT-GAS WORM!"
U	ATI Technologies Inc. HydraVision Desktop Manager	HydraDM.exe	"Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which ""customizes the behaviour of windows and dialog boxes
U	ATI Technologies Inc. HydraVision Viewport	HydraMD.exe	"Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which ""creates
X	ATI Video Driver Control	atigfx.exe	"Added by the RBOT-FWL WORM!"
X	ATI Video Driver Control	btorrent.exe	"Added by a variant of the IRCBOT TROJAN!"
X	ATI Video Driver Controls	[path to worm]	"Added by the SDBOT-DDS WORM!"
X	ATI VIDEO REGKEY	ati2vid.exe	"Added by the SDBOT.UR WORM!"
X	Ati2evxx	Ati2evxx.com	Added by the BACKDOOR-CPC TROJAN!
X	AtiDisplayDrv	atidrvxx.exe	"Added by the RBOT-VZ WORM!"
X	atidriver	reaIplayer.exe	"Added by the WARPIGS-E WORM! Note the uppercase ""I"" in the filename
N	ATIPOLAB	ati2evxx.exe	"Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented
U	ATIPOLAB	ati2evae.exe	ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
N	ATIPOLL	ati2evxx.exe	"Hotkey handler for ATI desktop and mobile graphics chipsets. Users report that most of the hotkeys aren't well documented
X	ATITech	Active.exe	"Added by the ROAMER-A TROJAN!"
X	ativopen	ativopen.exe	Premium rate adult content dialler
X	AttuneDiscovery	attune_di.exe	"Aveo Attune automated helpdesk software - adware/spyware"
X	Audio Device Manager	winfp.exe	"Added by the IRCBOT-XS WORM!"
X	Audio Device Manager	WinNT.exe	"Added by the IRCBOT.USP BACKDOOR!"
X	Audio Device Manager	WNDXP.exe	"Added by the IRCBOT.AJL BACKDOOR!"
X	Audio Device Manager	sfhgj.exe	"Added by the IRCBOT-ZA BACKDOOR!"
N	AudioCommanderVista	AudioCommander.exe	"System Tray access to the AudioCommander user interface for Andrea USB devices - including features such as noise cancellation
X	Audiodrv	audiodrv.exe	"Added by the CRYPTER-C TROJAN!"
U	AudioDrvEmulator	DLLML.exe AudDrvEm.dll	"Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system
X	Audoi Device Loader	smssv.exe	"Added by the AGOBOT-ZY WORM!"
X	aupd	symcsvc.exe	"Added by the ABWIZ.D TROJAN!"
X	aupd	sysvcs.exe	"Added by the ABWIZ.C TROJAN!"
X	aupd	sywsvcs.exe	"Added by the ORSE-M TROJAN!"
Y	Aureal A3D Interactive Audio	sa3dsrv.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Y	Aureal A3D Interactive Audio Init	A3dInit.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
X	ausvc	ausvc.exe	"Added by the AUTOUPDER TROJAN!"
U	Auto EPSON Stylus CX5000 Series on X	E_FATIBVA.EXE	"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
X	Auto File System Conversion Utility	scricon.exe	"Added by the SDBOT.EYB WORM!"
X	Auto Start	sndvol32.exe	"Added by the SLINBOT.AX BACKDOOR!"
X	Auto Update	svchost.exe	"Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Auto Updates	svchost.exe	"Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	AutoAdministrator	SERVICES.EXE	"Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS"
X	AutoDiscovery/AutoPurge (ADAP) Service	wmiadapi.exe	"Added by the RBOT.FLT WORM!"
X	AutoLoaderEnvoloAutoUpdater	auto_update_loader.exe	"Envolo/AproposMedia adware updater"
N	AutoMate Task Service	automate.exe	"Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs"
X	Automatic Media Update	CACHE.RVD	Added by an unidentified WORM/TROJAN!
X	Automatic Media Update	HPLNT32.RVD	Added by an unidentified WORM/TROJAN!
N	Automatically launches the United Devices Agent when you start your computer	UD.EXE	The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
X	autoMe	wscript.exe solution.vbs	"Added by the VBS.SASAN WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""solution.vbs"" file is found in %Windir%"
X	autoMe	wscript.exe samok.vbs	"Added by the SAMOK-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""samok.vbs"" file is located in %Windir%"
X	AutoProtect	AutoProtect.vbs	"Added by the KILLBAT-C WORM!"
X	AUTOPROTECTU	navapq32.exe	Added by an unidentified WORM or TROJAN!
X	AUTORUN_VAL	AntiSpyCheck 2.1.exe	"AntiSpyCheck rogue spyware remover - not recommended
X	AUTORUN_VAL	asc 2.1.exe	"AntiSpyCheck rogue spyware remover - not recommended
?	AutoShutdown	pssvc.exe	"Utility to fix vCard Export in MS Outlook 2000 - although why are these together?"
X	Autoupdate Service	kaka.exe	"Added by the SYMPE-B TROJAN!"
X	Autoupdate Service	[path to trojan]	"Added by the AGENT-CB TROJAN!"
X	AutoUpdate32	services.exe	"Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
X	autoupdatev2	[path to file]	"Added by the DROPPER-BM TROJAN!"
X	autoupdatev2	autoupdatev2.exe	"Detected by Kaspersky as the AGENT.FQ TROJAN!"
X	AutoVirusProtection	ciscv.exe	"Added by a variant of the RBOT WORM!"
X	auto__antiav__key	antiav_exe.exe	"Added by the BAGLEDI-AA TROJAN!"
X	auxAudioDevice	aux32.exe	"Added by the AIZU WORM!"
X	AV	UPDATE-28062004.exe[25 blank spaces].vbs	"Added by the MIDFIN WORM!"
X	AV	Antivir.exe	"Antivir rogue security software - not recommended
X	av	expressav.exe	"Express Antivirus 2009 rogue security software - not recommended
X	AV AntiSpyware	ava.exe	"AV AntiSpyware rogue security software - not recommended
X	AV Care	AvCare.exe	"AvCare rogue security software - not recommended
X	AV Client	patch31345.exe	"Added by the MYDOOM.AD WORM!"
X	AV Industry	patch31345.exe	"Added by the MYDOOM.AD WORM!"
X	AV UpDate	Update.exe	"Added by the FUROOT-A TROJAN!"
X	AV7	antivirus7.exe	"Antivirus7 rogue security software - not recommended
N	AvaFind	AvaFind.exe	"AvaFind file search utility"
X	avagent3974	chnb8895.exe	"AntiVirus ransomware security software - not recommended
X	AVantivirus	Avconsol.exe	"Added by the MSNVB-D WORM!"
X	avast	troyan.exe	"Added by the SMALL.CZ TROJAN!"
Y	Avast!	ashServ.exe	"Main part of avast! Antivirus - including the resident protection
Y	avast!	ashDisp.exe	"System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner
Y	avast! Antivirus	ashDisp.exe	"System Tray access to and notifications for avast! Antivirus - giving left-click access to the On-Access Scanner
Y	avast! Web Scanner	Ashwebsv.exe	"Web scanning part of avast! Antivirus. Starts via a registry ""Run"" key on Windows 98/Me and as a service on Windows 2K/XP/Vista"
Y	Avast32	Astart32.exe	"Part of Avast! anti-virus software"
X	avc	avmon.exe	Added by an unidentified TROJAN!
U	AvconsoleEXE	Avconsol.exe	From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
X	Avengine	Avengine.com	"Added by the DELF.LJ TROJAN!"
X	AveoAttune	atmdlusr.exe	"Aveo Attune automated helpdesk software - adware/spyware"
U	AVFX Engine	StartFX.exe	"Advanced Video FX - supported by a number of Creative Web Cameras. ""Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"""
X	AvG	svchost323.exe	"Added by the RBOT-ZA WORM!"
Y	AVG Anti-Spyware	avgas.exe	"System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware"
Y	AVG Anti-Virus system	avgcc.exe	"System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled
Y	AVG Anti-Virus System	avgemc.exe	"E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry
Y	AVG Anti-Virus System	avgw.exe	"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
X	Avg Antivirus	icpldrvx.exe	"Added by the BANKER.BYU TROJAN!"
X	AVG AntiVirus Scanner	avgscnx.exe	"Added by the SILLYFDC.BBE WORM! Note - this is not a legitimate AVG entry"
X	AVG AntiVirus Updater	avgwusv.exe	"Added by the SILLYFDC.BAX WORM! Note - this is not a legitimare AVG entry"
X	AVG Grisoft Updater	updater.exe	"Added by the AGOBOT-OT WORM!"
Y	AVG IDS	AVGIDSUI.exe	"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
U	AVG Internet Security	avgtray.exe	"System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security
Y	AVG7_AMSVR	AVGAMSVR.EXE	"This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher"
Y	AVG7_CC	avgcc.exe	"System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled
Y	AVG7_EMC	avgemc.exe	"E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry
Y	AVG7_Run	avgw.exe	"This entry is included with the 7.* series of anti-virus products from AVG Technologies. Once installed (or on first run for a different user) it runs the configuration sequence to set up the product and doesn't run on subsequent restarts"
U	AVG8_TRAY	avgtray.exe	"System Tray access to and notifications for the 8.* series of internet security products from AVG Technologies - including Internet Security
U	AVG9_TRAY	avgtray.exe	"System Tray access to and notifications for the 9.* series of internet security products from AVG Technologies - including Internet Security
Y	avgamsvr.exe	Avgamsvr.exe	"This is the AVG7 Alert Manager for the 7.* series of anti-virus products from AVG Technologies. It is essential for both scheduled activities (such as automatic updates and scans) and for displaying alerts and reports via the Control Center (avgcc.exe). Appears in 9x/Me as a startup entry and as a service in 2K and higher"
Y	avgas	avgas.exe	"System Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware"
Y	avgcc	avgcc.exe	"System Tray access to and notifications for the 7.* series of anti-virus products from AVG Technologies. If this entry is disabled
Y	avgcc32	avgcc32.exe	"System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests
Y	AVGCtrl	AVGCtrl.exe	"Part of AntiVir® PersonalEdition Classic antivirus"
Y	avgemc	avgemc.exe	"E-mail scanner for the 7.* series of anti-virus products from AVG Technologies. This process scans incoming and outgoing E-mails for viruses and other malware. From version 7.1 onwards this entry only appears in 9x/Me as a startup entry
Y	avgfwsrv	AVGFWSRV.EXE	"Integrated firewall for the 7.* series of anti-virus products from AVG Technologies. Protects the users computer from outside attacks
Y	AVGIDS	AVGIDSUI.exe	"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
Y	AVGIDSUI	AVGIDSUI.exe	"System Tray access to and notifications for AVG Identity Protection - identity theft prevention which is available as a stand-alone product or included with AVG Internet Security. ""Always-on identity theft prevention for Windows from one of the world's most trusted security companies. Shop and ensure safe surfing of the web
Y	avgmsvr.exe	avgmsvr.exe	"AVG Anti-Virus 7.0 related"
Y	AVGnt	AVGnt.exe	"AntiVir® PersonalEdition Classic antivirus. System Tray icon and control program"
Y	Avgserv9.exe	Avgserv9.exe	"Background monitoring and scanning for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies when running on 9x/Me. Loaded from the ""RunServices"" registry key"
U	avgtray	avgtray.exe	"System Tray access to and notifications for the range of internet security products from AVG Technologies - including Internet Security
Y	AVGuard	AVGuard.exe	"AntiVir® PersonalEdition Classic antivirus. Background task which scans files transparently"
X	avguard3876	000b09274b.exe	"AntiVirus ransomware security software - not recommended
Y	AVG_CC	avgcc32.exe	"System Tray access to and notifications for the 6.* (and maybe earlier) series of anti-virus products from AVG Technologies. Also enables scheduled tests
Y	AVG_EMC	AVGEMC.exe	"AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses"
Y	AVG_RegCleaner	AVGREGCL.exe	"Boot time registry cleaner for the 7.* series of anti-virus products from AVG Technologies - for checking the registry for virus additions and other security problems"
X	avidrv	drvsc.exe	"Detected by Kaspersky as the AGENT.PH TROJAN!"
X	Avimgt	Avimgt.exe	"Added by the GEMA TROJAN!"
X	Avimgt32	Avimgt32.exe	"Added by the GEMA TROJAN!"
Y	avinit	AVINIT9X.EXE	"Command Antivirus related"
X	Avira Anti-Virus Pro 2008	explorear.exe	Added by an unidentified WORM or TROJAN!
X	AvirTr	AvirTr.exe	"AntivirusTrigger rogue security software - not recommended
Y	AVK Mail Checker	AVKPop.exe	"eXtendia AVK AntiVirus email checker"
Y	AVKBar	AVKBar.exe	"GData AntiVirusKit Anti-virus"
Y	AVKTray	AVKTray.exe	"System Tray access to the antivirus part of G Data range of internet security products"
Y	AvMaiSrv	Avmaisrv.exe	"Part of Avast! anti-virus software - E-mail scanner"
X	AVManager	csrss.exe	"Added by the AUTORUN-DV WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
?	AvMenu	AVMenu.exe	"Part of the ArcaVir antivirus suite from Polish company Arcabit. What does this part do and is it required?"
Y	AVMWlanClient	wlangui.exe	Related to broadband products from avm.de
X	avnort	formatsys.exe	"Added by the SERFLOG.A WORM!"
X	avnort	msmbw.exe	"Added by the SERFLOG.A WORM!"
X	avnort	serbw.exe	"Added by the SERFLOG.A WORM!"
Y	avp	avp.exe	"Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory"
X	AVP	[path to trojan]	"Added by the MUTBO-A TROJAN!"
X	avp	avp.exe	"Detected by Kaspersky as the ALPHABET.B TROJAN!"
X	avp	win.tmp.exe [ is a number]	Added by a variant of the ALPHABET TROJAN!
X	avp	xar6000v7.exe	"Detected by Kaspersky as the ALPHABET.B TROJAN!"
X	AVP-SE	avp-32.exe	"Added by the AGOBOT.FS WORM!"
X	avpa	avpo.exe	"Added by the LEGMIR-ARK TROJAN!"
Y	avpcc	avpcc.exe	"Kaspersky Labs anti-virus"
X	avpl	Antivirus.exe	"AntiVirus Plasma rogue security software - not recommended
X	AvpM	AvpM.exe	"Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in %Windir%\pchealth\UploadLB\Config"
X	avpms	avpms.exe	"Added by the ONLINEGAMES.CPV TROJAN!"
X	Avpr	avpr.exe	"Added by the MYDOOM.AF WORM!"
X	AVPSrv	AVPSrv.exe	"Added by the ONLINE-GEN TROJAN!"
X	avptask	[path to trojan]	"Added by the NOFERE-G TROJAN!"
X	avptask	expl0rer.exe	"Added by the AGENT.JJO TROJAN!"
X	Avptask	rund1132.exe	"Added by the AGENT.PKZ TROJAN!"
X	AvpWx	WErcx.exe	"Detected by Kaspersky as a variant of the AGENT.A TROJAN!"
X	Avril Lavigne - Muse	[random filename]	"Added by the AVRIL-A WORM!"
X	avrlabs	avrlabs.exe	"VirusResponse Lab 2009 rogue security software - not recommended"
X	avscan	avscan.exe	"Added by the SILLYFDC.BCR WORM! The file is in the users %Temp% directory"
X	AVScan	winav.exe	Unidentfied rogue security software
X	AvScan	avscan.exe	"Antivirus System PRO and Spyware Protect 2009 rogue security software. The file is located in %ProgramFiles%\<rogue name>"
X	avscan	Usbconeted.exe	"Added by the PROVIS-A TROJAN!"
Y	AVSCHED32	AVSched32.exe	"AntiVir® PersonalEdition Classic - antivirus"
Y	AVSchedScan	SCHSC9X.EXE	"Command Antivirus related"
X	AVScheduler	AVSCHSVC.EXE	"Part of the WinAntiVirus Pro 2005 rogue security software when installed in Win98/Me - not recommended
X	AVSeguro	pgs.exe	"AVSeguro
X	AvSer	dsm.exe	"Added by the SERFLOG.B WORM!"
X	AvSer	msmpatch.exe	"Added by the SERFLOG.B WORM!"
X	AvSer	svosm.exe	"Added by the SERFLOG.B WORM!"
X	AvSer	sysup.exe	"Added by the SERFLOG.B WORM!"
X	avserve.exe	avserve.exe	"Added by the SASSER WORM!"
X	avserve2.exe	avserve2.exe	"Added by the SASSER.B or SASSER.C WORMS!"
X	avserve3.exe	avserve3.exe	"Added by the SASSER.G WORM!"
U	AVStation premium	AVStation agent.exe	"Related to Samsung AV Station - instant playback of music
X	AVSTRT	navpsrvc.exe	"Added by the FORBOT-EF WORM!"
X	AVSystemCare	pgs.exe	"AVSystemCare rogue security software - not recommended. There are number of variants in this family sharing the same filename and user interface - see here"
X	avtapi	avtapi.exe	"Added by the AGENT.AM TROJAN! Note - example names include ""XviD""
N	Avtray	Avtray.exe	"Command Antivirus tray icon"
X	AVTray	AVTray.exe	"Part of the WinAntiVirus Pro 2005 rogue security software when installed in Win98/Me - not recommended
X	AVupdate32 Update	AVupdate32.exe	"Added by the RBOT.CNI TROJAN!"
?	AVWLPSTA	AVWLPSTA.exe	"PRISM Status Tray Applet - but what is it for and is it required?"
Y	AVWUpd32	AVWUPD32.EXE	"AntiVir® PersonalEdition Classic - updater"
Y	avx communicator	xcommsur.exe	"Anti-virus part of BitDefender virus scanner/firewall"
Y	Avxlive	avxlive.exe	"Bullguard or BitDefender antivirus"
Y	avxlni	avxinit.exe	"Anti-virus part of BitDefender virus scanner/firewall"
?	Avxnews	??	"??"
U	AXIS Print System DriverScanner	DriverScanner.exe	"Part of AXIS Print System from AXIS Communications - ""adds printer discovery
U	AXIS Print System DriverServer	DriverServer.exe	"Part of AXIS Print System from AXIS Communications - ""adds printer discovery
X	AXVenore	AXVenore.exe	"Added by an unidentified TROJAN - see here"
?	a_vpd	vpd.exe	"Located in an IBMTOOLS\VPD sub-directory. What does it do and is it required?"
X	bab	svchst32.exe	"Added by the AGENT.Q TROJAN!"
X	Back Updates	Uninstall.log.vbs	"Added by the YPSAN.D WORM!"
X	Background Intelligent Transfer Service	[path] rundll32.exe	"Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process
X	Backup Service	backup.svc	Unidentified adware
X	BagleAV	csrss.exe	"Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	BaRloNdDiLhep	services.exe	"Added by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ï¿½ subfolder"
X	BastioneAntivirus	pgs.exe	"BastioneAntivirus
X	BatSrv	batserv2.exe	"Detected by Kaspersky as the LOCKSY.M WORM!"
X	Bcvsrv32	bcvsrv32.exe	"Added by the GAOBOT.BQJ WORM!"
X	Bcvsrv32	he3.exe	"Added by the AGOBOT.AKB WORM!"
X	Bcvsrv32	msxml22.exe	"Added by the AGOBOT.AKH WORM!"
X	Bcvsrv32	msc32.exe	"Added by the AGOBOT.AKD WORM!"
X	Bcvsrv32	msbvd32.exe	"Added by the AGOBOT-SR WORM!"
X	Bcvsrv32	system2.exe	"Added by the AGOBOT-PU BACKDOOR!"
Y	BDOESRV	bdoesrv.exe	"Bitdefender 8 antivirus and firewall"
X	Beawver	saqevre.exe	"Added by a variant of the RANKY TROJAN!"
U	BelNotify	"rundll32.exe [path] NPBelv32.dll	RunDll32_BelNotify"
?	BELORVBI	BELORVBI.exe	"??"
X	BestsellerAntivirus	pgs.exe	"BestsellerAntivirus rogue security software - not recommended
X	beta	svchost.exe	"Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies"
N	BigDog303	VM303_STI.EXE	"Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed"
N	BigDog305	VM305_STI.EXE	"Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed"
?	BigDogPath	VM_STI.EXE	"Bundled with some software for digital cameras that use a USB connection - what does it do and is it required?"
X	bingdian	Bingdian.vbs	"Added by the BINGD WORM!"
?	BIOVCIP	BIOVCIP.exe	"??"
X	BitDefender Antivirus	BITDEFENDERX.EXE	"Added by a variant of the SPYBOT WORM!"
Y	BitDefender Communicator	xcommsvr.exe	"BitDefender antivirus"
Y	BitDefender Live! Init	bdinit.exe	"BitDefender antivirus"
Y	BitDefender Scan Server	bdss.exe	"BitDefender antivirus"
Y	BitDefender Virus Shield	vsserv.exe	"BitDefender antivirus"
Y	bitdefenderlive	avxlive.exe	"Main program of BitDefender virus scanner/firewall"
U	BJPD HID Control	TVMon.exe	"Related to Canon Photo viewer"
X	blah service	winupdate.exe	"Added by the GAOBOT.BIA WORM!"
X	blah service	winsysengine.exe	"Added by the RBOT-KI WORM!"
X	blah service	internet.exe	"Added by a variant of the RBOT WORM!"
X	blah service	smnp.exe	"Added by the RBOT.IZ WORM!"
X	blah service	msnmsgrr.exe	"Added by the RBOT.PZ WORM!"
X	blah service	tazkmgr.exe	"Added by the RBOT.UA WORM!"
X	blah service	FaLeH.exe	"Added by the RBOT-AES WORM!"
X	blah service	microsoft.exe	"Added by a variant of the RBOT WORM!"
X	blah service	evosys.exe	"Added by a variant of the RBOT WORM!"
X	blah service	win32.exe	"Added by the RBOT-AXO WORM!"
X	Blah service	CCAPPS32.EXE	"Added by the RBOT.TV WORM!"
X	blah services	iczw.exe	"Added by the RBOT-GMP WORM!"
X	blahh service	msengine.exe	"Added by a variant of the RBOT WORM!"
X	blahx service	msnjompa.exe	"Added by the SDBOT.AML WORM!"
X	Blank AntiViri	AUT0EXEC.BAT StartUp	"Added by the BRONTOK-CJ WORM!"
?	BlazeServoTool	MediaDetector.exe	"Related to BlazeDVD from BlazeVideo - which ""is leading powerful and easy-to-use DVD player software."" What does it do and is it required?"
X	Blue Service	[path to trojan]	"Added by the BANCOS-BCW TROJAN!"
U	Boost XP Service	bxservice.exe	"Boost XP from Systweak - WinXP tweaking utility"
X	Boot Server	bootserver.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Boot Service	bootservice.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Boot Service	bootsv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Boot Verify	bootvfy.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	BootCfg	Install.log.vbs	"Added by the YPSAN.D WORM!"
X	BootClean	smartdrv.exe	"Added by the LURKA-A VIRUS!"
X	BootLoader	BootLoader.exe.vbs	"Added by the WATERWORKS WORM!"
X	BootsCfg	wscript.exe [path] Date.POP.vbs	"Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
X	BootsCfg	wscript.exe [path] All Users.vbs	"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
X	BootsCfg	wscript.exe [path] All Users.vbe	"Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted"
X	BootsCfg	wscript.exe Install.log.vbs	"Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""Install.log.vbs"" file is located in %System%"
X	bootsec	NAVSSE.exe	"Added by the FORBOT-CY WORM!"
X	boot_reg	svchot.exe	"Added by the BANCBAN-BQ TROJAN!"
X	BortMedVirus	pgs.exe	"BortMedVirus rogue security software - not recommended. A member of the AVSystemCare family"
N	Bose Wave/PC Monitor	wavepcmonitor.exe	"System Tray access for this system (more info on the system here). Available via Start -> Programs"
X	Bot Loader	svchostt.exe	"Added by the GAOBOT.ALV WORM!"
X	Bouncer RunStartup	LiveUpdate.exe	"Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove
X	boy lovers of bsd	ilikeboys.exe	"Added by the MYTOB.LY WORM!"
X	BPCV2	BPCV2.exe	"BroadcastPC adware"
X	BPCv2 re	bpc2 re inst.exe	"BroadcastPC adware variant"
N	BPServer	G6FTPSrv.exe	"BulletProof FTP Server"
X	Brave-Sentry	BraveSentry.exe	"BraveSentry rogue security software - not recommended
X	BraveSentry	BraveSentry.exe	"BraveSentry rogue security software - not recommended
X	braviax	braviax.exe	"Added by the FAKEALER.LE TROJAN!"
Y	Bredbandsbolaget	servicecenter.exe	"Related to the Brebband Swedish Broadband provider"
X	Bron-Spizaetus	CVT.exe	"Added by the RONTOKBRO WORM!"
X	BrowseProxy	FindService.exe	"Actual Names (AdvSearch) Internet Keywords parasite"
X	Browser Help Svc	BHSV.EXE	"Added by the RBOT-AVQ WORM!"
X	BSserver	FileKan.exe	"Added by the VB.CBW WORM!"
X	BSVCHOST	SVCH0ST.EXE	"Added by the VOXOM TROJAN! Notice the digit ""0"" in the filename rather than the upper case ""o"""
X	BTV	btv.exe	"BroadcastPC adware"
X	BtvC	btvclean.exe	"BroadcastPC adware"
U	BUFFALO Power Save Utility for HD	HDManage.exe	"Power Save utility for Buffalo backup hard discs"
U	bugwatcher service	bugwatcher.exe	"
X	BuildLab	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
U	Bulldog Service	upsd.exe	Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
N	BulletProof FTP Server	bpftpserver.exe	"BulletProof FTP Server"
U	BullGuard Update	avxlive.exe	"Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions"
Y	BullGuard XComm	XCOMMSVR.EXE	"Part of Bullguard antivirus"
Y	BullGuardInit	AVXINIT.EXE	"Part of Bullguard antivirus"
U	Button Server	bttnserv.exe	"Found on a Compaq PC
X	BVWORSFM	bvworsfm.exe	"Added by the DLUCA-AD TROJAN!"
?	BZEnvironmentVariableCollector	BZEnvironmentVariableCollector.exe	"Part of BlazentAgent from Blazent who provide ""outsourcing governance automation for IT Outsourcing (ITO) relationships"". What does it do and is it required?"
X	c	c:archiv~1win.com	"Added by the CUYDOC TROJAN!"
Y	CaAvTray	CAVTray.exe	"eTrust™ EZ Antivirus system tray application from Computer Associates"
U	Cadenza	CdzSvc.exe	"Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices"
X	Call Function System32	sddriver.exe	"Added by a variant of the SDBOT TROJAN!"
U	CallCenter Main Application	V3calmcp.exe	"""V3 Inc. CallCenter is a free 32-bit
U	CallCenter Printer Interface	V3faxecp.exe	"""V3 Inc. CallCenter is a free 32-bit
U	Camera Detector	DEVDET~*.EXE	"ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically"
N	Camio Viewer x	IXApplet.exe	Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version
U	carpserv	carpserv.exe	"Associated with Zoltrix and Conexant modems - enables the internal modem speaker
X	CARPserver	CARPserver.exe	"Added by the BANKER-AN TROJAN!"
U	CARPservice	carpserv.exe	"Associated with Zoltrix and Conexant modems - enables the internal modem speaker
X	Casdvqwa	bmqnzkg.exe	"Added by the RANDEX.BE WORM!"
X	caseyvideo	caseyvideo.exe	Malware causing adult content popups
X	caseyvideo[] [ = digit]	caseyvideo[].exe [ = digit]	Malware causing adult content popups
N	Cashsurfers Cashbar Navigator	Cashbar.Exe	"Cashsurfers CashBar Navigator - ""The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"""
X	CashToolbar	svchost.exe	"BrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
X	Catalyst Control Centre	atixvdm.exe	"Added by the RBOT.DMW TROJAN!"
X	catsrv	catsrv.exe	"Added by the PAPLOK TROJAN!"
Y	CAVRID	CAVRID.exe	"eTrust™ EZ Antivirus Real Time Infection Report from Computer Associates"
Y	CAVS	CAVS.exe	"Cheyenne (now eTrust) antivirus"
X	CAZNOVAS	CAZNOVAS.exe	"Added by the CAZNO TROJAN!"
X	cbvcs	urretnd.exe	"Added by the FRETHOG-C WORM!"
X	ccApp	gcasServ.exe	"Added by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name"
X	ccAppr	svcrhost.exe	"Added by the TACTSLAY.A TROJAN!"
X	ccAppr	svcshost.exe	"Added by the TACTSLAY.A TROJAN!"
X	ccApps	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
Y	CcEvtMgr	ccEvtMgr.exe	"Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via ""ccApp"" and was not required as a seperate entry but a recent update changed this"
X	ccEvtMrg.exe	ccEvtMrg.exe	"Added by the RBOT.GZ WORM!"
Y	CcPxySvc	CCPXYSVC.exe	"Part of Norton's AntiVirus 2003
Y	ccRegVfy	ccRegVfy.exe	"Part of earlier versions of Norton AntiVirus - ""ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"""
X	ccRegVfY	expIorer.exe	"Added by the TACTSLAY.A TROJAN!"
X	ccRegVfY	svcrhost.exe	"Added by the TACTSLAY.A TROJAN!"
X	ccRegVfY	svcshost.exe	"Added by the TACTSLAY.A TROJAN!"
X	ccRegVfY	outIook.exe	"Added by the TACTSLAY.A TROJAN!"
X	ccSvcHst.exe	ccSvcHst.exe	"Added by the SDBOT-DIW WORM!"
X	ccsvit.exe	ccsvit.exe	"Added by the STARTPA-HP TROJAN!"
U	CD-DVD Lock for Win95/98/Me/2k/XP	CDVAgent.exe	"Loads CD-DVD Lock from Ixis Research
N	CDANTSRV	CDANTSRV.exe	"C-Dilla License Management software. Used for any program that uses C-dilla Protection
X	cddrv32	cddrv32.exe	"Added by a variant of the CRYPTER.C TROJAN!"
X	CDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	CDriver	svchost.exe	"Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies"
U	CDVAgent	CDVAgent.exe	"Loads CD-DVD Lock from Ixis Research
X	Cerb	DivXx.exe	"Added by the KEYLOG-LV TROJAN!"
N	CesarFTP FTP Server	server.exe	"CesarFTPd - FTP server"
X	CEventMgr	Cell.exe	"Added by the BIFROSE-AK TROJAN!"
U	CFSServ.exe	CFSServ.exe	Belongs to Toshiba's configfree utility and searches for Wireless Devices
U	CGServer	cgserver.exe	"Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs"
X	Cgtask Services	cgtask.exe	"Added by the LALA.B TROJAN!"
X	Chckup	Netverchk.exe	"Covert Sys Exec malware variant"
X	che32	che.ocx.vbs	"Added by the ADENU-B VIRUS!"
Y	CheckVCR	IOMagic.exe	"Driver for the I/OMagic Personal Video Recorder (DR-PCTV100)"
X	Chinagnq	vasdd.exe	"Added by the SDBOT-SE WORM!"
U	CHIPDRIVEPinManager	sokscmpn.exe	"ChipDrive Smartcard software"
U	CHIPDRIVESmartcardManager	SCMgr.exe	"ChipDrive Smartcard software"
X	chkdrv	iemon.exe	"Detected by Symantec as the ADCLICKER TROJAN!"
X	chostsv	chostsv.exe	"Added by the BANPAES.C TROJAN!"
?	ChronitelInitTV	CHTVINIT.EXE	"??"
X	Ci Servs	SysTuwin.exe	"Added by the AGENT-NIQ TROJAN!"
X	Ci Svr	cisvr.exe	"Added by the IRCBOT.AWN BACKDOOR!"
N	CIJxP2PSERVER	CIJxP2PS.EXE	"Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model
U	Cisco Systems VPN Client	ipsecdialer.exe	"Cisco VPN Client - lets local users gain Administrator privileges on the operating system"
U	Cisco Systems VPN Client	vpngui.exe	"Sets up IPSec communications for Cisco's VPN Client"
N	CISrvr Program	CISRVR.EXE	Related to internet setup on Compaq PC's
N	CitiVAN	CitiVAN.exe	"Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again"
X	Classes	srv.exe	"""Switch"" premium rate adult content dialler variant"
X	Classes	srv2.exe	"""Switch"" premium rate adult content dialler variant"
X	Clean up	service.exe	"Added by the AGENT-FPY TROJAN!"
X	CleanUp Antivirus	CU[random characters].exe	"Cleanup Antivirus rogue security software - not recommended
X	clean_service	clean_service.cmd	"Added by the REFAZ WORM!"
U	CleverKeys	CK.exe	"CleverKeys - ""is free software that provides instant access to definitions at Dictionary.com
X	clfmon	nvsvca32.exe	"Added by the TACTSLAY.E TROJAN!"
X	CLI Services	clisrv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
N	Client Access Check Version	cwbckver.exe	"Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
N	Client Access Service	CwbSvStr.Exe	"Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
?	Client agent for ARCserve	W95AGENT.EXE	"Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required?"
X	Client Server Control Process	[path to trojan]	"Added by the AGENT-HR TROJAN!"
X	Client Server Run Time Proccess	csrsrv.exe	"Added by a variant of the SDBOT WORM!"
X	Client Server Runtime	[path to worm]	"Added by the POEBOT-KR WORM!"
X	Client Server Runtime Process	csrsss.exe	"Added by the SDBOT-LD WORM!"
X	Client Server Runtime Process	csrs.exe	"Added by the LINKBOT.M WORM!"
X	Client Server Runtime Process	smmss.exe	"Backdoor TROJAN! Possible SDBOT-GEN variant"
X	Clip Service Manager	clipmg.exe	"Added by the DELF.DXJ TROJAN!"
X	Clip Servicer	clipsrvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Clip Srv	clipsv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
N	Clipbook Service	Clipsrv.exe	"Supports Windows XP ClipBook Viewer
N	Clipsrv	Clipsrv.exe	"Supports Windows XP ClipBook Viewer
X	ClipSrv	clipserv.exe	"Added by the SDBOT-AAV and SDBOT-AFE WORMS!"
X	ClipSrv	CLIPBRD3D.EXE	"Added by the MOFEI-D WORM!"
X	Clipsvc	clipsv.exe	"Added by the BLACKHOLE.F BACKDOOR!"
?	CLMLServer for HP TouchSmart	CLMLSvc.exe	"Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?"
X	clock	[various filenames]	"LiveChat Adware - known file names include: mssetup.exe
X	cmds	vtsqn.dll	"Added by a variant of the VUNDO TROJAN!"
N	CmFlywaveName	CmFlywav.exe	"Driver for Linksys Wireless-G Music Bridge"
U	CMPDPSRV	CMPDPSRV.EXE	"Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys
X	Cmpnt	Devices2.exe	"Added by the TOMPAI-D TROJAN!"
X	Cmpnt	mainsv.exe	"Added by the TOMPAI-C TROJAN!"
X	cms	iserver.exe	"Added by the DLOADER-WK TROJAN!"
X	cmsound	vcpdll.exe	"Added by the TCXMEDI-D downloader TROJAN!"
X	cmsound	vcsystem.exe	"Added by the TCXMEDI-D downloader TROJAN!"
Y	cnfgCav	CMain.exe	"Part of Comodo Antivirus"
Y	CnwiDeviceAgent	cnwida.exe	"Part of the Canon imagePROGRAF W8400 printer management software"
U	CognizanceTS	"rundll32.exe [path] AsTsVcc.dll	RegisterModule"
X	COM Service	mscom32.com	"Added by the BEASTY.H TROJAN!"
X	COM Service	msynvr.com	"Added by the BEASTY.G TROJAN!"
X	COM Service	msjclh.com	"Added by the BEASTY.E TROJAN!"
X	COM Service	msdrce.com	"Added by the BEASTY.I TROJAN!"
X	COM Service	msflyx.com	"Added by the BEASTDO-O TROJAN!"
X	COM Service	mskwda.com	"Added by the AGENT-JIX TROJAN!"
X	COM+ Event System	DRWTSN16.EXE	"Added by the LOVGATE.AB WORM!"
X	COM+ EventSystem Services	ECSERVER.EXE	"Added by a variant of the SDBOT WORM!"
X	COM++ System	svchost.exe...	"Added by a variant of the LOVGATE WORM!"
U	com.codeode.privacymantra	privacymantra.exe	"""Privacy Mantra keeps your computer clean from online and offline tracks"""
X	Comcast Network	ribiva.exe	"Added by a variant of the IRC TROJAN!"
U	COMDRV32	svdhost.exe	"Orvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/"
U	Comm Driver	commh32.exe	"G Data ""PC Spion"". PC monitoring and surveilling software
X	command	javaw.exe	"Added by the AGOBOT-LG WORM!"
Y	Common Client	ccRegVfy.exe	"Part of earlier versions of Norton AntiVirus - ""ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"""
X	CommonService	winup.exe	"Added by the DLOADR-BJJ TROJAN!"
X	Compaq Drivers	F1rewalls.exe	"Added by the SDBOT-WD WORM!"
X	Compaq Jes Drivers	winjes.exe	"Added by the SDBOT-XR WORM!"
N	Compaq Message Server	COMPAQ-RBA.EXE	"Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans
X	Compaq Service Drivers	systeminfos.exe	"Added by the SDBOT-XC WORM!"
X	Compaq Service Drivers	compq.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	navapqwa.exe	"Added by the SDBOT.BBQ WORM!"
X	Compaq Service Drivers	amsn.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	compqs.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	msnt.exe	"Added by the SDBOT.CQL WORM!"
X	Compaq Service Drivers	NtKernelSystem.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	wincmd.exe	"Added by the RBOT.ATV WORM!"
X	Compaq Service Drivers	wind32.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	winmsn.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	compaq.exe	"Added by the SDBOT-AFU WORM!"
X	Compaq Service Drivers	msnsvc.exe	"Added by the RBOT.BKT WORM!"
X	Compaq Service Drivers	ntsys32.exe	"Added by the RBOT.CIW WORM!"
X	Compaq Service Drivers	winsvc.exe	"Added by the SDBOT-AGD WORM!"
X	Compaq Service Drivers 32	compq32.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivrs	copq.exe	"Added by a variant of the RBOT WORM!"
X	Compaq Services Drivers	ndt32.exe	"Added by the RBOT.CQZ WORM!"
X	Compaq Sound Drivers For WINDOWS	sounddr.exe	"Added by the SDBOT-XG WORM!"
N	Compaq Video CD Watcher	??	For Compaq PC's. MPEG viewer
X	Compaq32 Service Drivers	ms32.exe	"Added by the SDBOT.BWH WORM!"
X	Compaq32 Service Drivers	msconfig32.exe	"Added by the SDBOT-ADC WORM!"
X	Compaq32 Service Drivers	msnt32.exe	"Added by the RBOT.BVF WORM!"
X	Compaqs Service Driver	copypad32.exe	"Added by the SDBOT.CSO WORM!"
X	Compaqs Service Drivers	compqs.exe	"Added by a variant of the SDBOT WORM!"
X	Compatibility Service Process	regsvs.exe	"Added by the GAOBOT.YN WORM!"
X	Compd Service Drivrs	codq.exe	"Added by a variant of the SDBOT WORM!"
U	ComproSchedulerDTV	ComproSchedulerDTV.exe	"VideoMate TV tuner and capture card - scheduler"
X	ConducteurPrive	GDC.exe	"ConducteurPrive rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
X	Config	service.exe	"Added by the ISRAZ.B WORM!"
X	Config	WinService32.exe	"Added by the CRUTCHA-A TROJAN!"
X	Config Loader	svchosl.exe	"Added by the GAOBOT.P WORM!"
X	Config Loader	scvhost.exe	"Added by the GAOBOT.AE or GAOBOT.AO WORMS!"
X	Config Loader	svhost.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Config Loader	svchost2.exe	"Added by the AGOBOT.XE WORM!"
N	ConfigServices	Config.exe	Part of initial setup on a Compaq PC
X	Configuration Driver	scghost.exe	"Added by the SDBOT-DLA WORM!"
X	Configuration Loader	service5.exe	"Added by the GAOBOT.AF WORM!"
X	Configuration Loader	Service.exe	"Added by the GAOBOT.AO WORM!"
X	Configuration Loader	Servicess.exe	"Added by the GAOBOT.AO WORM!"
X	Configuration Loader	svhst.exe	"Added by the GAOBOT.YC WORM!"
X	Configuration Loader	msgcfgsrv.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Configuration Loader	svupdate.exe	"Added by the RANDEX.DXP WORM!"
X	Configuration Loader	scvhost.exe	"Added by the AGOBOT-AAE and SDBOT.AR WORMS!"
X	Configuration Loader	svchost.exe	"Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
X	Configuration Loader	svchost2.exe	"Added by the AGOBOT.JR WORM!"
X	Configuration Loader	DVD-Player.exe	"Added by a variant of the SDBOT WORM!"
X	Configuration Loader	svschost.exe	"Added by the SDBOT-NS WORM!"
X	Configuration Loader	cvcd.exe	"Added by the AGOBOT-DH BACKDOOR!"
X	Configuration Loader	mservs.exe	"Added by the SDBOT-NM WORM!"
X	Configuration Loader	scvh0st.exe	"Added by the AGOBOT-AX WORM!"
X	Configuration Loader Service	Winsys32.exe	"Added by the RBOT-YV WORM!"
X	Configuration Loader Service	devl32.exe	"Added by the SDBOT-XY WORM!"
X	Configuration Loading	svchos1.exe	"Added by the GAOBOT.DK WORM!"
X	Configuration Loading Service	wscel.exe	"Added by the SDBOT-WJ WORM!"
X	Configuration Servecie	sewins.exe	"Added by the SDBOT-COH WORM!"
X	Configuration Service	suchost.exe	"Added by the TREB TROJAN!"
X	Configuration Services	mswords.exe	"Added by the SDBOT-YM WORM!"
X	Configuration Update	UPDT32V2.EXE	"Added by the SPYBOT-AA BACKDOOR!"
X	CONFIGUREv	antivir62.exe	"Added by the AGOBOT-ZD BACKDOOR!"
X	ConfigVir	services.exe	"Added by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
X	Connectivity Tool	[path to trojan]	"Added by the LITEBOT-E TROJAN!"
X	Content Service	winserv[LETTER].exe	"PurityScan adware"
X	ContentService	winservn.exe	"PurityScan adware - see here"
X	Contraviro	Contraviro.exe	"Contraviro rogue security software - not recommended
X	ContraVirus	ContraVirusPro.exe	"ContraVirus rogue security software - not recommended
X	ContraVirus	ContraVirus.exe	"ContraVirus rogue security software - not recommended
X	control panel software service	cprs.exe	"Added by the RBOT-FPI WORM!"
X	Controlled Resource System Service	crss.exe	"Added by the AGOBOT.GH WORM!"
X	ControlPanel	"svcc.exe internat.dll	LoadKeyboardProfile"
X	ControlPanel	"private.exe internat.dll	LoadMouseCarpetProfile"
X	ControlServiceMgr	csmsv.exe	"Added by the AGENT-XC TROJAN!"
U	Copernic Desktop Search 2	DesktopSearchService.exe	"Copernic Desktop Search - search agent"
X	Coreguard Antivirus 2009	Coreguard 2009.exe	"Coreguard Antivirus 2009 rogue security software - not recommended
N	Corel Reminder	NAVBROWSER.EXE	If you don't want to register Corel products and be reminded about it every 2 weeks disable it
N	Corel Reminder	NAVBrowser.exe	Registration reminder for CorelDRAW 10
X	CoreSrv	coresrv.exe	"Some IRC trojans/worms use this - see here for more information"
X	Counterstrike Service Agent	czrzns.exe	"Added by the MEDBOT.AR WORM!"
?	CPA9P2PSERVER	CPA9P2PS.exe	"Found on a Compaq Presario but what is it?"
X	cpntmgc	navpmc.exe	"Added by the SIMCSS TROJAN!"
U	CPQEASYACC	STARTDRV.exe	For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
X	CPQHotKeys	hotkeysvc.exe	"Added by the RBOT-XA WORM!"
U	CPQInet Runtime Service	CpqInet.exe	"For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers"
X	cprocsvc	cproc.exe	Added by MSIL.AGENT.C TROJAN!
U	Cpu Level Up help	CpuLevelUpHelp.exe	"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
X	Cpusave	Cpusave.exe	"Added by the GEMA TROJAN!"
X	Cpusave32	Cpusave32.exe	"Added by the GEMA TROJAN!"
X	CPVHOST Settings	cpvhost.exe	"Added by a variant of the SDBOT TROJAN!"
?	CQSCP2PSERVER	CQSCP2PS.EXE	"""Compaq printer utility which is required in the startup menu in order to make the printer work correctly"". Is it actually required?"
N	CrazyTalk Serve	"rundll32.exe CrazyTalk.dll	DIIServeMediaFile"
X	CRC Value Verifier	crsss32.exe	"Added by a variant of the RBOT WORM!"
X	CRC Value Verifier	Crsss64.exe	"Added by the RBOT-NY WORM!"
X	CRC Value Verifier	svchost32.exe	"Added by the RBOT-OA WORM!"
X	CRC Value Verifier	crsss.exe	"Added by the SPYBOT.UK WORM!"
U	Creata Mail	JMSrvr.exe	"Creata_Mail. Smileys
N	Creative AGP Wizard	agpwiz.exe	Part of Creative's BlasterControl
X	Creative Audio Drivers	creative.exe	"Added by the RBOT-FKR WORM!"
N	Creative Detector	CTDetect.exe	"Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player
N	Creative Launcher	CTLauncher.exe	For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
U	Creative Live! Cam Manager	CTLCMgr.exe	"Creative Live! Cam Manager"
U	Creative MediaSource Go	CTCMSGo.exe	"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
U	Creative MediaSource Go	CTCMSGoU.exe	"Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
N	Creative PCI Audio Configuration Utility	starter.exe	"System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer"
N	Creative Software Update	AutoUpdate.exe	Auto-updater for Creative Labs software
N	Creative WebCam Tray	Camtray.exe	Creative WebCam tray control - can be started manually
X	Creative.exe	Creative.exe	"Added by the PROLIN WORM!"
N	CreativeDiscNotifier	CTNOTIFY.EXE	"For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM
U	CreativeMixer	CTMIX32.EXE	"Creative soundcard System Tray access to
?	CreativeTaskScheduler	CTSched.exe	"Creative Task Scheduler. What does it do and is it required?"
X	Crnsava	scrnsave.pif	"Added by the SDBOT-ZV WORM!"
X	Cryptographic Service	*****.exe [ = random char]	"Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!"
X	CS Update	copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll	Added by an unidentified malware
Y	CSAV_CheckViruses	vchk.exe	"Command Antivirus related"
X	CSCRS Value	cscrs.exe	"Added by the RBOT-AAA WORM!"
X	CSCRS Value Check	MsPMSPSd.exe	"Added by a variant of the SDBOT WORM!"
X	cserv32	cserv32.exe	"Added by the STRATION.EC WORM!"
X	csrssLevel4	csrss.exe	"Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Level4"" subfolder"
X	csrvss	csrvss.exe	"Added by a variant of the SDBOT TROJAN!"
U	CSS Server	CSSServer.exe	"ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself"
X	CSV10P1	CSP001.exe	"ClearSearch adware"
X	CSV10P70	CSv10P070.exe	"ClearSearch adware"
X	CSV7P26	CSV7P26.exe	"ClearSearch adware"
X	CSV7P70	CSV7P070.exe	"ClearSearch adware"
X	CSV7P91	CSV7P91.exe	"ClearSearch adware"
U	csvdea	csvdea.exe	"SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself"
X	csvhost.exe	csvhost.exe	"Added by the CIMUZ-BD TROJAN!"
X	CT Control Settings	CTSVCCD.EXE	"Added by the RBOT-YS WORM!"
N	CTAVTray	CTAvTray.exe	For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ
X	CTDrive	"rundll32.exe drvmod.dll	startup"
N	CTDVDDet	CTDVDDet.exe	"Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player
X	CTF Device Loader	ctfmond.exe	"Added by the AGOBOT-FO WORM!"
X	CTFMON	wscript.exe /E:vbs winjpg.jpg	"Added by the RUNAUTO.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""winjpg.jpg"" file is located in %System%"
X	CTFMON	wscript.exe /E:vbs regedit.sys	"Added by the VBSAUTO-A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""regedit.sys"" file is located in %System%"
X	CTFMON.EXE	svchost.exe	"Added by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	ctfnom.exe	SVOHOST.exe	"Added by the DIGIDOR-A TROJAN!"
X	CTHELPER	svhost.exe	"Added by the SDBOT-RZ WORM!"
?	CTPDPSRV	CTPDPSRV.EXE	"Compaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required?"
U	CtrlVol	CtrlVol.exe	"Volume control key on Acer
U	CTSVolFE	CTSVolFE.exe	Creative Labs Mixer applet for the Sound Blaster Audigy
U	CTSVolFE.exe	CTSVolFE.exe	Creative Labs Mixer applet for the Sound Blaster Audigy
U	CTsysVol	CTSYSVOL.exe	Creative sound card volume controls
?	cttdpsrv	cttdpsrv.exe	"??"
X	CU1	VCClient.exe	Associated with the Surf Sidekick adware and should be removed
X	CU2	VCMain.exe	Associated with the Surf Sidekick adware and should be removed
N	cursor	Screendragon_VS_Taskbar.exe	"ScreenDragon video player"
X	Cvfjx	ANACON.EXE	"Added by the NACO.A WORM!"
X	cvhnykzx	keepSafe.exe	"Added by the KILLAV.KAX TROJAN!"
X	cvmonitor.exe	cvmonitor.exe	"Added by the SDBOT.BV WORM!"
X	cvmsyslpd	sdservss.exe	"Added by the MAILBOT-BY TROJAN!"
Y	CVPND	cvpnd.exe	Sub-system used by Cisco VPN client for making a connection to a remote IPSec server
N	cwbckver	cwbckver.exe	"Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
N	cwbsvstr	cwbsvstr.exe	"Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
U	Cyber-Defender 2003	uwcdsvr.exe	"
N	Cyber-shot Viewer Media Check Tool	SPUVolumeWatcher.exe	"Part of the Sony Picture Uility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
N	Cyber-shot Viewer Media Check Tool	SPUVOL~1.EXE	"Part of the Sony Picture Utility software supplied with Sony Cyber-shot digital cameras. Automatically invokes an import process if the camera is connected and has media on it"
N	Cyberlink PowerCinema 3.0	PCMService.exe	"Part of Cyberlink's PowerCinema - which can be used to watch movies
X	DamedWare Services	dwdrce.exe	"Added by the RBOT-AOJ WORM!"
X	DarkDevil.Grasiele.BR	Grasiele.VBS	"Added by the LEMBRA WORM!"
X	DASDS VSAVdjs	dsabdw.exe	"Added by the SDBOT-RE WORM!"
X	Data	System.dat.vbs	"Added by the BISCUIT.A WORM!"
X	Data File	vdehost.exe	"Added by the SDBOT-DOS TROJAN!"
X	Data Restore Service	prq8.exe	"Added by the KELVIR.AI WORM!"
N	DataViz Inc Messenger	DvzIncMsgr.exe	"Installed with DataViz ""Documents to Go"" software"
N	DataViz Messenger	DvzMsgr.exe	"DataViz Documents to Go - "allows you to use your Word
U	DAZEL Delivery Agent	DcDaemon.exe	"Control and send documents
N	dbserv	dbserv.exe	Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled
X	dc2k5	SVIQ.EXE	"Added by the COIDUNG-A WORM!"
U	DCfssvc	dcfssvc.exe	"Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup
U	dcfssve	dcfssvc.exe	"Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup
X	DCOM Server	[path to trojan]	"Added by the AGENT-CCQ BACKDOOR!"
N	DDCActiveMenu	DDCActiveMenu.exe	Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
X	ddivmwa	[random filename]	"Added by a variant of the SLAPER TROJAN!"
U	ddoctorv2	sprtcmd.exe /P ddoctorv2	"Comcast Desktop Doctor (provided by SupportSoft
X	DDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	DDriver	svchost.exe	"Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies"
X	Default	explore.vbs	"Added by the ALLEM WORM!"
X	Default	mtask.vbe	"Added by the ALLEM WORM!"
X	Default System Research	vhchost.exe	"Added by the TARNO.I TROJAN!"
X	defragsys	svchost.exe	"Added by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which should normally figure in Msconfig/Startup!"
X	delsubmit	"rundll32.exe advpack.dll	DelNodeRunDLL32 submit.exe"
X	Deneca	Virus salvado	"Added by the DELUZ VIRUS!"
?	desk-top-service	desk-top-service.exe	"??"
X	DeskAd Service	DeskAdServ.exe	"DeskAd.Service adware"
U	desksaver	desksaver.exe	"Part of Advanced Desktop Shield
U	DeskSaver	DeskSaver.exe	"DeskSaver from Headway Creative - utility that allows you ""to backup and to restore the icons position easily on the Windows desktop"". The Pro version also includes a ""Taskbar Economizer"" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaver"
U	DeskSaver Pro	DeskSaver.exe	"DeskSaver Pro from Headway Creative - utility that allows you ""to backup and to restore the icons position easily on the Windows desktop"". Includes a ""Taskbar Economizer"" which minimizes an open window to the System Tray instead of the taskbar. Located in %ProgramFiles%\Headway Creative\DeskSaver"
U	desksaver.exe	desksaver.exe	"Part of Advanced Desktop Shield
X	desktop	desktop.ini.vbs	"IE-Title malware"
U	Desktop Maestro Vista Tray	RMTray.exe	"Part of Desktop Maestro from PC Tools - which ""combines the features of our award winning products
N	Desktop Service Centre	DSC.exe	OptusNet DSL or Dial-Up connection software
?	DevconDefaultDB	READREG	"Appears to be related to older Creative Soundblaster soundcards"
X	Development Environment	devenv.exe	"Added by the DELBOT-AH WORM!"
U	DEventAgent	eventagt.exe	DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this
X	devenv	smvss.exe	"Added by the DEDLER-G TROJAN!"
X	Device Configuration Loader	msdvc32.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
U	Device Detector	DevDetect.exe	"ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically"
N	Device Detector 2	DevDtct2.exe	"Installed by various Olympus products
X	Device Hardware	devicehnd.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Device IO System	deviceio.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Device Management	wnsystem.exe	"Added by the AGOBOT-LH WORM!"
X	Device Manager	wfxmgr.exe	"Added by the RBOT.AJU WORM!"
X	Device Security	dvcsecure.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Device Security Driver	devicesec.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Device Security Manager	dvcsecure.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
U	DeviceDiscovery	hpotdd01.exe	"Detection of new imaging
X	DevicePath	Proyecto1.exe	"Added by the GRUEL WORM!"
X	DevicePath	Root.exe	"Added by the GRUEL WORM!"
U	Devices	olesvr.exe	"Salfeld Child Control - parental control software"
X	Devicewin	[path to trojan]	"Added by the BANKER-AEV TROJAN!"
U	devldr16	devldr16.exe	Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start → Settings → Control Panel → System → Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
U	devldr16.exe	devldr16.exe	"Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use ""Sound Play Control"" and ""Sound Recorder"". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable ""Creative SB16 Emulation"" under Creative Miscellaneous Devices"
?	Devlog	devlog.exe	"Apparently mainboard/chipset related
X	DHCP Server	regsvr.exe	"Added by the RBOT-PR WORM!"
X	DHCP32	services.exe	"Added by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\display"
?	Diamondview	Diamondview.exe	"Manulife Financial Insurance program. Is it required at startup?"
U	DigiSrv	DigiSrv.exe	"Related to camera software from DigitalDreams"
N	Digital Dashboard	devgulp.exe	For Compaq PC's. Loads Digital Dashboard options
N	Digital River eBot	downlo~1.exe	"Digital River Systems EBOT for downloading software from their site. In some cases
U	DIGServices	DIGServices	Created by Disney but licensed to ESPN for watching videos
N	DIGServices	DIGServices.exe	Created by Disney but licensed to ESPN for watching videos
X	Director Video	btnmgern.exe	"Added by the MYTOB-KL WORM!"
U	DIRECTVDSL	Directvdsl.exe	Starts DirectTV DSL modem at boot up. Can also be started manually
X	DirectX Driver	stdhost.exe	"Added by the SDBOT.GVJ BACKDOOR!"
X	DirectX For Microsoft Windows	dtxservice.exe	"Added by the PROGENT TROJAN!"
X	DirectX for Microsoft Windows	Fservice.exe	"Added by the PRORAT TROJAN!"
X	DirectX for Microsoft Windows	Sservice.exe	"Added by the PRORAT TROJAN!"
X	DirectX For Microsoft® Windows	fservice.exe	"Added by the PRORAT-P TROJAN!"
X	DirectX For Microsoft� Windows	fservice.exe	"Added by the PRORAT-L TROJAN!"
X	DirectX shell driver	[path to trojan]	"Added by the MARKTMAN-B TROJAN!"
X	Directx Startup Drivers	direct.exe	"Added by the RBOT.UXL WORM!"
X	DirectX Video Driver	dxterm5.exe	"Added by the WILAB-A TROJAN!"
X	DirectX9	svchost32.exe	"Added by the RBOT.AQG WORM!"
?	discoveg	discoveg.exe	"??"
?	DISCover	DISCover.exe	"Related to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required?"
N	DiscoverDeskshop	Deskshop.exe	"Discover Deskshop - single use ""virtual"" credit card"
X	Disk Defragmentation Loader	pmsvcr.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Disk Essensial Tools	detsvc.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Disk Manager	diskver.exe	"Added by the RBOT.AQT WORM!"
X	Disk Panel Configuration	dpcsvc.exe	"Added by the IRCBOT.BSQ BACKDOOR!"
X	Disk Panel Setup	npcsvc.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Display Drivers	cssrs.exe	"Added by the AGOBOT.FX WORM!"
X	Dist-FBGeneve	GDC.exe	"NettoyeurDePC French rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
X	Distributed File System	Dfsvc.exe	"Added by the MYFIP.A or MYFIP.K WORMS!"
X	Distributed Link Tracking	ascvt.exe	"Added by the AGOBOT-GH BACKDOOR!"
?	Divamon.exe	Divamon.exe	"Associated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required?"
X	divx	divxenc.exe	"Added by the SPBOT.B TROJAN!"
X	Divx	codll.exe	"Added by the GRAVEBOT-A TROJAN!"
X	DivX MediaPlayer 7.0	Dr.DivX.exe	"Added by the ALADINZ.G TROJAN!"
X	DivX Player	DivXPlayer.exe	"Added by a variant of the RBOT WORM!"
X	DivX Updater	DivX.Exe	"Added by the NALDEM TROJAN or MASTAK VIRUS!"
X	DIVX Video Player	DIVXPloyer.exe	Added by an unidentified WORM or TROJAN!
X	Divx4 codec	devldr32.exe	"Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file"
X	DivXCodec	NEWMAIL.exe	"Added by the DELF-RQ BACKDOOR!"
X	djdsdvqwa	vjdhdg.exe	"Added by the SDBOT-EF BACKDOOR!"
Y	DkService	DkService.exe	"From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled
N	dlbcserv	dlbcserv.exe	Related to Dell Photo Printers and provides additional configuration options for these devices
X	dlcipscl	dcpavss.exe	"Added by the MAILBOT-CB TROJAN!"
N	DLF_00000B00	Vcdlf.exe	"Known to cause problems with "Out of memory" errors (see here). Otherwise
X	DLINK dfe drivers for Windows NT	windfe.exe	"Added by the RANDEX.AK WORM!"
X	Dll Boot Loader on Startup (do not remove this)	[various filenames]	Added by an unidentified TROJAN!
X	Dll Link	svchoist.exe	"Added by the AUTOSKY WORM!"
X	Dll Link	svchost.exe	"Added by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Favourites folder"
X	DLL Service Manager	[path to worm]	"Added by the RPCBOT.F TROJAN!"
X	dll services	[random filename].exe	"Added by a variant of the SDBOT WORM!"
X	DllCacherv2	dllcachev2.exe	"Added by the LATEDA TROJAN!"
X	dllcvss	[random filename]	"Added by a variant of the SLAPER TROJAN!"
X	DLLService32	dllsvc32.exe	"Added by the AGOBOT.VX WORM!"
X	Dmsvc32	Dmsvc32.exe	"Added by the AGOBOT.ABU WORM!"
X	DM_server	dmserver.exe	"Comet Cursor adware"
X	dm_service	[path to file]	"Added by the MITGLIEDER.P TROJAN!"
X	DNS Config service	win32.exe	"Added by the RBOT-TL WORM!"
X	Dns Resolver	dnsrslve.exe	"Added by the RBOT-WS WORM!"
X	DNS Service	dnsresolver.exe	"Added by the RBOT-PQ WORM!"
X	DNS Service	dnssvc.exe	"Added by the DELBOT-Z WORM!"
X	DnsCache	Wscript.exe dns_cache.vbs	"Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""dns_cache.vbs"" file is located in %System%"
?	DNXVC	dnxvc.exe	"??"
X	Doctor Antivirus 2008	antvr.exe	"Doctor Antivirus 2008 rogue security software - not recommended
X	Domain Name Resolve Service	dnsresolver.exe	"Added by the KIMAN.A WORM!"
X	DomPlayer Service	wakeservice.exe	"DomPlayer adware"
N	DoroServer	DoroServer.exe	"Doro PDF Writer from The SZ Development. All what you need for creating pdf files"
X	Dowmingzu	Dowmingzu.dll.vbs	"Added by the SOLOW-E WORM!"
Y	Dpcnav	dpcnav.exe	"DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access"
X	dpnsvr32	dpnsvr32.exe	"Added by the AOLPASS-B TROJAN!"
X	dpzProtect	n.vbe	"Added by the RUNAUTO.H WORM!"
X	DR service	[path to worm]	"Added by the RBOT-CZT WORM!"
X	dreams	server.exe	"Added by a variant of the SDBOT WORM!"
X	DrefIW	SysDrefIWv2.exe	"Added by the DREF-C WORM!"
X	DriveCleaner 2006 Free	UDC2006.exe	"DriveCleaner rogue security software - not recommended
X	DriveCleaner Free	UDC.exe	"DriveCleaner rogue security software - not recommended
X	DriveDefender	GDC.exe	"DriveDefender rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
U	DriveIcons	DriveIcon.exe	"Drive Icons from Realtek - shows a specific icon for each card type for their card reader controllers"
U	DriveLED	OODLed.exe	"O&O DriveLED - hard disk monitoring and crash prevention"
X	Driver	gbot.exe	"Added by the JUNTADOR.K TROJAN!"
X	Driver32	Scam32.exe	"Added by the SIRCAM WORM!"
X	DriverCheck	svchost.exe	"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""DriverLoad"" sub-directory of the Root folder (C:\)
X	DriverConf	dvrconf.exe	"Added by the AGOBOT-IY WORM!"
X	DriverDB	svcmdx32.exe	"Added by the BERPI TROJAN!"
X	DriverLoad	svchost.exe	"Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""DriverLoad"" sub-directory of the Root folder (C:\)
U	DriverMagicLogon	dmschedule.exe	"Part of DriverMagic - ""the easiest way to locate device drivers"""
N	DriverMax	devices.exe	"DriverMax from Innovative Solutions - ""a new tool that allows you to download the latest driver updates for your computer. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other"""
X	DriverModule	csrnvrt.exe	"Added by the IRCBOT.I TROJAN!"
X	DriverPath	system32.exe	"Added by the PRORAT-S TROJAN!"
X	Drivers for Internet Explorer	accesweb.exe	"Added by the STARTPAGE.FW TROJAN!"
X	Drives swap	AV1i.exe	"Anti-Virus Number-1 rogue security software - not recommended
N	DriveSelect	driveselect.exe	"DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs"
X	DriveSystem	maxpaynowti1.exe	"Added by the TIBS.AZT TROJAN!"
X	drmsrv32	stmhosts.exe	"Added by the AGENT.AGWU TROJAN!"
X	drvddll.exe	drvddll.exe	"Added by the BEAGLE.AP WORM!"
X	Drvddll_exe	drvddll.exe	"Added by the BEAGLE.X WORM!"
U	DrvIcon	DrvIcon.exe	"""Vista Drive Icon changes the drive icons shown in Windows ""My Computer""
?	DrvListnr	DrvListnr.exe	"Analog Devices SoundMAX soundcard related. What does it do and is it required?"
U	drvlsnr	drvlsnr.exe	Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly
U	DrvMon.exe	DrvMon.exe	"Alcor drive monitor software"
X	drvnetw	drvnetw.exe	"Added by the BROGGER-B TROJAN!"
X	drvr32h	drvr32h.exe	"Added by an unidentified VIRUS
X	drvrmanager	drvrquery32.exe	"Added by the BOOHOO WORM!"
X	DrvStart	HPMedia.exe	"Added by the BANCBAN-QE TROJAN!"
X	drvsys.exe	drvsys.exe	"Added by the BEAGLE.W WORM!"
X	drvsyskit	hidr.exe	"Added by the BAGLE.HR WORM!"
X	drvsyskit	hldrrr.exe	"Added by the BAGLE.QU TROJAN!"
X	drvupd	rundll32 ..drvupd.inf	"Hijacker - drvupd.inf file installs a ""searchforge.com"" hijack"
X	drv_st_key	hidn.exe	"Added by the BEAGLE.FF WORM!"
X	DrWeb Antivirus	DRWEBAV.EXE	Added by an unidentified WORM or TROJAN!
U	dscactivate	dsca.exe	Dell Support Agent offers additional support and update features for your Dell computer or laptop
X	DsmSer	svosm.exe	"Added by the SERFLOG.B WORM!"
X	DSService	dmrss.exe	"Added by the AGOBOT-XX WORM!"
X	DSystemDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
X	Dumeter Services	dumeter.exe	"Added by the SDBOT-AEQ WORM!"
X	DUN_SERVICES3	dun3.exe	"Added by the SOKIRON TROJAN!"
X	DVAScvssdfa	AsSDdwd.exe	"Added by the LIOTEN.IP TROJAN!"
U	DVD Device Lock for Win95/98/Me/2k/XP	DDLAgent.exe	"Loads Hide and Protect any Drives - which ""can be used to restrict read or write access to removable media devices such as CD
X	DVD Upgrade	dvdupgd.exe	"Added by a variant of the IRCBOT BACKDOOR!"
N	dvd43	DVD43_Tray.exe	"DVD43 is ""a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"""
U	DVD43	DVD43.exe	"DVD43 is a small tool that overrides CSS copy-protection found on DVD movies"
X	dvd98	windvd98.exe	"Added by the CULT.P WORM!"
N	DVD@ccess	DVDAccess.exe	"Part of DVD Studio Pro from Apple Inc. - ""The DVD@CCESS feature allows you to add additional interactivity to your DVD title when it is played on a computer"""
?	DVDAgent	DVDAgent.exe	"Found on the HP Touchsmart range of desktops and notebooks. What does it do and is it required?"
U	DVDBitSet	DVDBitSet.exe	DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used
?	DVDCheck	DVDCheck.exe	"Related to an Intervideo program. What does it do and is it required in startup?"
X	Dvdcompat	Dvdcompat.exe	"Added by the GEMA TROJAN!"
N	DVDLauncher	DVDLauncher.exe	"Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion"
N	DVDSentry	DSentry.exe	"Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching
N	DVDTray	DVDTray.exe	HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware
N	DVDUpgrade	DVDUpgrd.exe	"Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs"
N	DVDXGhost	DVDGhost.EXE	"DVD Ghost - ""utility to make your software DVD players and DVD copy/backup softwares restriction-free
U	dvHighMem	cfgmng32.exe	"Related to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet use"
Y	Dvp95	Dvp95.exe	"Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine"
Y	dvpapi9x	DVPAPI9X.exe	Command AntiVirus for Windows 95/98/Me
Y	DvpInitExe	Dvpinit.exe	"Command Antivirus related"
Y	dvprpt	Dvprpt.exe	"Command Antivirus related"
X	dvraudio	dvraudio.exe	"Added by a variant of the CRYPTER.C TROJAN!"
X	dvsfss	fbsfsdrs.exe	"Added by the SDBOT-QA WORM!"
U	DVSync	dvsync.exe	DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC
X	DvVideo32	dvvid32.exe	"Added by the TINY.FD TROJAN!"
X	Dvx	wsxsvc.exe	"Delfin Media Viewer or ""Promulgate"" adware variant"
X	dwqblwpvl.exe	[random].exe	"Okcashbackmall adware"
X	dxmsrv	dxmsrv.exe	Added by an unidentified WORM or TROJAN!
X	dxvid	dxvid.exe	"Added by the DLUCA-Y TROJAN!"
X	DyFuCA Active Alert	actalert.exe	"Adult content dialler - see here"
?	DZKillMe	DZSAVEME.EXE	"??"
U	D_V_T	dvt.exe	"DICOM Validation Tool - ""DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment"""
?	D_V_T	dvt.exe	"Installation could be a crack/hack to NOD32 - see here. Seen and removed in many logs. Investigate it further and if the file C:\d_v_t.reg is present then it should be fixed. Not to be confused with the DICOM entry here"
U	e-Surveiller Station	estation.exe	"ESurveiller - surveillance software. Uninstall this software unless you put it there yourself"
U	eabconfg.cpl	EabServr.exe	Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
?	Eac_rnvdl	ANTIVIRUS_INSTALL.EXE	"??"
X	EasyAV	EasyAV.exe	"Added by the NETSKY.S or NETSKY.T WORMS!"
U	EasyLinkAdvisor	LinksysAgent.exe	"Linksys EasyLink Advisor - ""the free application that provides and easy way to setup
X	easyServ	Server.exe	"Added by the EASYSERV TROJAN!"
U	EasyTuneIV	ET4Tray.exe	Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
U	EasyTuneV	GUI.exe	Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
X	EbatesMoeMoneyMaker	wjview ...Code	"Ebates adware"
X	ebmmm	ebatesmmmv.exe	"Ebates adware"
X	Edzy AntiVirus	dppsfa.exe	"Added by a variant of the RBOT WORM!"
N	EEventManager	EEventManager.exe	"Part of the Epson Creativity Suite supplied with their multi-function printer/scanners
U	eFax Live Menu 3.3	J2GDllCmd.exe	"DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications
N	EgisTecLiveUpdate	EgisUpdate.exe	"Software updater for biometric and data encryption products from EgisTec Inc"
N	elm	Elmenv.exe	"ViaTech eLicense for securing
U	ELSAChipGuard	elsavect.exe	"ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed
Y	EmailScan	mcvsescn.exe	Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails
X	eMakeSV	EMAKESV.EXE	"""Switch"" adult content dialer"
X	eMakeSV	EMAKE2B.EXE	"""Switch"" adult content dialer"
N	Energizer FileSaver	Energizer FileSaver.exe	"Energizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended"
?	ENSApServer2_0	APSERVER.EXE	"Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?"
X	Enumerate Service	wsys.exe	"Added by the MANIFEST TROJAN!"
Y	EnvyHFCPL	EnMixCPL.exe	"VIA Envy24 PCI Audio Controller driver"
U	EPGServiceTool	EPGClient.exe	"Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge"
U	EPGServiceTool	EPGCLI~1.EXE	"Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge"
N	ePrint 3.0 Service	EPRINT3.EXE	"LEADTOOLS ePrint file conversion software - ""convert any file to and from over 150 document and image formats including searchable PDF
N	ePrint 4.0 Service	EPRINT4.EXE	"A component of the ""LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF
N	EPS	e_srcv02.exe	"According to the Epson info: ""Use this utility to automatically check for errors and also check the level of ink remaining."" This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check"
N	EPS	e_srcv03.exe	"According to the Epson info: ""Use this utility to automatically check for errors and also check the level of ink remaining."" This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check"
X	Epsilon Squared	vmmreg32.exe	"Added by the AGENT.MVC TROJAN!"
U	EPSON Status Monitor 3	E_[various].EXE	"Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
N	EPSON Status Monitor 3 Environment Check	e_srcv03.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPSON Status Monitor 3 Environment Check	e_srcv02.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPSON Status Monitor 3 Environment Check 2	e_srcv03.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPSON Status Monitor 3 Environment Check 2	e_srcv02.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
U	EPSON Stylus CX5000 Series	E_FATIBVA.EXE	"Epson Status Monitor 3 for the Stylus CX5000 Series printer - for monitoring printer status
U	EPSON Stylus DX5000 Series	E_FATIBVE.EXE	"Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status
X	EQAdvice	EQAdvice.exe	"NewAds1 adware"
Y	eRecoveryService	check.exe	"Now part of Acer Empowering Technology. ""Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer
U	eRecoveryService	Monitor.exe	"Part of Acer Empowering Technology. ""Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer
U	eRecoveryService	eRAgent.exe	"Part of Acer Empowering Technology. ""Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer
X	erthgdr	svc.exe	"Added by the BEAGLE.BN or BEAGLE.BP WORM!"
X	erthgdr2	svc23.exe	"Added by the BAGLE.CG WORM!"
U	ES Current Services	[FILE NAME].exe	"123Keylogger surveillance software. Uninstall this software unless you put it there yourself"
Y	eScan Monitor	AVKWCTL9X.EXE	"MicroWorld eScan antivirus"
U	eScan Scheduler	avkserv.exe	"MicroWorld eScan antivirus scheduler"
X	eth0 driver	exec.exe	"Added by the SPYBOT-Z WORM!"
X	Ethernet Driver	cmsrrs.exe	"Added by a variant of the RBOT WORM!"
X	Ethernet Drivers	smrrs.exe	"Added by the RBOT-AAK WORM!"
X	Ethernet Drivers	ethernet.exe	"Added by the GAOBOT.CEZ WORM!"
X	Etraffic	JavaRun.exe	"TopMoxie adware"
U	eTrust PestPatrol Active Protection	PPActiveDetection.exe	"PestPatrol real-time protection feature. ""Stops spyware before it infects your system"""
X	EUP Service	eupsvc.exe	"Added by the DELBOT-Q WORM!"
?	Event Log	eventlog.exe	"??"
N	Event Planner Reminders	PLNRNote.exe	Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner
N	Event Planner Reminders Tray Icon	PLNRnote.exe	Part of Sierra/Hallmark Card Studio - System Tray notification of events such as birthdays and anniversaries that you've scheduled with the customizable Event Planner
N	Event Reminder	pmremind.exe	"Event reminder for calendar dates
X	EventApplicationCmd	smschk.exe	"Added by the IRCBOT-AO TROJAN!"
U	EVENTLISTENER	EvLstnr.exe	Used with a Nikon digital camera to recognize when the camera is plugged in
N	eventmgr	eventmgr.exe	Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs
X	eventwvr	eventwvr.exe	"Added by the COSIAM_G TROJAN!"
?	EverioService	EverioService.exe	"Related to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required?"
U	EVGAPrecision	EVGAPrecision.exe	"EVGA Precision overclocking utility - ""allows you to fine tune your EVGA graphics card for the maximum performance possible
U	Evidence Cleaner	ecleaner.exe	"Evidence Cleaner cleans up tracks left by your PC and Internet activities"
N	Evidence Eliminator	ee.exe	"Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis"
X	Evil	Evil.exe	"Added by the MYTOB.JM WORM!"
N	evntsvc	evntsc.exe	"Application Scheduler installed along with RealOne Player. Once installed
U	EVOLOSTA	EVOLOSTA.EXE	"Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID
U	Evoluent Mouse Manager	EvoMouExec.exe	"Mouse manager for Evoluent VertcialMouse"
X	EvtHtm	evthtm.exe	"Added by the DLUCA-EJ TROJAN!"
U	EvtMgr6	Setpoint.exe	"Logitech SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice
U	EW Message Server	msg32.exe	Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
?	Excite Private Messenger Pipe	x8impipe.exe	"??"
X	ExpertAntivirus	ExpertAntivirus.exe	"ExpertAntivirus rogue security software - not recommended
X	expler	Updadv.exe	"Added by the QQPASS-N TROJAN!"
X	Explorer	drv.exe	"Added by the SMALL-FD TROJAN!"
X	Explorer	explorar.vbs	"Added by the DESKTO-A WORM!"
X	explorer	main.vbe	"Added by the SHUSH-A WORM!"
X	Extra Antivirus	ExtraAV.exe	"Extra Antivirus rogue security software - not recommended
U	E_S[numbers]	[path] E_[various].EXE [path] E_S[numbers].tmp	"Temporary entry related to Epson Status Monitor 3 for their range of printer and AIO devices - for monitoring printer status
U	F-PROT Antivirus Tray application	FProtTray.exe	"System Tray access to F-PROT Antivirus"
X	F-Secure 2005	svchost.exe	"Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
U	F5D7050v3	Belkinwcui.exe	"Wireless configuration utility for the Belkin F5D7050 Wireless G USB Adapter"
U	F5D8055v1	Belkinwcui.exe	"Wireless configuration utility for the Belkin F5D8055 Wireless N+ USB Adapter"
U	FamilyKeyLogger	cisvc.exe	"Family Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLogger"
X	Fast Antivirus 2009	FastAV.exe	"Fast Antivirus rogue security software - not recommended
X	Fast Home	svcnvt.exe	"Detected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines
X	Fast Search	svcnv.exe	"Homepage
X	Fast start	svcnt.exe	"Adware - detected by Kaspersky as a variant of the FAVADD TROJAN!"
X	FastStart	svcnut.exe	"Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
X	FastStart	svcnut32.exe	"Browser hijacker - a variant of the STARTPAGE.L TROJAN!"
X	FASTTRACKNETVISION	NETVISION.exe	"DialCar-Z premium rate dialer"
U	FastTVSync	FastTVSync.exe	"Part of InterVideo (now Corel) DVD Copy - ""fast DVD copying and file conversion software. In just three steps
U	fatrecov	fatrecov.exe	SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself!
U	FavoriteSync	FavoriteSync.exe	"FavoriteSync keeps the same set of Internet Explorer Favorites on several computers in sync"
U	FaxCenterServer	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark
U	FaxCenterServer4_in_1	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark
U	FaxCtrl.exe	ASMediaProxyServer.exe	"Part of Avaya's Contact Center Express - ""a multi-channel
X	FDriver	windrv.exe	"Added by the DELF.WG TROJAN!"
U	FEELitDeviceManager	feelitdm.exe	Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)
X	fegoze	SVCH0ST.EXE	"Added by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase ""o"""
X	Fen Startups	fensvc32.exe	"Added by the RANDEX.CCF WORM!"
X	Fenio Startups	fnesvc32.exe	"Added by the AGOBOT-OS BACKDOOR!"
X	ff	svhost32.exe	"Added by the LINEAG-AFF TROJAN!"
X	ffeqOME	vcvsav.exe	"Added by the RANKY.AB TROJAN!"
Y	ffprsrv	ffprsrv.exe	"File and Folder Privacy - is a ""system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder"". If this entry is disabled
Y	ffprsrv.exe	ffprsrv.exe	"File and Folder Privacy - is a ""system security utility you can use to password-protect or hide your files and folders with a click of mouse. The program will always prompt to enter your access password when protection is enabled and a user is trying to access a protected file or folder"". If this entry is disabled
Y	ffpsrv	ffpsrv.exe	"File & Folder Protector - ""great easy-to-use password-protected security utility lets you password-protect certain files and folders
Y	ffpsrv.exe	ffpsrv.exe	"File & Folder Protector - ""great easy-to-use password-protected security utility lets you password-protect certain files and folders
X	FHStart	shdocsvc.exe	"Added by the WINHOUND TROJAN!"
U	FieldForms Sync	SyncService.exe	"Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run
?	file indexing service	msfindfile.exe	"New version of MS FindFast and still a resource hog?"
X	File Mapping Services	hp-1003.exe	"Added by the RBOT.FAN WORM!"
X	File System Service	wmiprvsc.exe	"Added by the AGOBOT-HZ TROJAN!"
X	FileManager32	Wscript.exe ChkMgr32.vbs	"Added by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""ChkMgr32.vbs"" file is located in %System%"
X	Files Driver	sdphost.exe	"Added by the SDBOT-DKZ WORM!"
X	Files Driver	sfdhost.exe	"Added by the AGOBOT-AJC BACKDOOR!"
X	FileSoft	Wscript.exe UpdataFiles.vbs	"Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""UpdataFiles.vbs"" file is located in %Windir%"
U	FilmLoop	FilmLoopService.exe	"Related to FilmLoop - a photocasting network. Share your pictures with your family and friends"
Y	Find Virus Launch Program	fvlaunch.exe	"Part of Dr. Solomon's Antivirus"
U	FinePrint Dispatcher v4	fpdisp4a.exe	"FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. ""FinePrint saves ink
U	FinePrint Dispatcher v4	fpdisp4.exe	"FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. ""FinePrint saves ink
U	FinePrint Dispatcher v5	fpdisp5a.exe	"FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. ""FinePrint saves ink
X	Fire Wall services	[random filename]	"Added by the IRCBOT-QY WORM!"
X	Fire Wall services	wnlmzsfhobi.exe	"Added by the IRCBOT-QY WORM!"
X	Fire Well service	[random].exe	"Added by the RBOT-FJU WORM!"
X	FireFox Service Drivers	ssmss.exe	"Added by a variant of the SDBOT WORM!"
X	FireFox Startup Drivers	wuaclt.exe	"Added by the RBOT.BYX WORM!"
X	FiresWallservices	[random].exe	"Added by the RBOT-FJT WORM!"
X	Firevall Administrating	rndll.exe	"Added by the PUSHBOT-B WORM!"
X	firewall	spoolsv.exe	"Added by the DIZAN.F VIRUS!"
X	FirewallActivies	csrss.exe	"Added by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""3041"" subfolder"
X	FirewallSvr	FirewallSvr.exe	"Added by the NETSKY.X or NETSKY.Y WORMS!"
X	FireWire Driver	samx.exe	"Added by the SDBOT.AE WORM!"
X	FireWire Service	nvscv32.exe	"Added by a variant of the SDBOT WORM!"
X	FireWire Services	nvcsv32.exe	"Added by a variant of the SPYBOT WORM!"
X	FIX	WinFIX1.0.vbs	"Added by the GORMLEZ-A WORM!"
Y	Fix-it AV	memcheck.exe	Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources
X	Fixnice	vcvw.exe	"Added by the SDBOT TROJAN!"
N	FJUPDNV_Chitose	fjdvrupd.exe	Driver update for a Fujitsu Siemens Lifebook laptop
X	FKS v2.0	msngr.exe	Added by an unidentified WORM or TROJAN!
X	Flash Driver	[path to trojan]	"Added by the AGENT.CWVT TROJAN!"
X	Flash Media	services.exe	"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
?	Flow Go TV	flogotv.exe	"??"
X	flps	flps.vbs	"Added by the BYRON WORM!"
?	FLSVCI	FLSVCI.exe	"??"
X	Folder Service	wssdtu.exe	"Added by the MANIFEST TROJAN!"
U	Folder View	folderview.exe	"Folder View enhances the Windows file Explorer by making all folders you need available in a single click"
U	FolderClone v..*	folderclone.exe	"Folderclone backup and synchronization software"
X	Font Viewer	fontviewer.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
N	fontnav	FontNav.exe	"Font Navigator from Bitstream Inc. - a font management utility"
X	FONTVIEW	FONTVIEW.EXE	"Added by the OPASERV.T WORM!"
X	foxwudy9912	service.exe	"Added by the BANCOS-BT TROJAN!"
N	Fpx	mnmsrvc.exe	Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
X	France	svchost.exe	"Added by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
N	Free DVD Direct	FreeDVDDirect.exe	"Free DVD Direct - provides a program to access a peer-to-peer (P2P) file-sharing network (see here)"
X	free-save	[path to risk]	"Freesave security risk that tracks and sends browser information and visited websites on the computer. Uninstall this software unless you put it there yourself"
U	FreeMemVn2	FreeMem.exe	"FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
X	FriendlyTypeName	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	FS6519	FS6519.dll.vbs	"Added by the SOLOW.B WORM!"
?	FSDPSRV	FSDPSRV.exe	"??"
X	FSH	svcnva.exe	Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.KA TROJAN!
U	fsserv	fserv.exe	"Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time"
X	fstsvc	"rundll32.exe fstsvc.dll	start"
U	FSWebServer	fsws.exe	"Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services"
?	FtpServer.exe	FtpServer.exe	"Part of the Sharpdesk from Sharp Electronics. ""A desktop-based
X	FU	FUvirus.exe	"Added by the VB-EJC TROJAN!"
X	Fucker	fucker.vbs	"Added by the CATCHER-A WORM!"
X	fukerservice	fukerz.exe	"Added by a variant of the RBOT WORM!"
N	FusionHdtvTray	FusionHdtvTray.exe	"FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
N	FusionTrayAgent	FusionHdtvTray.exe	"FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software"
X	fvek	fvek.exe	"Added by the DRIVOL-A TROJAN!"
Y	FveNotify	fveNotify.exe	"Windows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista
U	fwservice	fwservice	"eAcceleration Stop-Sign security software related. Previously not recommended
X	fzg	svhost32.exe	"Added by the DLOADER.BDK TROJAN!"
X	G0mez	G0mez.vbs	"Added by the GORMLEZ-A WORM!"
U	G6FTP Server Tray Monitor	G6FTPTray.exe	"System Tray monitoring tool for Gene6 FTP Server - ""an advanced FTP server software for Windows developed specifically for security and high performance requirements"""
?	GACService	GACService.exe	"Related to a Gemplus product. What does it do and is it required?"
N	Game Device	JOYUPDRV.EXE	Genius game controller profile activator
N	GameDrive	GDTask.exe	"GameDrive from FarStone - virtual CD/DVD drive emulator that allows you to run your PC games without the disc. Available via Start → Programs"
X	Games Acceleration	svshost.exe	"EasySearch adware"
X	Games Acceleration	svshost1.exe	"Added by the DLOADR-AWD TROJAN!"
X	gamma	svchost.exe	"Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The location of this file varies"
X	gaSrv	gaSrv.exe	"Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader"
X	gaSrve	gaSrve.exe	"Detected by Panda as the DOWNLOADER.ALQ TROJAN! Adware downloader"
X	gcasDtServ	gcasDtServ.exe	Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup
Y	gcasServ	gcasServ.exe	"Giant Antipsyware - now superseded by Microsoft's Windows Defender"
X	gcasServ	realsched.exe	"Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name"
N	GCS	GrabClipSave.exe	"GrabClipSave screen capture tool"
N	GDrive	GDriver.exe	Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager
N	Gearbox	confsvr.exe	"NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here"
X	Gekio Startups	gnksvc32.exe	"Added by the AGOBOT.AFJ WORM!"
X	General Antivirus	GenAvir.exe	"General Antivirus rogue security software - not recommended
X	Generic host proccess for windows	SVCHOSTS.EXE	"Added by the SPYBOT-GQ WORM!"
X	Generic Host Process	svchost.exe	"Added by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Generic Host Process	camacttiv.exe	"Detected by AVG as the CIADOOR.13 TROJAN!"
X	Generic Host Process for Win Services	mscvs.exe	"Added by a variant of the SDBOT WORM!"
X	Generic Host Process for Win32 Service	svlhost.exe	"Added by the WOOTBOT.EX WORM!"
X	Generic Host Process for Win32 Service	rpchost.exe	"Added by the IRCBOT.DCN WORM!"
X	Generic Host Process for Win32 Services	ntspcv.exe	"Added by the SDBOT.S TROJAN!"
X	Generic Host Process for Win32 Services	intspvc.exe	"Added by the DINFOR.D WORM!"
X	Generic Host Process for Win32 Services	winsvc.exe	"Added by the SDBOT-O WORM!"
X	Generic Host Process for Win32 Services	bazzi.exe	"Added by the AHKER.E WORM!"
X	Generic Host Process for Win32 Services	winsvc32.exe	"Added by the SDBOT-P WORM!"
X	Generic Host Process for Win32 Services	lspsvc.exe	"Added by the MUMU.C WORM!"
X	Generic Host Process for Win32 Services	SPSVC.EXE	"Added by the SDBOT.DA WORM!"
X	Generic Host Process for Win32 Services	svchost32.exe	"Added by the AGOBOT.ALH WORM!"
X	Generic Host Process for Win32 Services	sv�h�st.exe	"Added by the DLOADER.AK TROJAN!"
X	Generic Host Process for Win32 Services	winlogon.exe	"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	Generic Host Process For Win32 Services	mtsc32.exe	"Added by the VB-CPL TROJAN!"
X	Generic Host Process for WinXP Services	mshelp.exe	"Added by the AGENT-GQP TROJAN!"
X	Generic Host Process2 System Backup	scvhost2.exe	"Added by the RBOT-BAH WORM!"
X	Generic Host Process326a System Backup	scvhost326a.exe	"Added by a variant of the SDBOT WORM!"
X	Generic Host Service	lshost.exe	"Added by the RBOT.LU WORM!"
X	Generic Service Process	regsvc32.exe	"Added by the GAOBOT.UJ or GAOBOT.UL WORMS!"
X	Generic Service Process	serv1ces.exe	"Added by the AGOBOT-JK WORM!"
X	Generic Service Process	nvsvc.exe	"Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System%"
X	Generic Service Process	srvhost.exe	"Added by the AGOBOT-FX WORM!"
X	Generic Service Process	regsvr32.exe	"Added by the AGOBOT-AGD WORM!"
X	Generic Service Process	SRCHOST.EXE	"Added by the AGOBOT-DG WORM!"
X	Generic Services Process	regsvc32.exe	"Added by the GAOBOT.SY WORM!"
X	Genius Mose Driver	svghost.exe	"Added by a variant of the SPYBOT WORM! See here"
X	genserv path	sdqdqg.exe	"Added by the SDBOT-RF WORM!"
X	Geography TX 1.0 NT	CompuSpeed.vbs	"Added by the NEWLEY-A WORM!"
X	Gerenciamento de arquivos do Windows	Winmod32.exe	"Added by the DLOADER-WG TROJAN!"
X	Gestionnaire de disques universel	sysoobe.exe	"Added by the TOADER-A TROJAN!"
X	Get-Torrent Service	wakeservice.exe	Get-Torrent bittorrent client - Installs LOP adware
U	Getting started with MacDrive	MDGetStarted.exe	"MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
X	Ghost Antivirus	GhostAV.exe	"Ghost Antivirus rogue security software - not recommended
N	GhostStartService	GhostStartService.exe	"Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard"
X	glv	glv.exe	"Added by the DLOADER-NG TROJAN!"
X	Gmsvc32	gmsvc32.exe	"Added by the AGOBOT.ABN WORM!"
X	GNP Generic Host Process	svchost.exe	"Added by the ZAPCHAS-F BACKDOOR! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
X	go	cvir.exe	"Added by the SILOV-A WORM!"
X	Go And Start	svdll32.exe	"Added by the RBOT.AI BACKDOOR!"
U	GoBack Polling Service	GBPoll.exe	"Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
U	Goldensoft_MndlSvr	MndlSvr.exe	"Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive
X	Golum	services.exe	"Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process
X	golumm	services.exe	"Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""golumm"" subfolder"
X	good	badvir.exe	"Added by the SILOV-B WORM!"
N	Google Earth Viewer	GOOGLEMAPS.EXE	"Google Earth ""combines satellite imagery
X	Google service	Googlesetup.exe	"Added by the IRCBOT-RJ WORM!"
X	Google Service FR	GO0GLEFREE.EXE	"Added by a variant of the SPYBOT WORM!"
U	GoToMyPC	g2svc.exe	"ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser"
X	govurarope	"Rundll32.exe retasevo.dll	s"
X	GPLv3	[random name].dll	"Vundo adware"
X	Graphic Driver	smss32.exe	"Added by a variant of the RBOT WORM!"
X	Graphic Loader	ntvdm32.exe	"Added by a variant of the RBOT WORM!"
X	Graphics adapter service	windll.exe	"Added by the ATNAS.A WORM!"
U	Gravis Appawareloader	dbserver.exe	"Looks like it's associated with Gravis game controllers and the Keyset Manager
U	Gravis Xperience Driver Support	Grxp4exe.exe	"Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used"
X	gremier	wscript.exe gpremier.vbs	"Added by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""gpremier.vbs"" file is located in %System%"
X	grgtgvgb.exe	[random].exe	"Added by the AGENT-EBF TROJAN!"
Y	Groove Virtual Office	Groove.exe	"""Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings
U	GrooveMonitor	GrooveMonitor.exe	"Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. ""A collaboration software program that helps teams work together dynamically and effectively
U	GrooveMonitor Utility	GrooveMonitor.exe	"Part of MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. ""A collaboration software program that helps teams work together dynamically and effectively
N	GrpConv	grpconv.exe	"Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article"
X	gshp	zzgshp.vbs	Homepage hi-jacker
?	GSISETUP	[path] GsiInst.exe INSTALL [path] V205Res 13	"BT Voyager ADSL modem related - what does it do and is it required?"
X	gsv	gsv.exe	Added by the ROBAL 1.0 backdoor TROJAN!
X	GT15J4R49V	cpuserv.exe	Identified as a variant of the Trojan.Win32.Radi.gu malware
U	GTVEpg	GTVEpg.exe	"Part of Got All Media - control your TV tuner and other utilities from your PC"
U	GTVRec	GTVRec.exe	"Part of Got All Media - control your TV tuner and other utilities from your PC"
X	Guard Pro	VH339.exe	"Guard Pro rogue security software - not recommended
X	GustavVED	[filename].exe	"Added by the OPASERV.H WORM!"
X	gvagfxj	rundll32 ...gvagfxj.dll	"Unidentified adware
X	G_Server.exe	G_Server.exe	"Added by the FEUTEL-C TROJAN!"
X	G_Server1.2.exe	G_Server1.2.exe	"Added by the GRAYBIRD-Z TROJAN!"
X	h4te Service Drivers	h4te.exe	"Added by a variant of the RBOT WORM!"
X	hagent	avp.exe	"Added by the ""Herman Agent"" remote access TROJAN!"
X	Hard drive Controller	hdcontroller.exe	"Added by the KIMAN.B WORM!"
X	HardDriveGuard	SysRep.exe	"HardDriveGuard rogue system error and cleaning utility - not recommended
X	Hardware Monitor Service	mshms.exe	"Added by the WOLLF-A TROJAN!"
U	HawkEye IV Control Panel	HAWK_32.EXE	"Control Panel application for the old Number Nine graphics cards to change resolution
N	HD Audio Control Panel	RtHDVCpl.exe	"Realtek HD Audio Manager
X	HDAudio Driver 1.0	[random filename].exe	"Added by the TEADOOR-D TROJAN!"
X	HDAudio Driver 2.0	[random filename].exe	"Added by the TEADOOR-E TROJAN!"
X	hdlfoe df98ndf	svchots.exe	"Added by a variant of the RBOT WORM!"
X	HDriveSweeper	HDriveSweeper.exe	"HDriveSweeper rogue privacy program - not recommended
X	Hekio Startups	Hnksvc32.exe	"Added by the AGOBOT-QE WORM!"
X	hellfire	svchost.exe	"Added by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	helloserv	helloserv.exe	"Added by the ZHELATI.BHA WORM!"
?	HerculesCamService	CamService.exe	"Related to the Hercules Dualpix HD Webcam. What does it do and is it required?"
X	hfdtubvnx	keepSafe.exe	"Added by the KILLAV.KAX TROJAN!"
Y	hffsrv	hffsrv.exe	"Hide Files & Folders - ""great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders
Y	hffsrv.exe	hffsrv.exe	"Hide Files & Folders - ""great easy-to-use password-protected security utility working at Windows kernel level you can use to password-protect certain files and folders
U	Hide and Protect any Drives for Win95/98/Me/2k/XP	HPDAgent.exe	"Loads Hide and Protect any Drives - which allows you to ""Protect Hard drive
X	HideRun.exe	Hiderun.exe and svhost.exe and pro.gif	"Added by the BOOHOO WORM!"
U	hidserv	hidserv.exe	"This is the Human Interface Device Server for Win98SE/2000/Me/XP
X	HijSrv32	hijsrv.exe	"Added by the BANKGERM-D TROJAN!"
X	HIV	HIV.exe	"Added by the HIVA TROJAN!"
X	HKCU	server.exe	"Added by the AGENT-NLT TROJAN!"
X	HKLM	server.exe	"Added by the AGENT-NLT TROJAN!"
X	HKLM\Run	svhost.exe	"Added by the FORBOT-AO BACKDOOR (where HKLM\\Run represents HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run)!"
U	hkserv	HKserv.exe	Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS
X	HMI PowerSystem	hmisvc32.exe	"Added by the RANDEX.CZZ WORM!"
X	HML PowerSource	hmlsvc32.exe	"Added by the SDBOT-XL WORM!"
X	HMV PowerSource	hmusvc32.exe	"Added by the SDBOT-YW WORM!"
X	HOI Services	holsvc32.exe	"Added by the AGOBOT-SF WORM!"
X	Hollaback	slvhosts.exe	"Added by the SDBOT.BMO WORM!"
X	Home Antivirus 2010	HomeAntivirus2010.exe	"Home Antivirus 2010 rogue security software - not recommended
N	Home Theater SchSvr	SchSvr.exe	"WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
X	HomeAntivirus 2009	HomeAntivirus2009.exe	"HomeAntivirus 2009 rogue security software - not recommended
X	HomeAV	homeav.exe	"Home Personal Antivirus rogue security software - not recommended
X	Host Process	svchost.exe	"Added by the IRCBOT.AGF BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the Fonts directory"
X	Hostname Manager Server	host32srv.exe	"Added by a variant of the RBOT WORM!"
X	hostserv	hostserv.exe	"Added by the RBOT.BPZ WORM!"
X	hostserv	wiz98.exe	"Added by a variant of the SDBOT WORM!"
X	HostSrv	sachostx.exe	"Added by the LOOKSKY.H WORM! Drops multiple files in %System%"
X	HostSrv	sachostx.exe	"Added by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS!"
X	HostSrv	sachostx.exe...	"Added by the LOOKSKY.E WORM!"
X	HostSVC syse	HostSVC.exe	"Added by the RBOT-ANZ WORM!"
X	Hot 8.0 Live	hot.exe	"Added by the BANKER.EIE TROJAN!"
X	HOT FIX	View.exe	"Added by the WOOTBOT.BN WORM!"
X	Hot Inside	Hottest Story Ever.exe	"Added by the BHARAT.A WORM!"
X	hotdlll	vmmreg32.exe	"BANKER.DX spyware"
X	Hotfix Updat	svdhost32.exe	"Added by the GAOBOT.ZW WORM!"
X	hotwetlove	hotwetlove.exe	Adult content dialler. Will not uninstall - components have to be manually deleted
U	HoverDesk	HoverDesk.exe	"HoverDesk - desktop replacement software"
N	HP CD-DVD	hpcdtray.exe	System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
N	HP JetDiscovery	HPJETDSC.EXE	HP JetAdmin software which monitors printing jobs on a network environment
?	HP Port Resolver	hpbpro.exe	"??"
X	HP Service Drivers	hdsys.exe	"Added by the SDBOT-ZE WORM!"
?	hp Silent Service	HpSrvUI.exe	"HP related"
?	HP Status Server	hpboid.exe	"Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?"
U	HP TV Now	HpTvNow.exe	Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
?	HP Visualize Init	HpVisIni.exe	"HP Visualize software related. What does it do and is it required?"
U	HPADVISOR	HPAdvisor.exe	HP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCs
N	hpaiodevice	hpodev07.exe	"Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled
?	HPAiODevice(hp officejet g series)	hpoavn07.exe	"HP Printer related
N	HPAiODevice(hp psc 900 series) -1	hpobrt07.exe	"Installed with a Hewlett Packard 900 series colour printer
U	HPGamesActiveMenu	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
X	HPl Services	hmlsvc32.exe	"Added by the AGOBOT-SI WORM and variants!"
U	HPLaptopGamesActiveMenu	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
U	HPMVTray	HPMVTray.exe	"HP Media Vault Networked Storage Device - System Tray management utility"
X	HpPrinter	hpserver.exe	"Added by the CMJSPY-W TROJAN!"
U	HPPWRSAV	HPPWRSAV.EXE	"Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com
U	HPSCANMonitor	hpsjvxd.exe	HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner
U	hpsysdrv	hpsysdrv.exe	"This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP
N	HPU	ProvenTactics.exe	"Proven Internet Marketing software"
X	HQI Services	hqisvc32.exe	"Added by the AGOBOT-RO WORM!"
X	HQI Services	hqlsvc32.exe	"Added by the AGOBOT-RP WORM!"
U	HREF.OCX	regsvr32.exe ....HREF.OCX	"HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller"
X	Hrn_qtv	hrnsvc32.exe	"Added by the SDBOT-AET WORM!"
X	Hservice	msservice.exe	"Added by the AUTORUN-KL WORM!"
X	HtProtect	AVprotect.exe	"Added by the NETSKY.L WORM!"
X	htssv32.exe	htssv32.exe	"Added by a variant of the SDBOT TROJAN!"
X	HTTP Tunneling Server	mstunnel.exe	"Added by the RBOT.EDL WORM!"
X	http://www.lienvandekelder.be	LienVandeKelder.exe	"Added by the MYTOB-AZ WORM!"
X	http://www.lienvandekelder.be	Lien Van de Kelder.exe	"Added by the MYTOB-AP WORM and variants!"
X	http://www.lienvandekelder.be	Lien Vande Kelder.exe	"Added by the MYTOB-AQ WORM!"
X	http://www.lienvandekelder.be	Lien vd Kelder.exe	"Added by the MYTOB-M WORM!"
X	http://www.lienvandekelder.be	Lien.exe	"Added by the MYTOB-CZ WORM!"
X	http://www.lienvandekelder.be	Lientjeuh.exe	"Added by the MYTOB-P WORM!"
X	http://www.lienvandekelder.be	LienVdK.exe	"Added by the MYTOB-U WORM!"
X	http://www.lienvandekelder.be	Van de Kelder Lien.exe	"Added by the MYTOB-BF WORM!"
X	http://www.lienvandekelder.be	We Love Lien Van de Kelder.exe	"Added by the MYTOB-CV WORM!"
X	http://www.lienvandekelder.com	Lien Van de Kelder.exe	"Added by the MYTOB-EQ WORM!"
X	http://www.lienvandekelder.com/	LienVandeKelder.exe	"Added by the MYTOB-EO WORM!"
X	huigezi	HgzServer.exe	"Added by the GRAYBIRD.C TROJAN!"
X	huigezi	SP00LSV.EXE	"Added by the GRAYBIRD.J BACKDOOR! Note the digit ""0"" in the command"
X	Hvewsveqmg	ANACON.EXE	"Added by the NACO.A WORM!"
X	Hvid	Hvid.exe	"Added by the GEMA TROJAN!"
U	HydarVisionDesktopManager	desk95.exe	"ATI's HydraVision desktop management software
U	HydraVisionDesktopManager	desk98.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
U	HydraVisionDesktopManager	HydraDM.exe	"Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is the HYDRAVISION Desktop Manager - which ""customizes the behaviour of windows and dialog boxes
U	HydraVisionViewport	viewport.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
U	HydraVisionViewPort	HydraMD.exe	"Part of HYDRAVISION - ATI's software for managing mutliple displays and virtual desktops. This is HYDRAVISION MultiDesk - which ""creates
X	I am not Ranky. I am eTunnel!	msyervice.exe	Added by an unidentified WORM or TROJAN!
X	I just want to say I love Milko and I need a drink	svchost.exe	"Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\Administrator\Local Settings\Application Data"
X	I/O Controllers	svcnet.exe	"Added by the TIBIK-B TROJAN!"
?	IaNvSrv	IaNvSrv.exe	"Related to the option ROM part of the Intel® Matrix Storage Manager. Located in %ProgramFiles%\Intel\Intel Matrix Storage Manager\OROM\aNvSrv. What does it do and is it required?"
X	IBM Keyboard Driver	ikeybdrv.exe	"Added by the SDBOT.IC TROJAN!"
U	Ibmpmsvc	ibmpmsvc.exe	"Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn
X	icasServ	icasServ.exe	"Browser hijacker
N	Iconsaver	Iconsaver.exe	"IconSaver is a desktop icon manager"
X	ICQ	ICQNET.vbs	"Added by the GORMLEZ-A WORM!"
X	ICQ Chat Service	icqjdhs.exe	"Added by a variant of the RBOT WORM!"
X	icq lite	scvhost.exe	"Added by the AGENT-DSF TROJAN!"
N	ICQ Plus	vplus.exe	"ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs"
X	icrosof Avps32 Control	av32.pif	"Added by the RBOT-AVC WORM!"
X	icrosoft Visual	plscx.exe	"Added by the RBOT-AYO WORM!"
X	icrosoft Visual InterDevc	zvslmqb.exe	"Added by the RBOT-AYP WORM!"
X	icrosoft Windows DLL Services Configuration	poker3.exe	"Added by the SDBOT-AER WORM!"
X	icrosoftf Avpx Control	avpx.exe	"Added by the RBOT-AYN WORM!"
N	ICServer	Icserver.exe	Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
X	ICU-Sucker	Service32.exe	"Added by the ILLNOTIFIER.D TROJAN!"
N	IC_KEY_3	spvic.exe	"Instant Chess related"
U	IDriveE Startup	IDrvieEStartup.exe	"IDrive from Pro Softnet Corporation - free full featured online backup up to 2GB with the option of paying for more storage space and managing multiple accounts"
X	IE Java Update	iejava.exe	"Added by the AGENT-HD TROJAN!"
X	IECheck	mssvp.exe	"Added by the TIRBOT-G WORM!"
X	IEDriver	IEDriver.exe	"IEDriver adware. Can be installed as part of peer-to-peer file sharing software called URLBlaze"
X	IEDriver	xplore.exe	"IeDriver adware variant"
X	IEDriver	TD.exe	"IeDriver adware variant"
X	ieharv.exe	ieharv.exe	"Added by the BANKER-HH TROJAN!"
U	IEServer	IEServer.exe	"HB Screen Spy surveillance software. Uninstall this software unless you put it there yourself"
X	IEService.exe	IEService.exe	"FastFind adware variant"
X	IEWinserv	winserv.exe	"Added by the BANKER-MY TROJAN!"
X	IExploer	svshosts.exe	"Added by the IRCBOT.BT TROJAN!"
X	Iexplore Services	iexplore.exe	"Added by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup!"
X	IExplorer32 Java Scripting	IExplore32b.exe	"Added by the RBOT.ABO WORM!"
X	IExplorer32c Java Scripting	IExplore32cb.exe	"Added by the RBOT.ABN WORM!"
X	IExplorer6 Java Scripting	IExplore326.exe	"Added by a variant of the SDBOT WORM!"
X	IExplorer7 Java Scripting	IExplore327.exe	"Added by a variant of the SDBOT WORM!"
X	IExplorerService	WinSock.exe	"Added by the AGENT.KIU TROJAN!"
X	ifperx	xmliwvug.exe	"Added by the SLAPER.U TROJAN!"
X	igfxtras	svchots.exe	"Added by the AUTORUN-AIW WORM!"
?	Iglpbv	Iglpbv.exe	"??"
X	iisvers	iisvers.exe	Added by an unidentified TROJAN or adware
X	iiuyvyu	uzcx.exe	"Added by the AGENT-EOF TROJAN!"
Y	IJ75P2PSERVER	IJ75P2PS.EXE	Printer utility which is required in order to make the printer work correctly
Y	IKE Service 95	IKEService.exe	"Associated with PGP. The PGP Tray can be disabled
X	Image Remote Players	sysvn.exe	"Added by a variant of the IRCBOT BACKDOOR!"
U	ImageDrive-{hex numbers}	ImageDrive.exe	"Nero ImageDrive from Ahead - virtual CD/DVD drive software"
X	IMClass	Svhosl.exe	Added by an unidentified WORM or TROJAN!
X	imcssl	xmliwvug.exe	"Added by the SLAPER.U TROJAN!"
X	IMEvtMgr.exe	IMEvtMgr.exe	"Added by the KEYLOG-AR TROJAN!"
X	IMprocess	IM-svr.EXE	"IMNames adware"
U	IMVU	IMVUClient.exe	"IMVU chat client that allows you to create ""your own avatars who chat in animated 3D scenes"""
X	imwinsrvc	acpmonsrv.exe	"Added by the SLAPER.E TROJAN!"
X	imxecs	vbrun70sp4.exe	"Added by the AGOBOT.ALA WORM!"
X	Incredible Keylogger	AdvKeylog.exe	"IncredibleKeylogger spyware"
X	Index Service	dllhost32.exe	"Added by the AGOBOT.CH WORM!"
U	IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}	NMIndexStoreSvr.exe	"Indexing service that catalogs all the media on your computer so that the files are available to all of the programs in the Nero suite of applications"
X	ine	svchosts.exe	"Added by the RBOT.BNL WORM!"
X	Inet Delivery	inetdl.exe	"Inet Delivery adware"
X	Inet Delivery	inetdl_2.exe	"Inet Delivery adware"
X	InetChk	ms[random value].exe	"Added by the AGENT-IRL TROJAN!"
X	InetServices	wsock32.exe	"Added by the WOCK32-A TROJAN!"
X	InfeStop	InfeStopRemover.exe	"InfeStop rogue spyware remover - not recommended
X	iNotice	iservice.exe	Added by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos
X	InstallProvider	newsoftware2007install.exe	"Part of WinAntiVirusPro 2007 and Privacy Protector rogue security software (and possibly others) - not recommended"
X	Instant Access	"rundll32.exe EGCOMSERVICE_****.dll	InstantAccess [**** = digits]"
X	Instant Access	mwsrvacc.exe	"InstantAccess premium rate adult content dialer"
X	Instant Access	linewsrv.exe	"InstantAccess premium rate adult content dialer variant"
X	Instant Messenger Service	imservice.exe	"Detected by Kaspersky as the HEUR TROJAN!"
U	InstantDrive	InstantDrive.exe	"Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software"
X	Intec Service Drivers	msmsgrs.exe	"Added by the SDBOT-ADN WORM!"
X	Intec Service Drivers	[path to worm]	"Added by the RBOT-GLU WORM!"
X	Intec Service Drivers	wing32.exe	"Added by the RBOT.HAZ WORM!"
X	Intec Service Drivers	msmsgredss.exe	"Added by the SDBOT-AGL WORM!"
X	Intec Services Driverrs	winrvc.exe	"Added by a variant of the SDBOT WORM!"
X	Intec Services Drivers	msupdate22e.exe	"Added by the RBOT-CGC WORM!"
U	Intel Active Monitor	imontray.exe	"System tray monitoring of fans
X	Intel Audio Studio V2.0	fmideploy.exe	Detected by VBA32 as the BIFROSE.ADR TROJAN!
X	Intel Driver	csrs.exe	"Added by a variant of the SDBOT WORM!"
X	Intel Management Services v32	mstime32.exe	"Added by the AUTORUN-AYG WORM!"
X	Intel Service Drivers	msconfig16.exe	"Added by the MSCONFIG16 TROJAN!"
X	Intel system tool	svehost.exe	"Added by the AGENT-EBT TROJAN!"
X	Intelli Mouse Pro Version 2.0B	ncsjapi32.exe	"Added by the BUZUS-O WORM!"
X	Intelprc	Aas3lovu.exe	"Added by the SILLYFDC-CG WORM!"
U	IntelZeroConfig	ZCfgSvc.exe	"Zero Config MFC Application
?	Intense Registry Service	IntEdReg.exe /CHECK	"Intense Educational Ltd - Language Office Software. Is it required?"
X	Internat	msgsrv32.exe	"Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
X	Internet Antivirus	IAvir.exe	"Internet Antivirus rogue security software - not recommended
X	Internet Antivirus Pro	IAPro.exe	"Internet Antivirus Pro rogue security software - not recommended
X	Internet Application Driver	expIorer.exe	"Added by the IRCBOT-WK TROJAN!"
X	Internet Config	svchosts.exe	"Added by the SDBOT TROJAN!"
X	Internet Connection Wizard	stisvsq.exe	"EasySearch adware"
X	Internet Connection Wizard	stisvsq1.exe	"Added by the DLOADR-AWD TROJAN!"
X	Internet download manager service	idman.exe	"Added by the RBOT-BMS WORM!"
X	Internet Exploere Services	urlmon32.dll.exe	"Added by the EVIAN.C WORM!"
X	Internet Explorer Auto-Update	updt32v5.exe	"Added by the SPYBOT-AB BACKDOOR!"
X	Internet Mail and News	msqdevl.exe	"EasySearch adware"
X	Internet Mail and News	msqdevl1.exe	"Added by the DLOADR-AWD TROJAN!"
X	Internet Security Service	msq32.exe	"Added by the RBOT-GFP WORM!"
X	Internet Security Service	msq23.exe	"Added by the RBOT-GQL WORM!"
X	Internet Security Service	msql23.exe	"Added by the RBOT-GML WORM!"
X	Internet Security Service	mysqlwin32.exe	"Added by the RBOT.UX TROJAN!"
X	Internet Security Service	expllorer.exe	"Added by the REFROSO.AFF TROJAN!"
X	Internet Server	inetsrv.exe	"Added by the STARTPA-EM TROJAN!"
X	Internet Service	intersvc.exe	"Added by the SPYBOT-DE WORM!"
X	internet service	syscfg32.exe	"Added by the RBOT-QS WORM!"
X	internet service	ssvhost.exe	"Added by a variant of the RBOT WORM!"
X	internet service	svho0st98.exe	"Added by the RBOT.EAT WORM!"
X	Internet Services	systemdev.exe	"Added by the SDBOT-PW WORM!"
X	Internet Services	internet.exe	"Added by the MYTOB.BT WORM!"
X	Internet Services	interserv.exe	"Added by the RBOT.BNT WORM!"
X	Internet Services	Netsvc.exe	"Added by the MYTOB.MN WORM!"
X	INTERNET SERVISES	winz32.exe	"Added by the KWBOT.Z WORM!"
Y	Internet Sharing Server	iss_srvr.exe	"Intel AnyPoint internet sharing software. Now discontinued"
X	internet.exe	yinyin3345.vbs	"Added by the YINI MACRO!"
X	INTERNET_SERVISES	winz32.exe	"Added by the SDBOT.Q TROJAN!"
X	InterU	WINDRV.EXE	"Added by the IRCINTER.A TROJAN!"
N	Intervideo Win Cinema Manager	WinCinemaMgr.exe	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo Win Cinema Manager	WINCIN~1.EXE	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo WinCinema Manager	WinCinemaMgr.exe	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo WinCinema Manager	WINCIN~1.EXE	"WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs"
N	Intervideo WinScheduler	WinScheduler.exe	"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
N	Intervideo WinScheduler	SchSvr.exe	"WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
N	InterVoip	InterVoip.exe	"InterVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
U	Inventory Scan	LDISCN32.EXE	"LANDesk® Management Suite software component"
Y	iolo AntiVirus	ioloAV.exe	"iolo AntiVirus"
U	Iomega Drive Icons	IMGICON.EXE	"Displays Iomega icons in Explorer/My Computer
X	IP Packet Redirect Service	ipredirect.exe	"Added by the FORBOT.SM WORM!"
X	IPConfig	svcxnv32.exe	"Added by the HACARMY.E TROJAN!"
X	IPConfig	svcxnw32.exe	"Added by a variant of the HACARMY.E TROJAN!"
X	Ipnuker	Ipnuker.vbs	"Added by the INKER.B WORM!"
X	iPOD USB Driver	IPODUSB.EXE	"Added by a variant of the RBOT WORM!"
X	iPod USB Service	iPODService.exe	"Added by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service
X	IPOT Service Drivers	compaq.exe	"Added by a variant of the FUROOTKIT TROJAN!"
X	IPOT USB Service DRIVER	hpsebc087.exe	"Added by the SDBOT-WA WORM!"
X	IPOT USB Service DRV32	hpsebc08.exe	"Added by the SDBOT-WH WORM!"
X	IPv6 Helper Driver	csass.exe	"Added by the AGOBOT.TC WORM!"
X	IPv6 STUN Service	netstun.exe	"Added by a variant of the SDBOT WORM!"
U	Ir41_32.ax	regsvr32.exe Ir41_32.ax	"Intel® Indeo® video 4.4 Decompression Filter related. The ""Ir41_32.ax"" file is located in %System%"
N	iRis Active Monitor	winmon32.exe	"Iris Antivirus - discontinued
N	iRiS AntiVirus Active Monitor	WIMMUN32.exe	"Iris Antivirus - discontinued
U	iRiver AutoDB	MLService.exe	"Associated with the iRiver Music Manager"
N	iRiver Updater	Updater.exe	"Updates for the iRiver Music Manager - used with their digital music players"
X	iSafeAV	iSafeAV.exe	"iSafe AntiVirus rogue security software - not recommended
X	ISPSERVICE	psycho.exe	"Added by the IRCFLOOD-O TROJAN!"
X	ISPSERVICE	wintmp.exe	"Added by the IRCBOT.GP BACKDOOR!"
X	Israfel	Israfel.vbs	"Added by the GAGGLE.D or GAGGLE.E WORMS!"
X	issEnc32Svr	issEnc32.exe	"Added by a variant of the RBOT WORM!"
N	ISSI EZUpdate Service	issimsvc.exe	Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
Y	ISSVC	ISSVC.exe	Part of Norton Internet Security Suite
X	IST Service	istsvc.exe	"ISTBar adware"
X	ist service uninstall	[random filename]	"ISTBar adware related"
X	iv	iv.exe	"Part of the Internet Antivirus and Internet Antivirus Pro rogue security software - not recommended
X	ivHost	taskManager.exe	"Added by a variant of the SPYBOT WORM! See here"
X	ivHost	[6 random letters].exe	"Added by a variant of the SPYBOT WORM! See examples here and here"
N	IVPServiceMgr	ivpsvmgr.exe	"Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as
X	ivy.exe	ivy.exe	"Added by the AGENT-ENZ TROJAN!"
X	iyelejiv	yujixit.exe	"Added by the SDBOT.BJK WORM!"
X	JA Cfg Util v2	jacfg2.exe	"Added by the RBOT-AL WORM!"
X	java	remote.cmd	"Added by the BANKER-EHG TROJAN!"
X	java	system.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Java (VM) v6.9	jav.bat	"Added by the AGENT-GZK TROJAN!"
X	Java applet	javaup.exe	"Added by the SDBOT-ACF WORM!"
X	Java Application	vssmf32.exe	"Added by the SPIGOT BACKDOOR!"
X	Java Auto Update	ujm.exe	"Added by the SDBOT-ADH WORM!"
X	Java Runtime Environment	jbuild.exe	"Added by the DELBOT-J WORM!"
X	Java Runtime Value	runjava.exe	"Added by the RBOT-DDJ WORM!"
X	Java Runtimes	iexplore.exe	"Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This file is located in a %Windir%\Java\Java folder"
X	Java Softe	Java32.com	"Added by the RBOT.ECN WORM!"
X	Java update	javaqs.exe	"Added by the SWARLEY.A WORM!"
X	Java Update	keeper.exe	"Added by the AGENT-DIS TROJAN!"
X	Java Update	svchost.exe.exe	"Added by the AGENT-LBS TROJAN!"
X	Java Update	hostwww.exe.exe	"Added by the AGENT-MFH TROJAN!"
X	Java Virtual Machine	javaw.exe	"Added by a variant of the RBOT WORM!"
X	Java VM v6.9.2	jav.bat	"Added by the DWNLDR-HLM TROJAN!"
X	Java VM v6.91	jav.bat	"Added by the DWNLDR-HLL TROJAN!"
N	Java(TM) Platform SE 6	jusched.exe	"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
N	Java(TM) Platform SE 6 U*	jusched.exe	"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now. U* represents the update version
N	Java(TM) Platform SE Auto Updater 2 0	jusched.exe	"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
X	Java*.exe [ = random char]	Java*.exe [ = random char]	"CoolWebSearch/HomeSearch adware - for examples
X	Java*32.exe [ = random char]	Java*32.exe [ = random char]	"CoolWebSearch/HomeSearch adware - for examples
X	java-plugin	javasctp.exe	"Added by the VB.AMX TROJAN!"
X	Java32 Configuration Loader	msnmesgr.exe	"Added by a variant of the RBOT WORM!"
X	JavaCore	JavaCore.exe	"Added by the MATCASH TROJAN!"
X	Javascript	jscript.exe	"Added by the DELBOT-AD WORM!"
X	JavaScript Debugging Service	JsDbgMan.exe	"Added by the DERDERO.E WORM!"
X	JavaScriptMsxrs	Msxrs.exe	"Added by the VB.BL WORM!"
X	JavaTray	traymgr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	JavaUpdate0.07	[filename]	"Added by the JUPDATE TROJAN!"
X	JavaUpdateSched	jusched32.exe	"Added by the BCKDR-CKB BACKDOOR!"
X	JavaVM	java.exe	"Added by the MYDOOM.M WORM and variants! Note - not to be confused with the valid Windows ""java.exe"" which is located in %System% as this is located in %Windir%"
X	javawsa.exe	javawsa.exe	"Added by the BANK-Y TROJAN!"
Y	JetAdmin Discovery Indicator	HPJETDSC.EXE	"HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry
X	jiahus	svchqs.exe	"Added by the WOWPWS-AL TROJAN!"
X	jmudkve.dll	"rundll32.exe jmudkve.dll	mzrwkwf"
U	Job-oversigt	taskmon.exe	"Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users
U	Jog Serve	JogServ2.exe	"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
U	JogServ2	JogServ2.exe	"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
X	johkjh	srvd.exe	"Added by a variant of the SLAPER TROJAN!"
X	john315	srrvc.exe	"Added by a variant of the MAILBOT-BI TROJAN!"
X	johnj315	srvc.exe	"Added by a variant of the MAILBOT-BI TROJAN!"
X	johnj3155	srvcc.exe	"Added by a variant of the MAILBOT-BI TROJAN!"
X	johnj3cd	srvdc.exe	"Added by a variant of the SLAPER TROJAN!"
X	Jufualt	svhost.exe	"Added by the SDBOT-ADJ WORM!"
X	Jufualt	java2.exe	"Added by the SDBOT.AOE WORM!"
X	jusodl	severe.exe	"Added by the QQPASS.48436 TROJAN!"
N	JustVoip	JustVoip.exe	"JustVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
U	jv16 PT TempFileTool	TempTool.exe	"jv16 PowerTools File Cleaner - ""allows you to find obsolete and left-over temporary files"""
U	jv16PT - Privacy Protector	Task.jvb	"jv16 PowerTools Privacy Protector - ""allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer
U	Jv16pt Network Resident	jv16pt_network.exe	"jv16 PowerTools network resident program. Only needed if you are using the program's network features"
X	JvcHost	jvcsvc32.exe	"Added by the AGOBOT-AIU WORM!"
X	jvdnlssn	fljzsshc.exe	Flingstone.com adware - and its Golden Palace Casino program
X	JVM0	JVM0.exe	"Added by the BANLOA-AX TROJAN!"
X	JVM0.12	[random filename]	"Added by the TEADOOR-A TROJAN!"
X	JVM0.14	[random filename]	"Added by the TEADOOR-B TROJAN!"
X	jvms.exe	jvms.exe	"Added by the ORCU.B TROJAN!"
X	jzvfvsqpc	jzvfvsqpc.exe	"Added by the AGENT-GWP BACKDOOR!"
X	kaa	SVCHHS.exe	"Added by the AGENT-JKP TROJAN!"
X	kalvsys	kalv***.exe [ = random char]	"EliteBar adware"
X	kalvsys	kalv**32.exe [ = random char]	"EliteBar adware"
X	kamsoft	ckvo.exe	"Added by the GAMANIA-BW TROJAN!"
X	Kasper Antivirus	KASPERANTIVIRUS.EXE	"Added by a variant of the SPYBOT WORM!"
Y	Kaspersky Anti-Hacker	KAVPF.exe	"Kaspersky Anti-Hacker personal firewall - no longer available"
Y	Kaspersky Anti-Virus Monitor	AvpM.exe	"Kaspersky Anti-Virus Lite - no longer available"
X	Kaspersky Antivirus	KasperskyAV.exe	"Added by a variant of the RBOT WORM!"
X	Kaspersky Email Security	javaupd.exe	"Added by the SWARLEY.A WORM!"
X	KasperskyAv	kaspersky.exe	"Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky anti-virus"
X	KasperskyAVEng	Kasperskyaveng.exe	"Added by the NETSKY.V WORM!"
X	KAT	KAT.vbs	"Added by the SOAD-D WORM!"
Y	kav	avp.exe	"Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory"
X	kava	kavo.exe	"Added by the LINEAG-GLG TROJAN!"
X	KAVFOX	win1ogoin.exe	"Added by the GWGHOST-M TROJAN!"
X	kavir	kavir.exe	"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
X	KAVPersonal	svchost.exe	"Added by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
Y	KAVPersonal50	Kav.exe	"Kaspersky Anti-Virus Personal 5.0"
X	KAVPersonal90	wscntfy.exe	"Added by the BANKER-FZ TROJAN!"
Y	KavPFW	KavPFW.exe	"KingSoft Personal Firewall"
X	KavRuns	Windll.exe	"Added by the TRYNOMA TROJAN!"
Y	KavStart	KAVStart.exe	"KingSoft Personal Firewall"
Y	kavsvc	kavsvc.exe	"Kaspersky antivirus"
X	KavSvc	*****.exe reg_run [ = random char]	"Added by the QOOLOGIC TROJAN!"
X	kavsvc	[random 6 char filename]	"Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe
X	KAVutil	[worm filename]	"Added by the WINTOO.B WORM!"
X	Kazaa Download Accelerator Updater (required)	regsvr32 kdp***.dll [ = random char]	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
X	kbddrv32	kbddrv32.exe	"Added by the CRYPTER.A TROJAN!"
X	kbddrvinf	kbddrvinf.exe	"Added by the CRYPTER.A TROJAN!"
X	Keenvalue	Keenvalue.exe	"KeenVal adware"
U	Kerio VPN Client	kvpnclient.exe	"Kerio VPN Client"
X	Kernel	services.exe	"Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Kernel Services	service32.exe	"Added by the PRX-B TROJAN!"
X	kernel system daemon	ACTIVAT0R.exe	"Added by the RANDEX.AW WORM!"
X	kernel32	kernel32.dll.vbs	"Added by the WEKODE-A WORM!"
X	Kernel32	svchosts.exe	Added by an unidentified WORM or TROJAN!
X	Kernel32	svchost.exe	"Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\drivers"
X	KernellApps	svshosti.exe	"Added by the BANCBAN-V TROJAN!"
X	Kernel_check	wmiprvse.exe	"Added by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the %System%\wbem folder and should not normally figure in Msconfig/Startup!"
?	Key2	serve.exe	"??"
X	keyserv	keyserv.exe	"KeyThief spyware"
X	KKM Service	kkm.exe	"Added by the NANPY-I WORM!"
X	KL AntiFunLove	flcss.exe	"Added by the FUNLOVE.4099 VIRUS!"
Y	KPDrv4XP	KPDrv4XP.exe	MediaKey USB Keypad Driver
Y	KPFWSvc.EXE	KPFWSvc.EXE	"KingSoft Personal Firewall"
X	Ksrv32	Ksrv32.exe	"Added by the AGOBOT-PI WORM!"
X	KV2005	word.EXE	"Added by the VB-IW TROJAN!"
X	kv3000	lover.vbe	"Added by the ZSYANG.B WORM!"
X	kvasoft	kva8wr.exe	"Added by the ONLINEG.ICC WORM!"
X	kvern16.dll	regsvr32.exe kvern16.dll	"DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""kvern16.dll"" file is found in %System%"
X	kviurs	kav.exe	"Added by the SILLYFDC.BBJ WORM!"
X	KvmSecure.exe	KvmSecure.exe	"KvmSecure rogue security software - not recommended
X	Kvsc3	Kvsc3.exe	"Added by the PWS-ANM TROJAN!"
X	KV_HOST	cxjx.exe	"Added by the LEGMIR-BB TROJAN!"
X	KYK Control Settings	KYSVCXD.EXE	"Added by a variant of the RBOT WORM!"
X	LAN Driver	landriver32.exe	"Added by the RBOT.BT WORM!"
U	LANDeskInventoryClient	LDIScn32.exe	"LANDesk® Management Suite software component"
X	LARISSA ANTI VIRUS	LARISSA_ANTI_VIRUS.exe	"Added by the KLASSIR TROJAN!"
X	LaserJet	spoolvs.exe	"Added by the DLOADER.PFR TROJAN! This is not the file of the same name from older versions of MS Office - see the link for the location"
U	Launch Ai Booster	OverClk.exe	"Included with some ASUS motherboards (such as the Maximus Extreme & Striker II Extreme)
?	Launch LgDeviceAgent	LgDevAgt.exe	"Part of the GamePanel Software for the Logitech G-Series of gaming keyboards. What does it do and is it required?"
X	Launch Norton AntiVirus 2000	jorgf.exe	"Added by the RBOT-AUI WORM!"
X	Lavasoft Ad-Aware	Ad-Aware.exe	"Added by the RBOT-SO WORM! Note - this is not the popular Ad-Aware spware/adware removal tool and is located in %System%"
U	Lavasoft Adwatch	Ad-watch.exe	"Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system"
X	Layersecurity Servicemonitor	LSSMON.EXE	"Added by the BANKER.ZAQ TROJAN!"
X	layersldm	hostplsrvc.exe	"Added by a variant of the SDBOT WORM!"
X	lcvga	lcvga.exe	"Added by the HOSTOL-A TROJAN!"
X	ldriver	ldriver.exe	"Added by the CHORUS-A TROJAN! Searchforfree browser hijacker"
U	LELA	Linksys EasyLink Advisor.exe	"System Tray access to Linksys EaasyLink Advisor - which ""is designed to set up your home network. LELA can locate computers
X	LEMSRV	lemsrv.exe	"Added by the IRCBOT-TC TROJAN!"
U	LENOVO.TPFNF6R	TPFNF6R.exe	Supports the Fn+F6 hotkey combination on IBM/Lenovo Thinkpad notebooks which mutes the microphone
N	LenovoOobeOffers	LenovoOobeOffers.exe	"Displays product upgrades/offers from Lenovo on the first run of a new notebook/desktop. ""Oobe"" refers to the ""Out of box experience"""
U	Lexmark 2200 Series	lxbvbmgr.exe	"""Lexmark Scan & Copy Control Program"" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan
U	Lexmark 5000 Series Fax Server	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
U	Lexmark 5400 Series Fax Server	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
U	Lexmark 6500 Series Fax Server	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
U	Lexmark 7600 Series Fax Server	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
U	Lexmark 9300 Series Fax Server	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
U	Lexmark X5400 Series Fax Server	fm3032.exe	"FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software"
U	LG Direct Media Button Service	LGDMEBTN.exe	"Supports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to music"
?	LgDevAgt	LgDevAgt.exe	"Part of the GamePanel Software for the Logitech G-Series of gaming keyboards. What does it do and is it required?"
X	li-rcash00001	vldial.exe	"Added by the Vl TROJAN!"
X	li-vita****	li-vita****.exe	Adult web-dialler - **** is random
N	LicCrtl	runservice.exe	"Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running
X	Life Personal Firewall	FirewallingV10.exe	"Added by the RBOT-BKF WORM!"
N	LifeDrive Manager	LifeDriveMgr.exe	"Keeps the Palm LifeDrive Manager utility in the systray. Shortcut available via Start -> Programs"
U	LifeDrive? Manager	LifeDriveMgrTray.exe	"System Tray utility for the Palm LifeDrive Mobile Manager"
?	LightFrame 3	LightFrameV3.exe	"Support software for Philips range of LCD Monitors that support LightFrame™ - which ""reduces eye strain by surrounding your monitor frame with blue light that stimulates your visual senses for improved concentration and promotes an overall feeling of wellbeing"". What does it do and is it required?"
N	Line Speed Meter V3.0	LineSpeedMeter.exe	"LineSpeedMeter - detect the download and upload speed of your internet connection"
U	Lingvo Launcher	Lvagent.exe	"ABBYY Lingvo Electronic Dictionaries"
U	LingvoTraining	Tutor.exe	"ABBYY Lingvo Electronic Dictionaries"
X	Linksys Modem Drivers	linksys.exe	Added by the IRCBOT.VD WORM!
X	Linux	Linux.vbs	"Added by the LOVELETTER.AS VIRUS!"
U	LiquidView	lviewj.exe	"""Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"""
N	Live Menu	Dllcmd32.exe	"eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here"
X	Live Messanger	livemsgr.exe	"Added by the RBOT.BXX WORM!"
X	Live Messanger	wllmsngr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Live PC Care	LP[random characters].exe	"Live PC Care rogue security software - not recommended
?	live rdr	loadloud.exe	"??"
X	Live Security Suite	LiveSS.exe	"Live Security Suite rogue security software - not recommended
X	Live update monitor	srvany32.exe	"Added by the AGOBOT.AFM WORM!"
X	live update monitor	umxlu32.exe	"Added by the AGOBOT.ADK WORM!"
X	Live Windows Messenger Version	msnmessage7.7.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Live Windows Messenger Version	msnmsngrlive.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Live-Help	lmns.exe	"Added by the RBOT-GHE WORM!"
X	Live-Messenger.exe	Live-Messenger.exe	"Added by the SILLYP2P WORM!"
X	LiveAntispy	LiveAntispy.exe	"LiveAntispy rogue security software - not recommended
X	livekey	webgrade.exe	"LiveKeys adware. File located in %Program Files%\livekey\livekeys"
X	livekeys	webgrade.exe	"LiveKeys adware. File located in %Program Files%\livekey\livekeys"
N	LiveMonitor	LMonitor.exe	MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
N	LiveNote	Livenote.exe	Asus graphics card driver live update feature
X	LiveProtect	LiveProtect.exe	"System Live Protect rogue security software - not recommended
X	LiveSexCams	LiveSexCams.exe	Premium rate adult content dialler
U	LiveUpdate	LiveUpdate.exe	"Web-update utility as used by various types of software - see here"
X	LiveUpdate	[Windows username]05.exe	"Added by the LINEAGE TROJAN!"
X	LiveUpdate	smss.exe	"Added by the VB.BAU BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
N	LiveUpdate	Copyer.exe	"Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions
X	LiveUpdate32	services.exe	"Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
X	Livre	Dibane.bat	"Added by the BANEDI VIRUS!"
?	lmpdpsrv	lmpdpsrv.exe	"Related to a Lexmark printer/scanner. Printer sharing server? Is it required?"
X	load	svhost32.exe	"Added by the WOWCRAFT TROJAN!"
X	load	svchsot.exe	"Added by the GWGHOST-O TROJAN!"
X	load	Systemfile.dll.vbs	"Added by an unidentified WORM or TROJAN! See here"
X	Load Service	SvHost.exe	"Added by the PESIN-D WORM!"
X	Load-Guard	Wscript.exe LGuarg.exe.vbs	"Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""LGuarg.exe.vbs"" file is located in %Windir%"
N	load=	vi_grm.exe	Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings
Y	load=	Bfrecv.exe	Bitware modem driver
X	load=	Spoolsv.exe	"Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
X	load=	svhost32.exe	"Added by the LINEAGE-AB TROJAN!"
Y	LoadDvpApi9x	DVPAPI9X.exe	Command AntiVirus for Windows 95/98/Me
X	LoadFonts	LoadFonts.vbs	Homepage hijacker that changes your homepage to an adult content site
X	LoadFonts	Tahoma.vbs	Homepage hijacker that changes your homepage to an adult content site
X	LoadHTML	"rundll32.exe regsvr32.exe	MShtmpre"
N	LoadMSvcmm	msvcmm32.exe	"Auto-update for Movielink - internet movie rental System Tray access"
X	LoadOrderVerification	[random filename]	"Added by the TRON.A TROJAN!"
X	LoadService	Rest In Peace	"Added by the KANGAROO-A WORM!"
X	LoadService	"Maaf	tempatmu bukan di sin"
X	LoadService	Virus	"Added by the CAGER.A WORM!"
X	Local Authority Service	lsass.exe	"Added by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	LOCAL INTERNET WEB DRIVERS FOR WIN32	phqghume.exe	"Added by a variant of the RBOT WORM!"
X	Local runole service	srvc32.exe	"Added by the SMALL-DP TROJAN!"
X	Local Security Authority Servce	lssas.exe	"Added by the POEBOT-T WORM!"
X	Local Security Authority Service	lssas.exe	"Added by the POEBOT-J WORM!"
X	Local Security Authority Service	Isass.exe	"Added by the LINKBOT.M WORM!"
X	Local Service	Intenat.exe	"Added by the NUCLEAR-J TROJAN!"
X	Local Service	services.exe	"Added by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Cursors"
X	LocalSystem	svchost.exe	"EHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Locator Service	[filename]	"Added by the AGOBOT-KY TROJAN!"
X	Logical Disk Detection	mrisvc.exe	"Added by the IRCBOT.AOW BACKDOOR!"
X	Login Screen Saver	login.scr	"Added by the RBOT-AVN WORM!"
X	Login Service	[path to file]	"Added by the MIGMAF TROJAN!"
U	Logitech ClickSmart	LVCOMS.EXE	Entry added when you install Logitech ClickSmart webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
U	Logitech ImageStudio	LVCOMS.EXE	Entry added when you install Logitech ImageStudio webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
U	Logitech QuickCam	LVCOMS.EXE	Entry added when you install older versions of Logitech QuickCam webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
U	Logitech QuickCam	LVComSX.exe	Entry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
N	Logitech Vid	Vid.exe	"""Logitech Vid™ is the fast
?	LogitechCameraService(E)	ElkCtrl.exe	Entry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present time
Y	LogitechRegisterVideoApplications	InstallHelper.exe	Entry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the software
U	LogitechVideoRepair	ISStart.exe	"Installed with Logitech's QuickSmart and QuickCam (older versions) webcam software. The exact purpose of this startup entry is unknown at present
U	LogitechVideoTray	LogiTray.exe	"System Tray access to My Logitech Pictures
U	LogitechVideo[inspector]	InstallHelper.exe	Entry added when you install versions of the Logitech QuickCam webcam software and used to monitor and register video applications that can use the webcam. It isn't normally running but you could disable it and re-enable it before you install supported applications
X	LogService	wincalc.exe	"Added by the PAPROXY TROJAN!"
X	LogService	lsass.exe	"Added by the BDOOR-IU BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	LogService	lsrss.exe	"Added by the PAPROXY-D TROJAN!"
U	LogService	LogService.exe	"SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X	LOVE	LOVE.EXE	"Added by the VB-ZQ TROJAN!"
X	LoveHebeA	vistaAA.exe	"Added by the LOZAVITA TROJAN!"
N	LowRateVoip	LowRateVoip.exe	"LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
X	LowVersionSupport	[filename]	"Added by the LASTRAS TROJAN!"
X	LSA Service	LSASS.exe	"Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process
X	lsa Services	lsa2srv.exe	"Added by the TAME-C WORM!"
X	LSA Shell (Export Version)	LSASS.exe	"Added by the AHKER.K WORM and variants. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	lsass	lsasrv.exe	"Added by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS!"
X	Lsass	kavmm.exe	"Added by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here. Contrary to this impostor
X	LSASS Authority	lsvhosts.exe	"Added by the SDBOT.BCE WORM!"
X	lsass service	lsass2.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	LSvr	LSvr.exe	"PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here"
X	LTM2	MSGSRV32.EXE	"Added by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\Litmus"
X	LTM2	MPGSRV32.EXE	"Added by the LITMUS.201 TROJAN!"
X	LTM2	MSGSRV320.EXE	"Added by the LITMUS.C TROJAN!"
X	LTM2	MSGSSV32.EXE	"Added by the FC.C TROJAN!"
X	LTM2	SVCHOST32.exe	"Added by the LITMUS.203B TROJAN!"
X	LTM2	SVCHOST�.exe	"Added by the DROPPERFL.A TROJAN!"
X	LTM2	winvers16.exe	"Added by the SMALL.ND TROJAN!"
X	ltssvc	"rundll32.exe ltssvc.dll	start"
U	LVCOMS	LVCOMS.EXE	"Entry added when you install Logitech's ClickSmart
U	LVCOMSX	LVComSX.exe	Entry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
U	lxdvamon	lxdvamon.exe	Lexmark X5400 Series printer device monitor
U	lxdvmon.exe	lxdvmon.exe	Lexmark X5400 Series printer device monitor
X	M S DVD DirectX Dll Drivers	msxdl.exe	"Added by the SDBOT-BJN WORM!"
X	M3Development_WhenUSave_Installer	M3Development_WhenUSave_Installer.exe	"WhenU.Save adware"
U	MacDrive	MacDrive.exe	"MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Version 6 is not Vista compatible but doesn ""include support for striped Mac arrays created with ATTO ExpressStripe software."""
U	MacDrive application	MacDrive.exe	"MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
?	MacDrive7.0.4TimeOutPatch	TimeOutPatch.EXE	"Part of MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
X	machine-debugger	WMIPRVSW.exe	"Added by the AGOBOT.WW WORM!"
X	machine-debugger	mdmsv.exe	"Added by the AGOBOT-BR WORM!"
X	Macromedia Dreamweaver XM	macdwXM.exe	"Added by the AGOBOT-RI WORM!"
X	Macromedia Drive	Iexplor32.exe	"Added by a variant of the RBOT WORM!"
X	Macromedia Flash Update	scvhost.exe	"Added by a variant of the RBOT WORM!"
N	Macrovision Update Service	issch.exe	"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
N	Macrovision Update Service	ISUSPM.exe	"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
U	MACVNTFY	MACVNTFY.EXE	"Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
U	Mailbox Verifier	mboxvrfy.exe	"Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)"
X	MainStart	svcmfte32.exe	"Added by the STINX-A TROJAN!"
X	mainviewex	mainviewex.exe	"Added by the GEMA.D TROJAN!"
X	main_module	drvmmx32.exe	"Added by the DILA TROJAN!"
X	Major Microsoft Windows Driver Boot loader	bpool.exe	"Added by the MYTOB.AJ WORM!"
Y	Malwarebytes' RogueRemover PRO	RogueRemoverPRO.exe	"Part of Malwarebytes' RogueRemover PRO - the realtime ""RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs."" Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware"
X	MalwareRemoval	MalwareRemoval.exe	"Added by a fake version of Microsoft's Malicious Software Removal Tool - removal instructions here"
X	MalwareRemovalBot	MalwareRemovalBot.exe	"MalwareRemovalBot rogue security software - not recommended
X	ManageProtocolCtrl	csmsv.exe	"Added by the LOOKSKY.B TROJAN!"
X	Managment Service	[random filename]	Added by the RBOT.BIS TROJAN!
X	MapiDrv	mpisvc.exe	"Added by the MIPSIV TROJAN!"
X	mapisvc32	mapisvc32.exe	"Added by the KX VIRUS and also recognised by Symantec as FPAI adware"
X	mark the service	xxtra32.exe	"Added by the SDBOT.APP WORM!"
X	maskrider	maskrider2001.vbs	"Added by the SOLOW-G WORM!"
N	Mass storage check registry	"rundll32.exe MSDServ.dll	check registry"
X	Master	svcghost.exe	"Added by the IRCBOT.RB TROJAN!"
U	Master Volume Spy	MASTERVOLUMESPY.EXE	"Volume control for the Gateway Destination ""DestiVu"" media interface"
X	MatrixScreenSaver	mss.exe	Unidentified malware
X	MAV_check	mav_startupmon.exe	"Part of the WinAntiVirus Pro 2007 rogue security software - not recommended
X	mav_startupmon	mav_startupmon.exe	"Part of the WinAntiVirus Pro 2007 rogue security software - not recommended
U	MaxBackSchedule	maxbackservice.exe	Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start
X	McAfee	McAffeAv.exe	"Added by the NETSKY.AL WORM!"
X	mcafee	Win32.dll.vbs	"Added by the CATCHER-B WORM!"
X	McAfee Antivirus	McAfeeAV.exe	"Added by a variant of the RBOT WORM!"
X	McAfee Antivirus 32	MCAFEEAV32.EXE	"Added by the SPYBOT-EH WORM!"
X	Mcafee Antivirus Monitoring System326	VSStatmn326.exe	"Added by a variant of the SDBOT WORM!"
X	Mcafee Antivirus Monitoring System32mn	VSStatmn32.exe	"Added by a variant of the RBOT WORM!"
X	McAfee Antivirus Protection	mcafeeAV.exe	"Added by a variant of the RBOT WORM!"
Y	McAfee Managed Desktop Agent	MYAGTSVC.EXE	"Part of the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Starts via a registry ""RunServices"" key on Windows 98/Me and as a service on Windows NT/2K/XP"
U	McAfee Managed Services Tray	StartMyagtTry.exe	System tray notification for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notifications
X	McAfee Online virus Scanner	avp.exe	"Added by the RBOT-GCV WORM! Not to be confused with Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory"
X	McAfee Online Virus Scanner	nzm.exe	"Added by the IRCBOT.XV WORM!"
Y	McAfee VirusScan	mcmnhdlr.exe	"Part of older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online. When Windows boots it checks whether a virus scan is necessary before you do anything with your PC. Typically
Y	McAfee VirusScan	mcvsshld.exe	"ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed
Y	McAfee VirusScan	oasclnt.exe	"On-access real-time scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files for malware as you access
X	Mcafee VirusScan Manager	mvcsvm.exe	"Added by the SILLYFDC.BBV TROJAN!"
Y	McAfeeVirusScanService	Avsynmgr.exe	"From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe)
X	Mcaffe Antivirus	Mcafeescn.exe	"Added by a variant of the SPYBOT WORM!"
X	Mcsoft	gfeqzvq.exe	"Added by the SDBOT-NV WORM!"
Y	McVsRte	mcvsrte.exe	"Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online. Starts via a registry ""RunServices"" key on Windows 98/Me and as a service on Windows 2K/XP/Vista"
Y	mcvsshld	mcvsshld.exe	"ActiveShield - background scanner for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online which scans files in the background as and when they are accessed
X	Mdm	Mdm.vbs	"Added by the WHITEHO VIRUS or TRAPPY WORM!"
X	MDNS	service.exe	"Mirar adware variant"
U	Media Codec Update Service	update.exe	"Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated"
U	Media Manager Indexer	AIRSVCU.EXE	"Part of MS Visual InterDev
X	Media Server	msdts.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Media Service	msn64.exe	"Added by the SPYBOT.EV WORM!"
X	Media service	msnmsgxr.exe	"Added by the SDBOT.TF WORM!"
X	Media service	SYSTEM64.EXE	"Added by the RBOT.QV WORM!"
X	Media service	notpad.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Media Services	[filename].exe	"Added by the AGENT-BA BACKDOOR!"
X	Media X Services	MSNGRx.exe	"Added by the RBOT.AUL WORM!"
X	Media-XP-Service-Pack3	msnzx.exe	"Added by the SDBOT-ACW WORM!"
U	Mediafour Mac Volume Notifications	MACVNTFY.EXE	"Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
U	Mediafour MacDrive	MacDrive.exe	"MacDrive 7 & MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Version 6 is not Vista compatible but doesn ""include support for striped Mac arrays created with ATTO ExpressStripe software."""
U	Mediafour MacDrive	MDDiskProtect.exe	"Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
U	Mediafour MacDrive	MDGetStarted.exe	"MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista
U	MediafourGettingStartedWithMacDrive6	MacDrive.exe	"MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7
U	MediaLifeService	MediaLifeService.exe	"Related to MediaPlay Cordless Mouse from Logitech"
X	MediaXPServicePack	mxpsp.exe	"Added by the SDBOT.CDT WORM!"
?	MedionVFD	MdionLCM.exe	"Related to Medion Display Information. What does it do and is it required?"
X	MegaVirusKit	pgs.exe	"MegaVirusKit rogue security software - not recommended. A member of the AVSystemCare family"
?	meidntpa	vqgdpfrs.exe	"??"
X	Memory Allocation Server	ciserv.exe	Added by an unidentified malware
X	Memory Allocation Services	cisrv.exe	"Added by the IRCBOT.FC BACKDOOR!"
X	Memory relocation service	reloc32.exe	"Added by the RELFEERWORM!"
X	Memory Service	freememory.exe	Added by the RBOT.GEN WORM!
N	MessagerStarter Freeserve	StartMessager.exe	Freeserve Messenger
X	Messenger Service	msmsgs.exe	"Added by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	Messenger Service	nvhost.exe	"Added by the JLOK-A WORM!"
X	Messenger Service Updater	svshost.exe	"Added by the MYTOB.GC WORM!"
X	Messenger Sharing Control	mnwsvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
U	MessengerDiscovery	MessengerDiscovery.exe	"MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseded by MessengerDiscovery Live - with support added for Windows Live"
X	messnger	Dvldr32.exe	"Added by the DELODER.A WORM!"
X	mfhsornwnduy	regsvr32.exe gisyflngpshcvuakv.dll	"Pro AntiSpyware 2009 rogue spyware remover - not recommended
Y	MFP Server Agent	MFPAgent.exe	"Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520"
X	Mfqneqfeb	vdddwq.exe	"Added by the RANDEX.AP WORM!"
Y	mgavctrl	mgavrtcl.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online
Y	mgavrtclexe	mgavrtcl.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online
Y	mgavrtclexe	mgavrte.exe	Part of older versions of McAfee's internet security products such as VirusScan and VirusScan Online
X	Mgsgi service	wkzfn.exe	"Added by the AGOBOT-AHL WORM!"
X	Micosoft Data Core	runservice.exe	"Added by the IRCBOT.BK WORM!"
X	Micosoft Data Core stuff	svshosts.exe	"Added by the RBOT.FZA WORM!"
X	Micr0s0ft Upd4t4z	svchost32.exe	"Added by the RBOT.ALF WORM!"
X	Micrcoft Exploerer	svchose.exe	"Added by the RBOT-ASL WORM!"
X	Micrcsoft Certificate Services	cflmon.exe	"Added by the RBOT-FWV WORM!"
X	MICROSFT ANTIVIRUS UPDATE SUPPORT	[random 10-letter filename].EXE	"Added by the RBOT-AQA WORM!"
X	MICROSFT ANTIVIRUS UPDATE SUPPORT	MSGUPDATED.EXE	"Added by the RBOT-APZ WORM!"
X	Microsft Corporation Version 2001.12.4414	comrel.exe	"Added by a variant of the SDBOT TROJAN!"
X	Microsft Corporation Version 2002.12.2414	comserv.exe	"Added by a variant of the SLAPER TROJAN!"
X	Microsft Updtes	sarvice.exe	"Added by a variant of the SDBOT WORM!"
X	Microsof Value	nmatt.exe	"Added by a variant of the RBOT WORM!"
X	Microsof Windows Host	svhost32.exe	"Added by the RBOT.ADY WORM!"
X	microsoft	svchost.exe	"Added by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Microsoft	svchost.exe	"Added by the ADUYO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft	msvchost.exe	"Added by the RBOT-GAW WORM!"
X	Microsoft	rtvcscan.exe	"Added by the RBOT-GGU WORM!"
X	Microsoft	kasperskyLive32.exe	"Added by the RBOT-GRT WORM!"
X	Microsoft	netsrv.exe	"Added by the RBOT-GOS WORM!"
X	Microsoft	ntsvr.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft	soundvol32.exe	"Added by the RBOT.CIJ BACKDOOR!"
X	Microsoft	sqlservice.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Microsoft	svhost.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft (R) Windows Configuration Backup Service	svchost.exe	"Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a ""config""
X	Microsoft (R) Windows Network Latency Controller	sp2vc.exe	"Added by a generic password stealer TROJAN - see here"
X	Microsoft (R) Windows Network Security Management Service	nsms.exe	"Added by the RANKY.LC TROJAN!"
X	Microsoft (R) Windows Protected Content Restoration Service	services.exe	"Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
X	Microsoft (R) Windows TCP/IP Socket Driver	[path to trojan]	"Added by the PROXY-DD TROJAN!"
X	Microsoft (R) Windows TCP/IP Socket Layer	services.exe	"Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock"
X	Microsoft (R) Windows Update Service	wuauclt.exe	"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process
X	Microsoft (R) Windows Vista/NT Runtime Compatibility Service	nrcs.exe	"Added by the RANKY.X TROJAN!"
U	Microsoft ActiveSync	WCESCOMM.EXE	"Connection manager for Microsoft ActiveSync - mobile device synchronization software for Windows XP (and earlier)
X	Microsoft ActiveX Debugger NT	[path to trojan]	"Added by the BANCOS-DO TROJAN!"
X	Microsoft ADservice	[random filename]	"Added by a variant of the RBOT WORM!"
X	Microsoft Agent	svch0st.exe	"Added by the VB-DRO WORM!"
X	Microsoft Anti Virus Controller	msavc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Microsoft Anti Virus Controller	msavc32.exe	"Added by the SDBOT.EPW BACKDOOR!"
X	Microsoft Authority Service	lsass.exe	"Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process
X	Microsoft Automatic Update Serivce	msautou.exe	"Added by the RBOT-AOB WORM!"
X	Microsoft AutoUpdater	svhost.exe	"Added by the RBOT.QG WORM!"
X	Microsoft Bool Value	MV2.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Browser Services	Brwsr32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Browser Services	Brwsr64.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft checker	MsPMSPTv.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Client Pc	spoolsrv.exe	"Added by the RBOT-AQM WORM!"
X	Microsoft Client/Server Runtime Server Subsystem	csrs.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft Client/Server Runtime Server Subsystem	csrssa.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft Com Port Manager	svdhost.exe	"Added by the SDBOT-NI WORM!"
X	Microsoft Configoration Service	msconfigs.exe	"Added by the RBOT-ETT WORM!"
X	Microsoft Corp	svchost.exe	"Added by the PUSHBOT.QD WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft Corp. Host Services	svchosl.exe	"Added by the RBOT-FMZ WORM!"
X	Microsoft Corporation	jview.exe	"Added by the RBOT-AOD WORM!"
X	Microsoft Corporation Svchost Service	mssvc.exe	"Added by a variant of the SDBOT WORM! See here"
X	Microsoft Corporation Svchost Service	mswsc.exe	Added by the AGENT.MAB TROJAN!
X	Microsoft CPU Over Heat Manager	CPU.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Critical Services	svhhost.exe	"Added by the AGOBOT-AJA WORM!"
X	Microsoft Crs Fix Serv	wincrs.exe	"Added by the SDBOT.BWF WORM!"
X	Microsoft CSRSS Service	nsmscrs.exe	"Added by the RBOT-BPT WORM!"
X	Microsoft Cvrt	mscvrt32.exe	"Added by an unidentified VIRUS
X	Microsoft Debug Service	dbgbgr.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Dev	iexplorer32.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft Development Debugger	msdev.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Development Services	msdevelop.exe	"Added by the RBOT-FWS WORM!"
X	Microsoft Device Manager	msdevmgr32.exe	"Added by the LATEDA.B TROJAN!"
X	Microsoft Device Manager	mscmtl32.exe	"Added by the AGENT.BMQ BACKDOOR!"
X	Microsoft Device Manager	svcswin.exe	"Added by the IRCBOT-YH TROJAN!"
X	Microsoft DirectX	Spoolserv.exe	"Added by the DINFOR WORM!"
X	Microsoft dll Host Service	wkssr.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft DLL Host Service	dllmemhost.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft DLL Host Service	svcdllhst.exe	"Added by the AGENT.EAK TROJAN!"
X	Microsoft dll Host Service	svchost.exe	"Added by the RBOT.BMS BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft DLL Service	servicedll.exe	"Added by the IRCBOT.OX BACKDOOR!"
X	Microsoft DLL Service	svcdll.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft DLL Verifier	file.exe	"Added by the RBOT-AED WORM!"
X	Microsoft DLL Verifier	chkfile.exe	"Added by the RBOT-AOC WORM!"
X	Microsoft DLL Verifier	csrssv.exe	"Added by the RBOT-ATK WORM!"
X	Microsoft DLL Verifier	mscon.exe	"Added by the SDBOT.EAH WORM!"
X	Microsoft DLL Verifier	winavguard.exe	Added by the SDBOT.AAD WORM!
X	Microsoft DLL Verifier	wns.exe	"Added by the SPYBOT-LA WORM!"
X	Microsoft Driver	faet.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Driver Control	windrv.exe	"Added by the SDBOT.FW WORM!"
X	Microsoft Driver Manager	mswindrv.exe	"Added by the FORBOT-EZ WORM!"
X	Microsoft Driver Setup	msddrv42.exe	"Added by the PALEVO WORM!"
X	Microsoft Driver Setup	Jwrb.exe	"Added by the AUTORUN-AOB WORM!"
X	Microsoft Driver Setup	dllhost.exe	"Added by the AUTORUN-AOZ WORM!"
X	Microsoft Driver Setup	sysmngsr322.exe	"Added by the BUZUS-AS TROJAN!"
X	Microsoft Driver Setup	w7services.exe	"Added by the AUTORUN-ARJ WORM!"
X	Microsoft Driver Setup	mslsrv32.exe	"Added by the SDBOT-DPF TROJAN!"
X	Microsoft Driver Setup	ccdrive32.exe	"Added by the AGENT-LYL TROJAN!"
X	Microsoft Driver Setup	cidrive32.exe	"Added by the AGENT-NES TROJAN!"
X	Microsoft driver update	Mshome.exe	Added by the SDBOT.BL WORM!
X	Microsoft Drivers	WSconf.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft EV32 Service	MSev32.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Event Engine	EvtEngn.exe	"Added by the RBOT-XV WORM!"
X	Microsoft Explorer	svapache.exe	"Added by the RBOT-VR WORM!"
X	Microsoft Explorer Service	msexplore.exe	"Added by the IRCBOT.AYB BACKDOOR!"
X	Microsoft FixUp	pevblbvr.exe	"Added by the RBOT.DWK WORM!"
X	Microsoft Genetic Procress	svchost.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Genuine Logon	svchost.exe	"Added by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft Gina V Encryption	MSGINAV.EXE	"Added by an unidentified VIRUS
X	Microsoft Help	svh0st.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Help	svchosl.exe	"Added by the AGENT-GPX TROJAN!"
X	Microsoft Help SVC	msnmngr.exe	"Added by the SDBOT-PQ WORM!"
X	Microsoft Host Protocol	svhost.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Hosting Service	WINHOSTING.EXE	"Added by the RBOT.AEV WORM!"
X	Microsoft Hosts Service	Isass.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Initialization Service	initsvc.exe	"Added by the IRCBOT.AXK BACKDOOR!"
X	Microsoft Initialization Services	initserv.exe	"Added by the IRCBOT-ABO TROJAN!"
X	Microsoft Install Shield Services	rundll64	"Added by the RBOT-FSH WORM!"
X	Microsoft Int Service	MsIntSrv.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Internal AntiVirus Systems	dIlhost.exe	"Added by the RBOT-AEV WORM!"
X	Microsoft Internel Corporat	netvhost.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Internel Corporat	smbvhost.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Internet Antivirus Protection	antivirus.exe	"Detected by Kaspersky as the IRCBOT.BSK TROJAN!"
X	Microsoft Internet Explorer	movies.exe	"Added by the BANCOS-DZ TROJAN!"
X	Microsoft Internet Explorer	svzhost.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Internet Explorer	svchost.exe	"Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
X	Microsoft Internet Explorer	svchosts.exe	"Added by the BANCBAN-U TROJAN!"
X	Microsoft Internet Explorer	_svchost.exe	"Added by the TINY.LX TROJAN!"
X	Microsoft Internet Services	Smss32.exe	"Added by the RBOT.MS WORM!"
X	Microsoft IPC	svshost.exe	"Added by an unidentified VIRUS
X	Microsoft IT Update	IEserv.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft IT Update	svchsst.exe	"Added by the RBOT-DH WORM!"
X	Microsoft Java Virtual Machine	MsConfiG.exe	"Added by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting"
X	Microsoft Java Virtual Machine	msjvm.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Java Virtual Machine	javavm.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Java Virtual Machine	msjavarxp.exe	"Added by the FORBOT-DL WORM!"
X	Microsoft Java Virtual Machine	winscr32.exe	"Added by a variant of the WOOTBOT WORM!"
X	Microsoft Java Windows Update	[filename]	"Added by the RBOT-DZ WORM!"
X	Microsoft JavaVM	msjarun.exe	"Added by the RBOT-JW WORM!"
X	Microsoft Keyboard Enhance V2.0	iasrecst.exe	"Detected by F-Prot as the DOWNLOADER2.AILI TROJAN!"
X	Microsoft Kinetik Svc	msftksvc.exe	"Added by the AGENT.AGDO TROJAN!"
X	MicroSoft Legal Service	Srb0ty.exe	"Added by the SPYBOT.HW WORM!"
X	Microsoft Lmhosting Service	lmhosts.exe	"Added by the RBOT-RC WORM!"
X	Microsoft Lsass Service	wintcp32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft LSASS386 Protocol	scvhost32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft LV	[path to file]	"Added by the BDOOR-BDL BACKDOOR!"
X	Microsoft Machine	winjava.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft machine	scvhost.exe	"Added by the RBOT.AEU TROJAN!"
X	Microsoft Manage Services	sychost.exe	"Added by the SLENFBOT.AD WORM!"
X	Microsoft Manage Services	schost.exe	"Added by the SLENFBOT.B WORM!"
X	Microsoft media services	Iassd.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft media services	winmplayer.exe	"Added by the RBOT.ZO WORM!"
X	Microsoft Messenger Service	msmsg32.exe	"Added by the RBOT.BOK WORM!"
X	Microsoft Ming Service	ming.exe	"Added by the RBOT-AWS WORM!"
X	Microsoft Movie Maker	Mmaker.exe	"Added by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft program"
X	Microsoft MSN 7 Services	msnmsg.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft MSN 7 Services	msnmsger.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft MSN Services	msnsm.exe	"Added by the RBOT.ARV BACKDOOR!"
X	Microsoft MSUPDATE	SpoolSvc.exe	"Added by the SXTB-A TROJAN!"
X	Microsoft Netview	gesfm32.exe	"Added by the RANDEX.C WORM!"
X	Microsoft Netview	mssvc32.exe	"Added by an unidentified VIRUS
X	Microsoft Netview Component v5.1	msnv32.exe	"Added by the RANDEX.F WORM!"
X	Microsoft Network Host	svc0host.exe	"Added by the SDBOT-AEN WORM!"
X	Microsoft Network Services Controller	mmsvc32.exe	"Added by the NANPY-A WORM!"
X	Microsoft Nod32 Service	nood32.exe	"Added by the RBOT.EJP WORM!"
X	Microsoft Norotn Anti Virus	mnhpot.exe	"Added by the RBOT-GRO WORM!"
X	Microsoft Norton Antivirus	norton.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft NT Drivers	ntdrv.exe	Added by the SDBOT.AJN TROJAN!
X	Microsoft Nvidia Video	nvidia.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Office	lserv.exe	"Added by the SDBOT.MH WORM!"
X	Microsoft Office	svxhost.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Office	msvcp.exe	"Added by the AGENT-XK TROJAN!"
U	Microsoft Office Groove	GROOVE.EXE	"System Tray access to and alerts for MS Office Groove - a stand-alone product or included with the Enterprise/Ultimate versions of MS Office 2007. ""A collaboration software program that helps teams work together dynamically and effectively
X	Microsoft Office Studio	scvhvst.exe	"Added by the RANDEX.CST WORM!"
X	Microsoft Outlook Express Protocol	svchst.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft PC Health Remote Assistance File Open & Save controls	sfrcdlg32.exe	"Added by the RBOT-AVY WORM!"
X	Microsoft Proc Driver32	msprc.exe	"Added by a variant of the WOOTBOT WORM!"
X	Microsoft Registro	svchostt.exe	"Added by the BANCOS-DH TROJAN!"
X	MicroSoft Remote Secure Service	MSRSS.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft SCVHOST32 Protocol	scvhost32.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Secure	Messenger.NET Service	"Added by the FORBOT-AM WORM!"
X	Microsoft Secure Messenger.NET Service	securitychk.exe	"Added by the SDBOT.VT WORM!"
X	Microsoft Security	winService.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft security adviser	mssadv.exe	"Microsoft Security Adviser rogue security software - not recommended"
X	Microsoft Security Center	savservices.exe	"Added by the RBOT-ANU WORM!"
X	Microsoft Security Management	winserv.exe	"Added by the RBOT-MJ WORM!"
X	Microsoft Security Monitor Process	service.exe	"Added by the DELF.BERW BACKDOOR!"
X	Microsoft Security Monitor Process	svcchost.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Microsoft Server	rserv.exe	"Added by the AGOBOT.AVS WORM!"
X	Microsoft Server Applacations	msnmsg.exe	"Added by the AGOBOT.BBM WORM!"
X	Microsoft Server Applacations	wuauct1.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Server Applacations	lsasss.exe	"Added by the RBOT-AQQ WORM!"
X	Microsoft Server Applacations	Q8See.exe	"Added by the SPYBOT.GEN3 TROJAN!"
X	Microsoft Server Applacations	cli.exe	"Added by the RBOT-GAQ WORM!"
X	Microsoft Server Application	Sound.exe	"Added by the RBOT-NE WORM!"
X	microsoft server base	lass.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Server Process	svhst32.exe	"Added by the BCKDR-QHR BACKDOOR!"
X	Microsoft Service	microhost.exe	"Added by the RBOT-LC WORM!"
X	Microsoft Service	winsvc.exe	"Added by the SPYBOT-DB WORM!"
X	Microsoft Service	rundll.exe	"Added by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
X	Microsoft Service	service.exe	"Added by the IRCBOT-XX BACKDOOR!"
X	Microsoft Service	winspl.exe	"Spyman spyware"
X	Microsoft service	cssrs.exe	"Added by the STARTP-DC TROJAN!"
X	Microsoft Service 32	mssvc32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service 32	sysddm32.exe	"Added by the SDBOT.AKC WORM!"
X	Microsoft Service Access Manager	Access.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Microsoft Service Boot	sboot.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Controller	services.exe	"Added by the KALEL-D WORM! Note - this is not the legitimate services.exe process
X	Microsoft Service Disk Cycle	disksave.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Drivers	System.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Service Drivers	VSADNIM.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Service Execution Manager	execute.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Microsoft Service firewall Manager	firewall.exe	"Added by a variant of the SDBOT BACKDOOR! Located in %System%"
X	Microsoft Service Host Manager	32svchost.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Host Process	svchost.exe	"Added by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help"
X	Microsoft Service Information	msnservices.exe	"Added by the RBOT.ID WORM!"
X	Microsoft Service Login Manager	winlogin.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Manager	service32.exe	"Added by the IRCBOT.WDW BACKDOOR!"
X	Microsoft Service Manager	winsvc.exe	"Added by a variant of the RBOT WORM! See here"
X	Microsoft Service Pack	WindowsSP.exe	"Added by the RBOT-RF WORM!"
X	Microsoft Service Pack2.1	svchost2.exe	"Added by the RBOT.ASN BACKDOOR!"
X	Microsoft Service Tools	MStools1.exe	"Added by the RBOT-BHT WORM!"
X	Microsoft Services	lsserv.exe	"Added by an unidentified VIRUS
X	Microsoft Services	lssrv.exe	"Added by the RBOT.CW WORM!"
X	Microsoft Services	services.exe	"Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft Services	lsrv.exe	"Added by the RBOT-BK WORM!"
X	Microsoft Services	svshost.exe	"Added by the ALETS.B TROJAN!"
X	Microsoft Services	bsc32.exe	"Added by the BDOOR-AW BACKDOOR!"
X	Microsoft Services	Smss32.exe	"Added by the RBOT-AD WORM!"
X	Microsoft Services	svssshost.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Services	module.exe	"Added by the LAVITS WORM!"
X	Microsoft Services	msmpserv.exe	"Added by the IRCBOT.BKA BACKDOOR!"
X	Microsoft Services Unitd	MSU32.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Servicez Manager	servicemgrz.exe	"Added by the RBOT-ASN WORM!"
X	Microsoft Sound Driver	sound32.exe	"Added by a variant of the SPYBOT WORM!"
N	Microsoft Sound Volume Tool	mssvol.exe	This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
X	Microsoft SpA Service	msapps.exe	"Added by the RBOT-VI WORM!"
X	Microsoft SpA Service	win32.exe	"Added by the RBOT.ATS WORM!"
X	Microsoft SpA Service	Winupd32.exe	"Added by the RBOT.LT WORM!"
X	Microsoft SpAr Service	winsbsd32.exe	"Added by the RBOT-RN WORM!"
X	Microsoft Spool ** Service	spool**.exe	"Added by a variant of the IRCBOT TROJAN - where ** represents a 2 digit number"
X	Microsoft Spool Server for Win32	spoolsrv.exe	"Added by the RANDEX.H WORM!"
X	Microsoft Spool Svc	spoolsvc32.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Spooler Services	Spoolsv.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Microsoft SSISVRI32 Protocol	ssisvri.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Startup Manager	sysservice.exe	"Added by the AVALANEC TROJAN!"
X	microsoft support	svchostt.exe	"Added by the AGOBOT.AWN WORM!"
X	Microsoft SVC	mssvc.exe	"Added by the BIFROSE-UQ TROJAN!"
X	Microsoft Svchost local services	winoem.exe	"Added by the RBOT-FPE WORM!"
X	Microsoft Svchost local services	nzm23.exe	"Added by the RBOT-GMC WORM!"
X	Microsoft Svchost local services	msnserver.exe	"Added by the RBOT-GPM WORM!"
X	Microsoft Synchronization Manager	svhost.exe	"Added by the SDBOT-PY WORM!"
X	Microsoft Synchronization Manager	java.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Synchronization Manager	svchosts.exe	"Added by the SDBOT-LM WORM!"
X	Microsoft Synchronization Manager	svxhost.exe	"Added by the SDBOT-ZU WORM!"
X	Microsoft Synchronization Manager	devldr32.exe	"Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file"
X	Microsoft Synchronization Manager 2	svhostc.exe	"Added by the SLINBOT.ST WORM!"
X	Microsoft System Debug	services32.exe	"Added by the RBOT.AKH WORM!"
X	Microsoft System DLL Services Configuration	windir32.exe	"Added by the SDBOT-ACY TROJAN!"
X	Microsoft System File	svchots.exe	"Added by the RBOT.BYU WORM!"
X	Microsoft System NT	svhost.exe	"Added by the SDBOT.COU WORM!"
X	Microsoft System Saver	[path to worm]	"Added by the RBOT.BSK WORM!"
X	Microsoft System Service	dnservice.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft System Service	taskmgr1.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Microsoft System Service	winIogon2.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft System Service Device	mssdh.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft System Services	msnmgsr.exe	"Added by the KELVIR.K WORM!"
X	Microsoft System Services	msmsgr.exe	"Added by the RBOT-ZH WORM!"
X	Microsoft system Value	sys57.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Task Manager Daemon	spoolsrv.exe	"Added by the SDBOT.FLL WORM!"
X	Microsoft TCP Service	scvhost.exe	"Added by the AGOBOT-L WORM!"
X	Microsoft TCP/IP Connection Monitor	svchost32.exe	"Added by the RBOT.KS WORM!"
X	Microsoft Telecoms Center	svcchost.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Time Manager	dveldr.exe	"Added by the RBOT-HQ WORM!"
X	Microsoft Transfer File Server	mtfs.exe	"Added by the RBOT.AFE WORM!"
X	Microsoft TTL Verifier	msttl.exe	"Added by the RBOT-GAP WORM!"
X	Microsoft Update	mvsc.exe	"Added by the SPYBOT.DAZ WORM!"
X	Microsoft Update	navmgrd.exe	"Added by the SDBOT.DP TROJAN!"
X	Microsoft Update	VPC32.EXE	"Added by the AGOBOT.XM WORM!"
X	Microsoft Update	NAV.exe	"Added by the RBOT-IV WORM!"
X	Microsoft Update	snlogsvc.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update	svhost.exe	"Added by the RBOT-PI WORM!"
X	Microsoft Update	winscv.exe	"Added by the RBOT-BH WORM!"
X	Microsoft Update	wserv32.exe	"Added by the RBOT.AF WORM!"
X	Microsoft Update	wssvr.exe	"Added by the RBOT-OD WORM!"
X	Microsoft Update	scvhost.exe	"Added by the RBOT-AEM WORM!"
X	Microsoft Update	svghost.exe	"Added by the RBOT.BUJ WORM!"
X	Microsoft Update	svzhost.exe	"Added by the RBOT.OX WORM!"
X	Microsoft Update	WinDrv32.exe	"Added by the RBOT.EGW WORM!"
X	Microsoft Update	devmks32.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update	drive.exe	"Added by the BIFROSE-PN WORM!"
X	Microsoft Update	bnmveqfts.exe	"Added by the BANLOAD.KWQ TROJAN!"
X	Microsoft Update	livemessenger.com	"Added by the ADLOAD-LN TROJAN!"
X	Microsoft Update	ntservice.exe	"Added by the AGENT-DIS TROJAN!"
X	Microsoft Update	service.exe	"Added by a variant of the RBOT WORM! See here"
X	Microsoft Update 23	spoolvs.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update 32	servic.exe	"Added by the RBOT-AXN WORM!"
X	Microsoft Update 32	spoolvs.exe	"Added by the RBOT-BBQ WORM!"
X	Microsoft Update 64 BIT	schvost.exe	"Added by the RBOT.CAU WORM!"
X	Microsoft Update Clinic	svsipconfig.exe	"Added by the RBOT.BR WORM!"
X	Microsoft Update Device	flolo.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Microsoft Update Device Drivers	wuauclt.exe	"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process
X	Microsoft Update Drivers	explorers.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Update Event	svnhost.exe	"Added by the AGOBOT-GW BACKDOOR!"
X	Microsoft Update Machine	servicz.exe	"Added by the RBOT-HU WORM!"
X	Microsoft Update Machine	xvshost.exe	"Added by the RBOT.QP WORM!"
X	Microsoft Update Machine	svshost.exe	"Added by the RBOT.AK WORM!"
X	Microsoft Update Machine	scvhost.exe	"Added by the RBOT-GS WORM!"
X	Microsoft Update Machine	servicez.exe	"Added by the SPYBOT.BI WORM!"
X	Microsoft Update Machine	spoolserv.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update Machine	serviz.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update Machine	WINSVC32.EXE	"Added by the RBOT.CU WORM!"
X	Microsoft Update Machine	opmmve.exe	"Added by the KOLABC.DES WORM!"
X	Microsoft Update Machine	thvfyq.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update Manager	svshost.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update Manager	scvhost.exe	"Added by the AGOBOT.AXJ WORM!"
X	Microsoft Update Manager	scvideo.exe	"Added by the SDBOT-CVP TROJAN!"
X	Microsoft Update Process	wmipcvse.exe	"Added by the AGOBOT-JF TROJAN!"
X	Microsoft Update Server	mssrv.exe	"Added by an unidentified VIRUS
X	Microsoft Update Service	csrss32.exe	"Added by the AGOBOT-HC WORM!"
X	Microsoft Update Service	mswin32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft update service	systemm.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Update SERVICE	phqghum.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update Service	msupdate.pif	"Added by the RBOT-AQB WORM!"
X	Microsoft Update Service	wmiprvre.exe	"Added by the AGOBOT-NN WORM!"
X	Microsoft Update Services	wcsnfty.exe	"Added by the RBOT-AGK WORM!"
X	Microsoft Update Services	wsnfty.exe	"Added by the RBOT-AFU WORM!"
X	Microsoft Update v2.6	lxxex.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Updater	svhost.exe	"Added by the AGENT.CDF TROJAN!"
X	Microsoft Updater	vbcjlg.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Microsoft Updater v2	[path to worm]	"Added by the AUTORUN-BCI WORM!"
X	Microsoft Updates	wkssvr.exe	"Added by the RBOT.R WORM!"
X	Microsoft Updates	wkssvrs.exe	"Added by the RBOT-EB WORM!"
X	Microsoft Updates	svehost.exe	"Added by the RBOT-GRW WORM!"
X	Microsoft Updates	svshost.exe	"Added by the AGOBOT-AIW WORM!"
X	Microsoft Updates	svdhost.exe	"Added by the RBOT-GVH WORM!"
X	Microsoft Updates	service.exe	"Added by the POISON.HPT BACKDOOR!"
X	Microsoft Updating	navguard.exe	"Added by the RBOT.HW WORM!"
X	Microsoft Updating Client	websvc.exe	"Added by the RBOT.AQ WORM!"
X	Microsoft uptime Service	sysuptime.exe	"Added by the RBOT-ACG WORM!"
X	Microsoft uptime Service	sycuptime.exe	"Added by the RBOT-AHY WORM!"
X	Microsoft UpToDate Driver (32-bits)	[random filename].exe	"Added by the SPYBOT.LXJ WORM!"
X	Microsoft USB Windows2 Driver	usbautotuner.exe	"Added by the SILLYFDC.BCL WORM!"
X	Microsoft USB2 Driver	crmss.exe	"Added by the RBOT-VK WORM!"
X	Microsoft usnsvc Service	usnsvc.exe	"Added by a variant of the KOBOT-C WORM!"
X	Microsoft Values	igfkishc.exe	"Added by the RBOT-GLO WORM!"
X	Microsoft Vertupdate	MSvert32.exe	"Added by the MYTOB-CY WORM!"
X	Microsoft Video Capture Controls	MSsrvs32.exe	"Added by the SDBOT-AAK WORM!"
X	Microsoft Video Controls	tskmsgr.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Video Driver	videodrv.exe	"Added by the SDBOT-AGP WORM!"
X	Microsoft Viewer Monitor Manager	viewmon.exe	"Added by the XPAK.A TROJAN!"
X	Microsoft Virtual Service Manager	vservice32.exe	"Added by the MSNWORM.T WORM!"
X	Microsoft Virual Machine	sms.exe	"Added by the RBOT-SP WORM!"
X	Microsoft Vista Upgrade Validation Service	cfmon.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Visual Application	vpcrtf.exe	"Added by the IRCBOT-XJ TROJAN!"
X	Microsoft Visual Debuger	mdm.exe	"Added by the SDBOT-DOO WORM! Note - this is not the legitimate Machine Debug Manager (mdm.exe) process which is located in %ProgramFiles%\Common Files\Microsoft Shared\VS7Debug (98/Me/XP/Vista) or C:\WINDOWS\SYSTEM (Me only)"
X	Microsoft Visual SourceSafe	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	Microsoft Visual SourceSafe	winlogon.exe	"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process
X	MicroSoft Visual SP	igxdfdfds.com	"Added by the SDBOT.GAV WORM!"
X	MicroSoft Visual SP2	igfxsrvc32.exe	"Added by the SDBOT.GAV WORM!"
X	Microsoft Visual Studio	plscdksxg.exe	"Added by the RBOT-AWV WORM!"
X	Microsoft Visual Studio VSA	varpc32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Web Device	wdevice.exe	"Added by a variant of the SDBOT WORM!"
U	Microsoft Webserver	svctrl.exe	Personal web server program which enables you to create and host a web server from your computer. Not required for most people
X	Microsoft Win Corp TLS Verification	mswintls.exe	"Added by the RBOT-GCT WORM!"
X	Microsoft Windows	Kernel.vbs	"Added by the EDIBARA-A VIRUS!"
X	Microsoft Windows	pwjbvphi.exe	"Added by the RBOT-GQK WORM!"
X	Microsoft Windows DLL Services	mwindll.exe	"Added by the SDBOT-VX WORM!"
X	Microsoft Windows DLL Services Configuration	newdll.exe	"Added by the SDBOT-ZR WORM!"
X	Microsoft Windows DLL Services Configuration	newdll2.exe	"Added by the SDBOT-ABD WORM!"
X	Microsoft Windows DLL Services Configuration	poker.exe	"Added by the SDBOT-ZY WORM!"
X	Microsoft Windows DLL Services Configuration	poker3.exe	"Added by the SDBOT-AAH WORM!"
X	Microsoft Windows DLL Services Configuration	proxy.exe	"Added by the SDBOT-ZL WORM!"
X	Microsoft Windows DLL Services Configuration	windir32.exe	"Added by the SDBOT.BHF WORM!"
X	Microsoft Windows DLL Services Configuration	windir32a.exe	"Added by a variant of the SDBOT.BHF WORM!"
X	Microsoft Windows DLL Services Configuration	windll32.exe	"Added by the SDBOT.BHD WORM!"
X	Microsoft Windows DLL Services Configuration	winDSL.exe	"Added by the SDBOT-ZG WORM!"
X	Microsoft Windows DLL Services Configuration	dllmanager32.exe	"Added by the SDBOT-BTU WORM!"
X	Microsoft Windows Drivers	windrv.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Windows DVR	windvr.exe	"Added by the RBOT-AXD WORM!"
X	Microsoft Windows Kernel Services	winkrnl386.exe	"Added by the ZEBROXY TROJAN!"
X	Microsoft Windows Keyboard service	keyboard.exe	"Added by the RBOT-CRF WORM!"
U	Microsoft Windows Media Player Network Sharing Service Configuration Application	WMPNSCFG.exe	"Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music
X	Microsoft Windows Registry Service	wregistry.exe	"Added by the AGOBOT.AKG WORM!"
X	Microsoft Windows Secure Server	rpcxWindows.exe	"Added by the RBOT-LL WORM!"
X	Microsoft Windows Security	spvsper.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Windows Security	wscndrives.exe	"Added by the RBOT-AJK WORM!"
X	Microsoft Windows Service	winsys.exe	"Added by the RBOT-ADP WORM!"
X	Microsoft Windows Service Pack	winspkn.exe	"Added by the RBOT-AYD WORM!"
X	Microsoft Windows Services	msw32.exe	"Added by the RBOT-FWQ WORM!"
X	Microsoft Windows Services	Sersices.exe	"Added by the SDBOT-NO WORM!"
X	Microsoft Windows Services Edt	ssvvcchhoosst.exe	"Added by the RBOT-FYF TROJAN!"
X	Microsoft Windows Services Edt	dllrun32.exe	"Added by the RBOT-GAF WORM!"
X	Microsoft Windows Socketx32 Services	winsockx32.exe	"Added by the RBOT-FWT WORM!"
X	Microsoft Windows Sound	svghost.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Microsoft Windows Sound	svshost.exe	"Added by the RBOT.RNE BACKDOOR!"
X	Microsoft Windows Sound	svuhost.exe	"Added by the KOLAB.XC WORM!"
X	Microsoft Windows Sound Drivers	sounddrivers.exe	"Added by the SLENFBOT.ABU WORM!"
X	Microsoft Windows Storage Machine Service	winms.exe	"Added by the RBOT-AHK WORM!"
X	Microsoft Windows SVCHOST	SVCHOST.exe	"Added by the VB.KV WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
X	Microsoft Windows System Service Manager	winsvc.exe	"Added by the SPYBOT.LR WORM!"
X	Microsoft Windows Updata	scvhost.exe	"Added by the RBOT.CEM BACKDOOR!"
X	Microsoft Windows Update	svchos.exe	"Added by the SDBOT.AC WORM!"
X	Microsoft Windows Update	svcshost.exe	"Added by the FORBOT-CF WORM!"
X	Microsoft Windows Update	svmhost.exe	"Added by the FORBOT-CH WORM!"
X	Microsoft Windows Update	svshost.exe	"Added by the WOOTBOT.CJ WORM!"
X	Microsoft Windows Update	scvvhost.exe	"Added by the FORBOT-DH WORM!"
X	Microsoft Windows Update	svzhost.exe	"Added by the FORBOT-EV WORM!"
X	Microsoft Windows Update	sccvhost.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Windows Update	servcs.exe	"Added by the SDBOT.AL BACKDOOR!"
X	Microsoft Windows Update Client	services.exe	"Added by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft Windows Update Service	wupdmgr32.exe	"Added by the DOS.AUTOCAT TROJAN!"
X	Microsoft Windows Update Service	msnmsg.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Windows Update x86	[various filenames]	"Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe
X	Microsoft Windows Updater	TMNTSrv.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Windows Updater	spoolvs.exe	"Added by the RBOT.ACQ WORM!"
X	Microsoft Windows Updater	suvhost.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Windows Visual V2.0	msiutil.exe	"Added by the DELF.JPH TROJAN!"
X	Microsoft Windows W32 Services	mssw32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Windows WKS Service	gt.exe	"Added by the SDBOT.IR BACKDOOR!"
X	Microsoft Windows WKS Service	mstask0.exe	"Added by the SDBOT.FV WORM!"
X	Microsoft Windows Workstation	devcode.exe	"Added by the RBOT-AWL WORM!"
X	Microsoft Windows XP Configuration Loader	m32svco.exe	"Added by the SDBOT.WORM!.48548 WORM!"
X	Microsoft Winedows WinServ	iPodFix.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Winsock Service	msusvc.exe	"Added by the RBOT-ANS WORM!"
X	Microsoft WinUpdate	svh0st.exe	"Added by the SPYBOT.DL WORM!"
X	Microsoft Word Profissional	Java Plug In close.exe	"Added by the BANKER-EL TROJAN!"
X	Microsoft World Service	winworld.exe	Added by an unidentified IRC worm with backdoor capability!
X	Microsoft XML Service	msxmlx.exe	"Added by the RBOT.KS WORM!"
X	Microsoft--Updates	sxvhost.exe	"Added by the RBOT-FH WORM!"
X	Microsoft-Updates	svxhost.exe	"Added by the RBOT-CT WORM!"
X	Microsoft64	antiv.exe	"Added by the SOBER WORM!"
X	MicrosoftCorp	javaw.exe	"Added by the BUZUS.BULO TROJAN!"
X	MicrosoftDriverService32	drsys32.exe	"Added by the IRCBOT.AKX BACKDOOR!"
X	MicrosoftKs	Drivers.bat	"Added by the SHUTDOWN-F TROJAN!"
X	MicrosoftMessenger	msnserv.exe	"Added by the DARKER.M WORM!"
X	MicrosoftNAPC	javaw.exe	"Added by the BUZUS.BULO TROJAN!"
X	MicrosoftOEM	smvss.exe	"Added by the DEDLER-G TROJAN!"
X	MicrosoftPersonalFirewall	spoolsrv.exe	"Added by the WOOTBOT.DO BACKDOOR!"
X	MicrosoftROMDriverService	cdrss.exe	"Added by the IRCBOT.BLF BACKDOOR!"
X	Microsofts Help Services	msnmngr.exe	"Added by the SDBOT-PJ WORM!"
X	Microsofts Service	lcsrv16.exe	"Added by a variant of the RBOT WORM!"
X	MicrosoftServiceManager	mstask32.exe	"Added by the YAHA.P WORM!"
X	MicrosoftServiceManager	Wintsk32.exe	"Added by the YAHA.U WORM!"
X	MicrosoftServiceManager	EXPLORERE.EXE	"Added by the YAHA.AB WORM!"
X	MicrosoftServiceManager	msupdat.exe	"Added by the YAHA.AA WORM!"
X	MicrosoftUpdate	svhest.exe	"Added by the RBOT-ES WORM!"
X	MicrosoftValue	syscnfg.exe	"Added by an unidentified VIRUS
X	Microsoftvirus	sysoverload.exe	"Added by the FORBOT-AL WORM!"
X	MicrosoftWindows	[various filenames]	"MagicSearch - a CoolWebSearch parasite variant"
X	MicrosoftXP Service Pack 2	servicepack2.exe	"Added by the RBOT.EMC WORM!"
X	Microsoft� ActiveX Debugger NT	setdebugnt.exe	"Added by the BANCOS-CZ TROJAN!"
U	Microsoft� Windows Mobile� Device Center	wmdc.exe	"Windows Mobile Device Center - mobile device management/synchronization software for Windows7/Vista
X	Microsong	svchosts11.exe	"Added by the SDBOT-EV WORM!"
X	Microst dds service	wsrss.exe	Added by an unidentified WORM or TROJAN!
X	microsystem	snddrv.exe	"Added by the VB.AXG TROJAN!"
X	Microszoft Update Mach1nezs	svchst.exe	"Added by the RBOT-ED WORM!"
X	Micrsoft Driver	windrive.exe	"Added by the SDBOT.AF TROJAN!"
X	Micrsoft Driver	msdriver.exe	"Added by the SDBOT-XD WORM!"
X	Micrsoft Driver	windrive32.exe	"Added by the SLINBOT.TT BACKDOOR!"
?	MigrationVendorSetupCaller	"rundll32.exe migrate.dll	CallVendorSetupDlls"
U	MilShieldSlave	ShieldWorker.exe	"Mil Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities"
N	MiniMavis	MiniMavis.exe	Mavis Beacon typing tutor
X	MiniServer.exe	MiniServer.exe	"Added by the LITTLEW-E TROJAN!"
X	Mircosoft DNS Service	svchost.exe	"Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
X	Mircosoft Windows Developer Enviroment	devenv.exe	Added by an unidentified WORM or TROJAN!
X	Mircosoft Windows Developer Enviroment	devenv.exe	"Added by the RBOT.AUJ BACKDOOR!"
X	Mircrosoft Svchost32	svchost32.exe	"Added by the RBOT-AZW WORM!"
N	miroVIDEO Tray Tool	misitray.exe	"Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed
X	mmemdrv	mmemdrv.exe	"SecondSight spyware. Note - SecondSight is spyware that captures keystrokes and screen shots
X	Mmgsvc	mmgsvc.exe	Mmgsvc spyware
N	MMReminderService	MMReminderService.exe	"Mind Manager from Mindjet - ""easy way to organize ideas and information"". Registration reminder"
?	mmsys	recover.exe	"??"
X	MMtask Service	mmtask.exe	"Added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename"
U	mm_server	mm_server.exe	"Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator"
X	mnsvc	mnsvc.exe	"Added by the AUTOUPDER TROJAN!"
X	mnsvcsp	mnsvcsp.exe	"Added by an unidentified VIRUS
N	Mobile Connectivity Suite	Application Launcher.exe	"System Tray access to the HTC Sync mobile phone management utility for models including the Hero
X	Modem	locatesvc.exe	"Added by a variant of the SPYBOT WORM!"
X	Modem Driverz Updates	mdmdrv.exe	"Added by a variant of the SDBOT WORM!"
N	MoneyStartUp10.0	Activation.exe	Part of MS Money 2002. Available via Start -> Programs
U	Monitor Apache Servers	ApacheMonitor.exe	Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs
X	Monitor calibration	AV1i.exe	"Anti-Virus-1 rogue security software - not recommended
X	Monitoring Service	svchost.exe	"Added by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasks"
X	MONPluginSrIvcs	n3monap23.exe	"Added by a variant of the RBOT WORM!"
X	MonTest	vccxzq.exe	"Added by the SDBOT-EA WORM!"
N	Motive SmartBridge	mpbtn.exe	"System tray icon for the Virtual Assistant from AT&T Broadband
N	Motive SmartBridge	MotiveSB.exe	"System tray icon for the Virtual Assistant from AT&T Broadband
N	Motive SmartBridge	BTHelpNotifier.exe	"System tray icon for help from BT Broadband
U	MotiveMonitor	motmon.exe	Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used by the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufacturer. For most users it's not required
N	MotiveSB	MotiveSB.exe	"System tray icon for the Virtual Assistant from AT&T Broadband
X	mousedrive.exe	instantmsgrs.exe	"Added by the FORBOT-ER WORM!"
X	MouseDrv	[path to worm]	"Added by the ZOLOAD-B WORM!"
X	MouseDrv	update.exe	"Added by the ZOTOB.N WORM!"
X	MoussaEvil	[path to file]	"Added by the MUSANUB-A WORM!"
X	MoveSearch	Search.exe	"PigSearch adware"
X	MoveSearch	zsearch.exe	"PigSearch adware"
N	Movielink Manager Uninstall	msvcmm32.exe	"Auto-update for Movielink - internet movie rental System Tray access"
X	MovieM	lmovie.exe	"Added by the BEAGLE.DS WORM!"
X	moviemk	moviemk.exe	"Added by the DWNLDR-GTB TROJAN!"
X	MovieNetworks	MovieNetworks.exe	MovieNetworks will connect you by a domestic premium rate telephone number 900-xxx-xxxx - so you get xxx rated pictures and junk and high internet costs. Remove the %ProgramFiles%\MovieNetworks directory
X	Movieplace	Movieplace.exe	"MoviePlace malware"
X	Mozilla Firebird v0.8 Internet Browser	netstats.exe	"Added by the IRCBOT.MC TROJAN!"
X	MP Services	mpsvc.exe	"Added by the WOOTBOT.EQ WORM!"
X	MP Tclockvv	mptclock.exe	"Added by the NACKBOT-A WORM!"
X	MP Tclockvv	mptclock.exe	"Added by the NACKBOT-A WORM!"
X	MP Tclockvv	mptclockvv.exe	"Added by the RANDEX.CJ WORM!"
X	MPL32 driver	MPL32.exe	"Added by the LOONY-M TROJAN!"
Y	mpLockDrive	LockDrive.exe	"LockDrive from i8 Technologies makes selected folders and drives read only and can be used to prevent users downloading or copying data to portable drives and memory sticks - i.e.
X	MPtask Services	mptask.exe	"Added by the LALA or AOT TROJANS!"
X	mptsgsvc.exe	mptsgsvc.exe	"Hacker Tool - detected by DiamondCS TDS-3 anti-trojan as ""HackTool.Win32.Hidd.j"""
X	MQT Svc	mqtsvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	mrsvctr	mrsvctr.exe	"Added by a variant of the SDBOT WORM!"
X	ms	svhost32.exe	"Added by the LEGMIR-AQO TROJAN!"
X	MS Config Loader	svchos1.exe	"Added by the AGOBOT.R WORM!"
X	MS Config Loader	svcrhost.exe	"Added by a variant of the RBOT WORM!"
X	MS Config Service	Msloader32.exe	"Added by the RBOT-KJ WORM!"
X	MS Config v12	mscfg12.exe	"Added by the AGOBOT.YP WORM!"
X	MS Config v13	lrbz32.exe	"Added by the GAOBOT.AOL WORM!"
X	MS Config v13	mscfg13.exe	"Added by the AGOBOT.YQ WORM!"
X	MS Decryption Software	active.exe	"MediaTickets adware variant"
X	MS DirectX Sound Drivers	msdrvdx.exe	"Added by the RBOT.BCX WORM!"
X	MS Domain Name Server Deamon	MSDNSD32.exe	"Added by the RBOT-CMZ WORM!"
X	MS DVD DirectX Dll Drivers	mdxdl.exe	"Added by the SDBOT-XI WORM!"
X	MS DVD DirectX Sound Drivers	msdrvdx.exe	"Added by the SDBOT-XJ WORM!"
X	MS Host Manager	ivhost.exe	"Added by the RBOT-BJN WORM!"
X	MS Java Applets for Windows NT & XP	javaapplet.exe	"Added by the RBOT.BHG WORM!"
X	Ms Java for Windows NT	MS32.exe	"Added by the VANEBOT-H WORM!"
X	Ms Java for Windows NT	msi32java.exe	"Added by the VANEBOT-I WORM!"
X	Ms Java for Windows NT	msjava.exe	"Added by the VANEBOT-E WORM!"
X	Ms Java for Windows NT	msi32info.exe	"Added by the RBOT.AFX WORM!"
X	MS Java for Windows XP & NT	javanet.exe	"Added by the VANEBOT-A WORM!"
X	MS Java Service Wrapper Windows NT & XP	wrapper.exe	"Added by the VANEBOT-D WORM!"
X	Ms Java Update For Windows NT/XP	msijavaupdt32.exe	"Added by the RANDEX.AF WORM!"
X	MS Java virtual machine	javavm.exe	"Added by the RBOT.ABG WORM!"
X	MS Registry Service	MSRMS32.exe	"Added by the RBOT-AKP WORM!"
X	MS Screen Saver	scrsave.scr	"Added by the RBOT-AGT WORM!"
X	MS Security Authority Service	lsass.exe	"Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process
X	MS Security Hotfix	service5.exe	"Added by the GAOBOT.AG WORM!"
X	MS service	msservice.exe	"Added by the RBOT-ZG WORM!"
X	MS Service Drivers	winscv.exe	"Added by the SDBOT-COG WORM!"
X	Ms Sound Drivers	msdrv.exe	"Added by the SDBOT-WR WORM!"
X	ms spool service	msspooler.exe	"Added by a variant of the RBOT WORM!"
X	MS UniX	navupdate64.exe	"Added by the RBOT.CRZ BACKDOOR!"
X	Ms Update WinServices NT/XP	winservnt32.exe	"Added by the VANEBOT-G WORM!"
X	Ms Valud Loader	Svhots.exe	"Added by the AGOBOT-SP WORM!"
X	MS Win32 Network Services	windriver.exe	"Added by the AGOBOT.ADH WORM!"
X	MS Windows AOL Driver	MSAOLdrv.exe	"Added by the RBOT-ASP WORM!"
X	MS Windows TASK Service	MSWTASK32.exe	"Added by a variant of the RBOT WORM!"
X	MS-DOS Boot Service	Boot32.pif	"Added by the RBOT-AMF WORM!"
X	MS-DOS Security Service	ms-dos.pif	"Added by the RBOT-AMR WORM!"
X	MS-DOS Service	MS-DOS.pif	"Added by the RBOT-AII WORM!"
X	MS-DOS Windows Service	MS-DOS.PIF	"Added by the RBOT-AJW WORM!"
X	MS32DLL	achi.dll.vbs	"Added by the ACHI-A TROJAN!"
X	MS32DLL	Bha.dll.vbs	"Added by the BUTSUR-A WORM!"
X	MS32DLL	MS32DLL.dll.vbs	"Added by the ZODGILA WORM!"
X	MsAudio	"MsVM_STI.EXE RunDll32 cmicnfg.cpl	CMICtrlWnd"
X	msavsc.exe	msavsc.exe	"Added by the AGENT.ANQ TROJAN!"
X	msclean	msvchost.exe	"Added by the OPANKI-Q WORM!"
X	msconfig	scvhost.exe	"Added by the AGENT-DSF TROJAN!"
X	Msconfig	icpldrvx.exe	"Added by the BANLOAD.BFT TROJAN!"
X	msconfig service	MSupdate32.exe	"Added by a variant of the SPYBOT WORM!"
X	msconfig38	mssvcc.exe	"Added by the RBOT-BJV WORM!"
X	MSConfigs	RUNDLL64.dll.vbs	"Added by the WEKODE-B WORM!"
X	mscsvc.exe	mscsvc.exe	"Added by the BANCOS.T TROJAN!"
X	MSCVT	MSCVT.exe	"Added by the SLIDESHOW WORM!"
X	MSDatabla	vadasq.exe	"Added by the LIOTEN.IK WORM!"
X	msdev	msdev.exe	"Added by the FORBOT-CR WORM!"
X	msdev	msconfig.exe	"Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting"
X	msdev control	msdevctrl.exe	"Added by the SPYBOT.N BACKDOOR!"
X	MSDOS Security Service	msdos.pif	"Added by the RBOT-AMP WORM!"
X	MSDOS Service	MSDOS.PIF	"Added by the RBOT-AIY WORM!"
X	MSDOS Windows Service	MSDOS.PIF	"Added by the RBOT-AKF WORM!"
X	MSDosdrv	msdosdrv.exe	"Added by the BACROS WORM!"
X	MSDrive	rundll32.exe drvkoc.dll	"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
X	MSDrive	rundll32.exe drvmod.dll	"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
X	MSDrive	rundll32.exe drvsoh.dll	"Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
X	MSDRV	NetFilter.exe	"Added by the INTERRUPDATE TROJAN!"
X	msdrvctrl	msdrvctrl.exe	"Added by the VIDCACH-A TROJAN!"
X	mserv	seres.exe	"Added by the AGENT-LIL WORM!"
X	mservices.exe	mservices.exe	"Added by the SDBOT.WJ WORM!"
X	mset	svchost.exe	"Added by the BIZEX-F TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""mset"" sub-directory"
X	MSFTP Service Config	r3grun.exe	"Added by a variant of the SDBOT WORM!"
X	MSFWAVTSM	FTPDev.exe	"Added by the RBOT-ACF WORM!"
X	msgserv_	Syss.exe	"Added by the FANTA TROJAN!"
X	Msgsrv16	Msgsrv16.exe	"Added by the DELF family of TROJANS!"
Y	MSGSRV32.exe	msgsrv32.exe	"Windows 32-bit VxD Message Server. For more information on its function and why it's needed
X	Msgsvc32	[worm filename]	"Added by the NAUTICAL-A WORM!"
X	MsgSvcMgr32	cmdzxdll.exe	"Added by the RBOT-AEK WORM!"
X	msgsvr32	msgsvr32.exe	"Added by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
X	MSInfo	AVBgle.exe	"Added by the NETSKY.O WORM!"
X	MSInstall	smvss.exe	"Added by the DEDLER-G TROJAN!"
X	msjava service	xpcd.exe	"Added by the SDBOT.VM WORM!"
X	MSKernel32	MSKernel32.vbs	"Added by the LOVELETTER (I LOVE YOU) VIRUS!"
X	mskrider	maskrider.dll.vbs	"Added by the SOLOW-F WORM!"
U	MSKServerExe	MSKSrvr.exe	"Part of McAfee Spamkiller"
X	msliveupdate	msliveupdate.exe	"Added by the AGOBOT.ALT WORM!"
X	MSMcAfeee	Avsynmgr32e.exe	"Added by the FRAMAR TROJAN!"
X	MSMcAfeeh	Avsynmgr32h.exe	"Added by the FRANGO TROJAN!"
X	MSMcAfeeS	Avsynmgr32S.exe	"Added by the VOLAC or VOLAC.DR TROJANS!"
X	MsMovies	MsMovies.exe	"Added by the ALCRA-E WORM!"
?	MsmqIntCert	regsvr32 /s mqrt.dll	"Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?"
X	MsMsgSrv	msmsgsrv.exe	"Added by the CQO TROJAN!"
X	MSMsgSvc	MSMSGSVC.exe	"Browser hijacker
X	msn	msnsvc.exe	"Added by a variant of the SDBOT WORM!"
X	MSN	scvhost.exe	"Added by the IRCBOT-ZW WORM!"
X	MSN	wkssvr.exe	"Added by the PUSHBOT.S WORM!"
X	MSN	Fixdriver.exe	"Added by the SILLYFDC.BBY WORM!"
X	MSN	wkssvrs.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN	wksvr.exe	"Added by the IRCBOT-XU WORM!"
X	MSN	wmev.exe	"Added by a variant of the SPYBOT WORM! See here"
X	MSN	services51651.exe	"Added by the IRCBOT-AAL TROJAN!"
X	MSN	msservice.exe	"Added by the IRCBOT-ABZ TROJAN!"
X	MSN	svchost.exe	"Added by the PUSHBOT.FA WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Msn 8.0 Live	msn.exe	"Added by the BANKER.EIE TROJAN!"
X	MSN BETA	service.exe	"Added by the RBOT.AUU WORM!"
X	MSN Live Client	msnlvclient.exe	"Added by the IRCBOT.AWF BACKDOOR!"
X	MSN Live Messanger	msnlivegs.exe	"Added by the RBOT-FSG WORM!"
X	MSN Manager	cvss.exe	"Added by a variant of the SPYBOT WORM!"
X	MSN Manager	msnmgrsv.exe	"Added by the IRCBOT.BAZ BACKDOOR!"
X	MSN Message Service	msnmsg.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN Messanger Live	winntmsn.exe	"Added by the RBOT-FSO WORM!"
X	MSN Messenger	live.messenger.com	"Added by the DELF.AOI BACKDOOR!"
X	MSN Messenger Live Login	msnmessengerlive.exe	"Added by an unidentified WORM or TROJAN! See here"
X	MSN Messenger Live Windows	messengerlive.exe	"Added by an unidentified WORM or TROJAN! See here"
X	MSN messenger service	mssgs.exe	Added by an unidentified TROJAN!
X	Msn Messenger Service	msnmsg.exe	"Added by the SDBOT.BMU WORM!"
X	MSN Messenger Service Starter	msnmgsr.exe	"Added by the RBOT-AOS WORM!"
X	MSN Messenger Service Startup	msnservice.exe	"Added by a variant of the RBOT WORM! See here"
X	MSN Messenger Services	msnmgr.exe	"Added by the RBOT.ADF TROJAN!"
X	MSN Messenger Services	msnmgr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Msn Messenger update	msnservice.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Msn Messsenger	regsvr.exe	"Added by the AGENT-GXM TROJAN!"
N	MSN Quick View	Msndc.exe	Quick way to connect to MSN internet service
X	MSN Serv	msmsnserv.exe	"Added by the IRCBOT.AVF BACKDOOR!"
X	Msn Serv	msnserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN Server	msmsnserver.exe	"Added by the IRCBOT.AUS BACKDOOR!"
X	MSN service	msnmgr16.exe	"Added by a variant of the RBOT WORM!"
X	MSN Service	amsnmsgrs.exe	"Added by a variant of the SDBOT WORM!"
X	Msn Service	matrixcam.exe	"Added by the MYTOB.JH WORM!"
X	Msn Service	raloded.exe	"Added by the MYTOB-DY WORM!"
X	MSN service	msnmsgr16.exe	"Added by the RBOT-RZ WORM!"
X	MSN service	NTDKRN.EXE	"Added by the RBOT.UJ WORM!"
X	MSN Service	msnsvc.exe	"Added by the SLENFBOT.EG WORM!"
X	MSN Service Updates	winproc.exe	"Added by the KELVIR-BB WORM!"
X	MSN Service Utilities	nkn.exe	"Added by the KELVIR-BC WORM!"
X	MSN Service!	msnservice.exe	"Added by a variant of the RBOT WORM! See here"
X	MSN Servicer	msnsrv.exe	"Added by a variant of the IRCBOT TROJAN!"
X	MSN Servicer	msnservicer.exe	"Added by the SLENFBOT.PQ WORM!"
X	MSN Services	msnserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN Services	msnservice.exe	"Added by the IMPARD-A TROJAN!"
X	Msn Update Service	userx.exe	"Added by the MYTOB.JF WORM!"
X	MSN Update Service	msnupdsv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN UPDATERS	virtualmemory.exe	"Added by the RBOT-JK WORM!"
X	MSN User Server	msnserver.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN User Server!	msnservices.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN User Service	msnsvc.exe	"Added by the SLENFBOT.NS WORM!"
X	MSN User Service!	msnserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN User Services	msnuserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN User Svc	msnusnsvc.exe	"Added by the IRCBOT.AVV BACKDOOR!"
U	MSN Video Enhanced	MSNVE.exe	"""MSN Video Enhanced can play videos that have dramatically improved video quality and sound. It can play the latest high-quality videos at the best possible quality."" No longer appears to exist"
X	MSN32 X Service	MSN32x.EXE	Added by an unidentified WORM!
X	MSN6.1 Auto-Updater	v6msn.exe	"Added by the AUTORUN-MM WORM!"
X	msnager32	svchostt.exe	"Added by the WOMANIZ.E TROJAN!"
X	MSNavWH	MSWkwrH.exe	"Added by the ANAV-A WORM!"
X	msndrvsys	msndrvsys.exe	"Added by the BROGGER-D TROJAN!"
X	MsnExplorer	SVCHST.EXE	"Added by the BDOOR-EB BACKDOOR!"
N	MSNIA	MSNIASVC.EXE	Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG
X	MsnMessengerSvc	msnmsgr.exe	"Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
X	MSNPluginSrIvcs	n3vasap23.exe	"Added by a variant of the RBOT WORM!"
X	MSNPluginSrvcs	p6.exe	"Added by the SDBOT.AKJ or RBOT-VJ WORMS!"
X	MSNPluginSrvcs	sagate.exe	"Added by the SDBOT.AKJ WORM!"
X	MSNService	MSNService.exe	"Added by the CARPET.C WORM!"
X	MSOffice	services.exe	"Added by the DLOADER-EU TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""MSOffice"" subfolder"
X	MSOfficeCfg	navchk.exe	Premium rate adult content dialer
X	MSOfficeCfg	qservice.exe	Premium rate adult content dialer
X	MSOfficeCfg	ssvr.exe	Premium rate adult content dialer
X	MSPetServ	PET32.EXE	"Added by the IRCBOT-VE WORM!"
X	MSPluginSrvc	p3.exe	"Added by the RBOT-WV WORM!"
X	MSRegSvc	regsvc32.exe	Homepage hijacker that changes your homepage to an adult content site
X	Mss Serv	msssrv.exe	"Added by the SLENFBOT.AA WORM!"
X	Mss VC	mssvc.exe	"Added by the OPANKI.AB WORM!"
X	mssdbsrv	msupdtck.exe	Added by a variant of a password stealing TROJAN!
X	msserrv32	msserrv32.exe	"Added by the STRATION.DW WORM!"
X	msserv	msserv.exe	"Added by the BLACKLOG-A TROJAN!"
X	msserv	lvsrev.exe	"Added by the BROWMON-B TROJAN!"
X	msserv32	msserv32.exe	"Added by the RBOT-ACK WORM!"
X	MsServer	msfun80.exe	"Added by the VB-CYG WORM!"
X	MSServer	"Rundll32.exe [random].dll	#1"
X	MsServer	msfir80.exe	"Added by the VB-CYJ TROJAN!"
X	msservice	msserv.exe	"Added by the HYD WORM!"
X	MSService_v1.0	realsched.exe	"EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name"
X	MSService_v1.0	vfp02.exe	"NewWeb adware"
X	MSSHVC	MSSHVC.exe	"Added by the NUFFY.A WORM!"
X	MSStartOptimizer	SCVHOST.EXE	"Added by the DASMIN-E TROJAN!"
X	mssvc	[path to trojan]	"Added by the PSK TROJAN!"
X	MSSVC	svcsys.exe	"Added by the FATOOS-C TROJAN!"
Y	MSSVC.EXE	MSSVC.EXE	"StealthDisk - hides folders
X	mssvc32	mssvc32.exe	"Added by the AGOBOT-ME WORM!"
X	MSSYSTEM	svcsys.exe	"Added by the FATOOS-C TROJAN!"
X	MStask	svchost.exe	"Added by the LDPINCH-BV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Mstask32driver	Mstask32.exe	"Added by the LOONY-D TROJAN!"
X	MSTaskbar 32	tbsvc32.exe	"Added by the RBOT.BQZ WORM!"
X	MSUpdate	svchosthlp.exe	"Added by the BLASTER.T WORM!"
X	Msupdate	svchosts.exe	"Added by a variant of the TACTSLAY TROJAN!"
X	Msupdate	svcrhost.exe	"Added by the TACTSLAY.A TROJAN!"
X	Msupdate	svcshost.exe	"Added by the TACTSLAY.A TROJAN!"
X	MSUpdateDevKit	axfd.exe	"Added by the SDBOT-ZD WORM!"
X	MSUpdSrv	msupdsrv.exe	"Browser hijacker
X	MsVBdll	sys32dll.exe	"Added by the AIMDES.B or AIMDES.C WORMS!"
X	MsVBdll	MsVBdll.pif	"Added by the AIMDES.A WORM!"
X	MSVBVM60	MSVBVBM60.pif	"Added by the SCOLD-B WORM!"
X	msvc32	msvc32.exe	"ClientMan parasite variant"
X	msvc32	msvc32.exe	"Added by the AGOBOT-NT WORM!"
X	msvcav	msvcav.exe	"Added by the AGENT-ACR TROJAN!"
X	msvcc	msvchost.exe	"Added by the XOMBE TROJAN!"
X	msvcc25	svcchost.exe	"Added by a variant of the SDBOT WORM!"
X	msvcc25	salvage.exe	"Added by a variant of the SDBOT WORM!"
X	msvcc25	svcchost.exe	"Added by the SDBOT-CSE WORM!"
X	msvccc66	svcchosst.exe	"Added by the RBOT-GLS WORM!"
X	msvccc66	dload.exe	"Added by a variant of the RBOT WORM!"
X	msvchost	msvchost.exe	"Added by the IRCBOT-AV WORM!"
X	MsvcService	msvcs.exe	"Added by the RBOT-RK WORM!"
X	msvecurity	msvecurity.exe	"Added by the DORF-BO WORM!"
X	MSVersion	INTERNETFEATURES.exe	"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
X	MSVersion	clrschp038.exe	"Added by the POPMON.A TROJAN! - also known as PopMonster adware"
X	msvhost	aig.exe	"Added by the AIMBOT-BC TROJAN!"
X	msvload32	msvload32.exe	"Added by the RBOT-ACI WORM!"
X	msvps	msvps.exe	"Added by the AGOBOT.ALI WORM!"
X	msvsc32	msdev.exe	"Added by the RBOT-GJ WORM!"
X	MSVsmt	rpcxctx.exe	Added by an unidentified WORM or TROJAN!
X	msvsrv32	msvsrv32.exe	"Added by the AGOBOT-KM WORM!"
X	msvss	msvss.exe	"Added by a variant of the RBOT WORM!"
X	MSVSync	videosync.exe	"Added by a variant of the SPYBOT WORM!"
X	msvupdater	msvupdater.exe	"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
X	MSVXD	MSVXD.EXE	"Added by the DATOM.A WORM!"
X	mswave	mswave.exe	"Added by the CRYPTER.A TROJAN!"
X	Mswavedll	mswavedll.exe	"Added by the CRYPTER-C TROJAN!"
X	MsWindows DRT Drivers	wsdrt32.exe	"Added by the RBOT.ALT WORM!"
X	MsWindows SSL Drivers	mssl32.exe	"Added by the SPYBOT.API WORM!"
X	MsWindows SysDate	sysmsvc.exe	"Added by the SPYBOT.FCD WORM!"
X	MSWinSrv	MSWinSrv.exe	"Added by the MTRON TROJAN!"
X	MSWinSrv32	MSWinSrv32.exe	"Added by the MTRON-B TROJAN!"
X	MsWinVgr	msvgr.exe	"Added by the MYTOB.LE WORM!"
X	mswkork Service	msework.exe	"Added by a variant of the RBOT WORM!"
X	mswspl	vnmispoisn downloader.exe	SearchBarCash adware variant
X	MSysDrv	msdrv.exe	Added by the VB.WF TROJAN!
X	Multimedia extensions	mservice.exe	"EasySearch adware"
X	Multimedia extensions	mservice1.exe	"Added by the DLOADR-AWD TROJAN!"
N	mumservice	mumservice.exe	"Software updater for Motorola products"
N	Music01 Server	Music01 Server.exe	"J River Media Jukebox"
N	MutexServiceEx	Sys32Smm.exe	"Webroot Sofware's discontinued ""Privacy Master"""
X	mv2	crasos.exe	"Added by the DROPPS-A TROJAN!"
U	MVRescue	mvrescue	Related to Multivision Computers back up/restore program. Multivision Computers ceased operating in 2004
N	MVS Splash	Splash.exe	Splash screen for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses
X	mvsyswina	acsysiom.exe	"Added by a variant of the SDBOT WORM!"
U	mwavscan	mwavscan.com	"MicroWorld Anti Virus Toolkit is a free anti-virus scanner that runs on-demand. You can choose to scan your entire system
X	Mwsvm	mwsvm.exe	"SeekSeek search hijacker related - see here"
X	mxcll	vec.exe	"Eco Antivirus rogue security software - not recommended
U	Mxvgautil	Mxvgautil.EXE	"Utility for a USB to VGA converter from MCT Corp"
X	My App	SMSSvc.exe	"Added by the NEGASMS.A TROJAN!"
X	My Supervisor	MSup1bf7.exe	"My Supervisor rogue system suite - not recommended
X	Myapp	service.exe	Homepage hijacker
X	MyAV	avpguard.exe	"Added by the NETSKY.J WORM!"
Y	MyCIO Agent Service	myagtsvc.exe	"Part of the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Starts via a registry ""RunServices"" key on Windows 98/Me and as a service on Windows NT/2K/XP"
X	MyLife	CmdServ.exe	"Added by the HOLAR.A WORM!"
U	mynsw	wntsrv.exe	"Net Screen Watcher surveillance software. Uninstall this software unless you put it there yourself"
X	MyPointsPointAlert	wjview ...MyPointsPointAlertrun.exe	"""With MyPoints you can earn rewards from name-brand merchants. You can even earn vacations and frequent flyer miles"". Dubious privacy policy"
X	MySLScan	msvc32.exe	"Added by the FORBOT-EH WORM!"
X	mysvcig38	mysvcc.exe	"Added by the RBOT-FOU WORM!"
X	mysvcig38	recsl.exe	"Added by a variant of the RBOT-FOU WORM!"
X	MyVBApp	SysNT.exe	"ReferAd adware"
X	MyVBApp	install.exe	"Detected as Generic Downloader.s by McAfee
X	MyVBApp	setup.exe	"Detected by Kaspersky as the VB.KB TROJAN! File location is in the root folder (i.e.
X	MyVirt.exe	MyVirt.exe	"Added by the REMADM-C TROJAN!"
U	MyVitalAgent	VtlAgent.exe	"MyVitalAgent from Lucent Technologies. Replacement for Net.Medic
Y	Naimagent_service	EPOAgentnaimas32.exe	"Networked version of McAfee VirusScan. Installs
X	Name Server	mswins.exe	"Added by a variant of the SDBOT WORM!"
X	nano	svchost.exe	"Added by the NANO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Nano Antivirus	nanoav.exe	"Nano Antivirus rogue security software - not recommended
X	napv.exe	wupdate.exe	"Added by the AGOBOT-JX BACKDOOR!"
X	NarmonVirusAnti	smss.exe	"Added by the AUTORUN-DV WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
X	NAV	RuxDLL32.exe	"Added by the MAPSON.D WORM!"
Y	NAV Agent	navapw32.exe	Norton Anti-Virus's background scanning process
X	nAv AGENT	N/A	"Added by the RIOSYS MACRO! Note the lower-case ""n"" and ""v"" in the name as this is not the valid Norton AntiVirus entry of the same name - indeed it closes Norton AV processes"
X	NAV Agent	systems.exe	"Added by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same name"
X	NAV Agent	winsnav.vbs	"Added by the ANPES WORM!"
X	NAV Agent	wmilib32.exe	"Added by the VB-XU TROJAN!"
X	NAV Auto Prot	navprot1.exe	"Added by the RBOT.ZAC WORM!"
X	NAV Auto Protect	msfwe1.exe	"Added by a variant of the RBOT WORM!"
X	NAV Auto Protect	navprotect.exe	"Added by the RBOT.BKW WORM! Note - this is not a valid Norton AntiVirus product from Symantec"
X	NAV Auto Protect	dnsserv.exe	"Added by a variant of the SDBOT WORM!"
X	NAV Auto Protect	mcafee32.exe	"Added by a variant of the SPYBOT WORM!"
X	NAV Auto Update	[random filename]	"Added by the SPYBOT-E WORM!"
X	NAV Auto Update	iamsad.exe	"Added by the SPYBOT-CE BACKDOOR!"
X	NAV Auto Update	Sadness.exe	"Added by the SPYBOT-E WORM!"
X	NAV Auto Updates	csrssp.exe	"Added by a variant of the SDBOT WORM!"
X	NAV Auto Updates	navwindows.exe	"Added by a variant of the SDBOT WORM!"
X	NAV Auto Updates	slserves.exe	"Added by the RBOT.COI BACKDOOR!"
X	NAV Auto Updates	navupdaterx.exe	"Added by a variant of the RBOT WORM!"
N	NAV CfgWiz	cfgwiz.exe	"Introduced with Norton Anti-Virus 2002
N	NAV Configuration Wizard	cfgwiz.exe	"Introduced with Norton Anti-Virus 2002
U	NAV DefAlert	DefAlert.exe	Norton Anti-Virus Definitions Alert. Warns you if virus definitions are out of date. Leave enabled unless you manually update virus definitions on a regular basis
X	NAV Live Update	[path to worm]	"Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec"
X	NAV Scan Service	NAVSCAN32.EXE	"Added by the SDBOT.VG WORM!"
X	NavAgent32	lasvr32.exe	"Added by the FEMOT.D WORM!"
X	NavAgent32	SCardSvr32.Exe	"Added by the MOFEI.B WORM!"
X	navapp	navapp.exe	"NavExcel adware variant"
Y	navapw32	navapw32.exe	Norton Anti-Virus's background scanning process
X	NAVCheck	navchk.exe	Premium rate adult content dialer
X	NAVCheck	shman.exe	Premium rate adult content dialer
X	Navegate	iiexplorer.exe	"Added by the BANCBAN-OP TROJAN!"
X	Navegate	wisterd.exe	"Added by the BANKER-BOS TROJAN!"
U	NaverPCGreen	NPCGreenUpgrader.exe	"Related to Naver_Anti-virus Realtime Monitor From NHNCorp"
U	Naviscope	naviscope.exe	"Naviscope is a multipurpose browser enhancement that can speed up Web searches
X	NaviSearch	nls.exe	"NaviSearch
N	NavLoad	NAVBrowser.exe	Registration reminder for CorelDRAW 10
X	navman_20	sysnav32.exe	"Hijacker
?	NAVMD25	UpdtNv28.exe	Added by Symantec for updating the MicroDefs for their AV products - is it required?
X	NAVMon32	NAVMon32.exE	"Added by the WINKO.AO WORM!"
X	NAVNet	**.tmp [ = random digit]	Unidentified adware
X	navp.exe	navp.exe	"Added by the AGOBOT-OE WORM!"
X	NavPass	NavPass.exe	Free system for gaining access to and downloading from adult content web-sites
X	NavScan	[filename]	"Added by the OBSORB TROJAN!"
X	NAVSCAN32.EXE	NAVSCAN32.exe	"Added by the SDBOT-DO WORM!"
X	NAVSCANNER32	NAVSCANNER32.EXE	"Added by the RBOT.QC WORM!"
X	NAVtask	NAVtask.exe	"Added by the REMBOT-A BACKDOOR!"
X	NAVUpd	"rundll32.exe navupd.dll	Startup"
X	NAVWatch	NAVWatcher.exe	"VX2.Transponder parasite updater/installer related"
X	NAV_Update	NAV_Update.exe	Unidentified WORM or TROJAN!
X	NC1565	winntsrv -l -p10001 -d -e cmd.exe -L	"Added by the NEWLEY-A WORM!"
Y	NCSW Server	NcsW.exe	"LockLink access control management software. LockLink 7.0 lets users seamlessly manage both offline and online access control solutions available from IR Security & Safety"
X	NDAv	csnss.exe	"Added by the SERFLOG.C WORM!"
X	NDAv	svhost.exe	"Added by the SERFLOG.C WORM!"
X	NDIS Adapter	servenxpp.exe	"Added by the FORBOT-GP WORM!"
X	NDIS Adapter	Servenxp.exe	"Added by the SPYBOT.LY WORM!"
X	NDIS Adapter	svchosttt.exe	"Added by the WOOTBOT.AN WORM!"
X	NDrv	NDrv.exe	"PurityScan adware"
X	Negative	spain.exe	"Added by the BANKER-EXJ TROJAN!"
?	neqprvfy.exe	neqprvfy.exe	"Appears to be related to the downloading of some application - possibly verifying updates?"
N	Nero DriveSpeed	DRIVESPEED.EXE	"Ahead Nero DriveSpeed - set the CD reading speed of a CD/DVD drive on-the-fly to reduce the noise on high-speed drives"
X	NeroFileCheck	msjavam32.exe	"Added by the AGOBOT.AKM WORM!"
N	NeroNETTrayIcon	NNServiceCtrl.exe	"System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network"
X	NeroUpdate Check	msjava.exe	"Added by the AGOBOT.AMH WORM!"
X	NeroUpdater6.8	winjava.exe	"Added by the AGOBOT.AMK WORM!"
U	Net Activity Diagram	nad.exe	"Net Activity Diagram from MetaProducts. Monitors your computer internet activity. Available via Start -> Programs"
X	Net Command Senter	nvscvse.exe	"Added by the IRCBOT!DF6280E5 VIRUS!"
X	net32	svhost.exe	Added by a variant of the Trojan.Clicker family
X	net64	svhoster.exe	"Added by the AGENT.JVF TROJAN!"
X	NetApp	winserv.exe	"Added by the SHADOWTHIEF TROJAN!"
X	NetBiosSrvc	HPSrvPrt.exe	"Added by the SDBOT-COL WORM!"
X	netc	svc.exe	"Added by the VESLORUKI.DWK TROJAN!"
X	netdaemon	netdaemon /v	"Malware designed to ""kill"" a number of antispyware applications (SpyBot
X	NetDy	VisualGuard.exe	"Added by the NETSKY.N or NETSKY.W WORMS!"
?	NetFxUpdate_v1.0.3705	netfxupdate.exe	"Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
X	NetManagerService	ntss.exe	"Added by the BESTPICS.A TROJAN!"
X	Netropa Internet Receiver	Netropa.exe	Netropa Internet Receiver. Shows a scrolling bar with the news. Major resource hog and flagged as spyware
U	Netscape	InstallService.exe	Related to Netscape installation
X	NetService	ntsvc.exe	"Added by the QQPASS-DU TROJAN!"
X	netservices	recall.exe	"Added by the WOOTBOT.D WORM!"
X	netservices	svchostn.exe	"Added by the SDBOT.GI WORM!"
X	NETServices	csxrs.exe	"Added by a variant of the SDBOT WORM!"
X	NetStart	svchost.exe	"Added by the MKAR-A VIRUS! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""NETSTART"" subfolder"
N	NetStat Live	Nsl.exe	"AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data"
X	netsv32	netsv32.exe	"Added by the SDBOT-PX WORM!"
X	netsv32	sv.exe	"Added by the DELF.CCD TROJAN!"
Y	NettGain2000 Verifier	NettGain2000 Verifier.exe	Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed
X	netview	netview.exe	"Added by the BIFROSE.L BACKDOOR!"
X	NETVISIONAdulti	[random filename]	"Trafficadvance dialer"
X	NETVISIONPasse-partout	Passe-partout.exe	"Added by the DIALCAR-M DIALER!"
X	netw	svw.exe	"Detected by Bitdefender as a variant of DROPPER.LDPINCH.Q malware"
X	Network Administration Service	rsvc32.exe	"Added by the RBOT.ABH WORM!"
U	Network Associates Error Reporting Service	TBMon.exe	Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
X	network device driver	msfirewall.exe	"Added by the DELF-LB TROJAN!"
U	NetWork Device Switch	NetDevSW.exe	Toshiba laptops with built-in Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary if you have regular need to switch back and forward between these network interfaces. Located in Startup folder so make own shortcut to it and disable if not really necessary
X	Network Host Service	msmnart32.exe	"Added by the RBOT-CJV WORM!"
X	Network Host Service	[random]32.exe	"Added by the RBOT-BAB WORM!"
X	Network maneger	svchost.exe	"Added by the AGENT.BX BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	Network Protocol Service	wuamgrd.exe	"Added by the RBOT.EA WORM!"
X	Network protocol service	wintcp.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Network Provisioning Service	WinNPS.exe	Added by an unidentified WORM/TROJAN!
X	Network Security	secsvc.exe	"Added by the RBOT-ALX WORM!"
X	Network Security XP	nvsvc86.exe	"Added by the RBOT-GUI WORM!"
X	Network Service	svchost.exe	"Added by the STARTPA-CC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Network Service	svhost.exe	"Added by the HACDEF-K TROJAN!"
X	Network Service	MccTrayApp.exe	Added by an unidentified WORM or TROJAN!
X	NETWORK SERVICE	SV�HOST.exe	"Added by the DELF-EW BACKDOOR!"
X	Network Service Manager	netsvc.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Network Services	netsvacs.exe	"Added by the GAOBOT.AIS WORM!"
X	Network Translation System Service	ntss.exe	"Added by the UNPDOOR TROJAN!"
X	netx	svx.exe	"Detected by Bitdefender as a variant of DROPPER.LDPINCH.Q malware"
X	netzip	svzip.exe	"Added by the DELF.ZWL TROJAN!"
X	New Anti Virus	System.exe	"Added by the BRONTOK-CH WORM!"
X	Newman	playavi.exe	"Added by the LINEAGE-AT TROJAN!"
?	News Service	ispnews.exe	"F-Secure antivirus related. However
U	NexusServer	PNXSERVR.exe	"Related to ProCoder 2.0 from Canopus. ""ProCoder 2.0 software combines speed and flexibility into a streamlined video conversion tool for professionals. Featuring
U	NFM Service	NPDOR9x.exe	"Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required"
N	NGServer	ngserver.exe	Symantec/Norton Ghost Console service
X	NI.UAVIFR_0001_N105M2404	[path to file]	"Installer for the VirusGarde French rogue security software - see here"
X	NI.UGA6PV_0001_N108M0207	[path to file]	"Installer for the VirusGarde French rogue security software - see here"
X	NI.UGA6PV_0001_N122M1202	[path to file]	"Installer for the VirusGarde French rogue security software - see here"
X	NI.UGA6PV_0001_N122M2910	[path to file]	"Installer for the VirusGarde French rogue security software - see here"
X	NI.UGESV_0001_N108M2006	[path to file]	"Installer for the SysDepannage French rogue system error and cleaning utility - see here"
X	NI.UGESV_0001_N122M0303	[path to file]	"Installer for the SysDepannage French rogue system error and cleaning utility - see here"
X	NI.UGESV_0001_N122M2811	[path to file]	"Installer for the SysDepannage French rogue system error and cleaning utility - see here"
X	NI.UGESV_0001_N122M3010	[path to file]	"Installer for the SysDepannage French rogue system error and cleaning utility - see here"
X	NI.UWA6P_0001_N56M1001	WinAntiVirusPro2006Installer.exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA6P_0001_N69M0303	WinAntiVirusPro2006Installer[1].exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA6P_0001_N73M1004	WinAntiVirusPro2006FreeInstall.exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA6P_0001_N91M1807	WinAntiVirusPro2006FreeInstall[1].exe	"Installer for the WinAntiVirus Pro 2006 rogue security software"
X	NI.UWA7P_0001_N91M0809	WinAntiVirusPro2007FreeInstall.exe	"Installer for the WinAntiVirus Pro 2007 rogue security software - see here"
X	NI.UWFX5V_0001_0802	UWFX5V_0001_0802NetInstaller.exe	"WinFixer 2005 web installer - ""foistware""
Y	nisserv	NISSERV.EXE	Norton Personal Firewall
U	niSvcLoc	niSvcLoc.exe	"Related to National Instruments Corp. LabView"
N	NkvMon.exe	NkvMon.exe	Nikon View 5 - for transferring pictures from Nikon digital cameras
N	NkVwMon.exe	NkVwMon.exe	Nikon View - for transferring pictures from Nikon digital cameras
?	NMSSvc	NMSSVC.EXE	NIC Management Service - diagnostics program for Intel Pro family network cards
Y	NMSVC	nmSvc.exe	"Covenant Eyes - surveillance software that creates records of everything people do on a computer
?	nMTaskBarService	nMtsk.exe	"Taskbar control for ISDN NetMod modem. What does it do and is it required?"
U	NNSvc	nnsvc.exe	"Net Nanny internet filter. Starts via a registry ""RunServices"" key on Windows 98/Me and as a service on Windows 2K/XP/Vista"
X	Nod23 Service	nod23.exe	"Added by the RBOT-GMK WORM!"
X	Nod29 Service	nodwr.exe	"Added by a variant of the RBOT WORM!"
X	Nod32 Free antivirus	nod32krn.exe	"Added by the RBOT-AAO WORM! Note - not the popular free NOD32 antivirus software
X	Nod32 Service	nod64.exe	"Added by the RBOT.ESJ WORM!"
X	Nod32 Service	alserv32.exe	"Added by the RBOT.DHN WORM!"
X	Nod32 Service	AutoUpdateWin32.exe	"Added by the SDBOT-DJG WORM!"
X	Nod32 Service	nod6.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Nod3d2 Free antivirus	N0D32KRN.EXE	"Added by the RBOT-ABQ WORM!"
X	nodriver	AUEKXRZ.EXE	"Added by a variant of the SPYBOT WORM!"
X	nodriver	SVCHOST.EXE	"Added by the SPYBOT-Z BACKDOOR! Note - this is not the legitimate svchost.exe process which should normally figure in Msconfig/Startup!"
U	Nokia M Platform	NokiaMServer.exe	"Part of the Nokia Music music manager
N	Nokia Ovi Suite	NokiaOviSuite.exe	"Nokia Ovi Suite for managing Nokia mobile devices - ""gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer
U	NokiaMServer	NokiaMServer.exe	"Part of the Nokia Music music manager
N	NokiaOviSuite	NokiaOviSuite.exe	"Nokia Ovi Suite for managing Nokia mobile devices - ""gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer
N	NokiaOviSuite.exe	NokiaOviSuite.exe	"Nokia Ovi Suite for managing Nokia mobile devices - ""gives you an easy access to the contents of your Nokia device. Transfer files and information effortlessly between your device and your computer
X	NortE Antivirus	norte.exe	"Added by the RBOT.BQQ WORM!"
X	NortE Antivirus	norten.exe	"Added by the RBOT-AFF WORM!"
X	Norton Antiviral Scanner	navscnr.exe	"Added by the DELBOT-K WORM!"
X	Norton Antivirus	nortonav.exe	"Added by the RBOT-AYE TROJAN! Note - this is not the real Norton AV!"
X	Norton Antivirus 2004	SYMANTECAV2.EXE	"Added by the SPYBOT-DY WORM! Note - this is not the real Norton AV!"
X	Norton Antivirus 7.0a	[path to file]	"Added by the PERDA-B or RANCK-CT TROJANS!"
X	Norton Antivirus AV	FVProtect.exe	"Added by the NETSKY.P WORM! Note - this is not the popular AV software!"
X	Norton AntiVirus Sys	NAVsys32.exe	"Added by a variant of the WOOTBOT WORM!"
X	Norton Antivirus Updater	nortonav.exe	"Added by the DELBOT-T WORM! Note - this is not the real Norton AV!"
X	Norton Auto Protect	nava.exe	Added by an unidentified WORM or TROJAN!
Y	Norton Auto-Protect	navapw32.exe	Norton Anti-Virus's background scanning process
X	Norton Auto-Protect	SERVICES.exe	"Added by the AHKER.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Also
?	Norton AV Preload	Premend.exe	"Norton Antivirus related. What does it do and is it required"
X	Norton AV Protection Startup	Ati2xxx.exe	"Added by a variant of the RBOT WORM!"
X	Norton Drive Protection	msdt32.exe	"Added by the FORBOT-GB WORM! Note - this not a valid Norton program!"
X	Norton Live Update Server	cpsdv.exe	"Added by the AGOBOT.EW TROJAN!"
X	Norton Live Updater	Cavapsvc.exe	"Added by the GAOBOT.AO WORM!"
X	Norton Live Updater	Sochost.exe	"Added by the GAOBOT.AO WORM!"
X	Norton Live Updater	Avapsvc.exe	"Added by the AGOBOT-BG BACKDOOR!"
N	Norton Navigator Loader	nnloader.exe	"An older Norton utility for file management under Windows 95. More information here"
U	Norton Program Scheduler	NPSsvc.exe	"Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95
?	Norton Program Scheduler Event Checker	npscheck.exe	"Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker"
X	Norton protect	nvsvc.exe	"Added by a variant of the RBOT WORM!"
X	Norton Protect Activies	csrss.exe	"Added by the BANKER-CZ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""D5133"" subfolder"
X	Norton Service Driver	wsul.exe	"Added by the RBOT-ABI WORM!"
X	Norton Service Process	navapvc.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Norton Service Process	navapsvc.exe	"Added by the AGOBOT-GV WORM! Note - this is not the valid Norton Anti-Virus service which has the same file and is located in %ProgramFiles%\Norton AntiVirus. This one is located in %System%"
X	Norton SpySweeper AutoUpdate	navsw.exe	"Added by the FORBOT-AS WORM!"
X	Norton Update	winsvc.exe	"Added by the AGOBOT.ALP WORM!"
X	Norton updated	NVSV32.EXE	"Added by the SDBOT.ABH WORM!"
X	Norton Updater	navupdtr.exe	"Added by the SDBOT.AXV WORM!"
X	NortonAntivirus	LSASS.exe	"Added by the PEXMOR WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Temp"
X	NortonAV	norton_antivirus.exe	"Added by the NETJOE TROJAN! Note - this is not the legitimate Symantec AV program"
X	nortonav	CCUPD32.EXE	Added by an unidentified WORM or TROJAN!
X	Nortons AV SYSTEM	scvchost.exe	"Added by a variant of the RBOT WORM!"
X	Nortons AVS Systems	arse.exe	"Added by the RBOT.AWY WORM!"
X	nortonsantivirus	ccEvtMngr.exe	"Added by the HZDOOR-A TROJAN!"
X	NortonVPlus	svchost.exe	"Added by the ROAMER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
N	NoteBurner	VTBurnerGUI.exe	"NoteBurner from NoteBurner Inc. - ""a versatile music converter that can be used as MP3 music converter
X	Notification Utility	altpayV2.exe	"AltPay adware"
U	NovaBackup * Tray Control	NbkCtrl.exe	"Scheduling engine of NovaSTOR Backup Service. Only required if scheduling is enabled and wanted - see here. * represents the version number"
?	NovaPortal Single User Service	NPSU.exe	"??"
U	NovastorSchedulerd	SCHENGD.EXE	NovaStor NovaBACKUP Scheduler - back-up utility. If you don't have regularly scheduled back-ups you don't need it
X	novsvida.exe	novsvida.exe	"GlobalAccess dialer"
X	NoWayVirus	pgs.exe	"NoWayVirus rogue security software - not recommended
X	NPF Value	NPFMONTR.exe	"Added by the RBOT-AWD WORM!"
?	NPS Event Checker	npscheck.exe	"Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as Norton Program Scheduler Event Checker"
X	nsdcmd services	nsdcmdav.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	nsdcmd vid process	nsdcmdwin.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	nsdriver	nssys32.exe	"NetShagg adware"
X	Nsv	nsvsvc.exe	"Delfin Promulgate adware"
X	nsvcin	n20050308.exe	"Delfin Media Viewer adware related"
X	Nsvdr	nsvdr.exe	Adult content dialler
X	NT LM Security Support Provider	WinNTLM.exe	"Added by a variant of the SDBOT WORM!"
X	NT Logging Service	Syslog32.exe	"Added by the DONK.B WORM and variants!"
X	NT MICROSOFT SVCD	ntvsvcd.exe	"Added by a variant of the RBOT WORM!"
X	NT Printing Service	spoolsc.exe	"Added by the BUZUS-K WORM!"
X	NT Printing Service	chkdsks.exe	"Added by the ARCHIVARIUS series of WORMS!"
X	NT Printing Service	chkdskss.exe	"Added by the ARCHIVARIUS series of WORMS!"
X	NT Printing Services	chkdsks.exe	"Added by the BUZUS-M TROJAN!"
X	NT Service	NTOKSRNL.EXE	"Added by the RBOT-AAG WORM!"
X	NT Services	ntsvc.exe	"Added by the AGOBOT.VJ WORM!"
X	NT Virtual Machine	[path to file]	"Added by the SCAERBOT-A WORM!"
X	NT-Virtual Device Manager	ntvdmn.exe	"Added by the SDBOT-AAA WORM!"
X	Ntcheck	mapserver.exe	"Added by the TOMPAI-B WORM!"
X	ntmsevt	ntmsevt.exe	"Added by the STOPED-B TROJAN"
X	NTP Server	[path to trojan]	"Added by the RANKY.F TROJAN!"
X	NTSet32	services.exe	"Added by the WINSPY-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\dll32"
X	NTSF MICROSOFT SYSTEM	scvhost.exe	"Added by a variant of the RBOT WORM!"
X	NTsrv.exe	NTsrv.exe	"Added by a variant of the SERVU-O TROJAN!"
X	Ntsysv	ntsysv.exe	"Added by the MIFENG-E TROJAN!"
X	ntupdate	dnsvc.exe	"Added by the SDBOT-TC WORM!"
X	ntuser	svchost.exe	"Added by the POLYCRYP.DY TROJAN!"
U	NTVDM	NTVDM.EXE	"Windows NT Virtual DOS Machine (NTVDM) for running 16-bit tasks on the 32-bit OS's (Windows NT
X	ntvdmd	ntvdmd.exe	"Adware downloader - also detected as the DLOADER-YP TROJAN!"
X	ntvdscm	ntvdscm.exe	"Added by the SCKEYLOG-I TROJAN!"
Y	NuTCSetupEnviron	ncoeenv.exe	"Used by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix runtime environment for Windows
U	NuvaTime	NuvaTime.exe	"NuvaTime - reminder for women using NuvaRing"
X	NvagNT	nvagNT.exe	"Added by the AGOBOT-RV WORM!"
X	nvc Win32	nvcvc.exe	"Added by the RBOT-ADD WORM!"
X	NvCCCpl	NvCCCpl.exe	"Added by the NOGATA-A TROJAN!"
X	nvchost	winlogon.exe	"Added by the KLONE-J TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	NvClipRsv	svchost.exe	"Added by the DUMARU-K WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	NvClipRsv	swchost.exe	"Added by the DUMARU-AK WORM!"
?	NVCLOCK	"rundll32 nvclock.dll	fnNvclock"
X	nvcoi	nvcoi.exe	"Added by the DLOADER.TYO TROJAN!"
?	NvColorInit	"rundll32.exe NvQtwk.dll	NvColorInit"
X	NVCOM	NVCOM.exe	"Added by the AGOBOT-SB WORM!"
X	NvCp1Do	[path to trojan]	"Added by the DWNLDR-GWE TROJAN! The most common filename seen is ""smss.exe"" - which is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
U	NvCpl	"RUNDLL32.EXE NvCpl.dll	NvStartup"
X	NvCpl	NvCpl.EXE	"Added by the YANZ.B WORM!"
X	NvCpl	[random filename]	"Added by the AGOBOT-APJ WORM!"
X	NvCpl	windowsp.exe	"Added by a variant of the SDBOT WORM!"
X	NvCpl	rundl32.exe	"Added by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as ""rundll32.exe NvCpl.dll
X	NvCpl28Deamon	mdosft.exe	"Added by the SPYBOT-AD WORM!"
X	NvCPL32	nvcpl32.exe	"Added by the AGOBOT.DAA WORM!"
X	NvCpl32Deamon	nvcpl.exe	"Added by the SPYBOT.S WORM!"
X	NvCplD	m2gr32.exe	"""Switch"" premium rate adult content dialler variant"
X	NvCplD	ntcpl.exe	"""Switch"" premium rate adult content dialler variant"
U	NvCplDaemon	"RUNDLL32.EXE NvQTwk	NvCplDaemon"
U	NvCplDaemon	"RUNDLL32.EXE NvCpl.dll	NvStartup"
X	NvCplDaemon	msmsgrs.exe	"Added by the DLOADER-YI TROJAN!"
X	NvCplDaemon	Xplorer.exe	"Added by the ORBINA-A WORM!"
X	NvCplDaemon32	anvshell32.exe	"Added by the VB-XU TROJAN!"
X	NvCplDeamon	nvdisp.exe	"Added by the PEEPVIE-I TROJAN!"
X	NvCplDmn	NAVSVC.EXE	"Added by an unidentified VIRUS
X	nvcpll	nvcpll.exe	"Added by the BANCBAN-PF TROJAN!"
X	NvCplScan	msc32.exe	"Added by the FORBOT-DD WORM!"
X	NvCplScan	winasp.exe	"Added by the FORBOT.BZ WORM!"
X	NvCplScan	nvsc32.exe	"Added by the BROPIA.N WORM!"
X	NvCplScan	kav32.exe	"Added by the FORBOT-EW WORM!"
X	NvCplScan	netstat32.exe	"Added by the SDBOT.BRL WORM!"
X	NvCplScan	dllmanager.exe	"Added by the FORBOT.R WORM!"
X	NvCpTDaemon	wuauqmr.exe	"Added by the CULT-B WORM!"
X	nvctrl.exe	nvctrl.exe	"Added by the ZLOB.G TROJAN!"
X	nvd32 lptt01	nvd32.exe	"RapidBlaster variant (in a ""nvd32"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	nvd32 ml097e	nvd32.exe	"RapidBlaster variant (in a ""nvd32"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	NVDispDrv	NVDispDRV.EXE	"Added by the WINKO.AO WORM!"
X	NvGraphicsInterface	[path to trojan]	"Added by the BCKDR-QKI BACKDOOR!"
U	NVHotkey	rundll32.exe nvHotkey.dll	"Enables the use of ""hot keys"" for changing setting on Nvidia graphics"
X	Nvid	[8 random charachters]	Unidentified adware
X	Nvid32	Nvid32.exe	"Added by the GEMA TROJAN!"
X	Nvidex32	Nvidex32.exe	"Added by the GEMA TROJAN!"
Y	NVIDIA ActiveArmor	ntrayfw.exe	"System Tray access to the the NVIDIA ActiveArmor hardware-optimized firewall built into some older nForce 3 and 4 series motherboard chipsets"
X	nVidia Application Drivers	nvidiav32.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Nvidia Control Daemon	nksvc32.exe	Added by an unidentified WORM or TROJAN!
X	Nvidia Control Panel	ncsvc32.exe	"Added by an unidentified VIRUS
X	NVIDIA Display	DisplayMonitor.exe	"Added by the ABI.C WORM! Note - this is not a legitimate nVidia entry"
X	nVidia Display Driver	nvsvc64.exe	"Added by the IRCBOT-YK WORM! Note - this is not related to any nVidia based graphics card"
X	nVidia Display Drivers (x86)	nvsys86.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	NVIDIA Driver	MSPMSPSU.EXE	"Added by the WOOTBOT.Y WORM!"
X	nVidia Drivers	nVidiaDrvers.exe	"Added by the SDBOT-AFX WORM! Note - this is not related to any nVidia based motherboard or graphics card"
X	NVidia Drivers	[path to trojan]	"Added by the RANCK-R TROJAN! Note - this is not related to any nVidia based motherboard or graphics card"
U	NVIDIA Media Center Library	"RunDLL32.exe NvMCTray.dll	NvTaskbarInit"
X	NVIDIA Media Center Library	winlogon.exe	"Added by the AUTORUN-AZK WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
N	NVIDIA nForce APU1 Utilities	NVATray.exe	"nVidia's nForce Audio Processing Unit (APU)- ""provides 3D positional audio and DirectX 8.0 compatibility
U	NVIDIA nTune	nTune.exe	"Older version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures
U	NVIDIA nTune	nTuneCmd.exe	"Now part of NVIDIA System Tools under the ""Peformance"" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures
X	Nvidia Startup Manager	ksvc32.exe	"Added by the AGENT-IWD TROJAN!"
X	nVidia System Drivers	nvsys32.exe	"Added by an unidentified WORM or TROJAN! See here"
U	NVIDIA System Monitor	NVMonitor.exe	"NVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures
U	NVidia System Utility	NVSystemUtility.exe	"NVidia System Utility - older version of the NVIDIA nTune utilty for monitoring and modifying the settings (such as temperatures
X	NVIDIA Video drivers	video_32D.exe	"Added by the AGOBOT.KV WORM!"
X	NVIDIA Video drivers	video_32sD.exe	"Added by the RBOT-BB WORM!"
X	Nvidia32	nvidia32.exe	"CoolWebSearch parasite variant - also detected as the HOSTS-B TROJAN!"
X	NVidiaDrv	nvfsvm.com	"Added by the DELF-A BACKDOOR!"
X	NviDiaGT	lsass.exe	"Added by the AUTORUN-DV WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
N	NvidiaQuickTweak	"rundll32.exe NvQtwk.dll	NvTaskbarInit"
U	NVIDIA� NVRAID	nvraidservice.exe	"Part of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errors"
X	nvidll32	nvidll32.exe	"Added by the RBOT-XK WORM!"
U	NVIEW	"rundll32.exe nview.dll	nViewLoadHook"
X	nviload32	nviload32.exe	"Added by the SDBOT-VT WORM!"
N	NvInitialize	"rundll32.exe NvQtwk.dll	NvXTInit"
X	nvirundll	nvirundll.exe	"Added by the SPYBOT.NPS WORM!"
X	nvjxue	nvjxue.exe	"Added by the EYEVEG-J WORM!"
Y	NVmax	NVmax.exe	NVmax is a old tweaking utility for NVidia graphics cards. In the startup list if the user chooses to overclock their card
U	NVMCTRAY	"RunDLL32.exe NvMCTray.dll	NvTaskbarInit"
U	NvMediaCenter	"RunDLL32.exe NvMCTray.dll	NvTaskbarInit"
N	NVMixerTray	NVMixerTray.exe	System Tray access to audio controls from nVidia's motherboard ForceWare software
U	NVMonitor	NVMonitor.exe	"NVIDIA System Monitor - part of NVIDIA System Tools. Utility for monitoring and logging system statistics (such as temperatures
X	nvmsgdwn	NVMSGDWN.EXE	"Added by the GRABER-D TROJAN!"
X	NvMsnW	Isass.exe	"Added by the BROPIA.K WORM!"
X	nvpatch	napatch.exe	"Added by the SASSER-F WORM!"
U	NvPvrNetMon	NvPvrNetMon.exe	"Network monitor for the Personal Video Recorder function of the NVIDIA ForceWare Multimedia application - ""makes sure you don't miss your favorite show. If you won't be home to watch the show
N	NVQuickTweak	"rundll32.exe NvQtwk.dll	NvTaskbarInit"
U	NVRaidService	nvraidservice.exe	"Part of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errors"
Y	NvRegisterMCTray	"RUNDLL32.EXE NVMCTRAY.DLL	NvMCRegisterApp NvCpl.dll"
Y	NvRegisterMCTrayNview	"RUNDLL32.EXE NVMCTRAY.DLL	NvMCRegisterApp nView.dll"
?	NVRotateSysTray	nvsysrot.dll	"Related to NVIDIA nView Control Panel. What does it do and is it required?"
N	NVRT	nvrt.exe	NVRefreshTool is a utility that will automatically detect the maximum refresh rate at each resolution that your monitor supports
?	NVRTClk	NVRTClk.exe	"Related to a Gigabyte video card. What does it do
X	nvsv32.exe	nvsv32.exe	"Added by the FORBOT-DI WORM!"
X	nvsv32.exe	cstr.exe	"Added by a variant of the SDBOT WORM!"
X	nvsv32.exe	asr_fnt.exe	"Added by the WOOTBOT.GE WORM!"
X	nvsv32.exe	nvsv33.exe	"Added by the WOOTBOT.FP WORM!"
N	NvSvc	nvsvc.exe	"NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active
X	nvsvc	nvsvc.exe	"Added by the BANKER-HQ TROJAN! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System%"
X	NVSVC	nvsvc.exe	"Added by the AGOBOT.ALX WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System%"
U	NvSvc	"RUNDLL32.EXE nvsvc.dll	nvsvcStart"
U	nvsvc16	nvsvc16.exe	"MySuperSPy surveillance software. Uninstall this software unless you put it there yourself"
X	nvsvca32	nvsvca32.exe	"Added by the TACTSLAY.E TROJAN!"
X	nvsvca32	clfmon.exe	"Added by the TACTSLAY.E TROJAN!"
X	NVSystem32	nvscv32.exe	"Added by the AGOBOT-NO WORM!"
X	Nvt32	complaint_7251.exe	"Added by the ARTIEF.B TROJAN!"
X	NvUpdater	nwiz32.exe	"Added by a variant of the RBOT WORM!"
X	nvviddrv32	[random filename]	"Added by the RBOT-HT BACKDOOR!"
X	NvVideoCenter	NvVid.exe	"Added by the HAXDOOR-DO TROJAN!"
X	NvXplDeamon	xstyles.exe	Added by the SMALL.AJ VIRUS!
X	nxgsvc	"rundll32.exe nxgsvc.dll	start"
X	Nxvst	cssrs.exe	"Added by the GAOBOT.CD WORM!"
X	Nxvst	lsas.exe	"Added by the GAOBOT.CD WORM!"
Y	Object Store Server	osserver.exe	"Comes with HyperTextStudio. From the supplier - "The Osserver maintains the database for HyperText Studio projects - absolutely vital
?	obsver	obsver.exe	"Part of LingoWare translating software - what does it do and is it required?"
U	Octoshape Streaming Services	OctoshapeClient.exe	"Octoshape Live Streaming - ""is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture"""
N	Odebit Multimedia V2	Odebit.exe	"Odébit Multimedia - free French multimedia player giving access to the best of television
N	Odebit Multimedia V3	Odebit.exe	"Odébit Multimedia - free French multimedia player giving access to the best of television
N	Odebit Multimedia V3 - Services	Odebit.exe	"Odébit Multimedia - free French multimedia player giving access to the best of television
Y	oeprsrv	oeprsrv.exe	"Outlook Express Privacy - which ""lets you control access to Outlook Express and its email message database. When you enable protection
Y	oeprsrv.exe	oeprsrv.exe	"Outlook Express Privacy - which ""lets you control access to Outlook Express and its email message database. When you enable protection
Y	oepsrv	oepsrv.exe	"Outlook Express Protector from Ixis Research
Y	oepsrv.exe	oepsrv.exe	"Outlook Express Protector from Ixis Research
Y	oessrv	oessrv.exe	"Outlook Express Security - which is used ""to control access to Outlook Express and its databases. When it is active
Y	oessrv.exe	oessrv.exe	"Outlook Express Security - which is used ""to control access to Outlook Express and its databases. When it is active
X	oe_drop_spam	oesrv.exe	"Dropspam adware"
X	Office Monitor	adv32.exe	"Added by the SDBOT-CWO WORM!"
X	Office Monitor	nvsvc86.exe	"Added by the IRCBOT.BVO BACKDOOR!"
X	Office Monitor Word Exel R	svch.exe	"Added by the DWNLDR-GWW TROJAN!"
X	OfficeAgent	svcrhost.exe	"Added by the TACTSLAY.A TROJAN!"
X	OfficeAgent	svcshost.exe	"Added by the TACTSLAY.A TROJAN!"
X	OfficeGuardUI	svcss.exe	"Added by the DEDLER-C TROJAN!"
X	OfficeQuickAccess	OfficeHost.vbs	"Added by the PEXMOR WORM!"
X	OLE Automation Server	ole32aut.vbe	"CoolWebSearch parasite variant"
X	OLEDb Service	runoledb32.exe	"Added by a variant of the SPYRE.B TROJAN!"
U	olesvr	olesvr.exe	"Salfeld Child Control - parental control software"
X	Olive System	Szchost.exe	"Added by the MERCURYCAS.A TROJAN!"
X	Omega AntiVir	OM83b.exe	"Omega AntiVir rogue security software - not recommended
U	On screen display	TPOSDSVC.exe	"Supports the hotkeys on IBM/Lenovo ThinkPad notebooks - displays the result of the using of function keys on the desktop screen. For example
U	OnfolioStorage	onfserv.exe	"""Onfolio is the complete solution for collecting
?	online cdrom	Active acid.exe	"??"
X	Online Service	svchost.exe	"Added by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Online Services	twain.exe	"Added by the AGENT.BEA TROJAN!"
X	Onluna Sarvice	sachost.exe	"Added by the TOFGER-AA TROJAN!"
X	Onlune Sarvice	sachost.exe	"Added by the DAEMONI-J TROJAN!"
X	only23	SCVHOST.exe	"Added by the BCKDR-PUQ BACKDOOR!"
X	OnSrvr	OnSrvr.exe	OnWebMedia adware
X	Open Service Drivers	opiater.exe	"Added by a variant of the RBOT WORM!"
X	OpenGL Drivers	0penGLD.exe	"Added by the YIMP-A WORM!"
U	openvpn-gui	openvpn-gui.exe	"""OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations
U	Openwares LiveUpdate	LiveUpdate.exe	"Web-update utility as used by various types of software - see here"
X	Opera addon	svhost.exe	"Added by the AGENT-IBD WORM!"
X	Operalaunch	vmm.exe	"Added by the AGENT-IBD WORM!"
N	Operations Typhoon Rising Registration	NOVG.EXE	"Joint Operations registration reminder"
X	Optional Web Drivers For WIN32	phqghume.exe	"Added by a variant of the RBOT WORM!"
N	OptusNet Desktop Service Centre	DSC.exe	OptusNet DSL or Dial-Up connection software
X	OrbitView	view.exe	"Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D
X	OSS	rlvknlg.exe	"Marketscore.RelevantKnowledge adware"
U	OStivityInvAgt	ostivity.exe	"OStivity - "a desktop and server hardware and software asset/inventory solution for small to enterprise sized organizations that need to quickly gain knowledge of 'what's installed' without having to manually touch every computer in the company. The next time the computer logs into the network
X	Outlook Mail Services	express.exe	"Added by the RBOT.CJN WORM!"
X	Outlook Mail Services	outlook.exe	"Added by the RBOT-BKA TROJAN! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%"
?	OVCJ	ovcj.exe	"??"
X	overinstall	pgs.exe	"Part of VirtualPCGuard
N	Overnet	Overnet.exe	"Overnet peer-to-peer (P2P) file sharing program"
X	ovyriwi	telace.exe	"Added by the SDBOT.BVS WORM!"
U	OWCWebCamDV	wcdvtray.exe	"WebCamDV from Orange Micro
X	oxbvpen	gwthtis.exe	"Added by the SILLYFDC-AH WORM!"
X	P0w3rF1Y	svchost.exe	"Added by the BDOOR-MM BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
?	Packard Bell EverSafe Tray Control	TrayControl.exe	"Packard Bell EverSafe software. What does it do
X	PaintingRoom evidence monitor	paintingroom.exe	Paintingroom.com smiley software - not recommended as the site tries to drop a trojan on you...
N	PAL Evidence Eliminator	Cleaner.exe	"PAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis"
X	Paladin Antivirus	pav.exe	"Paladin Antivirus rogue security software - not recommended
U	Panda Antispam Server Service	PasSrv.exe	"AntiSpam part of an older version of Panda Internet Security"
Y	Panda Cleaner	pavdr.exe	"Panda internet security software related. Possibly the ActiveScan on-line scanner?"
Y	Panda Preventium+ Service	PREVSRV.EXE	"Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security"
U	Panda Scheduler	pavsched.exe	"Scheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basis"
X	PandaAVEngine	PandaAVEngine.exe	"Added by the NETSKY.R WORM!"
U	PandaScheduler	pavsched.exe	"Scheduler for older versions of Panda Antivirus. Required if you have scans scheduled on a regular basis"
N	Paperport	runppdrv.exe	"Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here"
X	PaRaY_VM	winlogon.exe	"Added by the AUTORUN-DV WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
X	Patches Value	WinGamed.exe	"Added by the SDBOT.BR WORM!"
?	PathNvidiaTV	patchnvidiaTVout.exe	Related to a Gigabyte Nvidia based video card - typical file location is %ProgramFiles%\Gigabyte\Nvidia
X	PAV	pav.exe	"Personal Antivirus rogue security software - not recommended. Located in %ProgramFiles%\PAV"
X	PAV.EXE	%Number%	"Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any number"
Y	PAV.EXE	PAV.EXE	"PER Antivirus"
Y	PAVFIRES	PavFires.exe	"Firewall included with older versions of Panda Antivirus and Internet Security"
Y	PAVFNSVR	PavFnSvr.exe	"Part of Panda Antivirus and Internet Security"
Y	Pavkre9x	pavkre9x.exe	"Part of the 2005 & 2006 versions of Panda Antivirus and Internet Security"
Y	PavProc	PavPrS9x.exe	"Part of Panda Antivirus and Internet Security"
Y	PavProt	PavProt.exe	"Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security"
Y	Pavprot9	Pavprot9.exe	"Part of the 2005 versions of Panda Antivirus and Internet Security"
X	PC Drive Tool	GDC.exe	"PC Drive Tool rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
X	PC Live Guard	PC[random characters].exe	"PC Live Guard rogue security software - not recommended
Y	PC Tools AntiVirus Client	PCTAV.exe	"System Tray access to PC Tools AntiVirus from PC Tools - which ""provides world-leading protection against viruses
U	PC Tools Privacy Guardian	pg.exe	"Part of Privacy Guardian from PC Tools - which ""is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer"". This startup entry runs only on the next reboot if the ""Cache
X	PCAntiVirusPro	pgs.exe	"PCAntiVirusPro rogue security software - not recommended
?	PCMCIA Resource Monitor	nvp2pmon.exe	"NVIDIA nForce P2P Driver. What does it do and is it required?"
N	PCMService	PCMService.exe	"Part of Cyberlink's PowerCinema - which can be used to watch movies
X	PCPrivacyCleaner	pcpc.exe	"PCPrivacyCleaner rogue privacy tool - not recommended"
X	PCPrivacyDefender Freeware	UPSPDAP.exe	"PCPrivacyDefender rogue privacy program - not recommended
X	PCPrivacyTool	GDC.exe	"PCPrivacyTool rogue privacy tool - not recommended. There are number of variants in this family sharing the same filename and user interface - see here"
X	pcServer	server.exe	"Ssppyy spyware"
X	PCShield	regsvr32 sfg_***.dll [ = random char]	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
X	Pcsv	pcsvc.exe	"Delfin Media Viewer or ""Promulgate"" adware"
Y	PCTAV	PCTAV.exe	"System Tray access to PC Tools AntiVirus from PC Tools - which ""provides world-leading protection against viruses
Y	PCTAVApp	PCTAV.exe	"System Tray access to PC Tools AntiVirus from PC Tools - which ""provides world-leading protection against viruses
U	PCTVOICE	pctvoice.exe	"The program PCTVoice is used by the modem to interface with your computer and also used for some V.80 functions for Video Conferencing. if you uncheck it
U	PCTVRemote	remoterm.exe	Controls the remote control on some Pinnacle TV tuners
X	PCVirusless	pgs.exe	"PCVirusless
U	PD0620 STISvc	P0620Pin.dll	Creative Technology Ltd installation plug-in related
X	PDA Commander	stisvc32.exe	"Added by the AGOBOT-TX WORM!"
?	PDF Converter Registry Controller	RegistryController.exe	"Part of PDF Converter Professional version 2 from Scansoft (now Nuance). what does it do and is it required?"
U	pdfFactory Dispatcher v1	fppdis1a.exe	"FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler
U	pdfFactory Dispatcher v2	fppdis2a.exe	"FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler
U	pdfFactory Pro Dispatcher v1	fppdis1.exe	"FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler
U	pdfFactory Pro Dispatcher v3	fppdis3a.exe	"FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler
N	pdfSaver3	pdfSaver3.exe	"PDF-XChange - create Adobe compatible PDF files from virtually any Windows software such as MS Word
U	pdp Server	ctpdpsrvr.exe	Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network
N	pdservice	pdservice.exe	"Part of SafeGuard PrivateDisk from Utimaco - which ""securely and transparently protects sensitive files on notebooks and desktop computers
N	PDService.exe	pdservice.exe	"Part of SafeGuard PrivateDisk from Utimaco - which ""securely and transparently protects sensitive files on notebooks and desktop computers
?	PDVD8LanguageShortcut	Language.exe	"Part of Cyberlink's PowerDVD version 8. Language settings?"
U	PDVDDXSrv	PDVDDXSrv.exe	"Remote Control background application for Cyberlink's PowerDVD DX - a Dell specific version of their standard PowerDVD product. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control
U	PDVDServ	PDVDServ.exe	"Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control
?	Peeramid	PService.exe	"In a ""Koptimizer"" folder in Program Files. What does it do and is it required?"
U	Pent@VALUE 3.2	Pent@VALUE.exe	Pent@VALUE Digital Satellite Internet PC Receiver
Y	PER Email Protection	pavmail.exe	"PER Antivirus"
U	perfmon	perfmon.vbs	"MindStorm AnalyzerPro from Secure Associates. ""A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"""
X	Perfomance Monitor	davcsync.exe	"Added by the LAMUD-A WORM!"
X	Perfomance Settings	svchost.exe	"Added by the TOFGER-AP TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Personal Antivirus	PerAvir.exe	"Personal Antivirus rogue security software - not recommended
X	Personal Computer	scvhost.exe	"Added by the RBOT-AJE WORM!"
X	Personal Firewall V9	Firewall-UpdateV9.exe	"Added by the RBOT-BJR WORM!"
X	Personal Firwall	ptmedsrv.exe	"Added by the SDBOT.XY WORM!"
X	PersonalAV	pav.exe	"PersonalAV rogue security software - not recommended. Detected as the FAKEAV.FT TROJAN by Trend. Located in %ProgramFiles%\PersonalAV"
U	Pervasive.SQL Workgroup Engine	W3dbsmgr.exe	Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
X	Pex Sound Driver	Today's Results.vbs	"Added by the TRODE-A WORM!"
X	pex Sound driver 2	Today's Results.vbs	"Added by the TRODE-A WORM!"
?	PFW_PullSrv	PULL.EXE	"Personal Firewall related?"
Y	PGPSDKSVC	pgpsdkserv.exe	"PGPsdkServ.exe is the new SDK service which is responsible for performing all PGP key management and cryptographic functions. This functionality was moved into a service to allow multiple modules simultaneous read/write access to the keyrings
U	PGPSERVICE	pgpservice.exe	"PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice
X	PGStub.exe	[various filenames]	Unidentified adware
U	phc700	vphc700.exe	"Related to the Philips SPC700NC web camera"
N	PhilipsDM	DeviceManager.exe	Device manager for Philips portable media players such as the GoGear
?	PhilipsLime	LimeAlive.exe	"Associated with some Philips portable media players such as the GoGear. What does it do and is it required?"
U	Phone Connection Monitor	audevicemgr.exe	"Connection monitor part of the Sony Ericsson PC Suite mobile phone management utility for some models
U	PhoneFree version 6.2	PHONEF??.EXE	"An Internet telephony application. Complicated registration and ad banners tailored to your profile - see here"
N	Photo Loader supervisory	Plauto.exe	"Casio's Photo Loader software. Hook up your camera to the USB port
X	Photoshop	svchost.exe	"Added by the CDOPEN-E TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%"
X	picsvr	picsvr.exe	"Delfin Promulgate adware"
N	Picture Motion Browser Media Check Tool	SPUVolumeWatcher.exe	"Part of the Sony Picture Uility software supplied with Sony camera/camcorder products. Automatically invokes an import process if the camera/camcorder is connected and has media on it"
U	Picture Package VCD Maker	Residence.exe	"Sony Picture Package software for their range of Digital Handycam video cameras. Used to connect the camcorder via USB and allows the user to burn the content directly to a CD"
X	picview	picview.exe	"Added by the DWNLDR-FPH TROJAN!"
X	picview	msnmsgr.exe	"Added by the BANLOA-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%"
U	piiserviceOE	N/A	"Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE"
Y	PinnacleDriverCheck	PSDrvCheck.exe	"Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled"
N	PivotSoftware	wpctrl.exe	"PivotPro from Portrait Studios - allows a screen to be rotated to match rotated LCD screens
X	Pixelsvr	Pixelsvr.exe	"Added by the GEMA TROJAN!"
X	PK Services	pksvc.exe	"Added by the FORBOT-BW WORM!"
X	Plasdll service	[random filename]	"Added by a variant of the SDBOT WORM!"
X	Playboy	playavi.exe	"Added by the GAMANLOCK TROJAN!"
N	PlayMovie	PMVService.exe	"Part of Acer Arcade Deluxe lets you browse pictures
N	PluckSvr	PluckUpdater.exe	"Pluck Toolbar updater"
X	Pluto! Pager	srvhandle.exe	"Added by the REDPLUT VIRUS!"
?	PMCS	PMC.Service.Main.exe	"Related to MediaCenterService from Pinnacle Systems. What does it do and is it required?"
X	Pmedia	winsrvc.exe	"Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM!"
X	PnP Driver	playboy.exe	"Added by the FORBOT-FR WORM!"
X	pnpsvc_lock	*****.exe [ = random digit]	Browser hijacker
X	pnpsvc_lock	startsvs.exe	Browser hijacker
X	PNtask Services	pntask.exe	"Added by the LALA.C TROJAN!"
X	pnvifj	jusodl.exe	"Added by the QQPASS.48436 TROJAN!"
N	PoivY	PoivY.exe	"PoivY - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
X	PoliceAV	xppolice.exe	"XP Police Antivirus rogue security software - not recommended
X	Policies	server.exe	"Added by the SPYRAT WORM!"
X	Policies	server.exe	"Added by the AGENT-NLT TROJAN!"
X	PolicyRun	spoolsv32.exe	"Added by the BACKDOOR-DNV TROJAN!"
X	PolicyRun	svchost.exe	"Added by the SILLYFDC-AW WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	pool manager	popsvr.exe	"Added by the AGENT-S BACKDOOR!"
X	poolsv	poolsv.exe	Added by an unidentified WORM or TROJAN!
X	POP	PopSrv***.exe	"PeopleonPage foistware
U	pop3 Server	config.cfg	"Part of HTML2POP3 - ""Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested"""
X	PopeSvr	PopeSvr.exe	"Added by the LEGMIR-AJ TROJAN!"
X	popsrv146	popsrv146.exe	"AproposMedia adware"
X	PopularScreensaversWallpaper	"rundll32 [path] F3SCRCTR.DLL	LES"
X	Popup and Advertisement Killers	adkillers.exe	"Added by the RBOT-DDH WORM!"
X	Popup Blocker Updater	regsvr32 veev***.dll [ = random char]	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
X	Popup Defence Updater	regsvr32 pdfupd.dll	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
U	PopupVanish	PopupVanish.exe	Pop-up blocker
X	Postdavatch	nvdas.exe	"Added by the RANDEX.T WORM!"
X	Postpatch	nvdes.exe	"Added by the RANDEX.T WORM!"
X	Power-Antivirus-2009	Power-Antivirus-2009.exe	"Power Antivirus 2009 rogue security software - not recommended
N	PowerArchiver Tray	PASTARTER.EXE	"System Tray access to PowerArchiver from ConeXware
N	PowerDVD	PowerDVD.exe	"Launches Cyberlink's PowerDVD software and creates a system tray icon. If enabled
X	PowerManager	svchost.exe	"Added by the JEEFO VIRUS! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
N	PowerReg Scheduler	PowerReg Scheduler V3.exe	"PowerREGISTER from Leadertech. Registration reminder as used by Iomega
N	PowerReg Scheduler V3	PowerReg Scheduler V3.exe	"PowerREGISTER from Leadertech. Registration reminder as used by Iomega
N	PowerReg SchedulerV2	PowerReg SchedulerV2.exe	"PowerREGISTER from Leadertech. Registration reminder as used by Iomega
N	PowerReg SchedulerV3	PowerReg SchedulerV3.exe	"PowerREGISTER from Leadertech. Registration reminder as used by Iomega
Y	PP2000 Real Time Scan	PPVstop.exe	Protector Plus anti-virus software - real time scanner
U	PPK Setup(Server)	SEServe.exe	"Programmable Power Key on Sony Vaio laptops. "Using the Programmable Power Key (PPK) button
U	PPSVC	[path to file]	"PC Police surveillance software that logs keystrokes
X	Preview AdService	PrevAdServ.exe	Windupdates adware variant
X	PrevX	prevx.exe	"Added by the IRCBOT-TF WORM! Note - this worm is located in the System (Win9x/Me) or System32 (XP/WinNT/2K) directory and is not the PrevX Home intrusion prevention software"
Y	PrevxHome	SAGUI.exe	"PrevX Home intrusion prevention software"
Y	PrevxOne	PXConsole.exe	"Prevx intrusion prevention software"
Y	PrevxPro	SAGUI.exe	"PrevX Home intrusion prevention software"
X	Print Driver Helper Service	crsrr.exe	"Added by the AGENT-BC TROJAN!"
N	Print Master Event Reminder	PMremind.exe	"Event reminder for calendar dates
X	Print Scheduler	usnsvc.exe	"Added by a variant of the KOBOT-C WORM!"
X	Print Services	spolserv32.exe	"Added by the RBOT.ZP WORM!"
X	Print Spooler	Spoolsv.exe	"Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
X	Print Spooler	spoolsvc32.exe	"Added by the SDBOT.BB TROJAN!"
X	Print Spooler	spoolsv32.exe	"Added by the RBOT.SW WORM!"
X	Printer	vmmon32.exe	"Added by the RBOT-CSB WORM!"
X	Printer Services	spool.exe	"Added by the RBOT-Y WORM!"
X	Printer spool Service	spool.exe	"Added by the RBOT-ACP WORM!"
X	printerdrv	vdms.exe	"Added by the OPTIXKIL.30 TROJAN!"
X	Printing Driver	msprint.exe	"Added by the RBOT.JH WORM!"
X	PrintSpoolSv	System.exe	"Added by the BDOOR-S BACKDOOR!"
U	PRISMSVR	PRISMSVR.EXE	Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter
U	PRISMSVR.EXE	PRISMSVR.EXE	Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter
N	Privacy Eraser Pro	PrivacyEraser.exe	"Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities"
X	Privacy Guarantor	PrivacyGuarantor.exe	"Privacy Guarantor rogue privacy program - not recommended
Y	Privacy Guardian	PgIndex.exe	"Part of Privacy Guardian from PC Tools - which ""is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer"". This startup entry runs only on the next reboot if the ""Index.dat"" option is selected for IE under ""Browsers"" when the users selects ""Clean Your Computer"". Index.dat files keep a track of pages
U	Privacy Guardian	pg.exe	"Part of Privacy Guardian from PC Tools - which ""is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer"". This startup entry runs only on the next reboot if the ""Cache
X	Privacy Protector	Privacy Protector.exe	"PrivacyProtector rogue privacy tool - not recommended
X	Privacy Watcher	Privacy Watcher.exe	"Privacy Watcher rogue privacy program - not recommended
X	PrivacyConductor	GDC.exe	"PrivacyConductor rogue privacy tool - not recommended
Y	PrivacyGuardianIndex	PgIndex.exe	"Part of Privacy Guardian from PC Tools - which ""is a safe and easy-to-use privacy protection tool that securely deletes online Internet tracks and program activity records that are stored in your browser and other hidden files on your computer"". This startup entry runs only on the next reboot if the ""Index.dat"" option is selected for IE under ""Browsers"" when the users selects ""Clean Your Computer"". Index.dat files keep a track of pages
U	PrivacyKeyboard	PrivacyKeyboard.exe	"PrivacyKeyboard is a product ""that can provide every computer with strong protection against ALL types of keylogging programs and keylogging hardware devices
X	PrivacyProtector Free	UPRP.exe	"PrivacyProtector rogue privacy tool - not recommended
X	PrivacyScanner	pscan.exe	"Privacy Champion
X	PrivacyWarrior	GDC.exe	"PrivacyWarrior rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
N	PrivateDisk	pdservice.exe	"Part of SafeGuard PrivateDisk from Utimaco - which ""securely and transparently protects sensitive files on notebooks and desktop computers
X	PrivateNet	[various filenames]	Premium rate adult content dialler
U	Privoxy	privoxy.exe	"Privoxy - web proxy with advanced filtering capabilities for protecting privacy
X	PrnShare	Wscript.exe prn_share.vbs	"Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""prn_share.vbs"" file is located in %System%"
X	ProAntiVirus	ProAntiVirus.exe	"Added by the RBOT-FTP WORM!"
X	PROCESS SESSION MANAGER	PIDSERV.EXE	"Added by the RBOT-Y WORM!"
U	ProcessGovernor	processgovernor.exe	"Core engine for Process Lasso from Bitsum Technologies - ""a state-of-the-art
X	Processor	svchost.exe	"Added by the AGENT-KIR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\)"
U	ProcessSupervisorGUI	ProcessSupervisor.exe	"Graphical user interface (GUI) for Process Lasso from Bitsum Technologies - ""a state-of-the-art
X	Profile	Profile.vbs	"Added by the WHITEHO VIRUS or TRAPPY WORM!"
X	Program Access Service	[10 random letters].exe	"Added by the RBOT.GJJ WORM!"
U	Progressive Touch	SynTPEnh.exe	"Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads
U	Progressive Touch	SynTPLpr.exe	"Synaptics TouchPad driver helper - included with drivers for Synaptics based TouchPads
X	prompt drive	[random filename]	"Added by the SDBOT.AMF WORM!"
U	Protect	SHVRTF.EXE	"PC Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash
X	ProtectionDeDriver	GDC.exe	"ProtectionDeDriver rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
X	ProtejaseuDrive	SysRep.exe	"ProtejaseuDrive rogue system error and cleaning utility - not recommended. A member of the ErrClean family"
X	Protocol Settings	kav.exe	"Added by a variant of the RBOT WORM!"
X	ProtocolDiskChk	svcvlw32.exe	"Added by the STINX-Y TROJAN!"
X	ProtocolEventTsk	csrwjd.exe	"Added by the STINX-N TROJAN!"
X	prov	prov.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Provan Security	psecure.exe	"Added by the RBOT.BRV WORM!"
X	PrU Async Service	[path to worm]	"Added by the IRCBOT-UG WORM!"
X	prvtect	prvtect.exe	"Prutect malware from e2Give - attempts to shut down or tamper with a number of anti spyware applications
Y	PSDrvCheck	PSDrvCheck.exe	"Part of Pinnacle Systems InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive settings. Once loaded it doesn't use any resources so you can leave it enabled"
X	PService	svcnow32.exe	"Added by the SPYBOT-DJ TROJAN!"
X	PSGuard spyware remover	PSGuard.exe	"Variant of the SmitFraud alias FAKEALE-C TROJAN!"
Y	PSIMSVC	PSIMSVC.exe	"Part of Panda Antivirus and Internet Security"
N	PSIWin2.3 Connection Server	Psconsv.exe	Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs
X	psybnc server 3.1	psybnc321.exe	"Added by the RBOT.ENI BACKDOOR!"
X	psyBNC-2.1.4 Client Server	psyBNC215.exe	"Added by a variant of the RBOT WORM!"
X	PTRGMYGK	"rundll32.exe ptmg1v.dll	DllRunMain"
U	PUAC v2.0.7	Puac.exe	"""Peter's Ultimate Alarm Clock"""
U	Purgative	PURGATIVE100.EXE	AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
X	pushbot	service52.exe	"Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger"
U	PV92TRAY	PV92Tray.exe	"PCtel HSP V.92 modem configuration utility"
X	PVModule	pvmodule.exe	"Adperform.com/Adoptim.com adware - located in %ProgramFiles%\PrintView and detected by Avira AntiVir antivirus as the AGENT.ALB TROJAN! NOTE - the 'real' PrintView installs in C:\CBR folder"
N	PVR	PVR.exe	"Pocket Voice Recorder - freeware sound recorder that records from microphone and any other input line available with your sound card"
U	PVUnInst1	PVUnInst1.exe	"Privacy View - privacy software that ensures that all your private computer files
N	PWRISOVM.EXE	PWRISOVM.EXE	"PowerISO - a powerful CD/DVD image file processing tool"
U	Pwrsave	Pwrsave.exe	Toshiba Power Saver utilities. Required on a laptop if you run of a battery and want to conserve power
U	PWSActivePrint_5	ActivePrintSystem.exe	"ActivePrint from Pocket Watch LLC - ""Windows Mobile users are given the invaluable capability of printing from their mobile devices to any Windows 2000/XP/2003/Vista compatible printer without the necessity of wireless hardware"""
N	Q152404	wsript.exe Q152404.VBS	Appears to run Scandisk at bootup on NEC PCs
X	qappsrvc32.exe	qappsrvc32.exe	"Detected by Kaspersky as the WEBBER.M TROJAN!"
Y	QCDriverInstaller	Lqdsw.exe	"Launches the camera driver setup wizard on the first reboot after installing Logitech's ClickSmart
X	Qffecdas	vvzxx.exe	"Added by the MULTIDRP.AA TROJAN!"
Y	QH Live Update Scheduler	UPSCHD.EXE	"Quick Heal Anti-Virus"
X	qkoszvd.dll	"rundll32.exe qkoszvd.dll	jwezubg"
U	QPService	QPService.exe	"HP QuickPlay - ""brings your favorite music and movies to life with the touch of a button"""
X	QQKAV	scvhsot.exe	"Added by the QQROB.ARQ WORM!"
X	QQServer	QQ.exe	"Added by the DOWNLDR-AN TROJAN!"
X	qservices	qservice.exe	"Added by the PROGENT-A TROJAN!"
X	QTSvc	msocfg.exe	Premium rate adult content dialler
X	QTSvc	navchk.exe	Premium rate adult content dialler
X	QTSvc	shman.exe	Premium rate adult content dialler
X	QTSvc	ssvr.exe	Premium rate adult content dialler
U	QtVprMtx	QTVPRMTX.EXE	"Multimedia keyboard driver from Dritek System Inc"
X	Quick Office	activate.exe	"Added by the RANSOMLOCK.D TROJAN! Note - this infection hooks the keyboard to prevent anything except numbers from being typed and displays a Russian message requesting a valid license key"
N	Quick View Plus	QVP32.EXE	Quick View Plus from Inso Corporation. Multiple file type viewer. Available via Start -> Programs
U	QuickBooks Database Server Manager	QBServerUtilityMgr.exe	"Part of QuickBooks Pro/Premier from Intuit - ""QuickBooks Database Server Manager is a utility that allows you to configure the QuickBooks Server for multi-user access."" See here for further information"
N	QuickBooks Delivery Agent	QBDAGENT.EXE	As far QAGENT but for QuickBooks. Can also have the version number in the name
U	QuickDVBT	QuickDVB-T.exe	"AVerTV_DVB-T connects Digital TV with your PC or Notebook and allows you to watch free-to-air digital terrestrial television channels with no subscription to pay"
U	QuickTV	QuickTV.exe	"Infra-red remote control driver for the AVerTV Studio TV tuner/personal video recoder from AVerMedia. Required if you use the remote control"
X	qvqe	qgebv.exe	"Added by the AGOBOT-OJ WORM!"
X	RA Server	Slave.exe	Added by the RA TROJAN!
U	RadioSvr	RadioSvr.EXE	Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network
U	RAID Event Monitor	Iaanotif.exe	"Part of Intel® Matrix Storage Manager (formally known as Intel® Application Accelerator and Intel® Application Accelerator RAID Edition). Used in conjunction with the event monitor service (IAANTMON - Iaantmon.exe) to display event notifications (such as RAID volume status changes
U	RAMDrive	RDTask.exe	"Virtual Hard Drive Pro from Farstone - ""takes a portion of your system memory and creates a RAM disk drive
X	Randex virus built for IRBMe	irbme.exe	"Added by the RANDEX.RH WORM!"
X	Random Interface Network Manager	rinsv.exe	"Added by the DELBOT-L WORM!"
X	Rapdata	ravsecs.exe	"Added by the QQPASS-V TROJAN!"
X	Rapdatybs	ravseteyns.exe	"Added by the PWS-ACP TROJAN!"
X	Rapid Antivirus	Rapid Antivirus.exe	"Rapid Antivirus rogue security software - not recommended
X	Raptelnet	ravspeger.exe	"Added by the QQPASS-AA TROJAN!"
X	Raptelt	ravspegtl.exe	"Added by the QQPASS-AB TROJAN!"
Y	Raptor Mobile	vpnservices.exe	"Symantec VPN Client used to connect to corporate networks. If unchecked
X	RasCon Remote Access Service Manager	rasmngr.exe	"Added by the SPYBOT.EM WORM!"
Y	RAV8Tray	ravtray8.exe	"RAV anti-virus related"
X	RavAv	RavMonE.exe	"Added by the RJUMPF-F WORM!"
X	RavAv	AdobeR.exe	"Added by the RJUMP.D WORM!"
X	RAVEN_VLZS.EXE	RAVEN_VLZS.EXE	"DownloadReceiver parasite - no longer in existence"
Y	RavMon	RavMon.exe	"RAV AntiVirus"
X	ravshell	expl0rer.exe	"Added by the DLOADER.MAR TROJAN!"
X	Ravshell	explore3.exe	"Added by the PAKES.HZ TROJAN!"
X	Ravshell	IEXPLORER.EXE	"Added by the AGENT.URZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
X	Ravshell	rund1132.exe	"Added by the AGENT.OKZ TROJAN!"
X	Ravshell	svch0st.exe	"Added by the NSPM.PU TROJAN! Notice the digit ""0"" in the filename rather than the lower case ""O"""
X	ravshell	1explore.exe	"Added by the DLOADER.MJF TROJAN!"
X	ravshell	iexpl0re.exe	"Added by the NOFERE-A TROJAN! Note the number ""0"" in the filename"
Y	RavStub	ravstub.exe	"Rising antivirus"
X	ravtask	rund1132.exe	"Added by the DLOADER.IYT TROJAN!"
X	ravtask	svch0st.exe	"Added by the LINEAG-AIN TROJAN!"
Y	RavTask	RavTask.exe	"Rising antivirus"
X	ravtask	iexpl0re.exe	"Added by the AGENT.AIR BACKDOOR! Note the number ""0"" in the filename"
X	RavTime	Mstray.exe	"Added by the WUKILL.A WORM!"
Y	RavTimer	RavTimer.exe	"RAV AntiVirus"
X	RavTimer	explores.exe	"Added by the HOMEY-A TROJAN!"
X	RavTimeXP	[worm filename]	"Added by the WULLIK.B WORM!"
X	RavTimeXP	Virus	"Added by the CAGER.A WORM!"
X	RavTimXP	[worm filename]	"Added by the WULLIK.B WORM!"
X	RavUptets	agetlke.exe	"Added by the QQPASS-AK TROJAN!"
X	RavUptkt	agetlktz.exe	"Added by the QQPASS-AJ TROJAN!"
X	RavUptpe	ravsesur.exe	"Added by the QQPASS-T TROJAN!"
?	rav_temp.exe	rav_temp.exe	"??"
X	rbnynkctv	rbnynkctv.exe	"Added by the AGENT-GPA BACKDOOR!"
X	RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server	glossary.exe	"Added by the VANEBOT-J WORM!"
X	RCAutoLiveUpdate	MaxLURC.exe	"Max Registry Cleaner rogue registry cleaner - not recommended
X	Rcf Driver	rcf.exe	"Added by the RANDEX.BLD WORM!"
X	rCron	dservice.exe	"""Switch"" premium rate adult content dialler variant"
X	RDPlatinum v5	RDPlatinumv5.exe	"Registry Defender Platinum rogue registry cleaner - not recommended
X	rdvs	[worm filename]	"Added by the ULTIMAX.B WORM!"
X	RealAV.exe	RealAV.exe	"Real Antivirus rogue security suite - not recommended
X	Realplayer Video	RealPlay.exe	"Added by a variant of the RBOT WORM!"
U	Realtek AC97 Audio - Event Monitor	ALCMTR.EXE	"Realtek Azalia Audio - Event Monitor
U	Realtek Voice Manager	Skytel.exe	"Realtek Voice Manager
U	Receiver	PcfaxRcv.exe	"Incorporated on multifunction digital copiers (such as the
N	Recover	N/A	Added during the installation of Comcast High Speed Internet software. During installation the system reboots and if the disk is removed a screen appears asking for the disk to be re-inserted to complete installation. Not required once installion is complete
X	recover.bmp.exe	Rundll.exe	"Added by the ANAFTP-01 TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
N	RecoverFromReboo	RECOVE~1.EXE	"Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched
N	RecoverFromReboo	RecoverFromReboot.exe	"Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched
N	RecoverFromReboot	RECOVE~1.EXE	"Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched
N	RecoverFromReboot	RecoverFromReboot.exe	"Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched
X	Recoveru system	svchast.exe	"Added by a variant of the LINEAGE-AV TROJAN!"
X	Recoveru systems	svchost.exe	"Added by the SMALL.DDX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
X	Reek 32 Server	reek32.exe	"Added by the RANDEX.AL WORM!"
U	Reflex Vision	ReflexVision.exe	"Reflex Vision from Increment Software. ""A background application for Windows XP that makes switching windows faster and easier"""
X	Reg Service	winsy.exe	"Added by a variant of the SPYBOT WORM!"
X	Reg Service	winslogon.exe	"Added by the AGOBOT-SC WORM!"
X	Reg Service	ipcfg.exe	"Added by the AGOBOT-SO WORM!"
X	Reg Service	REGSRV32.EXE	"Added by the RBOT.ZW WORM!"
X	Reg Service	WinnConfig.exe	"Added by the AGOBOT-PF WORM!"
X	Reg Service	NT32.exe	"Added by the AGOBOT.G TROJAN!"
X	Reg Services	Winboot32.exe	"Added by the RBOT.PB WORM!"
X	reg1.reg	vuamgard.exe	"Added by a variant of the IRCBOT TROJAN!"
U	reg2.0	SVCH0ST.EXE	"eSpyNow surveillance software. Uninstall this software unless you put it there yourself. Note - the filename has the digit 0 rather then the uppercase ""o"""
X	RegDone	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	REGEDIT	Regsrv32.com	"Added by the SOUTHGHOST WORM!"
X	regedit	svchost.exe ccRegVfy	"Added by the HOTWORD.B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is also located in %System% but has a space at the beginning of the filename"
X	Regexit	Updadv.exe	"Added by the QQPASS-N TROJAN!"
X	reggsdg	spoolserv.exe	"Added by the SDBOT-MS WORM!"
X	reggsdg	spoolsrv.exe	"Added by the SDBOT-DI WORM!"
U	RegHelp	svchosts.exe	"SpyGraphica spy software - ""Stealth monitoring of ALL PC or Network Activity with DVD-like playback. EVERY keystroke can be e-mailed in a detailed activity report every 15 minutes...anywhere in the world."""
?	Register SeqChk	regsvr32.exe ..csseqchk.dll	"??"
X	Registration Service	toker.exe	"Added by the SDBOT-BB WORM!"
X	Registration Service	msvdm6.exe	"Added by the SDBOT-HE TROJAN!"
X	Registry	wscript.exe ShakiraPics.jpg.vbs	"Added by the VBSWG.AQ WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""ShakiraPics.jpg.vbs"" file is located in %Windir%"
U	Registry Mechanic Vista Tray	RMTray.exe	"Part of Registry Mechanic from PC Tools - which ""is an advanced registry cleaner for Windows that can safely clean
X	Registry Serv	regsvr.exe	"Added by the WEBMONEY-G TROJAN!"
X	Registry Server	regsrv32.exe	"Added by the RBOT-GM WORM!"
X	Registry Server	regserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Registry Service	REGSRV32.EXE	"Added by a variant of the RBOT WORM!"
X	Registry Service	resvs.exe	"Added by the DELBOT-I WORM!"
X	Registry Service	regsvc.exe	"Added by the IRCBOT-ZM BACKDOOR!"
X	Registry Services	Registry.exe	"Added by the CILE TROJAN!"
X	Registry Value Name	roses.exe	"Added by the RBOT-AFT WORM!"
X	Registry Value Name	service.exe	"Added by the RBOT-AHT WORM!"
X	Registry Value Name	winapi32.exe	"Added by a variant of the RBOT WORM!"
X	Registry Value Name	syswinxp.exe	"Added by the RBOT.BTZWORM!"
X	Registry Value Name	enzxp.exe	"Added by the RBOT-BAJ WORM!"
X	Registry Value Name Start	MsPMSPSa.exe	"Added by a variant of the SDBOT WORM!"
X	Regkey for autostart	winservice.exe	"Added by the RBOT-NU WORM!"
X	RegRun	mActiveX.exe	"Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!"
X	RegScan	DLLSRV32.EXE	"Added by the AGOBOT.AEW WORM!"
?	RegServer	regserve.exe	"Related to XGI Technology's Volari graphics cards - what does it do and is it required?"
X	regservices.exe	regservices.exe	"Added by an unidentified VIRUS
N	RegShave	regshave.exe	"Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers
X	regsrv	regsrv.exe	"Added by the OPTIXPRO.11 TROJAN!"
X	regsrv	scvhost.exe	"Added by the AGOBOT.E WORM!"
X	RegSrv64D	RegSrv64D.exE	"Added by the WINKO.AO WORM!"
X	regsrvc	regsrvc.exe	"Added by the STOPED-A TROJAN!"
X	Regsv	regsv.exe	Search hijacker - redirecting to scheo.com
X	Regsvc	regsv.exe	Added by an unidentified TROJAN!
X	regsvc	sysd	"Sys Detective+ spyware"
X	regsvc32	regsvc32.exe	Homepage hijacker that changes your homepage to an adult content site
X	regsvr	regsvr.exe	"Added by the WEBMONEY-G TROJAN!"
U	REGSVR32	regsvr32.exe ctasio.dll	"ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality"
X	RegSvr32	msmsgs.exe	"Added by the ZLOB.B TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	RegVer	REGVER.EXE	"Added by the LATINUS.16 TROJAN!"
X	RegVfy32	Regverif32.exe	"Added by the SYGYP.A WORM!"
X	RelevantKnowledge	rlvknlg.exe	"Marketscore.RelevantKnowledge adware"
X	reload	reload.vbs	"Added by the LOVELETTER.AS VIRUS!"
X	reluvage	ilulupac.exe	"Added by the SDBOT-UJ WORM!"
X	Remote Access Adapter	rvasvc.exe	"Added by the IRCBOT.BIF BACKDOOR!"
X	Remote Access Domain	rswsvc.exe	"Added by the IRCBOT.BFA TROJAN!"
X	Remote Access Monitor	rpgsvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Remote Access Service Manager	rasmngr.exe	"Added by the AGOBOT.KU WORM!"
X	Remote Access Slave	Synchost.exe	"Added by the RIPJAC TROJAN!"
X	Remote Access Tool	rwosvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
N	Remote Controller	TVRMVCR.EXE	"ProLink PlayTVpro TV tuner software"
X	Remote Event System	resmsvc.exe	"Added by the IRCBOT.YF BACKDOOR!"
X	Remote Services Manager	msrmsvc.exe	"Added by the SLENFBOT.AJ WORM!"
X	Remote Storage Access	rmasvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Remote Terminal Task	rtsbsvc.exe	"Added by the IRCBOT.AUZ BACKDOOR!"
U	RemoteControl	PDVDServ.exe	"Remote Control background application for Cyberlink's PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control
U	RemoteControl8	PDVD8Serv.exe	"Remote Control background application for Cyberlink's PowerDVD version 8. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control
X	Remove 54tr10	smss.exe	"Added by the BRONTOK-CH WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data"
X	REMOVE ME	windos.exe	"Added by the SDBOT.EE WORM!"
X	REMOVE ME	tbbzxzxcxxcx.exe	"Added by the SDBOT-TA WORM!"
X	REMOVE ME	asclt.exe	"Added by the RANDEX-FC WORM!"
N	Removecpl	Removecpl.exe	Related to a Belkin 54Mbps Wireless Utility Control Panel applet
X	Removed.exe	Removed.exe	GatorCheat - adware downloader
U	RemoveIT Pro XT	removeit.exe	"RemoveIT Pro from InCode Solutions - spyware
X	renascimento	svchost.exe	"Added by the BANKER.GAX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help"
X	Required Service Drivers	micront.exe	"Added by the RBOT-ABD WORM!"
X	reseurce	svchost.exe	"Added by the LINEAGE-FV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
?	Restart_VS	Viewsonic.exe	Could be a left-over from the installation of a Viewsonic flat panel display
X	Restore Operation	svchots.exe	"Added by a variant of the RBOT WORM!"
Y	RestoreIT!	VBPTASK.EXE	"RestoreIT! from FarStone - ""automatically backs up all files on your computer to a protected partition on your hard drive"""
X	reszrv	[8 random letters].exe	"Added by a variant of the SDBOT WORM! See here"
U	RetrieverScheduler	retrieverscheduler.exe	"80-20 Retriever from 80-20 - ""80-20 Retriever is a powerful personal search tool that encompasses email folders
U	RevoTaskbarApp	RevoTask.exe	Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available
N	RFX_auto_upgrade	rundll32.exe npvpg005.dll	"A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade"
U	RightFAX Print-to-Fax Driver	FaxCtrl.exe	"Part of RightFAX from Captaris - ""the proven market leader in fax server and document delivery software"""
X	rIOphosIs	rIOPHosIs.vBS	"Added by the RIOSYS MACRO!"
U	RivaTuner	RivaTuner.exe	"RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	RivaTuner	RivaTunerWrapper.exe	"RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	RivaTuner Application	RivaTuner.exe	"RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	RivaTunerStartupDaemon	RivaTuner.exe	"Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for XP and applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	RivaTunerStartupDaemon	RivaTunerWrapper.exe	"Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	RivaTunerWrapper Application	RivaTunerWrapper.exe	"RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
U	rmoc3260.dll OCX	regsvr32.exe rmoc3260.dll	"A module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The ""rmoc3260.dll"" file is found in %System%"
X	RNBc Test	wf32vbs.exe	"Added by the RBOT-AGR WORM!"
X	RNBc Test	bvldv32.exe	"Added by the RBOT-AJF WORM!"
X	RNBz Test	wf32vbc.exe	"Added by the RBOT-AEY WORM!"
X	Roam04	ActiveX.exe	"Added by the ROAMER-A TROJAN!"
Y	RogueMonitor	RogueRemoverPRO.exe	"Part of Malwarebytes' RogueRemover PRO - the realtime ""RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs."" Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware"
Y	RogueRemoverPRO	RogueRemoverPRO.exe	"Part of Malwarebytes' RogueRemover PRO - the realtime ""RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs."" Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware"
X	rollbk	svosm.exe	"Added by the SERFLOG.B WORM!"
X	RPC DCOM Vulnerability Patch	msgfix.exe	"Added by the RBOT.S WORM!"
X	RPC Drivers	rpcall.exe	"Added by the SDBOT.FLY WORM!"
X	RPC Service	[random filename]	"Added by the BDOOR-AAD BACKDOOR!"
X	rpc Win32	spoolscv.exe	"Added by a variant of the RBOT WORM!"
X	RPCser32g	services.exe	"Added by the RITDOOR-C WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCser32g1	services.exe	"Added by the PREX.D WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCser32g3	services.exe	"Added by the PREXOT.D BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCser32g4	services.exe	"Added by the PREXOT.E BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCserv32	services.exe	"Added by the MYDOOM.AL WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCserv32g	services.exe	"Added by the BOBAX.AA WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCserv32g	CSRSS.EXE	"Added by the BOBAX.AD WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCserv32g	MSDEFR.EXE	"Added by the BOBAX.AD WORM!"
X	RPCserv32g	NB32EXT2.EXE	"Added by the BOBAX.AD WORM!"
X	RPCserv32g	WINLOGON.EXE	"Added by the BOBAX.AD WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
U	RPSP	Rpsserv32.exe	"Red Pill Spy surveillance software. Uninstall this software unless you put it there yourself"
X	RSPC Driver	[random filename].exe	"Added by the RBOT-SN WORM!"
X	RSPC Driver D	[random filename]	"Added by a variant of the RBOT WORM!"
X	rsrvmon.exe	rsrvmon.exe	"Added by the AGENT.NY TROJAN!"
N	RtHDVCpl	RtHDVCpl.exe	"Realtek HD Audio Manager
Y	rtvscn95	RTVSCN95.EXE	Real-time virus scanner component of Norton Anti-Virus Corporate Edition
X	run	services.exe	"Added by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\inet10066"
X	Run MSupdt32	wscript MSupdt32.vbs	"Added by the CASER WORM!"
X	Run Services as Application	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	run windows	servic.bat	"Added by the REBOOT-AP TROJAN!"
X	run=	svcinit.exe	"CoolWebSearch parasite variant"
X	run=	RAVMOND.exe	"Added by the LOVGATE-F WORM!"
X	run=	svhost.exe	"Added by the ADMINCASH.B TROJAN!"
U	RunAlert	AService.exe	"PC Alert III - MSI motherboard monitoring software. Only required if you ""overclock"" your system. Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98/2K"
Y	RunCA	InvokeSvc3.exe	Wireless-G USB Wireless Network Adapter related - would appear to be required
X	Rundil32	Updadv.exe	"Added by the QQPASS-N TROJAN!"
U	RUNDLL32	"RUNDLL32.EXE NvQTwk	NvCplDaemon"
U	RunDLL32	"RunDLL32.exe NvMCTray.dll	NvTaskbarInit"
X	rundll32	rookie.vbs	"Added by the ROOKIE-A TROJAN!"
U	rundll32	"rundll32.exe nview.dll	nViewLoadHook"
X	rundll32	svchs0t.exe	"Added by the PWSTEAL-E TROJAN!"
X	RundllSvr	Rundll.exe	"Added by the HUAYU WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
X	Runner	svchost.exe	"Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RunProg	Server.exe	"Added by the OPTIX.04.A TROJAN!"
X	runreper	viewer.exe	"Added by the REPER.A VIRUS!"
X	RunSearvices	tread.exe	IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!
X	RunServices	runsvc32.exe	"Added by the AGOBOT.QJ WORM!"
X	runservices	services.exe	"Identified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	runSubvalues	[path to file]	"Added by the DLOADER-QY TROJAN!"
X	runsvc	runsvc.exe	"Added by the SMALL-CF TROJAN!"
X	Runtime Server Subsystem	csrss.exe	"Added by the IRCBOT-XV WORM!"
X	RVC6Player	tskdbg.exe	"Added by the ZAPCHAS-M TROJAN!"
X	rvde	N/A	Related to li-speed****
X	RVP	bpc.exe	"BroadcastPC adware"
X	rw service	alg32.exe	"LOOPAD.A adware"
X	rxres32	ati2vid.exe	"Added by the RBOT-FL WORM!"
X	ryan1918	servidevice.exe	"Added by the RBOT-GVR WORM!"
Y	R_server	r_server.exe	"Radmin - remote admistrator server. Note - the file is located in %ProgramFiles%\Radmin"
X	r_server	service.exe	"Added by the MULTIDR-CP TROJAN!"
X	r_server	r_server.exe	"Added by the HACDEF-DR TROJAN! Note - do not confuse with the valid Radmin file with the same name which is located in %ProgramFiles%\Radmin. This one is located in %System%"
X	S	svhost.exe	"Added by the AGOBOT-LN WORM!"
X	S0undMan	svch0st.exe	"Added by the LOVGATE.AB WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""
?	S24EvMon	S24EvMon.exe	"Event Monitor - supports driver extensions to NIC Driver for wireless adapters. Is it required?"
X	S3 Internal Chip	s3serv.exe	"Added by the AGOBOT-DD WORM!"
X	s9201	av2008xp.exe	"Antivirus 2008 XP rogue security software - not recommended
?	SA Service	SAservice.exe	"Associated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. What function does this perform and is it required?"
N	Sa3dsrv	Sa3dsrv.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
U	Sabre Server	sabserv.exe	"Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines
U	Sabreserver	SABSERV.EXE	"Part of the Sabre computer reservations system/global distribution system (GDS) - used by airlines
X	SafeGuard Popup Blocker Updater	regsvr32 sfgupd.dll	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
X	SafeGuard Popup Blocker Updater (required)	regsvr32 sfg***.dll [ = ramdom char]	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
X	SafeGuard Popup Updater (required)	regsvr32 sfg***.dll [ = random char]	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
X	SafeGuard Popup Updater (required)	regsvr32 PDF***.dll [ = random char]	"SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
X	SafeHardDrive	SysRep.exe	"SafeHardDrive rogue system error and cleaning utility - not recommended
X	SafePcAv	SafePcAv.exe	"SafePcAv rogue security software - not recommended
U	SAGENTSERVICE	Sagent.exe	"TinySpyAgent commercial keystroke logger. Uninstall this software if you did not install it yourself"
X	Saggwwgg	CVAvwwd.exe	"Added by the LIOTEN.HT WORM!"
X	Salestart	mav_startupmon.exe	"Part of the WinAntiVirus Pro 2007 rogue security software - not recommended
X	SaMail	[WORM FILE NAME].vbs	"Added by the VBS.LIDO WORM!"
X	SANS Service	sansv.exe	"Added by the VANEBOT-AH WORM!"
Y	SAVAgent	SAVAgent.exe	"Part of Sophos anti-virus software. Required for centrally administered Sophos updates to work correctly
X	Savasddwq	ffasd.exe	"Added by the SDBOT-SI WORM!"
X	Save	Save.exe	"WhenU.Save adware"
X	Save	lssas.exe	"Added by an unidentified TROJAN! See here"
X	SaveArmor	SaveArmor.exe	"SaveArmor rogue security software - not recommended
X	SaveDate	SaveStartDate.Exe	Unidentified adware
X	SaveDefender	SaveDefender.exe	"SaveDefender rogue security software - not recommended
X	SaveDefense	SaveDefense.exe	"SaveDefense rogue security software - not recommended
X	SaveKeep	SaveKeep.exe	"SaveKeep rogue security software - not recommended
X	SaveKeeper	SaveKeeper.exe	"SaveKeeper rogue security software - not recommended
X	Savenow	SaveNow.exe	"WhenU.Save adware"
X	SaveSoldier	SaveSoldier.exe	"SaveSoldier rogue security software - not recommended
X	Savsvc	"rundll32.exe savsvc.dll	start"
U	SBDrvDet	SBDrv.exe	"Detects the ""Easy Front-Panel Audio Connectivity Drive Internal Drive Bay"" on the Sound Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one"
N	sbdrvdet	sbdrvdet.exe	Checks to see if Creative sound card driver should be updated
X	ScamDisk	SVOHOST.exe	"Added by the LEWOR.D WORM!"
X	ScanRegistry	nsrvnt.exe	"Added by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe"
X	ScanRegistry	scanregv.exe	"Added by the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as scanregv.exe not scanregw.exe"
N	ScanSoft PaperPort 7 Registration Reminder	NAVBrowser.EXE	"Registration reminder for PaperPort 7 from Scansoft (now Nuance)"
X	ScanSpyware v3.2	Scanner.exe	"ScanSpyware rogue security software - not recommended
X	ScanSpyware v3.5	Scanner.exe	"ScanSpyware rogue security software - not recommended
X	scApp	wmiprvse.exe	"Added by the SILLYFDC-AW WORM!"
N	SCardSvr	scardsvr.exe	Related to SmartCard readers and sometimes uses lots of system resources
X	SCardSvr	SCardSvr32.Exe	"Added by the MOFEI.B WORM!"
X	ScheduIr	svchst.exe	"Added by a variant of the SDBOT WORM!"
X	Scheduler	svcrhost.exe	"Added by the TACTSLAY.A TROJAN!"
X	Scheduler	svcshost.exe	"Added by the TACTSLAY.A TROJAN!"
X	Scheduler	svchst.exe	"Added by the TACTSLAY.B TROJAN!"
X	Scheduler Service	wsass.exe	"Added by the LIOTEN.KX WORM!"
X	SchedulerMgr	navchk.exe	Premium rate adult content dialer
N	SchSvr	SchSvr.exe	"WinScheduler is installed with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card
N	Scotia OnLine Recovery	etdirrcv.exe	"Scotia OnLine Security Software provided by Entrust for
N	Scotia OnLine Security v. Recovery	etdirrcv.exe	"Scotia OnLine Security Software provided by Entrust for
X	Screen Saver	scrnsaver.scr	"Added by the RBOT-AGP WORM!"
N	Screen Saver Control	FSScrCtl.exe	Installs as part of the Hubble Space Telescope screen saver (and possibly others). Lets you control your installed screensavers from a System Tray icon
X	ScreenSaverPlus	"rundll32.exe MSA64CHK.dll	DllMostrar"
Y	ScriptBlocking	SBServ.exe	"Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information"
U	Scroll-In-Mouse V2.0	SCROLL.EXE	"Toolkit for the Lynx-3D Net scroll mouse from QTronix. Required if you use the special features"
X	scrsvc	scrsvc.exe	"Added by the AGENT-DS TROJAN!"
X	ScrSvr	ScrSvr.exe	"Added by the OPASERV WORM!"
X	ScrSvrOld	[worm filename]	"Added by the OPASERV WORM!"
X	scssrr.exe	Services.exe	"Added by the VB-EMX TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	scvhost	svzhost.exe	"Added by a variant of the SPYBOT WORM!"
U	scvhost	scvhost.exe	"Wiretap surveillance software. Uninstall this software unless you put it there yourself"
X	scvhost	scvhost.exe	"Added by the AGOBOT-LI WORM!"
X	scvhost loader	ixplore.exe	"Added by the SDBOT-CY TROJAN!"
X	scvhost.exe	scvhost.exe	"Added by the LOHAV-N TROJAN!"
X	Scvsrv32	scvsrv32.exe	"Added by the AGOBOT-PM BACKDOOR!"
U	SDAutoLiveupdate	LiveUpdateSD.exe	"Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here"
X	SDAv	csnss.exe	"Added by the SERFLOG.C WORM!"
X	SDAv	svhost.exe	"Added by the SERFLOG.C WORM!"
X	sdchosts32	vbdd.exe	Added by the RANKY.AG TROJAN!
X	SDK Codre Function22	sdkimddprovment2.exe	"Added by the SDBOT-YJ WORM!"
X	SDK Core Function	sdkimprovment.exe	"Added by the RBOT.BHL WORM!"
X	SDK Core Function2	sdkimprovment2.exe	"Added by the SPYBOT.OGX WORM!"
X	SDR6V_Check	udcsdr.exe	"Part of the DriveCleaner rogue security software - not recommended
U	sds20	svchost.exe	"InlookExpress logs keystrokes and captures screenshots. If you didn't install this yourself remove it. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\sds20"
X	Search.vbs		Hijacker
X	searchbar	vnmispoisn downloader.exe	SearchBarCash adware variant
X	searchnav	searchnav.exe	SearchNav adware - IEFeatures/Popnav variant
X	SearchNavVersion	searchnavversion.exe	SearchNav adware - IEFeatures/Popnav variant
X	SearchNet_Up	ServeUp.exe	"SearchNet adware"
X	secboot	vtd 16.exe	"Added by the HAXDOOR-AE TROJAN!"
X	secdrive.exe	secdrive.exe	"Added by a variant of the SPYBOT WORM! See here"
X	secserv.exe	secserv.exe	"Detected by Panda as an EasySearch adware variant. Note - EasySearch modifies the Internet Explorer settings and may download programs onto the infected computer"
X	secsvc32	secsvcnt.exe	"Added by the GLOBAL PATROL TROJAN!"
X	secure	svshost.exe	"Added by the RBOT-AFO WORM!"
X	Secure AntiVirus Pro	av.exe	"Secure AntiVirus Pro rogue security software - not recommended
X	SecurePcAv	SecurePcAv.exe	"SecurePcAv rogue security software - not recommended
X	SecureVeteran	SecureVeteran.exe	"SecureVeteran rogue security software - not recommended
X	Security Antivirus	SA[random characters].exe	"Security Antivirus rogue security software - not recommended
X	Security Antivirus Xp 1	inetfor.exe	"Added by the SDBOT.BAV WORM!"
X	Security Master AV	SM[random characters].exe	"Security Master AV rogue security software - not recommended
X	Security Server DB	secserver.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	security service	syss.exe	Added by an unidentified WORM or TROJAN!
X	Security Service	secsvc.exe	"Added by the RBOT-GGF WORM!"
X	Security Service DB	secservice.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Security Service Process	svhost.exe	"Added by the AGOBOT-LC WORM!"
X	Security Update Service	wmiprvce.exe	"Added by the AGOBOT.ZW WORM!"
X	Security Update Service Process	svrhost23.exe	"Added by the AGOBOT-GN WORM!"
X	seeve	seeve.exe	"Medload adware"
X	Select server	slcsvr.exe	"Added by the DLOADER-WD TROJAN!"