Windows startup programs - Database search

Message Board

Windows startup programs - Database search

If you're frustrated with the time it takes your Windows 7/Vista/XP PC to boot and then it seems to be running slowly you may have too many programs running at start-up - and you have come to the right place to identify them. This is the original start-up programs (as opposed to processes/tasks) list - one of the most accurate and comprehensive. Services are not included - see below. For further information on this and how to identify and disable start-up programs please visit the Introduction page.

See here for further information on random entries - which are typically added by viruses and other malware or unwanted programs.

Last database update :- 29th Apr, 2013
31819 items listed

You can search for any of the following terms to find and display entries in the start-up programs database but the minimum search is 3 characters and you must click on the "Search" button. Results are sorted by the Startup Item/Name field.

From MSConfig (Start → Run → msconfig → Startup): Startup Item, Command
From Registry Editor (Start → Run → regedit): Name, Data
From SysInternals free AutoRuns utility: AutoRun Entry, Filename from "Image Path"
From Windows Defender for XP/Vista (Tools → Software Explorer): Display Name, Filename
O4 entries from Trend Micro's HijackThis or similar logging utilities: Text highlighted here - [this text] or here - "Startup: this text.lnk", Filename
Any other text

Alternatively, you can browse the full database (without the search facility) over a number of pages or you can use the alphabetical index below to list the entries for that letter by the Command/Data field, but the results may take longer to appear due to the number of them:

A | B | C | D | E | F | G | H | I | J | K | L | B | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NOTE: Searching for common words (i.e. "the" or "where") will mean the results take longer to appear due to the number of them.

Please click on the Search button

1835 results found for C

Startup Item or Name	Status	Command or Data	Description	Tested
(Default)	X	c ofor Rin logr.exe	Detected by Microsoft as TrojanSpy:MSIL/Smets.gen!B and by Malwarebytes Anti-Malware as Trojan.Keylogger. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%	No
C0100Mon.exe	?	C0100Mon.exe	Live! Cam Console Auto Launcher for the Creative Live! Cam range of webcams. Launches the camera console when using video messaging for example?	No
c0b6b56d66fd455a280a4ddb531e30d5	X	c0b6b56d66fd455a280a4ddb531e30d5.exe	Detected by Dr.Web as Trojan.DownLoader8.17711 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
c1d0b9d0c2bd42e23f8e442128550693	X	c1d0b9d0c2bd42e23f8e442128550693.exe	Detected by Dr.Web as Trojan.DownLoader8.22995 and by Malwarebytes Anti-Malware as Trojan.Agent.CP. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
h1b8	X	c20t.exe	Detected by Kaspersky as Virus.Win32.Virut.ce. The file is located in %Temp%	No
c218ba2a7a6bd261c18afce044d068ff	X	c218ba2a7a6bd261c18afce044d068ff.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
C29.exe	X	C29.exe	Added by the AGENT-UAJ TROJAN!	No
C2CMonitor	N	C2CMonitor.exe	Click to Convert from Inzone Software Limited - a PDF and HTML document converter for Windows documents	No
c3294e515629d65109551b22b924c29b	X	c3294e515629d65109551b22b924c29b.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
c32cs2	U	c32cs2.exe	Cyber Sentinel - internet filtering software	No
c51dd1d4c0a92fb8c2ee78d1aed16abd	X	c51dd1d4c0a92fb8c2ee78d1aed16abd.exe	Detected by Dr.Web as Trojan.DownLoader8.33364 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
c7192e982641757f14f66356bb4cf303	X	c7192e982641757f14f66356bb4cf303.exe	Detected by McAfee as RDN/Generic Dropper!h and by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
TV878 Remote Control	U	C7XRCtl.exe	Related to Kworld TV878 Tuner	No
c828544720dd92f1c08f71a9bce7a42d	X	c828544720dd92f1c08f71a9bce7a42d.exe	Detected by Dr.Web as Trojan.DownLoader8.37112 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
c9mgr	X	c9mgr.exe	Detected by Kaspersky as Trojan-Downloader.Win32.Agent.tgzg	No
c	X	c:\archiv~1\win.com	Added by the CUYDOC TROJAN!	No
[random name]	X	c?rss.exe	PurityScan adware	No
EZ Firewall	Y	ca.exe	EZ Firewall - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suite	No
Zone Labs Client	Y	ca.exe	Earlier version of EZ Firewall (based upon a rebranded version of ZoneAlarm Pro) - part of the eTrust range of security products formerly available from CA but now discontinued. Available as a stand-alone product or as part of the EZ Armor suite	No
caaspydelayedscan	Y	CAAntiSpyware.exe	Part of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Runs a delayed scan on the first boot after installation before exiting	Yes
CaPPcl	U	CAAntiSpyware.exe	Part of CA Anti-Spyware (either as a stand-alone product or as part of a suite). Runs a scan for spyware on startup	No
Microsoft Cab Manager	X	cab.exe	Added by the DELF-JJ TROJAN!	No
cababaafcad	X	cababaafcad.exe	Detected by Sophos as Troj/Agent-AAVL and by Malwarebytes Anti-Malware as Trojan.Agent.FSE	No
Cabchk	X	Cabchk.exe	Added by the GEMA TROJAN!	No
Cabchk32	X	Cabchk32.exe	Added by the GEMA TROJAN!	No
CABCInstall	X	CABCInstall.exe	Ignite Technologies (was CABC) content delivery software	No
Internet_Speedup	X	Cable Accelerator.exe	Added by the SPEEDUP-A WORM!	No
[12 random characters]	X	cabview1.exe	IeDriver adware variant	No
cacaoweb	N	cacaoweb.exe	"Cacaoweb is a free plugin to watch, share and host videos and files online with no limits"	No
DSAcass	X	cacasp.exe	Added by the SDBOT.AEL WORM!	No
Automatic Media Update	X	CACHE.RVD	Added by an unidentified WORM/TROJAN!	No
Cacheman	N	Cacheman.exe	Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up	No
CacheMgr	Y	CacheMgr.exe	Sophos Antivirus Remote Update	No
CacheSentry Pro	U	CacheSentry Pro.exe	"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"	No
CACStarter	N	cacstart.exe	Cash A Check - check writing software	No
com.codeode.cactusspamfilter	U	cactusspamfilter.exe	Cactus Spam - free easy-to-use spam blocker	No
CADS	U	cads.exe	Cyber Sentinel - internet filtering software	No
CafeStation	U	CafeStation.exe	"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics"	No
CA Personal Firewall	U	cafw.exe	Installed with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendation	Yes
cafw	U	cafw.exe	Installed with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendation	Yes
cafwc	U	cafw.exe	Installed with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The file opens the main firewall configuration Window but does not appear to run on startup - hence the "U" recommendation	Yes
ABBYY Community Agent	N	CAGENT.EXE	Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software	No
CAgent	N	CAgent.exe	Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents	No
CahootWebcard	N	CahootWebcard.exe	"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed	No
CaISSDT	U	caissdt.exe	Installed with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the dashboard - which indicates the current tool status and can be used to launch scans, updates or access product information	Yes
Computer Associates Dashboard Tray	U	caissdt.exe	Installed with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the dashboard - which indicates the current tool status and can be used to launch scans, updates or access product information	Yes
Dir1	X	caKe	Added by the CAKE WORM!	No
DlDir1	X	caKe	Added by the CAKE WORM!	No
Microsoft Calculator	X	calc.exe	Added by a variant of the IRCBOT BACKDOOR!	No
Tibiabot	X	calc.exe	Added by the BACKDOOR-CEP!IC BACKDOOR! Note - this is not the valid Windows calculator which resides in %System% and will not normally figure in Msconfig/Startup! This version resides in %Windir%	No
Windows Configuration	X	calc.exe	Detected by Malwarebytes Anti-Malware as Backdoor.NgrBot. The file is located in %MyDocuments%	No
CALC32	X	CALC32.EXE	Added by the SPYBOT-EC WORM!	No
Photo Express Calendar Checker	N	calcheck.exe	Ulead Photo Express 2 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Photo Express Calendar Checker SE	N	CALCHECK.EXE	Ulead Photo Express 2 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
PhotoExplosionCalCheck	U	calcheck.exe	Calendar management feature of Nova Development's Photo Explosion	No
Ulead Calendar Checker	N	CalCheck.exe	Ulead Photo Express 6 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Ulead Photo Express 3.0 SE Calendar Checker	N	CalCheck.exe	Ulead Photo Express 3.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Ulead Photo Express 4.0 Calendar Checker	N	calcheck.exe	Ulead Photo Express 4.0 (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Ulead Photo Express 4.0 SE Calendar Checker	N	CalCheck.exe	Ulead Photo Express 4.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Ulead Photo Express Calendar Checker	N	calcheck.exe	Ulead (now Corel) Photo Express 3.0, 4.0, 5 SE and My Scrapbook 2.0 include the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Ulead Photo Express Calendar Checker For My Custom Edition	N	CalCheck.exe	Ulead Photo Express 4.0 My Custom Edition (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Ulead Photo Express SE Calendar Checker	N	CalCheck.exe	Ulead Photo Express 3.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually	No
Verificador de Calendário Ulead Photo Express	N	CalCheck.exe	Ulead Photo Express 4.0 SE (now Corel) includes the option to create multiple Weekly/Monthly/Yearly calendars to use as your wallpaper and this entry automatically replaces them at the specified intervals. Not required - change them manually. Portuguese version	No
Calculator	X	Calculator.exe	Detected by Malwarebytes Anti-Malware as MSIL.LockScreen. The file is located in %AppData%	No
HKCU	X	calculator.exe	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\Lumia	No
HKLM	X	calculator.exe	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\Lumia	No
Policies	X	calculator.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. The file is located in %System%\Lumia	No
Calendar	U	Calendar.exe	This entry can be added by PlainSight Desktop Calendar and older versions of Desktop iCalendar from Desksware and the older Calendar 200X - which is no longer supported by or available from the author	Yes
Calendar 200X Reminder	N	calendar.exe	Part of Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. Displays reminders for holidays, anniversaries, tasks, etc. Disabling this entry via the program also disables the "Calendar 200X Monitor" entry	Yes
Desktop iCalendar	U	Calendar.exe	Older version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktop	Yes
iCalendar	U	Calendar.exe	Older version of Desktop iCalendar/Desktop iCalendar Lite by Desksware which include support for Google Calendar and add weather, tasks and appointments to your desktop	Yes
PlainSight Desktop Calendar	U	Calendar.exe	PlainSight Desktop Calendar by Desksware - "It can display Microsoft® Outlook® data, which you can directly manipulate, and weather forecasts from weather information servers. It also uses high-quality fonts, looks pretty, and has lots of skins"	Yes
Logo Calibration Loader	U	CalibrationLoader.exe	Eye-One Match (or i1Match) monitor calibration software for use with professional imaging tools such as the X-Rite (was GretagMacbeth) Eye-One Display LT and iDisplay 2 or the Pantone Eye-One Display 2	No
CalibrizeResume	U	CalibrizeResume.exe	"Calibrize is free software that helps you to calibrate the colors of your monitor in three simple steps. Just download the software and follow the procedure to generate a reliable color 'profile' and adjust the colors of your monitor automatically"	No
calk	X	calk.exe	Added by the STARTPA-FH TROJAN!	No
calkypamcyfx	X	calkypamcyfx.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.US. The file is located in %UserProfile% - see here	No
Call32	X	Call32.exe	Added by the SPAMMIT-H TROJAN!	No
Active CallerID	U	CallerID.exe	Active Caller ID from SoftRM - "is a powerful full-featured Caller ID detection software that will turn your PC into an advanced Caller ID device. It uses your MODEM and Caller ID service provided by your local phone company in order to identify who's calling"	No
msennger	X	calling.com	Detected by Sophos as Troj/Zapchas-EB and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
CMSally	X	callmesally.exe	Added by the CASAL.A TROJAN!	No
Calendar Monitor	?	calmonitor	Background task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present	Yes
calmonitor	?	calmonitor	Background task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present	Yes
Calendar 200X Monitor	?	calmonitor.exe	Background task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Calendar 200X Reminder" entry - as disabling that entry via the program also disables this one	Yes
calmonitor	?	calmonitor.exe	Background task for Calendar 200X by Joel Graffman - which is no longer supported or available from it's author. The exact purpose of this startup entry is unknown at present but it appears to be related to the "Calendar 200X Reminder" entry - as disabling that entry via the program also disables this one	Yes
Calnique Popup Stop	U	calniquepopstop.exe	Popup stopper extra for the Calnique Custom Calculator from Speciality Calendars. No longer available from the publisher	No
Cal Reminder Shortcut	N	calrem.exe	Produces a pop-up reminder of events scheduled using the MS Office Calendar	No
caluruviqwal	X	caluruviqwal.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile% - see here	No
Generic Host Process	X	camacttiv.exe	Detected by AVG as the CIADOOR.13 TROJAN!	No
Camaro Calendar	U	Camaro Calendar.exe	Calendar gadget included with the Camaro theme for MyColors from Stardock Corporation	No
Camaro Clock	U	Camaro Clock.exe	Clock gadget included with the Camaro theme for MyColors from Stardock Corporation	No
Camaro Weather	U	Camaro Weather.exe	Weather gadget included with the Camaro theme for MyColors from Stardock Corporation	No
camchat	X	camchatplugin.exe	Detected by Malwarebytes Anti-Malware as Trojan.VBKrypt. The file is located in %AppData%\camchatplugin	No
CamCheck	N	CamCheck.exe	NuCam camera software related	No
Camera Detector	U	Camdetect.exe	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically	No
Camera Detector	U	CAMDET~*.EXE	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically	No
Cameno	U	Cameno.exe	Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above	No
CameraApplicationLauncher	?	CameraApplicationLaunchpadLauncher.exe	Supports the integrated webcam on IBM/Lenovo Thinkpad notebooks. What does it do and is it required?	No
CameraAssistant	U	CameraAssistant.exe	Entry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when required	Yes
Logitech QuickCam	U	CameraAssistant.exe	Entry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when required	Yes
LogitechCameraAssistant	U	CameraAssistant.exe	Entry added when you install versions of the Logitech QuickCam webcam software and used to configure and tweak your webcam settings. Includes support for the Quick Assistant - which launches when a video application (such as video conferencing in an instant messaging client) accesses to camera so you can quickly fine tune face tracking and zoom, for example. If you don't use the camera on a daily basis create your own shortcut and run it manually when required	Yes
camfrog	X	camfrog.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. Note - this is not the legitimate Camfrog video chat software by Camshare Inc. The file is located in %System%\MSDCSC	No
Camfrog	N	CamfrogNet.exe Camfrog Video Chat.exe	Camfrog video chat software by Camshare Inc	No
[12 random characters]	X	camocx28.exe	IeDriver adware variant	No
[12 random characters]	X	CAMOCX74.exe	IeDriver adware variant	No
HerculesCamService	?	CamService.exe	Related to the Hercules Dualpix HD Webcam. What does it do and is it required?	No
Creative WebCam Tray	N	CAMTRAY.EXE	Creative WebCam tray control - can be started manually	No
CamWizard	Y	CamWizrd.exe	Launches the Logitech Camera Wizard on the first reboot after installing versions of Logitech QuickCam webcam software	Yes
cam_server.exe	X	cam_server.exe	Detected by Dr.Web as Trojan.MulDrop2.48031 and by Malwarebytes Anti-Malware as Backdoor.Agent.CMS	No
ASDPLUGIN	X	canada.exe	AsdPlug premium rate adult content dialer	No
Canada	N	Canada.exe	Known to be a dialler - but is it maliscous or clean?	No
HELPER	X	canada.exe	AsdPlug premium rate adult content dialer variant	No
Canary	U	canary-std.exe	Canary keystroke logger/monitoring program - remove unless you installed it yourself!	No
Eac_Cnry	X	canary.exe	Added by the CANARY TROJAN!	No
candyna	X	candyna.exe	Detected by Malwarebytes Anti-Malware as Trojan.Clicker.Gen. The file is located in %UserProfile%\My MyPersonalStuff	No
CANoe	U	CANoe32.exe	CANoe from Vector Informatik. Development and test tool for Engine Control Units (ECU) based upon the CAN, LIN, MOST, FlexRay, Ethernet and J1708 bus systems	No
ICompXpSp	X	Cap.exe	Added by the BANCOS-BLW TROJAN!	No
CAP3ON	?	CAP3ONN.EXE	Canon driver, purpose unknown. Is it required in startup?	No
[12 random characters]	X	capesnpn.exe	IeDriver adware variant	No
Capture Express 2000	N	capexp.exe	Capture Express - screen capture utility	No
CA Personal Firewall	Y	capfasem.exe	Runs the core program for older versions of CA Personal Firewall (installed as either as a stand-alone product or as part of CA Internet Security Suite)	Yes
capfasem	Y	capfasem.exe	Runs the core program for older versions of CA Personal Firewall (installed as either as a stand-alone product or as part of CA Internet Security Suite)	Yes
CapFax	N	CapFax.EXE	PhoneTools fax software	No
CA Personal Firewall	?	capfupgrade.exe	Installed with CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The exact purpose is unknown at present and it does not normally appear to run	Yes
capfupgrade	?	capfupgrade.exe	Installed with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite). The exact purpose is unknown at present and it does not normally appear to run	Yes
CAPing	U	CAPing.exe	Citibank Citianywhere software	No
Canon PC1200 iC D600 iR1200G Status Window	?	CAPM1LAK.EXE	Canon printer related - is it required in startup?	No
Capon	Y	Capon.exe	Canon printer driver	No
Capon	Y	Caponn.exe	Canon printer driver	No
Capp	X	capp.exe	Detected by Malwarebytes Anti-Malware as PUP.CNNIC. The file is located in %System%	No
CA Anti-Spyware	Y	CAPPActiveProtection.exe	Part of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Works in conjunction with the CA Pest Patrol Realtime Protection Service (ITMRTSVC) service to monitor software installations for potentially malicious behaviour, warn the user if any is detected and request user input on how to handle them	Yes
CAPPActiveProtection	Y	CAPPActiveProtection.exe	Part of CA Anti-Spyware until 2009 (either as a stand-alone product or as part of a suite). Works in conjunction with the CA Pest Patrol Realtime Protection Service (ITMRTSVC) service to monitor software installations for potentially malicious behaviour, warn the user if any is detected and request user input on how to handle them	Yes
Winxp update	X	Cappp.exe	Added by the RBOT.DKO WORM!	No
CapsHook	U	CapsHook.exe	Caps Lock and Num Lock on-screen notifier for ASUS laptops and netbooks that don't have the equivalent LEDs	No
capture	X	capture.exe	Added by the THEEF-B TROJAN!	No
CaptureBat	N	Capture.exe	!Quick Screen Capture from EtruSoft Inc. - "allows you to take screenshots from any part of your screen in more than 10 ways, and save images in BMP/JPG/GIF formats"	No
CaptureAssistant	U	CaptureAssistant.exe	Capture Assistant "is a convenient and easy-to-use text and graphics capture tool". It allows you to capture text, font information, graphics, etc	Yes
CarboniteSetupLite	?	CarbonitePreinstaller.exe	Related to the installation of Carbonite backup software	No
Carbonite Backup	N	CarboniteUI.exe	"Carbonite's online backup service starts automatically and works quietly and continuously in the background protecting your data"	No
Care20	X	Care20.exe	TopMoxie adware	No
Care2GTU	U	Care2GTU.exe	Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it	No
carpserv	U	carpserv.exe	Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example	Yes
CARPservice	U	carpserv.exe	Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example	Yes
SoftK56 Modem Driver	U	carpserv.exe	Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example	Yes
CARPserver	X	CARPserver.exe	Added by the BANKER-AN TROJAN!	No
ConfiggLoader	X	cart322.exe	Added by the GAOBOT.DJ WORM!	No
cartao	X	cartao.exe	Added by the BANKER-FA TROJAN!	No
Cas2Stub	X	cas2stub.exe	CasinoClient adware	No
Comodo AntiSpam	Y	CAS32.exe	System Tray access to and notifications for the now discontinued Comodo AntiSpam from Comodo Group, Inc - "client-based software product that eliminates spam forever from the computer's email system"	No
CasAgnt	U	CasAgnt.exe	Program by Extended Systems which allows you to sync your Casio PDA with your PC	No
Harmony 98 - CasioOrg	U	CasAgnt.exe	Enterprise Harmony 98 for CASIO - synchronization software for use with Microsoft® Outlook 97/98/2000	No
XTNDConnect PC - CasioOrg	U	CasAgnt.exe	Casio Pocket PC specific translator for XTNDConnect PC - "award-winning desktop-sync application that enables you to easily synchronize your contacts, calendar, tasks, email and notes between your mobile devices and popular PC applications"	No
CA Security Suite	U	casc.exe	Installed with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected	Yes
casc	U	casc.exe	Installed with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected	Yes
cctray	U	casc.exe	Installed with both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected	Yes
CAS Client	X	casclient.exe	CasinoClient adware	No
SettingValue	X	casd.exe	Detected by Sophos as W32/Sdbot-PG and by Malwarebytes Anti-Malware as Backdoor.SDBot	No
caseyvideo	X	caseyvideo.exe	Malware causing adult content popups	No
caseyvideo[] [ = digit]	X	caseyvideo[].exe [ = digit]	Malware causing adult content popups	No
CashBack	X	cashback.exe	CashBackBuddy adware	No
Cashsurfers Cashbar Navigator	N	Cashbar.Exe	Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"	No
CashFiesta	X	Cashfiesta.exe	Detected by Trend Micro as ADW_CASHFIESTA.A	No
casrcssb.exe%UserTemp\casrcssb.exe	X	casrcssb.exe	Detected by Malwarebytes Anti-Malware as Trojan.CCProxy. The file is located in %UserTemp%	No
Cassandra	X	cassandra.exe	SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN!	No
winservit	X	cassl.exe	Detected by Trend Micro as WORM_RBOT.ASG	No
CasStub	X	casstub.exe	Added by the CASS-A TROJAN!	No
Diskstart	X	cat.exe	Startportal - Switch dialer and hijacker variant, see here. Also detected as the DELF-JE TROJAN!	No
CatchCode	X	CatchCode.exe	CatchCode rogue security software - not recommended, removal instructions here	No
CATEYE	Y	CATEYE.EXE	Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQon	Yes
On-Line Protection	Y	CATEYE.EXE	Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQon	Yes
Quick Heal AntiVirus	Y	CATEYE.EXE	Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying." Also included by vendors who use the Quick Heal engine such as Omniquad and iQon	Yes
Quick Heal On-Line Protection	Y	Cateye.exe	Part of older versions of the range of internet security products from Quick Heal - including Total Security, Internet Security and AntiVirus. "Prevents your system from virus attack by continuously monitoring the system and prevents virus infection from e-mail attachments, Internet Downloads, network, ftp, floppy, Data storage devices, CD-DVD ROM file executables and during suspected file copying"	No
ccube_TrustList	Y	catl_001.exe	Installed with older versions of CA Personal Firewall (either as a stand-alone product or as part of CA Internet Security Suite) and runs only once on the first boot after installation is complete before exiting	Yes
Monitoring	X	catmonn.exe	Detected by Dr.Web as Trojan.DownLoad1.16841	No
N0Y3MzY2RTQ0MzM1MUU2Nz	X	catr.exe	Detected by Dr.Web as Trojan.DownLoader6.43229 and by Malwarebytes Anti-Malware as Backdoor.Bot.WPM	No
catsrv	X	catsrv.exe	Added by an unidentified TROJAN - see here	No
[12 random characters]	X	catsrvps.exe	IeDriver adware variant	No
catxml	X	catxml.exe	Added by the AGENT.CE BACKDOOR!	No
Norton Live Updater	X	Cavapsvc.exe	Detected by Symantec as W32.HLLW.Gaobot.AO	No
CA Anti-Virus	Y	CAVRID.exe	Real-time scanning engine for versions of CA Anti-Virus products until 2009 (both stand-alone and as part of security suites) - including eTrust EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo! Scans files for viruses and other malware when you access, create or download them	Yes
CAVRID	Y	CAVRID.exe	Real-time scanning engine for versions of CA Anti-Virus products until 2009 (both stand-alone and as part of security suites) - including eTrust EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo! Scans files for viruses and other malware when you access, create or download them	Yes
CAVS	Y	CAVS.exe	Cheyenne AntiVirus - acquired by CA and no longer available	No
CyberScrub AutoUpdate	Y	CAVSch.exe	Automatic updates for CyberScrub AntiVirus - which licensed Kaspersky Anti-Virus Lite. No longer supported or available from the author	No
CaAvTray	Y	CAVTray.exe	System Tray access to earlier versions of the CA antivirus products - including EZ Antivirus, eTrust Vet Antivirus and a version available from Yahoo!	No
CAZNOVAS	X	CAZNOVAS.exe	Added by the CAZNO TROJAN!	No
ccube_Install_Lock	Y	cazz_001.exe	Installed with security products from CA and runs only once on the first boot after installation is complete before exiting	Yes
CBACK.EXE	X	CBACK.EXE	Added by the PENTA-A TROJAN!	No
AdobeReaderPro	X	cbdzfrsl.exe	Added by the RBOT.AZQ BACKDOOR!	No
System	X	cber.exe	Detected by Trend Micro as TROJ_DLOADER.NX	No
cbInterface	U	cbInterface.exe	System Tray access to Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista/7). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	No
Cobian Backup	U	cbInterface.exe	System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
Cobian Backup 10 Interface	U	cbInterface.exe	System Tray access to Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
Cobian Backup 8 interface	U	cbInterface.exe	System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
Cobian Backup 9 interface	U	cbInterface.exe	System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
Cobian Backup Amanita	U	cbInterface.exe	System Tray access to Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
Cobian Backup Black Moon	U	cbInterface.exe	System Tray access to Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
exkataj	X	cbkdkiw.exe	Added by the FANBOT-F WORM!	No
CallBumping	Y	cbpopw.exe	Related to the Gazel 128 PCI ISDN adapter. Required if you use it	No
Microsoft System Restore Configuration	X	CBRSS.EXE	Added by a variant of the SPYBOT WORM!	No
Remote Data Backups	U	CBSysTray.exe	System Tray access to Remote Data Backups online system/data backup utility	No
Remote Data Backups TaskBar Icon	U	CBSysTray.exe	System Tray access to Remote Data Backups online system/data backup utility	No
KingSoft PowerWord PE	N	CBTray.exe	Old version of the PowerWord Chinese and English two way translation software/e-dictionary from Kingsoft	No
CBWAttn	U	CBWAttn.exe	Required for Bitware to answer incoming faxes, can cause sleep mode problems	No
CBWUser	?	CBWDial.exe	Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop	No
CBWHost	U	CBWHost.exe	Required for Bitware to answer incoming faxes, can cause sleep mode problems	No
SQConfigChecker	X	cc.exe	Xupiter SQWire toolbar related. Use Malwarebytes, Spybot S&D, Ad-Aware or similar to detect and remove and to prevent it re-installing in the future	No
Clean Access Agent	N	CCAAgent.exe	Cisco Clean Access Agent from Cisco Systems, Inc	No
ccagent.exe	X	ccagent.exe	Control Center and Control Components rogue security software - not recommended, removal instructions here and here	No
Core Process Aplication	X	ccapl.exe	Detected by Kaspersky as Backdoor.Win32.Rbot.gen. The file is located in %System%\Com	No
Core Process Aplication x16	X	ccapl16.exe	Detected by Trend Micro as WORM_SPYBOT.AFT	No
Core Process Aplication x32	X	ccapl32.exe	Detected by Kaspersky as Trojan-Dropper.Win32.Sramler.e. The file is located in %System%\Com	No
ccApp	Y	ccApp.exe	Part of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without this	Yes
ccApp.exe	X	ccApp.exe	Added by the RBOT-HJ WORM! Note - this is not the legitimate Symantec/Norton file normally located in %CommonFiles%\Symantec Shared. This one is located in %System%	No
Client and Host Security Platform	Y	ccApp.exe	Part of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without this	Yes
Common Client	Y	ccApp.exe	Part of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without this	Yes
Norton Auto-Protect	X	ccApp.exe	Added by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filename	No
Symantec	X	ccapp.exe	Added by the REATLE WORM! Note - this is not a Symantec file	No
Symantec Security Technologies	Y	ccApp.exe	Part of older versions of Symantec's security products including Norton 360, Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Effectively the "master" process which calls the different program features and makes sure they are running. Auto-protect and E-mail check will not function without this	Yes
Symantec Service	X	ccApp.exe	Added by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filename	No
System Process Uninstall	X	ccapp.exe	SystemProcess adware. Note - this is not the legitimate Symantec/Norton file normally located in %CommonFiles%\Symantec Shared. This one is located in %System%	No
Antivirus Protection Services	X	ccapp2.exe	Added by the RBOT.EXI WORM!	No
ServicesLog	X	ccapp32.exe	Added by the RBOT-AMX WORM!	No
Symantec Configuration Loader	X	ccApp32.exe	Added by the AGOBOT-EE WORM!	No
HP Desktop	X	ccappms.exe	Added by the SDBOT-TG WORM!	No
ccApps	X	ccApps.exe	Added by the KANGAROO-B WORM!	No
SymRun	X	ccApps.exe	Added by the KAGEN-A TROJAN!	No
Blah service	X	CCAPPS32.EXE	Added by the RBOT.TV WORM!	No
6331905	X	CCAV.exe	Detected by Dr.Web as Worm.Siggen.1163	No
ccdbefddcfeaeb	X	ccdbefddcfeaeb.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.NV. The file is located in %AppData%\cc60db38-3ef1-4d24-8d95-c429fe359aeb79	No
ccdbefddcfeaebad	X	ccdbefddcfeaebad.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%\{GUID}	No
ccDHCP32	X	ccDHCP32.exe	Added by the AGOBOT-HJ WORM!	No
CCDoctorLogonTesting	Y	ccdoctor.exe	Checks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product	No
Microsoft Driver Setup	X	ccdrive32.exe	Added by the AGENT-LYL TROJAN!	No
ccenter	Y	CCenter.exe	Rising antivirus	No
ccepic	X	ccepic.exe	Added by the MSIL-H TROJAN!	No
CcEvtMgr	Y	ccEvtMgr.exe	Common process for older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. Keeps track of all events occurring for these products and writes these into the Activity log - which can be viewed through the Reports section. Runs as a service on an NT based OS (such as Windows 7/Vista/XP)	No
nortonsantivirus	X	ccEvtMngr.exe	Added by the HZDOOR-A TROJAN!	No
SunJavaSched	X	ccEvtMngr.exe	Added by the SDBOT-YP WORM!	No
ccEvtMrg.exe	X	ccEvtMrg.exe	Added by the RBOT.GZ WORM!	No
dddf	X	ccf.exe	Detected by Malwarebytes Anti-Malware as Password.Stealer. The file is located in %Temp%	No
ccHelp	X	ccHelp.hta	Searchq adware	No
run	X	cchost.exe	Added by the SQUATBOT-C TROJAN!	No
ccStart	X	ccInfo.exe	Added by the AGOBOT-GQ BACKDOOR!	No
CodeClean	X	CCIntro.exe	CodeClean rogue security software - not recommended	No
winlogon_user	X	ccIsass.exe	Added by the SILLYFDC.BBT WORM!	No
CCleaner Update	X	CCleaner x86.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not a valid CCleaner file and it is located in %AppData%\CCleaner Update	No
CCleaner Resident Cleaner Service	X	CCleaner-resident.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry although the file is located in %ProgramFiles%\CCleaner	No
CCleaner Resident Cleaner Service	X	CCleaner-resident.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry and the file is located in %System%\Program Files\CCleaner\[random] - see examples here and here	No
CCleaner Resident Cleaner Service	X	CCleaner-resident.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. Note - this is not a valid CCleaner entry and the file is located in %Temp%\Program Files\CCleaner - see here	No
CCleaner	U	CCleaner.exe	CCleaner from Piriform Ltd. - "is a freeware system optimization, privacy and cleaning tool". Features include removing unused files, cleaning internet history, managing startup programs and a fully featured registry cleaner	Yes
CCleaner.exe	X	CCleaner.exe	Detected by McAfee as Generic Dropper!dob and by Malwarebytes Anti-Malware as Backdoor.MSIL.PGen. Note - this is not the legitmate CCleaner utility which has the same filename and is normally located in %ProgramFiles%\CCleaner. This one is located in %AppData%\EcUQcsIdRaxsWYFZemcIQR\EcUQcsIdRaxsWYFZemcIQR\0.0.0.0	No
ccleaners	X	ccleaners.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%	No
CorrectConnect	N	CConnect.exe	Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available	No
CCProxy	U	CCProxy.exe	CCProxy proxy server software from Youngzsoft. A proxy server is a computer system or (in this case) and application that acts as an intermediary for requests from clients seeking resources from other servers. Located in either %Root%\CCProxy or %ProgramFiles%\CCProxy, this should not be confused with the Symantec version included in older versions of Norton Internet Security or the discontinued Norton AntiSpam which is found in %CommonFiles%\Symantec Shared	Yes
ccProxy	Y	ccProxy.exe	Common process for older versions of Symantec's security products including Norton Internet Security and the now discontinued Norton Personal Firewall, Norton AntiSpam and Norton SystemWorks suite. Without this service running HTTP (web) and SMTP (email) connections fail. It works like a proxy server, acting as an intermediary for requests to/from network services - such as blocking access to domains (websites) and inappropriate pages (content filtering). Runs as a service on an NT based OS (such as Windows 7/Vista/XP). Located in %CommonFiles%\Symantec Shared, this should not be confused with Youngzsoft's CCProxy proxy server software which is found in either %Root%\CCProxy or %ProgramFiles%\CCProxy	No
ccPrxy.exe	X	ccPrxy.exe	Added by the SHIPUP-H WORM!	No
ccPwdSvc	Y	ccPwdSvc.exe	Common process for older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. The exact purpose is unknown at present	No
CcPxySvc	Y	CCPXYSVC.exe	Common process for older versions of Symantec's security products including Norton Internet Security and the now discontinued Norton Personal Firewall, Norton AntiSpam and Norton SystemWorks suite. Without this service running HTTP (web) and SMTP (email) connections fail. It works like a proxy server, acting as an intermediary for requests to/from network services - such as blocking access to domains (websites) and inappropriate pages (content filtering). Runs as a service on an NT based OS (such as Windows 7/Vista/XP)	No
Real Statics Agent	X	ccreal.exe	Added by a variant of Win32/Rbot	No
ccRegVfy	Y	ccRegVfy.exe	Part of older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. "Responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"	Yes
Common Client	Y	ccRegVfy.exe	Part of older versions of Symantec's security products including Norton Internet Security, Norton AntiVirus and the now discontinued Norton SystemWorks suite. "Responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"	Yes
USD Driver	X	ccrss.exe	Added by the SDBOT.BFH WORM!	No
ccSetMgr	Y	ccSetMgr.exe	Common process for older versions of Symantec's products including Norton Internet Security, Norton AntiVirus, Norton Ghost and the now discontinued Norton Personal Firewall and Norton SystemWorks suite. Manages the secure storage and management of the various configuration settings for these products. Runs as a service on an NT based OS (such as Windows 7/Vista/XP)	No
Norton Antivirus CCDebug	X	CCSEVRT.exe	Added by the SDBOT.ACJ WORM!	No
novavapp	X	ccsmn.exe	Sysinternals Antivirus rogue security software - not recommended, removal instructions here	No
Configuration Loader	X	ccSort.exe	Added by the AGOBOT.SR WORM!	No
Sygate Personals Firewalls	X	ccsrn.exe	Added by a variant of Win32/Rbot	No
novavappr	X	ccsrr.exe	Sysinternals Antivirus rogue security software - not recommended, removal instructions here	No
WINTASKMGR	X	ccsrs.exe	Added by the MYTOB.Q WORM!	No
winprotection	X	ccsrss.exe	Added by the SILLYFDC.BBT WORM!	No
ccStart	X	ccStart.exe	Added by the AGOBOT-IR WORM!	No
Norton Start	X	ccStart.exe	Added by the SDBOT-OX WORM!	No
ccSvcHst.exe	X	ccSvcHst.exe	Added by the SDBOT-DIW WORM! Note - this is not the legitimate Symantec security service located in %CommonFiles%\Symantec Shared. This one is located in %Windir%	No
ccsvit.exe	X	ccsvit.exe	Added by the STARTPA-HP TROJAN!	No
(Default)	X	cct.exe	Detected by Malwarebytes Anti-Malware as Trojan.FakeMS. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %WinTemp%	No
CA Security Suite	U	cctray.exe	Installed with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected and double-clicking on it gives details about the warning or the alert state	Yes
cctray	U	cctray.exe	Installed with older versions of both stand-alone security tools and suites from CA. Provides System Tray access to the Control Center - which indicates the current tool status and can be used to launch scans, updates or access product information. The icon changes appearance if a warning or issue is detected and double-clicking on it gives details about the warning or the alert state	Yes
XGCCTVServer	Y	CCTvServer.exe	Related to the GSec1 XGate 2.0 intellegent wireless ADSL/Cable router which has built-in security features	No
nortonav	X	CCUPD32.EXE	Added by an unidentified WORM or TROJAN!	No
ccUpdate	X	ccUpdate.exe	Added by the AGOBOT.YS WORM!	No
Norton Update	X	ccUpdate.exe	Added by a variant of the AGOBOT WORM!	No
Norton Updater	X	ccUpdate.exe	Added by the AGOBOT.ALW WORM!	No
ccUpdMgr	U	ccUpdMgr.exe	In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!	No
CCUTRAYICON	U	CCU_TrayIcon.exe	Related to Traybar Launcher from Intel Corporation belonging to Intel® Viiv®	No
Adobe_RLX	X	ccwap.exe	Added by the BCKDR-RCL TROJAN!	No
MP3 CD Extractor	N	CD-Extractor.exe	"MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk"	No
cd1	X	cd1.exe	Premium rate adult content dialler	No
Computer Defender 2009	X	cd2009.exe	Computer Defender 2009 rogue security software - not recommended, removal instructions here	No
Auto CD-ROM Startup	X	cdaccess.exe	Added by the SPYBOT.BLA WORM!	No
Microsoft software	X	cdaccess.exe	Detected by Trend Micro as WORM_RBOT.ABK	No
CDANTSRV	N	CDANTSRV.exe	C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually	No
CyberDefender Early Detection Center	X	cdas[random].exe	CyberDefender Early Detection Center rogue security software - not recommended. On testing with a clean image, this reported registry entries pointing to the legitimate Java "jqs_plugin.dll" file (located in %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie as the Anticlear rogue (see an example here). In addition, it claimed that the installer for an older version of HashTab contained W32.MalwareF.KJAE and quarantined a valid 7-zip file ("7zCon.sfx" in %ProgramFiles%\7-Zip) as W32/Malware. Also read this post where a Tech Support person uses other free tools such as MBAM to fix a problem	No
cdc10baf8d526aadd954bf3f60e0e69e	X	cdc10baf8d526aadd954bf3f60e0e69e.exe	Detected by McAfee as RDN/Generic.grp!cw and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
cdca408e3cbf7b0daaa425b5705221a4	X	cdca408e3cbf7b0daaa425b5705221a4.exe	Detected by McAfee as RDN/Generic.dx!bb3 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Cdcompat	X	Cdcompat.exe	Added by the GEMA TROJAN!	No
Cddrv32	X	cddrv32.exe	Added by the GEMA TROJAN!	No
Cool Desk	U	cdesk.exe	Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you	No
CDInterceptor	N	cdi.exe	CD indexer for measuring the speed of CD players	No
cdloader	Y	cdloader2.exe	MagicJack - a "softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"	No
MS-Connect	X	cdm.exe	MS-Connect - Switch dialer and hijacker variant, see here. Also detected as the DIALER.DD TROJAN!	No
CdnCtr	X	cdnup.exe	Detected by Total Defense as CNNIC Update and by Malwarebytes Anti-Malware as Adware.Cnnic	No
SystemTra	X	CDPlay.EXE	Added by the LOVGATE.Z WORM!	No
Cdrom Controller	X	cdromcntrl.exe	Detected by Sophos as Troj/Battry-A	No
MicrosoftROMDriverService	X	cdrss.exe	Added by the IRCBOT.BLF BACKDOOR!	No
cds	X	cds.exe	Added by the SPYMON TROJAN!	No
CDSpeed.exe	X	CDSpeed.exe	Added by the IRCBOT.AEX BACKDOOR!	No
CD Storage Master	N	cdstorager.exe	CD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection	No
CD Tray Pal	N	CDTray.exe	CD Eject Tool from Fomine Software - "is a utility that manages your CD Drive doors. It allows you eject and close the CD Drive door by using a hotkey, desktop shortcut, or via an icon in your system tray"	No
CDTray	N	CDTray.exe	On HP PCs, this is the small CD icon next to the time	No
CDTrayPal	N	cdtray.exe	CD Eject Tool from Fomine Software - "is a utility that manages your CD Drive doors. It allows you eject and close the CD Drive door by using a hotkey, desktop shortcut, or via an icon in your system tray"	No
Update	X	CDUpdater.exe	"Carpe Diem" adult premium rate dialler related	No
CD-DVD Lock for Win95/98/Me/2k/XP	U	CDVAgent.exe	Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI	Yes
CDVAgent	U	CDVAgent.exe	Loads CD-DVD Lock from Ixis Research, Ltd - which is "intended for restricting read or write access to removable media devices such as CD, DVD, floppy and flash, as well as for restricting access to certain partitions of hard disk drives. You can restrict access by two ways: hide your devices from viewing or lock access to them". If disabled, hidden and locked drives still retain their original status so the user will only be able to change their status them via the main UI	Yes
JDK55WFMZY	X	cdx.exe	Added by the MONDER.RON TROJAN!	No
Cadenza	U	CdzSvc.exe	Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices	No
ClickTheButton	X	cd_load.exe	Detected by McAfee as Downloader-MY	No
CyDoor	X	CD_Load.exe	CyDoor adware	No
CydoorUpdate	X	CD_Load.exe	CyDoor adware	No
ce034ed846a59de9fb1d175d940837e8	X	ce034ed846a59de9fb1d175d940837e8.exe	Detected by Dr.Web as Trojan.DownLoader7.20094 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
ceeiLjmUBGBADu	X	ceeiLjmUBGBADu.exe	Added by the FAKEAV-DVF TROJAN!	No
CeEKEY	U	CeEKey.exe	Hot Key utility included on Toshiba Satellite laptops	No
Ceic	?	Ceic.exe	??	No
run=	X	Celine.scr	Added by the CELINE-A TROJAN!	No
CEventMgr	X	Cell.exe	Added by the BIFROSE-AK TROJAN!	No
CenProtect	X	CenProtect.exe	CenProtect rogue security software - not recommended, removal instructions here	No
Control Center	U	Center.exe	Associated with Hawking Technologies, Inc wireless products. Located in %Program Files%\Hawking\WLAN Card Utilities	No
T-Mobile Communication Centre	U	Centre.exe	T-Mobile Communication Centre configuration/management utility for their range of mobile broadband devices	No
CeEPOWER	U	CePMTray.exe	Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times	No
syscodecaudio	X	CEQL0H9AT4.exe	Detected by Malwarebytes Anti-Malware as Worm.Ainslot. The file is located in %AppData%\audiocodec	No
Advanced Internet Protocol	X	cerf.exe	Added by a variant of the SPYBOT WORM!	No
Cerrus	X	Cerrus.exe	Detected by Malwarebytes Anti-Malware as MSIL.LockScreen. The file is located in %AppData%	No
Certificate Policy Engine	X	CertPolEng.exe	Detected by Sophos as Troj/Agent-ZBH and by Malwarebytes Anti-Malware as Backdoor.Agent.DC	No
Legacy VGA Drivers V1.0	X	certproc32.exe	Added by the AGENT.NEM TROJAN!	No
CertReg	U	certreg.exe	Related to Gemplus Card Reader	No
CertStoreInit	Y	CertStoreInit	Aladdin eToken authentication and password management	No
certtool	Y	certtool.exe	Part of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options	Yes
IBM Client Security	Y	certtool.exe	Part of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options	Yes
ISS_Certtool	Y	certtool.exe	Part of Client Security Software (CSS) for IBM\Lenovo notebooks. If you have configured the software via the associated wizard this will need to be running if you want to mount password protected areas of the disk (created with SafeGuard PrivateDisk), use the password manager or file/folder encryption options	Yes
SetecCertUtil	U	Certutil.exe	Setec Web and Email Security. Setec PKI smart card software. The PKI technology enables secure and reliable user identification in services offered through Internet, mobile handsets and digital TV	No
Driver Control Manager v7.1	X	cetrdeje.exe	Added by the AUTORUN-BKK WORM!	No
Driver Control Manager v7.5	X	cetrdeosa.exe	Added by the SILLYFDC-FF WORM!	No
cryptoexpert	U	cexpert.exe	CryptoExpert from SecureAction Research. Advanced on the fly encryption system	No
CryptoExTrayV3	?	CexTray.exe	Part of the CryptoEx Client Suite from Glück & Kanja Technology AG. What does it do and is it required?	No
CryptoExVolumeAutoMount	?	CexVolume.exe	Part of the CryptoEx Client Suite from Glück & Kanja Technology AG. What does it do and is it required?	No
BJCFD	N	CFD.exe	BroadJump Client Foundation - broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs	No
CFD	N	CFD.exe	BroadJump Client Foundation - broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs	No
Microsoft Driver Setup	X	cfdrive32.exe	Added by the AGENT-OJR TROJAN!	No
cfFncEnabler.exe	N	cfFncEnabler.exe	Toshiba "Config Free" wireless network manager on their range of laptops	No
Corel Colleagues & Contacts Reminders	N	cffrem.exe	Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office	No
Corel Family & Friends reminders	N	CFFREM.EXE	Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic	No
Configuration Manager	X	cfg32.exe	BookedSpace parasite. Note - the "cfg32.exe" file is located in %Windir%	No
cfgboost	X	cfgboot.exe	Added by an unidentified WORM or TROJAN!	No
Microsoft Runtime	X	CfgDll32.exe	Added by the RANDEX.BD WORM!	No
cfgintpr	Y	cfgintpr.exe	Configuration Interpreter - part of Tiny Personal Firewall V4	No
cfgmng32	U	cfgmng32.exe	PureSight PC parental controls software by Puresight Technologies Ltd - "offers multi-layered cyberbullying protection for your family and it blocks offensive web-content". Also used by CA for their CA Parental Controls 2008 and 2009 utilities (both stand-alone and in suites)	Yes
dvHighMem	U	cfgmng32.exe	PureSight PC parental controls software by Puresight Technologies Ltd - "offers multi-layered cyberbullying protection for your family and it blocks offensive web-content". Also used by CA for their CA Parental Controls 2008 and 2009 utilities (both stand-alone and in suites)	Yes
Wins32 Online	X	cfgpwnz.exe	Detected by Symantec as W32.Bropia.R	No
Printer Update	?	CFGREG.EXE	Maybe a registration reminder or automatically updates drivers or application software for a printer?	No
ConfigSafe	U	CFGSAFE.EXE	ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice	No
load=	?	cfgsys32.exe	??	No
Cfgwiz	U	cfgwiz.exe	Configuration wizard for older versions of Symantec's Norton AntiVirus, Norton Internet Security and Norton SystemWorks security products. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time the software is launched via the Start Menu	Yes
IS CfgWiz	U	cfgwiz.exe	Configuration wizard for older versions of Symantec's Norton Internet Security (and the now discontinued Norton Personal Firewall). On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton Internet Security is launched via the Start Menu	Yes
NAV CfgWiz	U	CfgWiz.exe	Configuration wizard for older versions of Symantec's Norton AntiVirus. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton AntiVirus is launched via the Start Menu	Yes
NAVCFG	U	CfgWiz.exe	Configuration wizard for older versions of Symantec's Norton AntiVirus. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings. If this entry is disabled, the configuration wizard will run the next time Norton AntiVirus is launched via the Start Menu	Yes
Norton PasswordManager	U	cfgwiz.exe	Configuration wizard for Symantec's now discontinued Norton Password Manager security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate) and confirms the default configuration settings	No
Norton SystemWorks	U	CfgWiz.exe	Configuration wizard for Symantec's now discontinued Norton SystemWorks security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings	Yes
SW CfgWiz	U	cfgwiz.exe	Configuration wizard for Symantec's now discontinued Norton SystemWorks security product. On the first run after installation or a significant software update via LiveUpdate this entry looks after registration, subscription and post-installation tasks (such as LiveUpdate, full scan and scheduling) and confirms the default configuration settings	Yes
Configuration Wizard	X	Cfgwiz32.exe	Added by the HCKTCK.2K.C BACKDOOR! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)	No
TMA distribution	U	cfinst.exe	Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients	No
CFi ShellToys Utility Manager	U	CFiShlMan.exe	Manager for CFi ShellToys from Cool Focus International Ltd - which "puts all the tools you need right where you need them - just a click away on your context menu. Right-click one or more files or folders, the desktop or the window background for instant access to 50 context-sensitive shell extensions"	No
Micrcsoft Certificate Services	X	cflmon.exe	Added by the RBOT-FWV WORM!	No
CTMON.EXE	X	cfmon.exe	Added by the CLCKR-AN TROJAN!	No
Microsoft Vista Upgrade Validation Service	X	cfmon.exe	Added by a variant of the IRCBOT BACKDOOR!	No
cFosDNT	?	cFosDNT.exe	cFos DSL Modem driver related. What does it do and is it required?	No
cFosInst_Check	?	cfosinst.exe	cFos DSL Modem driver related. What does it do and is it required?	No
cFosSpeed	U	cFosSpeed.exe	cFosSpeed Internet acceleration program from cFos Software GmBH - "increases your throughput and reduces your Ping. Whenever you access the Internet with more than one data stream cFosSpeed can optimize the traffic"	No
COMODO Firewall Pro	Y	cfp.exe	System Tray access to and notifications for an older "Pro" version of Comodo Firewall by Comodo Group, Inc	No
COMODO Internet Security	Y	cfp.exe	System Tray access to and notifications for the range of internet security products from Comodo - including Internet Security, Antivirus and Firewall	No
Warning: do not remove it! (system)	Y	cfpsys.exe	Folder Password Protect - a program that lets you set a password on folders of your choice	No
Windows	X	Cfreer.exe	Added by the CULLER-C WORM!	No
CFSServ.exe	U	CFSServ.exe	Belongs to Toshiba's configfree utility and searches for Wireless Devices	No
cftmoc	X	cftmoc.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AppData%	No
autoload	X	cftmon.exe	Added by the SOCKS-E WORM!	No
cftmon	X	cftmon.exe	Detected by Malwarebytes Anti-Malware as Trojan.Backdoor.DF. The file is located in %ProgramFiles%	No
cftmon	X	cftmon.exe	Detected by Malwarebytes Anti-Malware as Trojan.Backdoor.DF. The file is located in %System%	No
cftmon	X	cftmon.exe	Detected by Malwarebytes Anti-Malware as Trojan.FakePDF. The file is located in %AppData%	No
ctfmon	X	cftmon.exe	Detected by Sophos as Troj/Delive-A. The file is located in %Windir%	No
HKCU	X	Cftmon.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%\InstallDir	No
HKCU	X	Cftmon.exe	Detected by Kaspersky as Trojan.Win32.VBKrypt.cdor. The file is located in %System%	No
HKCU	X	Cftmon.exe	Detected by McAfee as Generic.bfr!dx and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir	No
HKLM	X	Cftmon.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%\InstallDir	No
HKLM	X	Cftmon.exe	Detected by Kaspersky as Trojan.Win32.VBKrypt.cdor and by Malwarebytes Anti-Malware as Trojan.Backdoor.DF. The file is located in %System%	No
HKLM	X	Cftmon.exe	Detected by McAfee as Generic.bfr!dx and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir	No
Policies	X	Cftmon.exe	Detected by Kaspersky as Trojan.Win32.VBKrypt.cdor. The file is located in %System%	No
Winsock2 driver	X	CFTMON.EXE	Added by a variant of the IRCBOT BACKDOOR!	No
SFtrb Service	X	cftrb32.exe	Added by the SOBIG.D WORM!	No
cfy	X	cfy.exe	Surfenhance.com SearchForIt adware variant	No
CGI Firewall Script	X	CGIAGENT.EXE	Added by the BROPIA-U WORM!	No
Norton Crashguard Monitor	N	cgmenu.exe	Troublesome program that doesn't actually work with WinME so Norton removed it from SystemWorks 2001	No
CGServer	U	cgserver.exe	Associated with an Eicon Networks (now Dialogic) Diva ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs	No
Cgtask Services	X	cgtask.exe	Added by the LALA.B TROJAN!	No
Microsoft Windows Files Loader	X	cgy32win.exe	Added by the RBOT-AXR WORM!	No
Cgywin	X	cgywin32.exe	Added by the RBOT-AEI WORM!	No
ChamClock	U	ChamClock.exe	Chameleon Clock - system tray clock replacement	No
HomeAlarm	U	ChamClock.exe	Chameleon Clock - system tray clock replacement	No
PSD Tools Channel	X	ChannelUp.exe	BuddyLinks adware	No
Animated Wallpaper	U	Charm Waterfall.exe	Charm Waterfall animated desktop wallpaper from Desktop Animated	No
[random name]	X	charmapnt.exe	Added by the BANCOS-DR TROJAN!	No
System startup	U	charmapx.exe	Only required if using an oriental language	No
Bingo Charm	?	charms.exe	Some kind of screen icon kind of like desk flag, but it gives you a choice of icons?	No
Chatango	N	Chatango.exe	Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately	No
Chat login	X	chatlogin.exe	Detected by Trend Micro as WORM_ANTINNY.F	No
loves2	X	chatser.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System%\InstallDir - see here	No
loveuoy	X	chatser.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System%\InstallDir - see here	No
mands2	X	chatser.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %System%\InstallDir - see here	No
ChatStat	U	ChatStat.exe	ChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive	No
chaveGBtL2TM	X	chaveGBtL2TM.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Root%\chaveGBtL2TM	No
Chcenter	N	chcenter.exe	IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"	No
Shcenter	N	chcenter.exe	IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"	No
chcp.exe	X	chcp.exe	Added by the SDBOT.BMH BACKDOOR!	No
High Definition Audio Property Page Shortcut	U	CHDAudPropShortcut.exe	Realtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required	No
che32	X	che.ocx.vbs	Added by the ADENU-B VIRUS!	No
CIO	N	che7e1~1.exe	ChatItOut webcam chat program	No
GigaByte	X	Cheatle.exe	Added by the SHODI.B VIRUS!	No
Check&Get	U	Check&Get.exe	Check&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents	No
Check	X	Check.exe	Added by the VB-DRN WORM!	No
eRecoveryService	Y	check.exe	Now part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's required	Yes
OBRCheck	Y	check.exe	Now part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager". Whilst the exact purpose of this entry isn't known it runs and closes so leave it enabled in case it's required	Yes
WinCheck	X	check.exe	Added by the DELBOT-Y WORM!	No
check119	X	check119_up.exe	Check119 rogue security software - not recommended, removal instructions here	No
CheckCustomWorksUpdate	N	CheckCWupdate.exe	Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"	No
WashAndGo - Cleanup of old Backupfiles	U	checker.exe	WashAndGo - temp file cleaner	No
CheckIt 86	U	CheckIt86.exe	CheckIt 86 popup blocker	No
Checklist	N	Checklist.exe	Checklist task management utility by Task Solutions Inc (formerly 4th Software)	No
ChecklistSrv	U	ChecklistSrv.exe	Checklist task tracking and management utility by Task Solutions Inc (was 4th Software)	No
Registry Startup Check	X	checkreg.exe	Added by the REMLOAD-A or DANMEC-B TROJANS!	No
svhoost	X	checksys.exe	Added by a downloader TROJAN of Chinese origin!	No
Xvid	N	CheckUpdate.exe	Update manager for the Xvid video codec	No
Blackmagic CheckVersion PCI	?	CheckVersionPCI.exe	Related to the "Decklink" range of products from Blackmagic Design Pty. Ltd. What does it do and is it required?	No
Windows firewall manager	X	chh.exe	Added by a variant of the RANDEX.GEL WORM!	No
chiCkie	X	chiCkie.exe	Detected by Symantec as W32.Chiko	No
ChikkaDefault	U	ChikkaLauncher.exe	Chikka PC text messanger and IM client	No
ChilyClient	U	ChilyClient.exe	Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourself	No
eixfi	X	china.bat	Detected by Trend Micro as BAT_WCUP.A	No
china11msn	X	CHINA11MSN.EXE	Added by the ENVID.O WORM!	No
chisignup	X	chisignup.exe	Detected by Dr.Web as Trojan.DownLoader8.32006	No
ChkAdmin	N	CHKADMIN.EXE	Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"	No
SB Audigy 2 Startup Menu	?	ChkColor.EXE	Related to the Creative Sound Blaster Audigy 2 range of sound cards	No
CheckDialer	U	ChkDial.exe	Added by the CheckDialer modem connection monitoring tool	No
AdobeReaderPro	X	chkdisk.exe	Added by the RBOT-BDV WORM!	No
UninstalTime	X	chkdisk.exe	Detected by Dr.Web as Trojan.Siggen1.31088 and by Malwarebytes Anti-Malware as Backdoor.Agent	No
[random name]	X	chkdsk.exe	PurityScan adware. Note - the legitimate Windows chkdsk.exe will always be located in %System% and will NOT figure among the startups!	No
Disk Check	X	chkdsk32.exe	Added by the IM TROJAN!	No
CHK Disker	X	chkdsker.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
NT Printing Service	X	chkdsks.exe	Added by the ARCHIVARIUS series of WORMS!	No
NT Printing Services	X	chkdsks.exe	Added by the BUZUS-M TROJAN!	No
NT Printing Service	X	chkdskss.exe	Added by the ARCHIVARIUS series of WORMS!	No
Microsoft DLL Verifier	X	chkfile.exe	Added by the RBOT-AOC WORM!	No
Pe2ckfnt SE	N	chkfont.exe	Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu	No
ASUS ChkMail	U	ChkMail.exe	Mail-checking utility supplied with some ASUS notebooks that uses an LED to notify the user when an E-mail has arrived	No
ChkMail	U	ChkMail.exe	Mail-checking utility supplied with some Acer and ASUS notebooks that uses an LED to notify the user when an E-mail has arrived	No
Generic ChkMail	U	ChkMail.exe	Mail-checking utility supplied with some ASUS notebooks that uses an LED to notify the user when an E-mail has arrived. The models supported are AS62FM945GM1, AS62JM945PM1 and AS62JM945PM2 - see here	No
Java Plug-in	X	chknt32.exe	Detected by McAfee as Spy-Agent.fg and by Malwarebytes Anti-Malware as Trojan.Zbot	No
CHK NT	X	chkntf.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
[random name]	X	chkntfs.exe	PurityScan adware. Do not confuse with the legitimate NTFS Volume Maitenance Utility (chkntfs.exe) process which is always located in %System% and should not figure in Msconfig/Startup!	No
ChkDisk	X	chk_disk.exe	Added by an unidentified WORM or TROJAN!	No
avagent3974	X	chnb8895.exe	AntiVirus ransomware security software - not recommended, removal instructions here	No
ChangeLines	?	chngline.exe	??	No
ChoiceMail	U	CHOICEMAIL.EXE	ChoiceMail from DigiPortal Software. Block spam with an Email firewall	No
Choke	X	Choke.exe -blahhh	Added by the CHOKE WORM!	No
ChomikBox	U	ChomikBox.exe	ChomikBox - Polish utility that "is a small and friendly program that will allow you to easily add files to your hamster, download, and listen to music directly from the pages of the site!" The "hamster" referred to is an online storage service	No
chostsv	X	chostsv.exe	Added by the BANPAES.C TROJAN!	No
windows taskbar	X	Chouf-This.exe	Added by the AUTORUN-BQP WORM!	No
Microsoft Driver Setup	X	Chrg.exe	Detected by Malwarebytes Anti-Malware as Worm.Autorun. The file is located in %System%\drivers	No
Christmas Music Player	N	Christmas Music Player.exe	"Christmas Music Player brings the music of the Christmas Holiday to your desktop"	No
Zacker	X	Christmas.exe	Added by the MALDAL-C WORM!	No
2b5b36b8ef975d928d30dc6bd0460ca5	X	chrome crypto.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserTemp%	No
b4ada7daa19b8b7f8c9d2810d3477ea5	X	Chrome update.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %Temp%	No
chrome	X	chrome.bat	Detected by Dr.Web as Trojan.DownLoader6.8804	No
90480ec0be14f6221b63d9107a2dd7d8	X	chrome.exe	Detected by Dr.Web as Trojan.DownLoader8.19330 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%	No
a	X	chrome.exe	Detected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes Anti-Malware as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\Desktop	No
AVAST32	X	chrome.exe	Detected by McAfee as BackDoor-CZP.dr and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%	No
b	X	chrome.exe	Detected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes Anti-Malware as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%	No
c	X	chrome.exe	Detected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes Anti-Malware as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\Downloads	No
chrome	X	chrome.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%	No
chrome	X	chrome.exe	Detected by Dr.Web as Trojan.DownLoader6.5297 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\System	No
Chrome	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader6.8983. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
Chrome	X	Chrome.exe	Detected by Dr.Web as Trojan.KeyLogger.15604 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Microsoft\System\Services	No
Chrome	X	Chrome.exe	Detected by McAfee as Generic.dx!b2aq and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%	No
chrome	X	chrome.exe	Detected by McAfee as Generic.bfr!gs and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%	No
Chrome	X	Chrome.exe	Detected by McAfee as Generic.dx and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %ProgramFiles%\Chrome	No
Chrome	X	chrome.exe	Detected by Microsoft as Trojan:Win32/Ransom.EJ and by Malwarebytes Anti-Malware as Trojan,Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\google\chrome	No
chrome	X	chrome.exe	Detected by Microsoft as TrojanSpy:Win32/Keylogger.FM and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserTemp%	No
Chrome Services	X	chrome.exe	Detected by Kaspersky as Trojan-PSW.MSIL.Agent.dyi. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Google Chrome	No
chrome.exe	X	chrome.exe	Detected by Dr.Web as Trojan.KeyLogger.15604 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%	No
chrome.exe	X	chrome.exe	Detected by McAfee as PWS-Zbot.gen.aru and by Malwarebytes Anti-Malware as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Windir%	No
Chrome.exea	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes Anti-Malware as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\Desktop	No
Chrome.exeb	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes Anti-Malware as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\Start Menu\Programs	No
Chrome.exec	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes Anti-Malware as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %MyDocuments%	No
Chrome.exed	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes Anti-Malware as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\Favorites	No
Chrome.exee	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader6.8983 and by Malwarebytes Anti-Malware as Trojan.Inject. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%\Start Menu	No
d	X	chrome.exe	Detected by Ikarus as Trojan.Win32.VBKrypt and by Malwarebytes Anti-Malware as Trojan.Agent.CRGen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%	No
d5a38e9b5f206c41f8851bf04a251d26	X	chrome.exe	Detected by Dr.Web as Trojan.DownLoader7.13869 and by Malwarebytes Anti-Malware as Backdoor.Bot. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%	No
d5a38e9b5f206c41f8851bf04a251d26	X	chrome.exe	Detected by Dr.Web as Trojan.DownLoader7.21837 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%	No
d709f34a2bc48c2ecfacf26803c2c376	X	chrome.exe	Detected by Dr.Web as Trojan.DownLoader7.19599 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %UserProfile%	No
e79d569ba77562f0d4316e586835f0a2	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader7.10888 and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%	No
google	X	chrome.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%	No
Google Chrome	X	chrome.exe	Detected by Dr.Web as Trojan.DownLoader4.33575. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Google	No
Google Update	X	chrome.exe	Detected by Dr.Web as Trojan.MulDrop1.54424. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%	No
Google Updates	X	chrome.exe	Detected by McAfee as Generic Dropper. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\Google Chrome	No
GoogleChrome	X	chrome.exe	Detected by Dr.Web as Trojan.MulDrop4.9457. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\GoogleChrome	No
HKCU	X	chrome.exe	Detected by McAfee as Generic.bfr!gs and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%	No
HKLM	X	chrome.exe	Detected by McAfee as Generic.bfr!gs and by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Root%	No
MicroUpdate	X	Chrome.exe	Detected by Dr.Web as Trojan.DownLoader8.37127. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %Temp%\Google_chrome	No
RUNDLL32	X	chrome.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Messa. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %AppData%\updater	No
Yahoo Messengger	X	chrome.exe	Detected by Sophos as W32/Autorun-NG. Note - this is not the legitimate Google Chrome browser which is normally located in %ProgramFiles%\Google\Chrome\Application. This one is located in %System%	No
Yahoo Messengger	X	chrome9.exe	Detected by Dr.Web as Trojan.StartPage.39111	No
HKCU	X	chromee.exe	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir	No
HKLM	X	chromee.exe	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %Windir%\InstallDir	No
Bunnies	X	Chromesupport.exe	Detected by McAfee as RDN/Generic.dx!o and by Malwarebytes Anti-Malware as Backdoor.Agent	No
Noobcake	X	Chromesupport.exe	Detected by McAfee as RDN/Generic.dx!o and by Malwarebytes Anti-Malware as Backdoor.Agent	No
Policies	X	Chromesupport.exe	Detected by McAfee as RDN/Generic.dx!o and by Malwarebytes Anti-Malware as Backdoor.Agent.PGen	No
ChromeUpdate	X	ChromeUpdate.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not a legitimate Google Chrome browser entry and the file is located in %ProgramData%\ChromeUpdate	No
chromeupdate	X	ChromeUpdate.exe	Detected by Dr.Web as Trojan.DownLoader5.27987. Note - this is not a legitimate Google Chrome browser entry and the file is located in %AllUsersProfile%\Favorites	No
Chrome_Loader.exe	X	Chrome_Loader.exe	Detected by Microsoft as Backdoor:Win32/Dekara.A	No
chrono	U	chrono.exe	Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over	No
Chronograph	U	chrono.exe	Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over	No
c3294e515629d65109551b22b924c29b	X	chroom.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserTemp%	No
Cyberhawk	U	CHTray.exe	Cyberhawk from Novatix. Protects against viruses, spyware, identity theft	No
ChronitelInitTV	?	CHTVINIT.EXE	??	No
Task Manager	X	chucem.exe	Detected by McAfee as W32/Chucem.worm	No
Microsoft Driver Setup	X	Chvgrm.exe	Detected by Avira as TR/Kolab.82432	No
ci1gnt	X	ci1gnt.exe	Detected by Kaspersky as the AGENT.DHU TROJAN!	No
Windows Printing Driver	X	ciadvs.exe	Added by the BUZUS-M TROJAN!	No
Windows Printing Driver	X	ciadvss.exe	Added by the ARCHIVARIUS series of WORMS!	No
Component Browser	X	cicedit.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.CD. The file is located in %System%	No
WindowsFileSystem	X	cidaemon32.exe	Added by the RBOT-FSP WORM!	No
WinXP Catalog Service	X	cidaemon32.exe	Detected by Kaspersky as Backdoor.Win32.Rbot.aeu	No
Microsoft Driver Setup	X	cidrive32.exe	Added by the AGENT-NES TROJAN!	No
cihost.exe	X	cihost.exe	Added by the LINST TROJAN!	No
Memory Allocation Host	X	cihost.exe	Detected by Avast as a variant of the IRCBOT-CHZ WORM!	No
Microsoft Data Helper	X	cihost.exe	Malware, possibly a variant of the LINST TROJAN	No
CIJ2P2PSERVER	Y	CIJ2P2PS.EXE	Compaq IJ200 printer utility which is required in order to make the printer work correctly	No
CIJ3P2PSERVER	Y	CIJ3P2PS.EXE	Compaq IJ300 printer utility which is required in order to make the printer work correctly	No
CIJ7P2PSERVER	Y	CIJ7P2PS.EXE	Compaq IJ700 printer utility which is required in order to make the printer work correctly	No
CIJ9P2PSERVER	Y	CIJ9P2PS.EXE	Compaq IJ900 printer utility which is required in order to make the printer work correctly	No
NTdhcp	X	CiKewl.exe	Added by the QQROB-N TROJAN!	No
CimSync	U	cimsync.exe	Proficy CIMPLICITY by GE - "is a client/server based visualization and control solution that helps you visualize your operations, perform supervisory automation and deliver reliable information to higher-level analytic applications"	No
CinemaNowMediaManagerApp	U	CinemanowShell.exe	Media manager for the CinemaNow digital video distribution service	No
Cingular Communication Manager	Y	CingularCCM.exe	Cingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"	No
Software	X	cipsn.exe	Added by the FORBOT-DM WORM!	No
Duwee wong Cerbon	X	Cirebons.exe	Added by the BHARAT.A WORM!	No
AutoVirusProtection	X	ciscv.exe	Added by a variant of Win32/Rbot	No
boguzoo	X	cisepud.exe	Detected by Dr.Web as Trojan.DownLoader8.36444	No
Memory Allocation Server	X	ciserv.exe	Detected by Microsoft as Worm:Win32/Slenfbot.BH	No
Memory Allocation Services	X	cisrv.exe	Added by the IRCBOT.FC BACKDOOR!	No
CISrvr Program	N	CISRVR.EXE	Related to internet setup on Compaq PC's	No
Cissi	X	Cissi.exe	Added by the CISSI.A WORM!	No
FamilyKeyLogger	U	cisvc.exe	Family Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Located in %ProgramFiles%\FamilyKeyLogger	No
load	X	cisvc.exe	Added by the DOWNBOT TROJAN!	No
Cisvc	X	cisvc.exe /waitservice	Detected by Microsoft as TrojanDownloader:Win32/Horst.Q and by Malwarebytes Anti-Malware as Backdoor.Agent. Note - this is not the legitimate cisvc.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers	No
Ci Svr	X	cisvr.exe	Added by the IRCBOT.AWN BACKDOOR!	No
CitiUCS	U	CitiUCS.exe	Citibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"	No
CitiVAN	N	CitiVAN.exe	Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again	No
Civa	X	Civa.exe	Added by the SDBOT.ARI WORM!	No
Windows Loader Service	X	civsc.exe	Added by a variant of Win32/Rbot	No
RunmeAtStartup	X	cj.exe	Detected by Dr.Web as Trojan.DownLoader5.31016 and by Malwarebytes Anti-Malware as Trojan.Agent	No
cjb	X	cjb*.exe	Added by a variant of the AGENT.ALZE TROJAN - where * is a random digit and the file is located in %ProgramFiles%\cjb	No
cjb	X	cjb.exe	Added by the AGENT.ALZE TROJAN!	No
CJET	X	CJet.exe	FFToolBar adware toolbar	No
Cjstcom	Y	Cjstcom.exe	Canon printer BJ status language monitor	No
BJ Status Monitor 522	U	CJSTR3G.EXE	Canon printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor 530	U	CJSTR4B.EXE	Canon printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor 550	U	CJSTR4Y.EXE	Canon printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor 600	U	CJSTR5I.EXE	Canon printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Printer Status Monitor	N	Cjstsr.exe	Canon BJ printer status monitor	No
CleverKeys	U	CK.exe	CleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"	No
CKA	U	CKA.exe	Part of Symantec's now discontinued Norton SystemWorks security and utility suite. Keeps a dial-up modem connection alive	Yes
SymKeepAlive	U	CKA.exe	Part of Symantec's now discontinued Norton SystemWorks security and utility suite. Keeps a dial-up modem connection alive	Yes
ckhfs4	X	ckhfs4.exe	Detected by Microsoft as PWS:Win32/Frethog.AD	No
MSConfig	X	ckme.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserProfile%	No
startkey	X	CKOTS.exe	Added by the BIFROSE-HM TROJAN!	No
kamsoft	X	ckvo.exe	Added by the GAMANIA-BW TROJAN!	No
[various names]	X	clamav.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
ClamWin	Y	ClamTray.exe	System Tray access to and notifications for ClamWin free antivirus	No
ecko	X	claro.exe	Added by the DLOADR-AQJ TROJAN!	No
Registry	U	class0117[random].exe	Blackbox captures emails and chat logs, and monitors Internet activity - remove if you didn't intentionally install it	No
class454~@#	U	class454.exe	XPSpy surveillance software. Uninstall this software unless you put it there yourself	No
Classic Start Menu	Y	ClassicStartMenu.exe	Classic Start Menu (part of Classic Shell by Ivo Beltchev) - "is a clone of the original start menu, which you can find in all versions of Windows from 95 to Vista. It has a variety of advanced features"	No
Clavier+	U	Clavier.exe	Clavier+ allows you to "create keyboard shortcuts using almost any keys, including the Windows key"	No
clcbt.exe	X	clcbt.exe	Added by the AGENT.CBA TROJAN!	No
CLCLSet	U	CLCL.exe	CLCL clipboard caching utility	No
clcl3	X	clcl3.exe	Added by the AGENT.ES TROJAN!	No
clcl7	X	clcl7.exe	Added by a variant of the Covert Sys Exec TROJAN!	No
f01489ae591474641e456c050c1db1d7	X	Clean.exe	Detected by Dr.Web as Trojan.DownLoader7.29749 and by Malwarebytes Anti-Malware as Trojan.MSIL	No
SystemCleaner	X	Clean2.exe	Added by the AUTORUN-AZE WORM!	No
CleanEasyImg	?	cleanall.exe	??	No
Cleanator	X	Cleanator.exe	Cleanator rogue privacy program - not recommended, removal instructions here	No
CleanCatchMain	X	CleanCatch.exe	CleanCatch rogue security software - not recommended, removal instructions here	No
cleancert	X	cleancert.exe	Cleancert rogue security software - not recommended, removal instructions here	No
PAL Evidence Eliminator	N	Cleaner.exe	PAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis	No
Windows Sleep	X	Cleaner.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.BCM. The file is located in %AppData%	No
MCleanerCom	X	CleanerComLaunch.exe	CleanerCom rogue security software - not recommended, removal instructions here	No
cleanhlc	X	cleanhlc.exe	Detected by Dr.Web as Trojan.DownLoader2.57773 and by Malwarebytes Anti-Malware as Backdoor.Bot	No
cleanhtm	X	cleanhtm.exe	Added by the MDROP-DPE TROJAN!	No
cleanmanagerS	X	cleanmanagerU.exe	CleanManager rogue security software - not recommended. One of the OneScan family of rogue scanner programs	No
Clean Mgr	X	cleanmg.exe	Added by the IRCBOT.BBO BACKDOOR!	No
winlogon	X	cleanmg.exe	Detected by Sophos as Troj/Agent-ICR	No
Adobe Updater	X	cleanmod.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. This file is located in %AppData%	No
CleanRegPath	?	CleanReg.exe	Apparently Annex A ADSL modem related. What does it do and is it required?	No
cleansweep.exe	X	cleansweep.exe	Added by the AGENT-NEU TROJAN!	No
CleanTemp	U	CleanTemp.exe	CleanTemp - automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing power	No
CleanTemp 1.5	U	CleanTemp.exe	Version 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing power	Yes
UCS Clean Temp	U	CleanTemp.exe	Version 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing power	Yes
CleanTemp	U	CLEANT~1.EXE	CleanTemp - automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing power	No
CleanTemp 1.5	U	CLEANT~1.EXE	Version 1.5 of CleanTemp - which automatically deletes the contents of the %Temp% folder that is used to store temporary files at Windows startup and uses no memory or processing power	Yes
adi CleanUp	Y	CleanUp.exe	Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key	Yes
CleanUp	Y	CleanUp.exe	Utility that only runs once after installing the drivers for Analog Devices SoundMax integrated soundcards to clean-up the files no longer required once the installation is complete. Other programs/drivers may use the same filename for the same purpose. In this case, the file is located in %System% and is listed under the HKLM\RunOnce registry key	Yes
CleanupProgram	?	cleanup.exe	Sony Vaio related - what does it do and is it required? Located in a C:\Sonysys folder	No
CleanVMain	X	CleanV.exe	CleanV rogue security software - not recommended, removal instructions here	No
clean_service	X	clean_service.cmd	Added by the REFAZ WORM!	No
Clear meter bar	U	Clear meter bar .exe	Clear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits	Yes
DesktopX Widget	U	Clear meter bar .exe	Clear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry	Yes
ArcadeMovieService	N	clear.fiMovieService.exe	Part of Acer Arcade Deluxe - a default program included with all Acer computers for media management. Movie service by Cyberlink	No
Clear2PC	X	Clear2PCLaunch.exe	ClearPC rogue security software - not recommended, removal instructions here	No
Internet Disk Cleaner	U	CLEARH~1.EXE	"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"	No
Clear meter bar	U	CLEARM~1.EXE	Clear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Clear meter bar .exe" is shown as "CLEARM~1.EXE"	Yes
DesktopX Widget	U	CLEARM~1.EXE	Clear Meter Bar widget for the DesktopX desktop utility from Stardock Corporation. Displays free drive space, free memory, CPU usage and system running time on the desktop with a clear background. Once started, Clear meter bar .exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 entry where "Clear meter bar .exe" is shown as "CLEARM~1.EXE"	Yes
ClearProtect	X	ClearProtect.exe	ClearProtect rogue security software - not recommended, removal instructions here	No
ClearVaccineMain	X	ClearVaccine.exe	Detected by Malwarebytes Anti-Malware as Rogue.ClearVaccine - not recommended. The file is located in %ProgramFiles%\ClearVaccine	No
H2O	Y	cledx.exe	Related to copyright protection products by SyncroSoft	No
clfmon	X	clfmon.exe	Added by the TACTSLAY.E TROJAN!	No
clfmon.exe	X	clfmon.exe	Added by the AGENT-BJ TROJAN!	No
nvsvca32	X	clfmon.exe	Added by the TACTSLAY.E TROJAN!	No
SYSTEMYT	X	clfnom.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %ProgramFiles%\Outlook Express	No
CLHomeMediaServer	N	CLHomeMediaServer.exe	System Tray access to the CyberLink Live remote media access service	Yes
CyberLink Live	N	CLHomeMediaServer.exe	System Tray access to the CyberLink Live remote media access service	Yes
Microsoft Server Applacations	X	cli.exe	Added by the RBOT-GAQ WORM!	No
ATICCC	N	cli.exe runtime	ATI's Catalyst™ CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start → Programs → ATI Catalyst Control Center → Advanced → Restart Runtime as it can cause problems when starting Windows	No
ATI CATALYST System Tray	N	CLI.exe SystemTray	System Tray access to ATI's Catalyst™ Control Center. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop	No
Vonage	U	click2call.exe	Vonage Voice over IP Internet phone service	No
ClickMe	N	ClickMe.exe	ClickM "JOKE" program	No
Clickoff	U	Clickoff.exe	Clickoff automatically dismisses annoying dialog boxes	No
Best Buy pc app	N	ClickOnceSetup.exe	"Best Buy pc app brings you the latest in digital software, games and services. Once it's installed, all you need to do is explore and select the applications you want from our large selection of continuously updated digital content"	No
clickpang.exe	X	clickpang.exe	Detected by Dr.Web as Trojan.DownLoad3.16060 and by Malwarebytes Anti-Malware as Adware.Korad	No
ClickPotatoLiteSA	X	ClickPotatoLiteSA.exe	ClickPotato adware	No
Click Radio Tuner	N	clickr~1.exe	ClickRadio - subscription service playing radio music via the internet	No
Click Tray Calendar	N	ClickT~1.EXE	ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc	No
Express ClickYes	U	ClickYes.exe	"Express ClickYes is a tiny program that runs in the system tray and automatically clicks the Yes button for the Outlook security prompt, that asks you to confirm mail sending from third party applications or access to Outlook's address book"	No
CLICONFG	X	CLICONFG.EXE	Added by the OPASERV.T WORM!	No
Cli Confg	X	cliconfig.exe	Added by a variant of the SPYBOT WORM! See here	No
DigiGuide	N	CLIENT.EXE	TV guide and reminder	No
NetWeaveClient	X	Client.exe	Detected by McAfee as Generic.tfr!x and by Malwarebytes Anti-Malware as Trojan.Agent	No
pagmstart	?	client.exe	??	No
Windows Client	X	client.exe	Added by the BACKDR-AM BACKDOOR!	No
DigiGuide	N	client01.exe	TV guide and reminder	No
BufferZone	Y	CLIENTGUI.EXE	BufferZone from Trustware - "is the only security software that creates a separate environment allowing you unlimited freedom to enjoy all Internet activities without the fear of external threats"	No
eSnips	U	ClientGW.exe	eSnips Client Gateway from eSnips	No
WIN32DS	X	clienttimer.exe	Eziin adware	No
WIN32io	X	clienttimer.exe	Eziin adware	No
clipboard.exe	X	clipboard.exe	Added by an unidentified WORM or TROJAN!	No
ClipSrv	X	CLIPBRD3D.EXE	Added by the MOFEI-D WORM!	No
clipdiary	U	clipdiary.exe	Clipdiary from Softvoile - "Free Clipboard Manager for keeping the clipboard history"	No
ClipMate7	N	ClipMate.exe	Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard	No
Clip Service Manager	X	clipmg.exe	Added by the DELF.DXJ TROJAN!	No
ClipMate5x	N	ClipMt5x.exe	Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start → Programs	No
Clipmate6	N	CLIPMT60.EXE	Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start → Programs	No
Clipomatic	N	Clipomatic.exe	Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data	No
ClipSrv	X	clipserv.exe	Added by the SDBOT-AAV and SDBOT-AFE WORMS!	No
ClipSrv	X	clipservr.exe	Added by the SDBOT-AFE WORM!	No
Clipbook Service	N	Clipsrv.exe	Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks	No
clipsrv	X	clipsrv.exe	Detected by Kaspersky as Trojan.Win32.Buzus.hgva. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in %Windir%	No
Clipsrv	N	Clipsrv.exe	Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks	No
ClipSrv	X	clipsrv.exe /waitservice	Detected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate clipsrv.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers	No
Clip Servicer	X	clipsrvc.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
Clip Srv	X	clipsv.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
Clipsvc	X	clipsv.exe	Detected by Trend Micro as BLACKHOLE.F BACKDOOR!	No
LocalSystem	X	clipsvr16.exe	Added by the FEMO BACKDOOR!	No
LocalSystem	X	clipsvr32.exe	Added by the FEMO BACKDOOR!	No
ClipTrak	N	ClipTrak.exe	ClipTrak - clipboard extender	No
ClipTrakker	N	ClipTrakker.exe	Cliptrakker - clipboard extender	No
CLI Services	X	clisrv.exe	Added by a variant of the IRCBOT BACKDOOR! See here	No
ATICCC	N	CLIStart.exe	Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs	No
Catalyst® Control Center Launcher	N	CLIStart.exe	Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs	No
CLIStart	N	CLIStart.exe	Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs	No
StartCCC	N	CLIStart.exe	Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs	No
SMS Client Service	U	clisvc95.exe	When the SMS Client service starts on a domain controller, the Client service modifies the SMSCliToknAcct & user account group membership, user rights, and account comment. The Client service then waits for the synchronization of the comment to verify that the account and user rights are properly set for this account. This account is used to obtain a token to start the SMS Client processes, such as the Software Inventory and Software Distribution agents (MS Systems Management Server)	No
cllmono	X	cllmono.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.TIB. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
CLMemoSysTray	N	CLMemoSysTray.exe	System Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"	Yes
CLMemoSysTray Application	N	CLMemoSysTray.exe	System Tray access to YouMemo from CyberLink - which "is an extremely intuitive way to write notes and reminders in a fun and easy environment" and is "designed specifically as a multi-touch application supporting the latest touch hardware"	Yes
CLMLServer	U	CLMLSvc.exe	CyberLink MediaLibrary Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resources	Yes
CLMLServer for HP TouchSmart	U	CLMLSvc.exe	CyberLink MediaLibrary Service - included with the version of CyberLink's PowerCinema installed on the HP Touchsmart range of desktops and notebooks and used to manage the media libraries, providing advanced file search, browsing and tracking. Some report it uses excessive system and memory resources	No
CLMLSvc	U	CLMLSvc.exe	CyberLink MediaLibrary Service - installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resources	Yes
CyberLink MediaLibrary Service	U	CLMLSvc.exe	Installed with Power2Go and PowerCinema from CyberLink and used to manage the media libraries, providing advanced file search, browsing and tracking. Also included with versions of PowerCinema bundled (and re-branded) with systems from Acer, Dell, ASUS and others. Some report it uses excessive system and memory resources	Yes
CLMFrontPanel	U	clmpanel.exe	System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost	No
Content List Management Subsystem	X	clmss.exe	Added by the SPYBOT-EL WORM!	No
QuickInstallPack	X	CLN_2009FreeInstall.exe	Installed and used by rogue security products such as Cleaner2009, AntiMalwareSuite, SecureExpertCleaner and System Guard Center	No
SetDefaultPrinter	Y	cloaker.exe	Used by HP and Compaq computers to hide the windows of programs passed as arguments to it	No
Clock Widget (HTC Home)	N	Clock.exe	Clock Widget from HTC Home - which is "a free set of widgets for Windows like on HTC Smartphones." The default installation includes the QuickShare ad-supported browser enhancement which can in turn install the Delta toolbar	Yes
Windows Insecure	X	Clock.exe	Added by the SDBOT.GAV WORM!	No
AccessoriesPlus	U	clockplus.exe	Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock	No
SkinClock	U	ClockTraySkins.exe	Clock Tray Skins by Drive Software - "is the advanced replacement for standard Windows tray clock. See the time, seconds, day, date, percent of memory in use and system UpTime in different skins. Displays the time for any of the time zones"	No
ClockWise	U	CLOCKWISE.EXE	ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync	No
wise	X	clockwise.exe	Added by the LAZAR-A TROJAN!	No
ClocX	U	ClocX.exe	ClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms, etc	No
CloneCD	N	CloneCDTray.exe	System Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDs	Yes
CloneCD Tray	N	CloneCDTray.exe	System Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDs	No
CloneCDTray	N	CloneCDTray.exe	System Tray access to the CloneCD back-up utility from SlySoft, Inc - which is "the perfect tool to make backup copies of your music and data CDs, regardless of standard conformity. CloneCD's award-winning user interface allows you to copy almost any CD in just a few mouse clicks." Other than launching CloneCD, the only other useful option is "Hide CDR Media" which in some isolated cases will treat CD-R media as original CDs	Yes
[random name]	X	Cloud AV 2012v121.exe	Cloud AV 2012 rogue security software - not recommended, removal instructions here	No
cloudpop.exe	X	cloudpop.exe	Detected by Dr.Web as Trojan.DownLoad3.5224 and by Malwarebytes Anti-Malware as Adware.K.CloudPop. The file is located in %ProgramFiles%\cloudpop	No
cloudpop_.exe	X	cloudpop_.exe	Detected by Malwarebytes Anti-Malware as Adware.K.CloudPop. The file is located in %ProgramFiles%\cloudpop	No
cloud_.exe	X	cloud_.exe	Detected by Dr.Web as Trojan.DownLoad3.5224 and by Malwarebytes Anti-Malware as Adware.K.CloudPop. The file is located in %ProgramFiles%\cloudpop	No
clover	X	clover.exe	Detected by Kaspersky as AdWare.Win32.KSG.rr and by Malwarebytes Anti-Malware as Adware.CloverPlus. The file is located in %ProgramFiles%\CloverPlus	No
clover_u	X	clover_updater.exe	Detected by Dr.Web as Trojan.DownLoader6.2016 and by Malwarebytes Anti-Malware as Adware.CloverPlus. The file is located in %ProgramFiles%\intothemap CP	No
clover_u	X	clover_updater.exe	Detected by Dr.Web as Trojan.DownLoader7.20450 and by Malwarebytes Anti-Malware as Adware.CloverPlus. The file is located in %ProgramFiles%\brainclan CP	No
clover_u	X	clover_updater.exe	Detected by Dr.Web as Trojan.DownLoader7.4655 and by Malwarebytes Anti-Malware as Adware.CloverPlus. The file is located in %ProgramFiles%\KoreaMessenger CP	No
clover_u	X	clover_updater.exe	Detected by Kaspersky as AdWare.Win32.Agent.svv and by Malwarebytes Anti-Malware as Adware.CloverPlus. The file is located in %ProgramFiles%\CloverPlus	No
Clownfish	N	Clownfish.exe	Clownfish by Shark Labs - "is an online translator for all your outgoing messages in Skype. Now you could write in your native language and the recipient will receive the message translated to their language. There are different translation services you could choose from"	No
WINCLP	X	clp.exe	Detected by McAfee as RDN/PWS-Lineage!c and by Malwarebytes Anti-Malware as Spyware.OnlineGames	No
COMODO	U	CLPSLA.exe	Part of Comodo Group's Cloud Scanner online malware service and their GeekBuddy remote support tool - which is available as a separate product and is installed (but not licensed) with their free and retail security products such as Internet Security, Antivirus and Firewall	No
Comodo Launch Pad Tray	U	CLPTray.exe	System Tray access to LaunchPad - as bundled with older versions of Comodo's free offerings such as Comodo Antivirus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see here	No
CLPushUpdate	?	CLPushUpdate.exe	Part of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updates	Yes
CyberLink Live	?	CLPushUpdate.exe	Part of the CyberLink Live remote media access service. It's exact purpose isn't know at present but it may be related to automatic updates	Yes
CyberLat Ram Cleaner	U	CLRamCleaner.exe	CyberLat RAM Cleaner - memory optimizer. No longer supported or available from the authors	No
MSVersion	X	ClrSchP038.exe	Added by the POPMON.A TROJAN - also known as PopMonster adware	No
Windows System32	X	clsas32.exe	Added by the RBOT-AZO WORM!	No
Windows System32 Driver	X	clsass32.exe	Added by the SDBOT-AGG WORM!	No
clsav	X	clsav.exe	Added by the AUTORUN-BTQ WORM!	No
APVXDWIN	Y	ClShield.exe	"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"	No
winsrv	X	clsnsv.exe	Detected by Malwarebytes Anti-Malware as Trojan.Korad. The file is located in %ProgramFiles%	No
cls_pack.exe	X	cls_pack.exe	Added by the Malware Defense rogue security software. Also detected as the FAKEAV-AQB TROJAN!	No
ClauerUpdate	U	ClUpdate.exe	Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys	No
ClUpdate	U	ClUpdate.exe	Automatic updates for the software supporting the Clau-ACCV and Clauer-idCAT digital certificate USB keys	No
CleverKeys	U	ClvrKeys.exe	Older version of CleverKeys - which "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more - from almost all Windows programs, including word processors, Web browsers and most e-mail programs"	No
Start RF Wireless Mouse	Y	cm20.exe	Yuanxun Electronics RF wireless mouse driver	No
cma	U	cma.exe	DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"	No
Desksite CMA	U	cma.exe	DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"	No
CyberMedia Agent	N	CMAGENT.EXE	Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled	No
MachineTest	X	CMagesta.exe	Added by the SDBOT-NE WORM!	No
cnfgCav	Y	CMain.exe	Part of an older version of Comodo Antivirus	No
Connection Manager	N	CManager.exe	SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service	No
CMAPP	X	cmappclient.exe	CasClient adware - also detected as the CMAPP TROJAN!	No
8abe4a316ecd3fb8d5ff2f6f776d9ce3	X	cmd.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%	No
a	X	cmd.exe	Detected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Desktop	No
b	X	cmd.exe	Detected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Start Menu\Programs	No
c	X	cmd.exe	Detected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %MyDocuments%	No
cmd	X	cmd.exe	Detected by Dr.Web as Trojan.Siggen4.27324. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup. This one is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
d	X	cmd.exe	Detected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Favorites	No
e	X	cmd.exe	Detected by Dr.Web as Trojan.DownLoader6.3470. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Start Menu	No
hpcmd	X	cmd.exe	Detected by Sophos as Troj/AdClick-DS. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\spool	No
name_me	X	cmd.exe	Detected by Malwarebytes Anti-Malware as Trojan.Downloader. Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %MyDocuments%	No
Win32 Console	X	cmd.exe	Added by the ABI.C WORM! Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
WMSDOS-ServicePack2	X	cmd.exe /c C:\WMSDOS.sys	Detected by Bitdefender as the DELF.OFC TROJAN! See here. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted	No
Sistema Operacional	X	cmd.exe [path] aaa.bat	Detected by Symantec as Trojan.Banker.I. Note - do not delete the legitimate cmd.exe process which is always located in %System%. The "aaa.bat" file is located in %Temp%	No
AMD AVT	?	Cmd.exe [path] kdbsync.exe	Related to AMD's Accelerated Video Transcoding (AVT) architecture which helps speed up video conversations. "AVT is a combination of hardware and low level software to convert H.264 and MPEG-2 video sources, up to 1080p resolution, to H.264 MPEG-2 file format to fit the target device supported resolutions and bitrates, up to 1080p resolution" - read more in this PDF	No
Dynamic Dns Binary	X	CMD16.EXE	Added by the RBOT-XM WORM!	No
Ass and titties	X	CMD32.EXE	Added by a variant of W32/Sdbot.worm	No
Cmd	X	cmd32.exe	Added by the TANKED WORM!	No
Configuration Loader	X	cmd32.exe	Added by the SDBOT BACKDOOR!	No
ControlPanel	X	cmd32.exe internat.dll,LoadKeyboardProfile	Added by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in %System%	No
cmd64	X	cmd64.exe	CoolWebSearch Msconfd parasite variant	No
HKCU	X	cmdagent.exe	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\Sys32	No
HKLM	X	cmdagent.exe	Detected by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen. The file is located in %System%\Sys32	No
Policies	X	cmdagent.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. The file is located in %System%\Sys32	No
cmdbcs	X	cmdbcs.exe	Added by the LINEAG-GKW TROJAN!	No
Cmdcon	X	cmdcon.exe	Added by the CRYPTER.A TROJAN!	No
TrueMobile 1150 Client Manager	Y	cmdel.exe	Client Manager for the Dell TrueMobile 1150 Series PC Card - "a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna"	No
CMDHost	X	CMDHost#.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.Gen - where # represents a number and the file is located in %AppData%	No
cmdl32	X	cmdl32.exe	Detected by Kaspersky as Trojan.Win32.Buzus.hgva	No
cmdl32.exe	X	cmdl32.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserTemp%	No
relinson	X	cmdno.exe	Added by the DROPPER-PS TROJAN!	No
Cinnabd Prompt32	X	CmdPrompt32.pif	Added by the ASSIRAL-B WORM!	No
Command Prompt32	X	CmdPrompt32.pif	Added by the ASSIRAL.B WORM!	No
MyLife	X	CmdServ.exe	Detected by Trend Micro as WORM_HOLAR.A	No
CmdShell.exe	X	CmdShell.exe	Added by the BCKDR-QHY BACKDOOR!	No
MsgSvcMgr32	X	cmdzxdll.exe	Added by the RBOT-AEK WORM!	No
CME	X	cme.exe	GAIN adware by Claria Corporation	No
Check Messenger	U	cmesseng.exe	Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness	No
CmeSYS	X	CMEsys.exe	GAIN adware by Claria Corporation	No
CmeUPD	X	CMEupd.exe	GAIN adware by Claria Corporation	No
COMODO Memory Firewall	Y	cmf.exe	"Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack." Now discontinued	No
CMFibula	X	CMFibula.exe	CASClient adware	No
CmFlywaveName	N	CmFlywav.exe	Driver for the Cisco Linksys WMB54G Wireless-G Music Bridge	No
CMGrdian	U	CMGrdian.exe	McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others	No
Guardian	U	CMGrdian.exe	McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others	No
McAfee Guardian	U	CMGrdian.exe	McAfee Guardian shortcut menu on the System Tray (looks like a castle) given access to Internet Security, Browser Buddy, File Guardian and help. Included with older versions of McAfee Internet Security and possibly others	No
CMGShieldUI	U	CMGShieldUI.exe	UI for CMG (CREDANT Mobile Guardian) Shield from Credant Technologies. "The CMG Shield resides on devices and external media to enforce security policies even if the device is disconnected from the network." Used to protect sensitive corporate on laptops, handhelds, smartphones, USB drives and CD-DVDs	No
Microsft Security Monitor Process	X	cmh.exe	Added by the EGGDROP.V WORM!	No
ORiNOCO	U	Cmluc.exe	Client Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI card	No
CMMan	X	CMMan.exe	Added by the CMAPP TROJAN!	No
sysupdate	X	cmman32.exe	Added by the VB.AMX TROJAN!	No
Microsoft Connection Manager Monitor	X	cmmon.pif	Detected by Sophos as W32/Rbot-AKV	No
cmmon32.exe	X	cmmon32.exe	Detected by Dr.Web as Trojan.Inject1.13506 and by Malwarebytes Anti-Malware as Trojan.Inject	No
Cmmon32Sys	X	cmmon32.exe	Added by the SMALL.CL TROJAN!	No
msys	X	cmmon32.exe	Detected by Kaspersky as AdWare.Win32.BHO.dzd. The file is located in %Windir%	No
asr_otok	X	cmmoosk.exe	Detected by Malwarebytes Anti-Malware as Trojan.Backdoor.SK. The file is located in %System%	No
run=	N	cmmpu.exe	MIDI emulator driver for the integrated sound chip by C-Media based on the CMI-8330 chip set normally found in cheap motherboards. Also installed as part of the software for a Guillemot Maxi Muse sound card (PCI)	No
Windows Disk Manager	X	cmnvc.exe	Added by the SLENFBOT.JR WORM!	No
[various names]	X	cmon14.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
DC300 Monitor	U	cmonitor.exe	Monitor for a Acer DC300 digital camera	No
Task Alert	X	cmosvc.exe	Added by a variant of the IRCBOT BACKDOOR!	No
[12 random characters]	X	cmpbk321.exe	IeDriver adware variant	No
CMPDPSRV	U	CMPDPSRV.EXE	Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers	No
cmrsf	X	cmrsf.exe	Added by the DELF-HU TROJAN!	No
cmrss	X	cmrss.exe	Detected by Trend Micro as TROJ_DELF.DU and by Malwarebytes Anti-Malware as Trojan.Banker	No
cmrst	X	cmrst.exe	Added by the BANCOS.S TROJAN!	No
cmrst	X	cmrst.scr	Added by the DLOADER-FP TROJAN!	No
Microsoft System32 Update	X	cmsrg.exe	Added by the RBOT-GN WORM!	No
Ethernet Driver	X	cmsrrs.exe	Added by a variant of Win32/Rbot	No
cmss	X	cmss.exe	Detected by Kaspersky as Trojan.Win32.Agent2.eko. The file is located in %Temp%	No
IntellRaidConfigurer	X	cmss.exe	Detected by Dr.Web as Trojan.AVKill.15254 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %ProgramFiles%\JavaUpdater	No
IntellRaidConfigurer	X	cmss.exe	Detected by Dr.Web as Trojan.AVKill.22183 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %ProgramFiles%\GoogleUpdater	No
IntellRaidConfigurer	X	cmss.exe	Detected by Dr.Web as Trojan.DownLoader7.21665 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %ProgramFiles%\WinApps	No
Microsoft Update	X	cmss.exe	Detected by Sophos as W32/Rbot-ATQ	No
MicrosofUpdate	X	cmss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %ProgramFiles%\ConfigSys	No
Windows CMS Protocol	X	cmss.exe	Detected by Sophos as W32/Rbot-BFT	No
Microsofts Updatez	X	cmsssr.exe	Added by unidentified malware. The file is located in %System%	No
CmSTP	X	cmstp.exe /waitservice	Detected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate cmstp.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers	No
CMSystem	X	CMSystem.exe	CASClient adware	No
Cmt101	X	cmt101.exe	Added by the GEMA TROJAN!	No
CmUCRRun	?	CmUCReye.exe	Related to Medion Display Information. What does it do and is it required?	No
Clickmonster	X	CMupdate.exe	Detected by McAfee as Generic.tfr and by Malwarebytes Anti-Malware as Adware.Korad	No
cmutil	X	cmutil.exe	Added by the AGENT-DFN TROJAN!	No
CMWorkstation	U	cmwkse.exe	Cyber Monitor 2004 by Enter - "professional billing, monitoring and management system for Internet cafes, libraries, schools, hotels and other institutions that provide computers for public use"	No
Cmx32	X	cmx32.exe	Added by the GEMA TROJAN!	No
Windows System File	X	cmxp.exe	Added by the SPYBOT.KHO WORM!	No
CNAP2 Launcher	U	CNAP2LAK.EXE	Canon printer status monitor - for monitoring printer status, checking ink levels, etc	No
CNBABE	X	CNBABE.EXE	Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing	No
Microsoft Driver Setup	X	cndrive32.exe	Added by a variant of the SPYBOT WORM! See here	No
nClient	X	cnen.exe	Added by the DELBOT-AL WORM!	No
UpdateComponent	X	CNF UPD.EXE	Added by the SPYBOT.GEN VIRUS!	No
shambl3r	X	cnf.bat	Added by the REMABL WORM!	No
Configuration Manager	X	Cnfgldr.exe	Added by the SDBOT BACKDOOR!	No
Cnfrm32	X	cnfrm.exe	Added by the MIMAIL.D WORM!	No
Cn323	X	cnfrm33.exe	Detected by Symantec as W32.Mimail.G@mm and by Malwarebytes Anti-Malware as Worm.Agent	No
[various names]	X	cnftips.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
IJNetworkScanUtility	U	CNMNSUT.EXE	Network utility available for some Canon scanners and multifunction devices. Allows the device to see computers on a network and those computers running the utility to control scanning via the Control Panel on the scanner - which saves you having to run back and forth between the scanner and your computer	No
BJ Status Monitor Canon i250	U	cnmss Canon i250 (Local).exe	Canon i250 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i320	U	cnmss Canon i320 (Local).exe	Canon i320 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i455	U	cnmss Canon i455 (Local).exe	Canon i455 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i470D	U	cnmss Canon i470D (Local).exe	Canon i470D printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i550	U	cnmss Canon i550 (Local).exe	Canon i550 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i560	U	cnmss Canon i560 (Local).exe	Canon i560 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i850	U	cnmss Canon i850 (Local).exe	Canon i850 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i860	U	cnmss Canon i860 (Local).exe	Canon i860 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i865	U	cnmss Canon i865 (Local).exe	Canon i865 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i950	U	cnmss Canon i950 (Local).exe	Canon i950 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon i9900	U	cnmss Canon i9900 (Local).exe	Canon i9900 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon MP110 Series Printer	U	cnmss Canon MP110 Series Printer (Local).exe	Canon MP110 Series printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon MP130 Series Printer	U	cnmss Canon MP130 Series Printer (Local).exe	Canon MP130 Series printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon MP360 Series Printer	U	cnmss Canon MP360 Series Printer (Local).exe	Canon MP360 Series printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon MP390 Series Printer	U	cnmss Canon MP390 Series Printer (Local).exe	Canon MP390 Series printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon MP700 Printer	U	cnmss Canon MP700 Printer (Local).exe	Canon MP700 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon MP730 Printer	U	cnmss Canon MP730 Printer (Local).exe	Canon MP730 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon PIXMA iP1000	U	cnmss Canon PIXMA iP1000 (Local).exe	Canon PIXMA iP1000 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon PIXMA iP1500	U	cnmss Canon PIXMA iP1500 (Local).exe	Canon PIXMA iP1500 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon PIXMA iP2000	U	cnmss Canon PIXMA iP2000 (Local).exe	Canon PIXMA iP2000 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon PIXMA iP3000	U	cnmss Canon PIXMA iP3000 (Local).exe	Canon PIXMA iP3000 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon PIXMA iP4000	U	cnmss Canon PIXMA iP4000 (Local).exe	Canon PIXMA iP4000 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon PIXMA iP6000D	U	cnmss Canon PIXMA iP6000D (Local).exe	Canon PIXMA iP6000D printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon PIXMA iP8500	U	cnmss Canon PIXMA iP8500 (Local).exe	Canon PIXMA iP8500 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon BJC-2000	U	cnmss1u.exe	Canon BJC-2000 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon BJC-2100	U	cnmss2f.exe	Canon BJC-2100 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor S400	U	cnmss2p.exe	Canon S400 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor S600	U	cnmss2v.exe	Canon S600 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon S300	U	cnmss38.exe	Canon S300 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor S100	U	cnmss3a.exe	Canon S100 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon S100SP	U	cnmss3c.exe	Canon S100SP printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon S9000	U	cnmss3i.exe	Canon S9000 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon S520	U	cnmss3m.exe	Canon S520 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon S750	U	cnmss3q.exe	Canon S750 printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon S200SP	U	cnmss3y.exe	Canon S200SP printer status monitor - for monitoring printer status, checking ink levels, etc	No
BJ Status Monitor Canon S330	U	cnmss45.exe	Canon S330 printer status monitor - for monitoring printer status, checking ink levels, etc	No
Microsoft Synchronization Manager	X	cnnet.exe	Detected by Microsoft as Backdoor:Win32/Sdbot.NL and by Malwarebytes Anti-Malware as Backdoor.Bot	No
Mspatch89	X	cnqmax.exe	Added by the RANDEX.P WORM!	No
CanonSolutionMenuEx	U	CNSEMAIN.EXE	"Canon Solution Menu EX immediately starts the manuals or application software that allows you to print album or calendar easily, or scan photos and documents. It is a convenient control centre for your printer, scanner or All-In-One"	No
Microsoft Intrenet Explorer	X	cnsg.pif	Added by the RBOT-ARO WORM!	No
CanonSolutionMenu	U	CNSLMAIN.exe	Canon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files	No
b5700x drive	X	cnssr.exe	Added by the MAHA-T TROJAN!	No
System Failure Statistic	X	cnstat.exe	Added by the RBOT-LF WORM!	No
Protection Center	X	cntprot.exe	Protection Center rogue security software - not recommended, removal instructions here	No
CnwiDeviceAgent	Y	cnwida.exe	Part of the Canon imagePROGRAF W8400 printer management software	No
GARO Status Monitor	U	cnwism.exe	Print monitor for certain Canon printers	No
CnxAdslL	Y	CnxAdslL.exe	DLink, Zoom, or Conexant modem driver	No
CnxDslTaskBar	N	CnxDslTb.exe	Conexant DSL Taskbar as used on their AccessRunner ADSL modem and others such as the Samsung AHT-E310, ZTE ZXDSL852 and TeleWell EA100B	No
WooCnxMon	N	CnxMon.exe	Wanadoo ISP (now rebranded as Orange) software related - not required - here's how to bypass it	No
ledpointer	U	CNYHKey.exe	Chicony Electronics Multimedia Keyboard Hotkey Driver	No
Windows Service Agent	X	co0l.exe	Added by the RBOT-GQY WORM!	No
Remote Data Backups	U	COBackup.exe	Remote Data Backups online system/data backup utility	No
CobBU	U	CobBU.exe	Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup	U	CobBU.exe	Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup 6	U	CobBU.exe	Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup 7	U	CobBU.exe	Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup 7 Application	U	CobBU.exe	Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian	U	Cobian.exe	Cobian Backup versions 8 thru 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	No
Cobian Backup 10	U	Cobian.exe	Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup 8	U	Cobian.exe	Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup 9	U	Cobian.exe	Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup Amanita	U	Cobian.exe	Cobian Backup 9 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup Black Moon	U	Cobian.exe	Cobian Backup 8 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (NT/2K/XP/Vista). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup Boletus	U	Cobian.exe	Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program as a startup application rather than the default service on an NT based OS (XP/Vista/7). If you don't have regularly scheduled backups then choose the startup option and run it manually when required	Yes
Cobian Backup 7 Interface	U	cobui.exe	System Tray access to Cobian Backup 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
Cobian Backup Interface 6	U	cobui.exe	System Tray access to Cobian Backup 6 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
cobui	U	cobui.exe	System Tray access to Cobian Backup versions 6 and 7 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location. This entry appears if you choose to install the program using the default settings as service on an NT based OS (NT/2K/XP). If you don't have regularly scheduled backups then choose the startup installation option and run it manually when required	Yes
Diskstart	X	Code.exe	Startportal - Switch dialer and hijacker variant, see here. Also detected as the DELF-JE TROJAN!	No
codecdirectx.exe	X	codecdirectx.exe	Added by the BANLOA-AZY TROJAN!	No
System Service	X	coderxt.exe	Added by the RBOT-ALD WORM!	No
CodeScanMain	X	CodeScan.exe	CodeScan rogue security software - not recommended, removal instructions here	No
CodeSecurityMain	X	CodeSecurity.exe	CodeSecurity rogue security software - not recommended, removal instructions here	No
Divx	X	codll.exe	Added by the GRAVEBOT-A TROJAN!	No
Compd Service Drivrs	X	codq.exe	Added by a variant of W32/Sdbot.worm	No
COEMsgDisplay	?	COEMsgDisplay.exe	Part of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?	No
xcrx	X	Coffin Of Evil.exe	Detected by Malwarebytes Anti-Malware as Worm.Autorun. The file is located in %System%\sohaib	No
xcrx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%\dtgjdtjgdt	No
xcrx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan.Win32.Pincav.qyd. The file is located in %Windir%	No
xcrx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%	No
xcrx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan.Win32.Refroso.augc. The file is located in %System%\windowsdirectory	No
xcrx	X	Coffin Of Evil.exe	Detected by McAfee as Generic Dropper!mm. The file is located in %ProgramFiles%	No
xcrx	X	Coffin Of Evil.exe	Detected by McAfee as BackDoor-EDP. The file is located in %System%\fd	No
xcrx	X	Coffin Of Evil.exe	Detected by Trend Micro as BKDR_SPYNET.SMA. The file is located in %System%\Microsoft	No
xdocx	X	Coffin Of Evil.exe	Detected by Malwarebytes Anti-Malware as Worm.Autorun. The file is located in %System%\sohaib	No
xdocx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%\dtgjdtjgdt	No
xdocx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan.Win32.Pincav.qyd. The file is located in %Windir%	No
xdocx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan-Dropper.Win32.Agent.airs. The file is located in %System%	No
xdocx	X	Coffin Of Evil.exe	Detected by Kaspersky as Trojan.Win32.Refroso.augc. The file is located in %System%\windowsdirectory	No
xdocx	X	Coffin Of Evil.exe	Detected by McAfee as Generic Dropper!mm. The file is located in %ProgramFiles%	No
xdocx	X	Coffin Of Evil.exe	Detected by McAfee as BackDoor-EDP. The file is located in %System%\fd	No
xdocx	X	Coffin Of Evil.exe	Detected by Trend Micro as BKDR_SPYNET.SMA. The file is located in %System%\Microsoft	No
xcrxcc	X	Coffin Of Evile.exe	Detected by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %System%\winupdad	No
xdocxcc	X	Coffin Of Evile.exe	Detected by Malwarebytes Anti-Malware as Trojan.VBAgent. The file is located in %System%\winupdad	No
cogad	X	cogad.exe	Added by the DLOADR-CEP TROJAN!	No
AntivirusltcUpddates	X	coin.exe	Detected by McAfee as Downloader.a!d2i and by Malwarebytes Anti-Malware as PUP.BitCoinMiner.AI	No
safe360	X	coiome.exe	Detected by Dr.Web as Trojan.StartPage.46605 and by Malwarebytes Anti-Malware as Trojan.StartPage. The file is located in %CommonFiles%\sgcscvy	No
safe360	X	coiome.exe	Detected by Dr.Web as Trojan.StartPage.52312 and by Malwarebytes Anti-Malware as Trojan.StartPage. The file is located in %CommonFiles%\sfbsbvy	No
safe360	X	coiome.exe	Detected by Kaspersky as Trojan-Dropper.Win32.StartPage.eba and by Malwarebytes Anti-Malware as Trojan.StartPage	No
safe360	X	coiome.exe	Detected by Sophos as Mal/FtpBot-A and by Malwarebytes Anti-Malware as Trojan.StartPage. The file is located in %CommonFiles%\sfbsbvx	No
Userinit	X	cologsver.exe	Detected by Trend Micro as TROJ_DROPPER.DJO and by Malwarebytes Anti-Malware as Trojan.Agent	No
siscolor	U	color.exe	Probably on-board graphics related based upon the SiS chipsets. Has been seen on ASUS motherboards with SiS chipsets and known to cause conflicts if you choose another graphics card and disable the on-board	No
coloreal	U	coloreal.exe	Makes colours sharper and brighter, but will only work with coloreal capable monitors	No
WCOLOREAL	U	coloreal.exe	Makes colours sharper and brighter, but will only work with coloreal capable monitors	No
ColtsScreenServer	U	ColtsScreenServer.exe	Screensaver for the Indianapolis Colts NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supported	No
ColtsScreenServerSvc	U	ColtsScreenServer.exe	Screensaver for the Indianapolis Colts NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supported	No
Wind0ws Ser7ice Agent	X	colwindos.exe	Added by the RBOT-GQO WORM!	No
CLSID	X	com.exe	NowOnline - Switch dialer and hijacker variant, see here	No
Microsoft Security Monitor Process	X	com.exe	Added by a variant of the IRCBOT BACKDOOR!	No
ComAgent	U	ComAgent.exe	ComAgent - MDaemon's instant messaging client	No
comando	X	comando.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.DF. The file is located in %LocalAppData%	No
combo.exe	X	combo.exe	Added by the CHIMO-C TROJAN!	No
MaxtorCombo	Y	ComboButton.exe	Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)	No
combop.exe	X	combop.exe	Added by the BOWFEED-A TROJAN!	No
comcfg	X	comcfg.exe	Added by the TOADCOM.A BACKDOOR!	No
comctl32	X	comctl32.exe	Adware - detected by Kaspersky as the AGENT.AM TROJAN!	No
VB_run	X	comctl_32.exe	Dubious downloader from densmail.com	No
NB Common Dialog Enhancements	N	COMDLGEX.EXE	Part of McAfee Nuts & Bolts. With Common Dialog Enhancements, you can add MRU list box to open dialogs	No
CC2KUI	X	comet.exe	Comet Cursor adware	No
SSWPlauncher	X	comet.exe	Comet Cursor adware	No
mssysint	X	comime.exe	Added by the NETSNAKE-I TROJAN!	No
cimone	X	comine.exe	Detected by Trend Micro as TROJ_VB.FPW	No
Windows	X	comine.exe	Detected by Dr.Web as Trojan.StartPage.45589 and by Malwarebytes Anti-Malware as Spyware.Password	No
COM-IP	N	COMIP.EXE	COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)	No
p2snetis	X	comippwa.exe	Added by the SPAMTOO-AL TROJAN!	No
Timer	X	comm.exe	Added by the BDOOR-IP BACKDOOR!	No
Pgzuwhzfn	X	comma.exe	Added by the AGENT-QTH TROJAN!	No
COMMAND	X	command.exe	Added by the QQPASS.E TROJAN!	No
WinProfile	X	Command.exe	Added by the BUDDY.E TROJAN!	No
Messenger6	X	command.pif	Added by the INZAE.B WORM!	No
candy	X	command32.exe	Detected by Sophos as W32/Rbot-LV	No
command32	X	command32.exe	Added by the LINEADI-A TROJAN!	No
Win Command	X	command32.exe	Detected by Trend Micro as WORM_AGOBOT.XQ	No
IomegaWare	N	COMMANDER.EXE	Used by Iomega drives. Details of its purpose can be found here. Available via Start → Programs	No
System Firewalls	X	commandprompt32.exe	Detected by Trend Micro as WORM_RBOT.BJT	No
Browser Launcher	U	Commandr.exe	Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys	No
zBrowser Launcher	U	Commandr.exe	For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't have them	No
CommCtr	N	commctr.exe	"Net2Phone CommCenter® is software that allows you to make phone calls and send faxes to anywhere in the world"	No
Windows Common Files Manager	X	Commgr.exe	Detected by Kaspersky as Worm.Win32.AutoRun.hfp and by Malwarebytes Anti-Malware as Worm.AutoRun	No
Comm Driver	U	commh32.exe	G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!	No
Windows Hijack Protection System	X	commngr.exe	Added by a variant of Troj/Agent-FYD. The file is located in %System%\Com	No
printer spooler	X	commonaccess.exe	Detected by Sophos as Troj/Delf-LB	No
Communications_Helper	Y	Communications_Helper.exe	Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture mode	Yes
Communications_Helper.exe	Y	Communications_Helper.exe	Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture mode	Yes
Logitech	Y	Communications_Helper.exe	Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture mode	Yes
LogitechCommunicationsManager	Y	Communications_Helper.exe	Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also, if it's disabled the camera will not work - at least not in the QuickCapture mode	Yes
Communicator	Y	Communicator.exe	Microsoft Office Communicator - an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video. Now replaced by Microsoft Lync	No
Windows Hijack Protection	X	comngr.exe	Detected by Sophos as Troj/Agent-FYD	No
Comodo	X	Comodo.exe	Detected by McAfee as BackDoor-FAJ and by Malwarebytes Anti-Malware as Backdoor.Agent.CM. Note - this is not a valid entry for Comodo security products	No
Panda	X	Comodo.exe	Detected by McAfee as BackDoor-FAJ and by Malwarebytes Anti-Malware as Backdoor.Agent.CM. Note - this is not a valid entry for either Panda Security or Comodo security products	No
Team Viewer	X	Comodo.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not a valid entry for either the TeamViewer remote support tool or Comodo security products. The file is located in %UserTemp%	No
Auto	X	Comp.exe	Detected by Malwarebytes Anti-Malware as Trojan.Inject. The file is located in %AppData%\Google	No
AOL Companion	U	companion.exe	The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"	Yes
Companion Module	U	companion.exe	The AOL Companion is a small window that appears when you connect to the service using verison 8.0 and early builds of version 9.0. "Use the Companion to quickly get to your favourite features, including your Buddy List, Favourite Places, Address Book, and more!"	Yes
Compaq Connections	N	Compaq Connections.exe	See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"	No
Compaq Message Server	N	COMPAQ-RBA.EXE	Works with the CPQBootPerfDB (CPQBootPerfDB.exe) entry and attempts to connect with Compaq online. Sends information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provides feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start → Programs → Compaq Advisor → Advisor Settings under the "advanced" tab. Not required and can cause problems. Runs as a service on an NT based OS (such as Windows 7/Vista/XP)	No
Compaq Service Drivers	X	compaq.exe	Added by the SDBOT-AFU WORM!	No
IPOT Service Drivers	X	compaq.exe	Added by a variant of the FUROOTKIT TROJAN!	No
Compaq Connections	N	COMPAQ~1.EXE	See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"	No
Nvt32	X	complaint_7251.exe	Added by the ARTIEF.B TROJAN!	No
Compaq Service Drivers	X	compq.exe	Added by a variant of W32/Sdbot.worm	No
Compaq Service Drivers 32	X	compq32.exe	Added by a variant of W32/Sdbot.worm	No
Compaq Service Drivers	X	compqs.exe	Added by a variant of W32/Sdbot.worm	No
Compaqs Service Drivers	X	compqs.exe	Added by a variant of W32/Sdbot.worm	No
ComproRemote	U	ComproRemote.exe	VideoMate TV tuner and capture card - remote control driver	No
ComproSchedulerDTV	U	ComproSchedulerDTV.exe	VideoMate TV tuner and capture card - scheduler	No
Comprovante.exe	X	Comprovante.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %AppData%	No
Service Drivers	X	Compt.exe	Added by the RBOT-ZJ WORM!	No
Geography TX 1.0 NT	X	CompuSpeed.vbs	Added by the NEWLEY-A WORM!	No
CompuSpy	U	CompuSpy.exe	CompuSpy surveillance software. Uninstall this software unless you put it there yourself	No
bd29411177661e07f018c457c7359458	X	computer.exe	Detected by Dr.Web as Trojan.DownLoader8.37156 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ	No
CompanionWizard	X	compwiz.exe	Part of WinAntiVirusPro 2007 rogue security software (and possibly others) - not recommended, see here	No
Microsft Corporation Version 2001.12.4414	X	comrel.exe	Added by a variant of the SDBOT BACKDOOR!	No
ComRepl	X	comrepl.exe /waitservice	Detected by Microsoft as TrojanDownloader:Win32/Horst.Q. Note - this is not the legitimate comrepl.exe which is always located in %System%. This one is located in either %Windir%, %Windir%\System, %Temp%, %AppData%, %AppData%\Microsoft or %System%\drivers	No
Microsft Corporation Version 2002.12.2414	X	comserv.exe	Added by the BUZUS.CL TROJAN!	No
COMSMDEXE	N	comsmd.exe	3Com tray icon	No
COMServer	X	comsrvr.exe	Added by the AGENT.CWSH TROJAN!	No
Meeting Connection	X	comsutil.exe	Added by the PPDOOR-E TROJAN!	No
SMSERIALWORKSTARTER	X	comsysobj.exe	Added by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended, see here	No
comxt	X	comxt.exe	Added by the COMXT TROJAN!	No
mlibsysmc	X	comzcinc.exe	Added by the SDBOT-CXS WORM!	No
ConnectionCenter	U	concentr.exe	Citrix Connection Center	No
Concurre	?	concurre.exe	??	No
Zekio Startups	X	condll.exe	Added by the AGOBOT-AGD WORM!	No
Microsoft Firewall Settings Loader	X	conf32.exe	Added by the SDBOT-KM BACKDOOR!	No
confbckp	X	confbckp.exe	Detected by Dr.Web as Trojan.DownLoader7.22060	No
Configuration Loader	X	confgldr.exe	Added by the GAOBOT.GEN!POLY WORM!	No
pop3 Server	U	config.cfg	Part of HTML2POP3 - "Convert Webmail to POP3.Is also included a SMTP/POP3 tunneling system that allow send and receive email in a private network HTTP PROXY based. All connection are plugin based. Over 250 email server supported and tested"	No
AolCon	X	config.com	Added by the TAPLAK WORM!	No
Config	X	CONFIG.EXE	Detected by Trend Micro as TROJ_PSWGIP.B	No
ConfigServices	N	Config.exe	Part of initial setup on a Compaq PC	No
Configuration Utility	N	CONFIG.EXE	Configuration and management utility for the Cisco Linksys wireless products	No
Microsoft Config File	X	config.exe	Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!	No
Welcome	X	CONFIG.EXE	Detected by Trend Micro as TROJ_PSWGIP.B	No
Windows Config System	X	config.exe	Added by a variant of W32/Sdbot.worm	No
Windows Service Layer	X	config.exe	Added by the RBOT.DDJ WORM!	No
Config33.exe	X	Config33.exe	Added by the SDBOT.T BACKDOOR!	No
SERVICESS	X	configdll.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData%\tmpsys	No
Configuration Loader	X	configldr.exe	Added by the AGOBOT-PP TROJAN!	No
Configuration Loading	X	configldr.exe	Added by the AGOBOT-EC WORM!	No
cmd32	X	configs.exe	Hijacker, also detected as the QURL-2 TROJAN!	No
Update32	X	configs.exe	Hijacker, also detected as the QURL-2 TROJAN!	No
configsetup	X	configsetup32.exe	Added by the AGOBOT-AFP WORM!	No
SYSTEMOSRUN	X	configsys.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.RNS. The file is located in %Root%	No
Palm MultiUser Config	?	Configtool.exe	MultiUser configuration for a Palm PDA device? Is it required?	No
Skype Update	X	configupdate.xe	Detected by Dr.Web as Trojan.Siggen.65244 and by Malwarebytes Anti-Malware as Malware.Packer.nps. Note - this is not a legitimate entry for the popular Skype VOIP software	No
configuration	X	configuration.exe	Detected by Kaspersky as Trojan-Clicker.Win32.AutoIt.m and by Malwarebytes Anti-Malware as Trojan.AutoIt. The file is located in %Windir%\configuration	No
Windows Services Layer	X	configure.exe	Added by the RBOT-GAK WORM!	No
ConfigUtility	U	ConfigUtility.exe	Wireless management utility for the HWC54G Hi-Speed Wireless-G CardBus Card from Hawking Technologies, Inc	No
Explorer	X	config_.com	Added by the FLOPPY-D WORM!	No
Explorer5	X	config_.com	Added by the VB.CBG WORM!	No
cartao	X	conflicted.exe	Added by the DADOBRA-DV TROJAN!	No
Gearbox	N	confsvr.exe	NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here	No
Configuration Loader 2	X	confuldr.exe	Added by the AGOBOT-FC WORM!	No
conhost	X	conhost.exe	Detected by McAfee as BackDoor-EXI.gen.e. Note - this is not the legitimate Microsoft Windows 7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Microsoft	No
svchost	X	conhost.exe	Added by variants of the BACKDOOR-EXI.GEN.E TROJAN! See examples here and here. Note - this is not the legitimate Microsoft Windows 7 process with the same filename which is used to host the cmd.exe console window and is located in %System%. This one is located in %AppData%\Microsoft	No
Adobe update manager	X	conhostf.exe	Detected by Dr.Web as Trojan.DownLoader7.27277 and by Malwarebytes Anti-Malware as Trojan.Agent	No
Input Manager	X	conima.exe	Added by the VB-FIS TROJAN!	No
conime	U	conime.exe	Microsoft Console IME process which is located in %System% and is used when a Asian language is used in Windows. Not required if you don't use Asian languages. Note - if you also have the files "bfghost.exe" and "editmm.exe" present on your system this file can be used by the BFGhost 1.0 Remote Administration Tool trojan	No
conime.exe	X	conime.exe	Added by the AVENDOG WORM! Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in Windows	No
ExplorerRun	X	conime.exe	Detected by Trend Micro as TROJ_PROXY.ABL. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in Windows. This one is located in %UserTemp%	No
IME	X	conime.exe	Added by the DLDR-G TROJAN! Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in Windows. This one is located in %Windir%	No
LOCALHOST	X	conime.exe	Detected by McAfee as RDN/Generic.bfr and by Malwarebytes Anti-Malware as Backdoor.Agent.CNM. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in Windows. This one is located in %Windir%	No
taskday	X	conime.exe	Detected by Sophos as Troj/Comame-E and by Malwarebytes Anti-Malware as Trojan.Agent.CN. Note - this is not the legitimate Microsoft Console IME process of the same filename which is located in %System% and is used when a Asian language is used in Windows. This one is located in %Windir%\tasks	No
Connection Keeper	U	ConKeepM.exe	"Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"	No
Conmgr	N	conmgr.exe	Starts Winfax pro at startup	No
ConMgr.exe	U	conmgr.exe	Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut	No
ChromeUpdate	X	conmsjt.exe	Detected by Dr.Web as Trojan.DownLoader6.32750	No
Sistema de Comm	X	conmsyrtl.exe	Added by the AGENT-LMV TROJAN!	No
Service ares	X	conmysys.exe	Added by the VBINJ-V WORM!	No
Belkin Home Base Control Center	U	Connect.exe	Control Center for the Belkin Home Base network USB hub - which lets you configure and access USB devices (such as hard drives, printers and cameras) connected to it over a wired or wireless network. As well a providing System Tray access, this entry will automatically connect any attached devices that have been configured this way	Yes
Belkin Network USB Hub Control Center	U	Connect.exe	Control Center for the Belkin Network USB Hub - which lets you configure and access USB devices (such as hard drives, printers and cameras) connected to it over a wired or wireless network. As well a providing System Tray access, this entry will automatically connect any attached devices that have been configured this way	Yes
Cisco WebEx Connect	U	connect.exe	Cisco WebEx web conferencing - "combines desktop sharing through a web browser with phone conferencing and video, so everyone sees the same thing while you talk"	No
Sametime Connect	U	Connect.exe	IBM Sametime - instant messaging and Web conferencing software. Formerly by Lotus	No
SX Virtual Link	U	Connect.exe	SX Virtual Link from Silex Technology America, Inc. Utility to connect USB devices	No
Connect2Party	X	connect2party.exe	Adult content dialler	No
connectaper	X	connectaper.exe	Detected by McAfee as Generic.dx and by Malwarebytes Anti-Malware as Trojan.Clicker.Gen	No
CONNECTAUTrayApp	N	CONNECTAUTrayApp.exe	System Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP	Yes
Sony Auto Update Tray Application	N	CONNECTAUTrayApp.exe	System Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP	Yes
Connectify	U	Connectify.exe	"Connectify Hotspot is an easy to use software router for Windows computers that utilizes your PC's built in Wi-Fi card to wirelessly share any available Internet connection with friends, co-workers, and mobile devices"	No
System Services	X	connection.exe	Added by an unidentified WORM or TROJAN!	No
SBC Yahoo! Connection Manager	N	ConnectionManager.exe	Used to create and connect your SBC Yahoo DSL connection. This program has been reported to cause problems for some users. If you find that it causes you pc to become slow or unstable you should uninstall it (using Add/Remove programs) and manually connect your DSL connection	No
CONNECTAuto Update	N	CONNECTScheduler.exe	Automatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP	Yes
CONNECTScheduler	N	CONNECTScheduler.exe	Automatic update scheduler for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP	Yes
CONNECTAUTrayApp	N	CONNECTAUTrayApp.exe	System Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP	Yes
conmswf	X	conrnbne.exe	Added by the SDBOT-DEX WORM!	No
conscorr	X	conscorr.exe	Detected by Trend Micro as TROJ_DELF.DW	No
Cons	X	consol32.exe	Hijacker - redirects to an adult content portal, where foistware like ISTBar gets stealth installed	No
Common	X	console.exe	Added by the GITWEN.A TROJAN!	No
systrasx	X	CONSOLES.EXE	Added by the SDBOT-NW WORM!	No
Consumer Input	U	ConsumerInput.exe	Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ	No
Consumer Input Rewarded with MyPoints, Consumer Input	U	ConsumerInputRewardedwithMyPoints, ConsumerInput.exe	Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ	No
Consumer Input Rewarded with MyPoints, Consumer Input Update	U	ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe	Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ	No
Contacte	?	contacte.exe	Some kind of driver?	No
ContentTransferWMDetector.exe	U	ContentTransferWMDetector.exe	Part of Sony's Content Transfer Software which "provides an easy way to transfer music, video, photos, and podcasts to the Walkman® player	No
Contraviro	X	Contraviro.exe	Contraviro rogue security software - not recommended, removal instructions here	No
ContraVirus	X	ContraVirus.exe	ContraVirus rogue security software - not recommended, removal instructions here	No
ContraVirus	X	ContraVirusPro.exe	ContraVirus rogue security software - not recommended, removal instructions here	No
SandboxieControl	U	Control.exe	SandBoxie - allows data to be read from the hard drive by an application but never written back unless you allow it	No
Windows Control	X	Control.exe	Added by the GREK.A TROJAN! If there is another file with the same file name in the Windows folder, this malware overwrites it with the dropped file	No
j6GgCXwtFM	X	control.exe [path] j6ggcxwtfm.cpl	Added by the SEFNIT.K TROJAN! The "j6ggcxwtfm.cpl" file is located in %ProgramFile%\anouicgfwkkv1v	No
[various names]	X	control64.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
ControlCenter	X	ControlCenter.exe	Detected by Dr.Web as Trojan.AVKill.29329 and by Malwarebytes Anti-Malware as Trojan.MSIL	No
WSEP Status+Configuration	U	controldGUI.exe	User interface for the WatchGuard Security Event Processor (WSEP) Status/Configuration dialog box associated with the Firebox series of security products from Watchguard	No
controlkids	Y	controlkids.exe	Control Kids parental control system	No
Windows Update Controller	X	controller.exe	Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %System%	No
conuqdewuvyk	X	conuqdewuvyk.exe	Detected by McAfee as Downloader.a!dcl and by Malwarebytes Anti-Malware as Trojan.Agent.US	No
windowspis	X	convertor.exe	Added by the GENOME.AKNH TROJAN!	No
converx6	X	converx6.exe	Detected by Malwarebytes Anti-Malware as Trojan.Korad. The file is located in %AppData%\converx6	No
CookieWall	U	cookie.exe	CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return	No
Cookie Cop 2	U	CookieCop.exe	Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return	No
CookieJar	U	Cookiejar.exe	Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported	No
Cookienator	U	cookienator.exe	Cookienator is a tool that will help you remain anonymous from search engines such as Google and other notorious web-usage trackers such as Doubleclick or Omniture	No
CookiePatrol	Y	CookiePatrol.exe	Memory-resident spyware cookie detector - part of the original anti-malware program by PestPatrol, Inc. Acquired by CA where it became eTrust PestPatrol Anti-Spyware and then CA Anti-Spyware - which is now included in CA AntiVirus Plus	Yes
cookw	X	cookw.exe	Part of the ErrClean rogue system error and cleaning utility - not recommended. See here	No
Microsoft System Checkup	X	Cool.exe	Added by the DONK.B WORM!	No
NT Logging Service	X	cool.exe	Added by the SDBOT-OO BACKDOOR!	No
HELLBOT3	X	coolbot.exe	Added by the MYTOB.AB WORM!	No
Norton	X	coolbrogameya.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%	No
CoolStartUp	X	CoolGramS.exe	Detected by McAfee as Generic.bfr!ep	No
CoolMon	U	CoolMon.exe	CoolMon by The CoolMon Project - "will display system information in a small configurable window. Most of the application`s data is retrieved from the Windows performance counters." No longer supported	No
HP CoolSense	U	CoolSense.exe	Supports the HP CoolSense Technology feature in some HP notebook PCs "that combines hardware, software, and mechanical design to dynamically manage the temperature of a notebook, and help keep you comfortable while using it"	No
CopernicPerUserTaskMgr	U	CopernicPerUserTaskMgr.exe	Automatic tasking feature of Copernic Pro multi-search engine tool	No
hpilezele	X	coposu.exe	Added by the SDBOT.ASU WORM!	No
Compaq Service Drivrs	X	copq.exe	Added by a variant of Win32/Rbot	No
CS Update	X	copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll	Detected by Microsoft as Trojan:Win32/Adclicker.AJ	No
Copy handler	U	Copy Handler.exe	Copy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes	No
WinShowUpdate	X	copy [path] winshow.new [path] winshow.dll	Winshow parasiate related - from the "RunOnce" keys it replaces "winshow.dll" with a new version	No
LiveUpdate	N	Copyer.exe	Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for example	No
copyex	X	copyex.exe	Added by the DWNLDR-IUD TROJAN!	No
Resume Copy	U	copyfstq.exe	Part of Total Copy - an improved version of the Windows copy function. Allows for resumption file copies or moves in progress when computer was shut down. Not required if your not using the program or don't care about that function	No
Compaqs Service Driver	X	copypad32.exe	Added by the SDBOT.CSO WORM!	No
CP	?	CopyProtectionNotifier.exe	Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition	No
Core Calendar	U	Core Calendar.exe	Core Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits	Yes
DesktopX Widget	U	Core Calendar.exe	Core Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry	Yes
Core Clock	U	Core Clock.exe	Core Clock widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Clock.exe loads a file called "DXWidget.exe" and exits	No
Core Temp	U	Core Temp.exe	"Core Temp is a compact, no fuss, small footprint program to monitor CPU temperature	No
Core Weather	U	Core Weather.exe	Core Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits	Yes
DesktopX Widget	U	Core Weather.exe	Core Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the Windows Defender entry	Yes
EA Core	N	Core.exe	Electronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content"	No
Core Calendar	U	CORECA~1.EXE	Core Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Core Calendar.exe" is shown as "CORECA~1.EXE"	Yes
DesktopX Widget	U	CORECA~1.EXE	Core Calendar widget for the DesktopX desktop utility from Stardock Corporation. Once started, Core Calendar.exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 MSConfig entry where "Core Calendar.exe" is shown as "CORECA~1.EXE"	Yes
CoreCenter	U	CoreCenter.exe	MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking	No
CoreCenter	U	CORECE~1.EXE	MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking	No
Coreguard Antivirus 2009	X	Coreguard 2009.exe	Coreguard Antivirus 2009 rogue security software - not recommended, removal instructions here	No
CorelDraw Toolbox	X	CorelDraw.exe	Added by the SDBOT-VZ WORM!	No
CorePad	X	CorePad.exe	Detected by Dr.Web as Trojan.AVKill.29407 and by Malwarebytes Anti-Malware as Backdoor.Agent	No
CoreScanMain	X	CoreScan.exe	CoreScan rogue security software - not recommended, removal instructions here	No
CoreSecureMain	X	CoreSecure.exe	CoreSecure rogue security software - not recommended, removal instructions here	No
CoreSrv	X	coresrv.exe	Some IRC trojans/worms use this - see here for more information	No
CORESYS	?	coresys.exe	??	No
Core Weather	U	COREWE~1.EXE	Core Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the XP MSConfig entry where "Core Weather.exe" is shown as "COREWE~1.EXE"	Yes
DesktopX Widget	U	COREWE~1.EXE	Core Weather widget for the DesktopX desktop utility from Stardock Corporation. Displays the current weather and forecast for up to 5 days from The Weather Channel for the selected location on the desktop. Once started, Core Weather.exe loads a file called "DXWidget.exe" and exits. This is the Vista/7 MSConfig entry where "Core Weather.exe" is shown as "COREWE~1.EXE"	Yes
Core - To-Do List	U	Core_ToDoList.exe	Core - To-Do List widget for the DesktopX desktop utility from Stardock Corporation. Adds a "to do" task list on the desktop. Once started, Core_ToDoList.exe loads a file called "DXWidget.exe" and exits	No
PC-Config32	X	corona.exe	Added by the CORONEX.A WORM!	No
[various names]	X	corrida.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
COS	U	COSCLIENT.exe	System Tray access to the Comodo Online Storage backup utility from Comodo Group, Inc - which provides "secure and reliable online storage for home and business users"	No
cosine	X	cosine.exe	Detected by Sophos as W32/Rbot-SW	No
1DECHryGWx	X	Couplex.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %AppData%	No
couponica	X	couponica.exe	Adware - see here	No
CowboysScreenServer	U	CowboysScreenServer.exe	Screensaver for the Dallas Cowboys NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supported	No
CowboysScreenServerSvc	U	CowboysScreenServer.exe	Screensaver for the Dallas Cowboys NFL football team - part of Sports Illustrated's MySI desktop download (by MercurySports Network) for streaming information on NFL football teams. No longer supported	No
Sistema de Comm	X	coxdsyrtl.exe	Added by the AGENT-NDQ TROJAN!	No
(Default)	X	CoyFilel.exe	Detected by Malwarebytes Anti-Malware as Trojan.GamesThief. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank and the file is located in %System%	No
Quicktlme	X	cp.exe	QuickPage - Switch dialer and hijacker variant, see here. Also detected as the SWITCH-A TROJAN!	No
CP32NOT	U	CP32BTN.EXE	For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons	No
CP888M1	N	CP888M1.EXE	Related to EZbutton quick launcher for the Media player app that comes with certain laptops	No
CPA9P2PSERVER	?	CPA9P2PS.exe	Found on a Compaq Presario but what is it?	No
Verizon Control Pad	N	cpad.exe	Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience	No
Topic cPanr	X	cPaner.com	Added by the SDBOT.AJP WORM!	No
CPATR10	U	CPATR10.EXE	Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast	No
Cookie Pal	U	CPBRWTCH.EXE	Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return	No
CPBrWtch	U	CPBrWtch.exe	Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return	No
CPCmscl0ck	X	CPCmsclock.ExE	Added by the IRCFLOOD.BF TROJAN!	No
CPD_EXE	Y	CPD.EXE	Firewall bundled with McAfee VirusScan 6.*	No
McAfee Firewall	Y	CPD.EXE	Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE	No
Comodo Firewall	U	CPF.exe	System Tray access to and notifications for an older version of Comodo Firewall by Comodo Group, Inc	No
Comodo Personal Firewall	Y	CPF.exe	System Tray access to and notifications for an older version of Comodo Firewall by Comodo Group, Inc	No
CyberPatrolNew	U	cphq.exe	"CyberPatrol gives you maximum parental control over your kids' online activities. You have the power to filter content, such as adult sites and inappropriate applications, and set limits on when your kids can go online"	No
LManager	U	CPLBCL53.EXE	System Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations	No
CplBTQ00	N	CplBTQ00.EXE	Related to EZbutton quick launcher for the Media player app that comes with certain laptops	No
CPLDBL10	N	CPLDBL10.EXE	Related to EZbutton quick launcher for the Media player app that comes with certain laptops	No
CPLDFL10	U	CPLDFL10.EXE	Part of the EzButton feature on some Toshiba (and maybe others) laptops which support additional buttons	No
CPM2	Y	CPM.exe	Entry added after installing Comodo Programs Manager by Comodo Group, Inc - which "helps users to comprehensively remove programs, drivers, services and Windows components. It monitors and records every change that a program makes to your computer so that it can completely undo those changes when it's time to uninstall." Once the system reboots it's replaced by the "COMODO Programs Manager Service (CPMService)" service	No
CPMonitor	N	CPMonitor.exe	Background process installed with versions of multimedia suites from Roxio and their CinePlayer BD/DVD player which monitors your optical drive and starts CinePlayer when a BD/DVD movie is inserted. Autoplay is normally enabled by default in Windows anyway (which you can set to use CinePlayer) or you can run CinePlayer manually	No
CPortPatch	?	cppatch.exe	CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?	No
A1000 Settings Utility	U	cpqa1000.exe	Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features	No
Compaq Print Fax	X	cpqa1000.exe	Added by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm	No
CPQAcDc	Y	CPQAcDc.exe	Compaq PowerCon power management software for laptops	No
Compaq Alerter	U	CPQAlert.exe	Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information	No
CPQAlert	U	CPQAlert.exe	Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information	No
CPQBootPerfDB	N	CPQBootPerfDB.EXE	Works with the Compaq Message Server (COMPAQ-RBA.EXE) entry and attempts to connect with Compaq online. Sends information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provides feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start → Programs → Compaq Advisor → Advisor Settings under the "advanced" tab. Not required and can cause problems	No
CPQCalib	Y	CPQCalib.exe	Compaq PowerCon power management software for laptops	No
CPQDFWAG	N	CpqDfwAg.exe	For Compaq PC's. Runs Compaq diagnostics on every boot	No
System DLF	N	cpqdiaga.exe	Compaq Diagnostic record system utility which allow you to view information about your computer's hardware and software configuration. Available via Start → Programs	No
Compaq DMI	N	cpqdmi.exe	Compaq version of the Desktop Management Interface	No
CPQEASYACC	U	cpqeadm.exe	For Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys	No
CPQEASYACC	U	Cpqeaui.exe	For Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys	No
Cpqeaui	U	cpqeaui.exe	For Compaq PC's. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys	No
CompaqHW Comp Manager	?	cpqhcm.exe	Running on a Compaq laptop - any ideas?	No
CPQInet Runtime Service	U	CpqInet.exe	For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers	No
CPQINKAGENT	N	cpqinkag.exe	That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)	No
Compaq PK Daemon	U	cpqkl.exe	For Compaq laptops for programming user configurable keys. Not required unless you use them	No
cpqns	U	cpqnpcss.exe	Related to Compaq.Net - not required if you don't use that	No
CompaqSystray	N	cpqpscp.exe	Compaq System Tray icon	No
Cpqset	N	Cpqset.exe	Default settings software in Hewlett Packard notebook	No
CPQTEAM	U	cpqteam.exe	This program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration Tool	No
cpr	X	cpr	Adroar.com adware downloader	No
CpRmtKey	?	CpRmtKey.EXE	Component of the Toshiba Controls. The name suggests it might be related to a remote feature? What does it do and is it required?	No
cprocsvc	X	cproc.exe	Added by MSIL.AGENT.C TROJAN!	No
control panel software service	X	cprs.exe	Added by the RBOT-FPI WORM!	No
Norton Live Update Server	X	cpsdv.exe	Detected by Trend Micro as WORM_AGOBOT.EW	No
System Drivers	X	cpsq32.exe	Added by the SDBOT.AXH WORM!	No
Microsoft CPU Over Heat Manager	X	CPU.exe	Added by the SLENFBOT.ID WORM!	No
CPUCooL	U	Cpucool.exe	CPUCooL - a program to keep the processor cool when idle in "overclocked" systems. Also available via Start → Settings → Control Panel	No
MSConfig	X	cpuhmzsa.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.Gen. The file is located in %UserProfile%	No
CPU Idle	X	cpuidlexp.exe	Added by the AGOBOT-BW WORM!	No
Cpu Level Up help	?	CpuLevelUpHelp.exe	Overclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?	Yes
CpuLevelUpHelp	?	CpuLevelUpHelp.exe	Overclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?	Yes
CpuLevelUpHelp.exe	?	CpuLevelUpHelp.exe	Overclocking utility - part of the AI Suite system management utility included with some performance ASUS motherboards. "The CPU Level Up application allows you to overclock immediately with OC Profile presets in Windows environment wihtout the hassle of entering the BIOS". Can user's with a supported motherboard (see here) confirm whether this is required for correct operation?	Yes
CPU Manager	X	cpumgr.exe	Added by the PANDEM.B WORM!	No
CPUMon	N	CPUMon.exe	"CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area"	No
IntelProcNumUtility	U	cpunumber.exe	Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here	No
CPU Power Monitor	U	CpuPowerMonitor.exe	Part of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the system	Yes
CpuPowerMonitor	U	CpuPowerMonitor.exe	Part of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the system	Yes
CpuPowerMonitor.exe	U	CpuPowerMonitor.exe	Part of the AI Suite system management utility included with some ASUS motherboards. This entry is part of AI Gear 3 - "a utility designed to configure and support all ASUS EPU (Energy Processing Unit) features. This easy-to-use utility provides four system performance profiles that adjusts the processor frequency and vCore voltage for different computing needs." Monitors power levels and provides a System Tray icon to indicate current power saving mode which also displays a balloon giving a brief report about the current power used from the system	Yes
Cpusave	X	Cpusave.exe	Added by the GEMA TROJAN!	No
Cpusave32	X	Cpusave32.exe	Added by the GEMA TROJAN!	No
GT15J4R49V	X	cpuserv.exe	Identified as a variant of the Trojan.Win32.Radi.gu malware	No
CPU Windows Status	X	cpustats.exe	Added by a variant of Win32/Rbot	No
CPVHOST Settings	X	cpvhost.exe	Added by a variant of the SDBOT BACKDOOR!	No
Microsoft CPXP Protocol	X	cpxp.exe	Detected by Trend Micro as WORM_RBOT.ATP	No
My Computer	X	cqcags.exe	Added by the SDBOT-TJ WORM!	No
CQlhkNZ	X	CQlhkNZ.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %System%	No
CQSCP2PS	?	CQSCP2PS.EXE	"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Is it actually required?	No
CQSCP2PSERVER	?	CQSCP2PS.EXE	"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Is it actually required?	No
Cr*.exe [ = random char]	X	Cr*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log	No
Cr*32.exe [ = random char]	X	Cr*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log	No
cracked_windows1	U	cracked_windows1.exe	Cracked Windows popup killer	No
Cracker Crypt	X	Cracker Crypt.exe	Detected by Malwarebytes Anti-Malware as Trojan.Backdoor. Note - the file is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
CrashPlan Tray	U	CrashPlanTray.exe	System Tray access to and notifications for the CrashPlan online backup software from Code 42 Software	No
mv2	X	crasos.exe	Added by the DROPPS-A TROJAN!	No
Policies	X	Crate Bug.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.PGen. The file is located in %Root%\dir\install\install	No
CRBroadCasting	U	CRBroadCasting.exe	CardReader2 from On Track Inovations Ltd. USB Card Reader	No
Crc32stats Dependencies	X	Crc32stats.exe	Added by the MYTOB.GT WORM!	No
Auto updat	X	crcss.exe	Added by the SDBOT.AAG WORM!	No
Client Server Control Process	X	crcss.exe	Added by the AGENT-HR TROJAN!	No
Configuration Loader	X	crcss.exe	Detected by Trend Micro as WORM_AGOBOT.ADG	No
CRCSS	X	crcss.exe	Added by the IRCBOT-TH WORM!	No
PCprot	X	crcss.exe	Added by an unidentified WORM!	No
Windows Media Updater	X	crease.exe	Added by the RBOT-ATI WORM!	No
Create A Monster	X	createAMonster.exe	Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related	No
CreateCD	N	Createcd.exe	Adaptec Easy CD Creator system tray application (pre version 5). Available via Start → Programs	No
CreateCD50	N	Createcd50.exe	Adaptec Easy CD Creator version 5 system tray application. Available via Start → Programs	No
setFTPBack	X	createsw.exe	Added by the FTP_BMAIL TROJAN!	No
Creative	X	Creative.exe	Detected by Symantec as W32.Prolin.Worm. Note - the file is located in %UserStartup% and its presence here ensures it runs when Windows starts	No
Creative Audio Drivers	X	creative.exe	Detected by Sophos as W32/Rbot-FKR	No
Credentials	X	Credentials.exe	Detected by Dr.Web as Trojan.KillProc.20373 and by Malwarebytes Anti-Malware as Trojan.Agent.CH	No
CreditCop2	X	CreditCop2Up.exe	CreditCop rogue security software - not recommended, removal instructions here	No
CreditCop	X	CreditCopUp.exe	CreditCop rogue security software - not recommended, removal instructions here	No
87b2cb3916261d5c807bf44262755cb0	X	crhome.exe	Detected by Dr.Web as Trojan.DownLoader8.24208 and by Malwarebytes Anti-Malware as Backdoor.Agent	No
System Updater Machine	X	crhwss.exe	Added by the CIADOOR-DQ TROJAN!	No
crimep	X	crimep	Detected by Malwarebytes Anti-Malware as Trojan.Agent.CM. The file is located in %AppData%	No
voucherlmfao123	X	crimep	Detected by Malwarebytes Anti-Malware as Trojan.Agent.CM. The file is located in %AppData%	No
MSUpdate	X	criticalUpdate.exe	Affilred adware	No
C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe	U	CritProc.exe	KeyProwler keystroke logger/monitoring program - remove unless you installed it yourself!	No
cmrss	X	crmss.exe	Added by the DLOADER-EK TROJAN!	No
Microsoft USB2 Driver	X	crmss.exe	Added by the RBOT-VK WORM!	No
Windows Firewall Updater	X	cronos.exe	Added by the RBOT-GBY WORM!	No
CrossMenu	U	CrossMenu.exe	Toshiba CrossMenu Utility - allows the user to create their own menus	No
CrossRiderPlugin	U	Crossrider.exe	Plugin for Crossrider - "an easy to use Javascript framework to create cross browser extensions in minutes. Save months of cross browser extensions development, and ride our framework with its unique tools and solutions"	No
CRP386 Networking	X	crp386.exe	Added by a variant of the IRCBOT BACKDOOR!	No
crrss	X	crrss.exe	Detected by Sophos as Troj/Agent-VDJ and by Malwarebytes Anti-Malware as Trojan.Downloader	No
crs	X	crs.exe	Added by the AGOBOT-TJ WORM!	No
ASP.NET State Service	X	crsass.exe	Added by the BANLOAD-M TROJAN!	No
Windows System Manager	X	CRSL.EXE	Added by the SDBOT.MG WORM!	No
crsmcap1	X	crsmcap1.exe	Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %Root%\registro	No
crsmcap3	X	crsmcap3.exe	Detected by Malwarebytes Anti-Malware as Trojan.Banker. The file is located in %AppData%	No
Print Driver Helper Service	X	crsrr.exe	Added by the AGENT-BC TROJAN!	No
[various names]	X	crsrs.exe	Added by the FORBOT-AK WORM!	No
Auto updat	X	crsrs.exe	Added by the FORBOT-BP WORM!	No
Win32 Information Service	X	crsrs.exe	Added by the RINBOT.Y WORM!	No
Controlled Resource System Service	X	crss.exe	Added by the AGOBOT.GH WORM!	No
CRSS	X	CRSS.exe	Added by the AGOBOT-RM WORM!	No
Document Explorer2	X	crss.exe	Detected by McAfee as Downloader.a!cqj and by Malwarebytes Anti-Malware as Trojan.Agent	No
Download Manager2	X	crss.exe	Detected by McAfee as Downloader.a!cqj and by Malwarebytes Anti-Malware as Trojan.Agent	No
Logon	X	crss.exe	Detected by McAfee as PWS-Zbot.gen.aru and by Malwarebytes Anti-Malware as Backdoor.Messa	No
Profile Manager2	X	crss.exe	Detected by McAfee as Downloader.a!cqj and by Malwarebytes Anti-Malware as Trojan.Agent	No
Sygate Personal Port	X	crss.exe	Added by the RBOT-PX WORM!	No
System Config Manager	X	crss.exe	Detected by Trend Micro as WORM_AGOBOT.GH	No
Win exe file managr	X	crss.exe	Added by the RBOT.CCI WORM!	No
Win32 Network Driver	X	crss.exe	Added by a variant of the AGOBOT WORM!	No
WinDefender	X	crss.exe	Detected by McAfee as RDN/Ransom!a and by Malwarebytes Anti-Malware as Trojan.Agent.Gen	No
Windows Registry Security	X	crss.exe	Added by a variant of the IRCBOT TROJAN!	No
Windows Update	X	crss.exe	Detected by Malwarebytes Anti-Malware as Backdoor.IRCBot. The file is located in %UserTemp%\Windows	No
Windows Update	X	crss.exe	Detected by Dr.Web as Trojan.Inject1.8151 and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
WindowsUpdatecrss	X	crss.exe	Added by a variant of the AGENT-HZ TROJAN!	No
2k6 updatz	X	crss3.exe	Added by the RBOT-CPD WORM!	No
Microsoft Update Machine	X	crss32.exe	Added by a variant of Win32/Rbot	No
Norton Auto Protect	X	crss32.exe	Added by the SDBOT.ATF WORM!	No
Microsoft Driver Setup	X	crssc.exe	Added by the VBCHEMAN-A MALWARE!	No
Windows System Manager	X	crssm.exe	Added by the RBOT-AFH WORM!	No
CaptionMgr32	X	crssr.exe	Added by the ZAR.A WORM!	No
MS taskbar	X	crssr.exe	Added by the RBOT-AGO WORM!	No
SP2 Firewall/Internet Updater	X	crssrs.exe	Detected by Trend Micro as WORM_RBOT.BJO	No
CRC Value Verifier	X	crsss.exe	Added by the SPYBOT.UK WORM!	No
crsss	X	crsss.exe	Detected by Trend Micro as WORM_AUTORUN.FM	No
MSControl28	X	crsss.exe	Added by the SPYBOT.AJX WORM!	No
Msn Messanger	X	crsss.exe	Added by a variant of the IRCBOT BACKDOOR!	No
start uploading	X	crsss.exe	Added by the RBOT-SZ WORM!	No
Vital Master-boot DLL	X	crsss.exe	Detected by Trend Micro as WORM_RBOT.ASE	No
Win32 Security Service	X	crsss.exe	Added by the DELBOT-O WORM!	No
Windows media service	X	crsss.exe	Added by the RBOT.ACY WORM!	No
Windows Service Update	X	crsss.exe	Added by the SDBOT.CWX WORM!	No
CRC Value Verifier	X	crsss32.exe	Added by the SPYBOT.GY WORM!	No
CRC Value Verifier	X	Crsss64.exe	Detected by Sophos as W32/Rbot-NY	No
CRSSXP SysInfo	X	crssxp.exe	Added by a variant of the SDBOT BACKDOOR!	No
System32	X	crsvvc.exe	Detected by Trend Micro as WORM_RBOT.BLY	No
Microsoft Internet Explorer	X	crsys32.exe	Added by the RBOT.UZ WORM!	No
Microsoft Control Center	X	crtl.exe	Added by the RBOT-VX WORM!	No
Microsoft CRT Monitor Manager	X	crtmon.exe	Added by the ROBOTON.A WORM!	No
Windows (ICS) Spooler	X	crtss.exe	Added by a variant of Win32/Rbot	No
USB drivers	X	crv.exe	Added by the AUTORUN-HS WORM!	No
system_memory	X	crvss.exe	Detected by Sophos as Troj~Zegost-BZ and by Malwarebytes Anti-Malware as Trojan.Agent.CRV	No
Windows media service	X	crvss.exe	Added by the SDBOT.VP WORM!	No
1zTbQvrrqvgZg	X	crypt.exe	Detected by Dr.Web as Win32.HLLW.Autoruner1.26359	No
AppData	X	Crypt.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserTemp%	No
Svchost	X	crypt.exe	Detected by Dr.Web as Win32.HLLW.Autoruner1.26359 and by Malwarebytes Anti-Malware as Backdoor.Bot	No
cryptdlg	X	cryptdlg.exe	Detected by SUPERAntiSpyware as Trojan.CryptDlg.Process. The file is located in %System%	No
crvyqPeXHorMosHDmzZZBJVxRwUmMmxrKtQzLQNYpEMNWuoSUB	X	Crypted.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL.Gen. The file is located in %LocalAppData%	No
crypted.exe	X	crypted.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.AI. The file is located in %UserTemp%	No
wacult	X	crypted.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Messa. The file is located in %AppData%	No
wacult	X	cryptedwacult.exe	Detected by McAfee as Generic.dx!b2cs and by Malwarebytes Anti-Malware as Backdoor.Messa.Gen	No
Calendarscope	U	cs.exe	Calendarscope calendar software	No
ClickSight Launcher	N	cs.exe	Launcher for the ClickSight® marketing tool from ClickStream Technologies - which "is a patented data-collection technology that helps independent software vendors understand the current and future usage of their product"	No
Csec	X	cs.exe	Cyber Security rogue security software - not recommended, removal instructions here	No
WINX	X	CS4MCLG.exe	Detected by Malwarebytes Anti-Malware as Backdoor.Agent.DC. The file is located in %AppData%	No
Adobe CS4 Service Manager	N	CS4ServiceManager.exe	Part of both stand-alone Adobe CS4 products (such as Photoshop and Dreamweaver) and suites, CS4 Service Manager supports online services such as Adobe Drive. Whilst testing, it would appear that this entry can be safely disabled as it will be loaded when required but if you experience problems try re-enabling it	Yes
AdobeCS4ServiceManager	N	CS4ServiceManager.exe	Part of both stand-alone Adobe CS4 products (such as Photoshop and Dreamweaver) and suites, CS4 Service Manager supports online services such as Adobe Drive. Whilst testing, it would appear that this entry can be safely disabled as it will be loaded when required but if you experience problems try re-enabling it	Yes
CS4ServiceManager	N	CS4ServiceManager.exe	Part of both stand-alone Adobe CS4 products (such as Photoshop and Dreamweaver) and suites, CS4 Service Manager supports online services such as Adobe Drive. Whilst testing, it would appear that this entry can be safely disabled as it will be loaded when required but if you experience problems try re-enabling it	Yes
Adobe CS5 Service Manager	N	CS5ServiceManager.exe	Part of both stand-alone Adobe CS5 products (such as Photoshop and Dreamweaver) and suites, CS5 Service Manager supports online services. Whilst testing, it would appear that this entry can be safely disabled as it will be loaded when required but if you experience problems try re-enabling it	Yes
AdobeCS5ServiceManager	N	CS5ServiceManager.exe	Part of both stand-alone Adobe CS5 products (such as Photoshop and Dreamweaver) and suites, CS5 Service Manager supports online services. Whilst testing, it would appear that this entry can be safely disabled as it will be loaded when required but if you experience problems try re-enabling it	Yes
CS5ServiceManager	N	CS5ServiceManager.exe	Part of both stand-alone Adobe CS5 products (such as Photoshop and Dreamweaver) and suites, CS5 Service Manager supports online services. Whilst testing, it would appear that this entry can be safely disabled as it will be loaded when required but if you experience problems try re-enabling it	Yes
AdobeCS6ServiceManager	N	CS6ServiceManager.exe	Part of both stand-alone Adobe CS6 products (such as Photoshop and Dreamweaver) and suites, CS6 Service Manager supports online services. Whilst testing, it would appear that this entry can be safely disabled as it will be loaded when required but if you experience problems try re-enabling it	No
winproc	X	CS6_Keygen.exe	Detected by McAfee as Generic.dx and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
CopernicSummarizerWatchdog	U	CSAgent.exe	"Copernic Summarizer can analyze a text of any length, on any subject, in any one of four languages, and create a document summary as short or as long as you want it to be. It can summarize Word documents, Web pages, PDF files, email messages and even text from the Clipboard"	No
IPv6 Helper Driver	X	csass.exe	Added by the AGOBOT.TC WORM!	No
LanGuard Auto Updater	X	csass.exe	Added by the RBOT-DS WORM!	No
PCHELPER	X	CSASS.EXE	Detected by Malwarebytes Anti-Malware as Trojan.Agent.PHGen. The file is located in %Temp%	No
WSAConfiguration1	X	csass.exe	Detected by Trend Micro as WORM_AGOBOT.WH	No
Windows Hostbs	X	csbss.exe	Detected by Malwarebytes Anti-Malware as Trojan.FakeFolder. The file is located in %AppData%	No
WINHOST2	X	csbss.exe	Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes Anti-Malware as Backdoor.Agent.DC	No
csc	U	csc.exe	Command line compiler for Microsoft C# it gets installed with the .NET SDK	No
CSCUPDATES	X	csc.exe	Detected by McAfee as RDN/Generic BackDoor!p and by Malwarebytes Anti-Malware as Backdoor.Agent.DC	No
CalcScience	X	cscientist.exe	Added by the SDBOT.ACQ WORM!	No
cscripts	X	cscripts.exe	Added by the BDOOR-AAP BACKDOOR!	No
CSCRS Value	X	cscrs.exe	Added by the RBOT-AAA WORM!	No
Microsoft Data Machine	X	csdata32.exe	Added by the WOOTBOT.AW WORM!	No
Current Security Config	X	csecure.exe	Added by the RBOT-AMO WORM!	No
csecwiz	N	csecwiz.exe	Setup wizard for the Client Security Software (CSS) for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is	Yes
IBM Client Security Software	N	csecwiz.exe	Setup wizard for the Client Security Software (CSS) for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is	Yes
Z_acamucli wizard	N	csecwiz.exe	Setup wizard for the Client Security Software (CSS) for IBM\Lenovo notebooks. This entry only runs once, after the software has been installed and the notebook rebooted for the first time. If the wizard isn't completed a shortcut is available via the Start menu until it is	Yes
Fortis Secure Layer Config	U	cseinst.exe	Part of Fortis Bank Home Banking. Installed with the software necessary to run the Home Banking and according to Fortis Bank this will not in any way be harmful to the system or relay system information	No
AbsoluteShield Internet Eraser	U	cseraser.exe	AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"	No
cserv32	X	cserv32.exe	Added by the STRATION.EC WORM!	No
Microsoft Driver Setup	X	CsgF.EXE	Detected by Avira as Worm/Kolab.eih	No
Adobe Remixer Version 2.4	X	cshelp32.exe	Added by the NUCLEROOT.E BACKDOOR!	No
CsimPlayer	X	CsimPlayer.exe	Added by the KOOBFACE-AD WORM!	No
CSINJECT.EXE	U	CSINJECT.EXE	Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes"	No
CleanSweep Smart Sweep-Internet Sweep	U	Csinsm32.exe	Smart Sweep and Internet Sweep keep track of all files added and any changes made to existing configuration files when you install a program using the now discontinued Norton Cleansweep uninstaller/file cleaning utility. "Smart Sweep tracks all file additions and changes that originate from floppies, CDs, or network drives. Internet Sweep tracks all ActiveX control file and Plug-in installations that originate from a Web site. CleanSweep uses this information later to ensure safe and thorough uninstallations"	No
CleanSweep Smart Sweep-Internet Sweep	U	CsinsmNT.exe	Smart Sweep and Internet Sweep keep track of all files added and any changes made to existing configuration files when you install a program using the now discontinued Norton Cleansweep uninstaller/file cleaning utility. "Smart Sweep tracks all file additions and changes that originate from floppies, CDs, or network drives. Internet Sweep tracks all ActiveX control file and Plug-in installations that originate from a Web site. CleanSweep uses this information later to ensure safe and thorough uninstallations"	Yes
xware	X	cskware.exe	Malware downloader from xxsware.com, produces adult content popups	No
csm Win Updates	X	csm.exe	Detected by McAfee as W32/Zotob.worm.b	No
Windows Client/Server Management Layer	X	csml.exe	Added by the AGENT.CYC BACKDOOR!	No
New Csnm Manager	X	csmn.exe	Added by the SDBOT.BZS WORM!	No
cmssSystemProcess	X	csms.exe	Detected by Sophos as Troj/Agent-Y	No
cmssSystemProcess	X	csmss.exe	Added by the AGENT-CO TROJAN!	No
spoolsvr32	X	csmss.exe	Added by the AGENT-AU TROJAN!	No
spoolsvr32	X	csmss32.exe	Added by the AGENT-AU TROJAN!	No
ControlServiceMgr	X	csmsv.exe	Detected by Sophos as Troj/Agent-XC	No
ManageProtocolCtrl	X	csmsv.exe	Added by the LOOKSKY.B TROJAN!	No
NDAv	X	csnss.exe	Added by the SERFLOG.C WORM!	No
SDAv	X	csnss.exe	Added by the SERFLOG.C WORM!	No
Service Monitor	X	csnss.exe	Added by the RBOT.EEH BACKDOOR!	No
CSO.exe	Y	CSO.exe	ONO Service Center tool installed when you choose to install their internet security suite - sourced by Radialpoint. Apart from downloading the suite installation files, the exact purpose is unknown at this time but it may be used to source critical updates and alerts so should therefore be left enabled	No
csos	X	csos.exe	Added by the SDBOT-DFE WORM!	No
CSV10P1	X	CSP001.exe	ClearSearch adware	No
csrcs	X	csrcs.exe	Detected by Sophos as Troj/Agent-HUA	No
Googles	X	csrcs.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.MODUPX. The file is located in %AppData%	No
Messenger	X	csrcs.exe	Detected by Malwarebytes Anti-Malware as Trojan.Klovbot.ai. The file is located in %AppData%	No
Microsofts	X	csrcs.exe	Added by the VB-FNA TROJAN!	No
Windows Custom Services	X	CSRCS.EXE	Added by the SPYBOT-EI WORM!	No
Windows Media Player	X	csrcs.exe	Detected by Microsoft as Trojan:Win32/Vboxador.B and by Malwarebytes Anti-Malware as Trojan.VBInject	No
Windows Player	X	csrcs.exe	Detected by Sophos as W32/Scar-AR and by Malwarebytes Anti-Malware as Trojan.VBInject	No
Remndr	X	CsRemnd.exe	CasinoOnline foistware	No
Csrss Host	X	csrhost.exe	Added by the IRCBOT.BIZ WORM!	No
NT Windows System Manager Loader	X	csrlss.exe	Detected by Trend Micro as WORM_AGOBOT.OX	No
Windows Client/Server Runtime Management Layer	X	csrml.exe	Added by the AGENT.CWQ BACKDOOR!	No
ethernet adapter	X	csrmss.exe	Added by a variant of Win32/Rbot	No
DriverModule	X	csrnvrt.exe	Added by the IRCBOT.I TROJAN!	No
csr	X	csrrs.exe	Added by the RBOT-CKM WORM!	No
csrrs	X	csrrs.exe	Added by the INEUDOK.A TROJAN!	No
Service Controller	X	Csrrs.exe	Detected by Symantec as W32.HLLW.Gaobot.AO	No
Windows Taskmanager Data	X	csrrss.exe	Added by the RBOT-BBH WORM!	No
Microsoft Client/Server Runtime Server Subsystem	X	csrs.exe	Added by the RBOT-AEN WORM! Note the space at the beginning of the "Startup Item" field	No
Client Server Runtime	X	csrs.exe	Added by the POEBOT-KR WORM!	No
Client Server Runtime Process	X	csrs.exe	Added by the LINKBOT.M WORM!	No
Com+ Sys	X	csrs.exe	Added by the FORBOT-BT WORM!	No
csrs	X	csrs.exe	Added by the GAOBOT.GEN!POLY WORM!	No
csrs.exe	X	csrs.exe	Detected by Dr.Web as Trojan.Siggen3.27512 and by Malwarebytes Anti-Malware as Trojan.Agent	No
Intel Driver	X	csrs.exe	Added by a variant of the SDBOT WORM - see here	No
Microsoft Corp. Critical Services	X	csrs.exe	Added by the RBOT-GTJ WORM!	No
NetWork	X	csrs.exe	Detected by Trend Micro as WORM_AGOBOT.JJ	No
Windows Action	X	csrs.exe	Added by the SECCMU-A WORM!	No
Windows Client/Server Runtime Server	X	csrs.exe	Added by the RBOT.KD WORM!	No
Windows Update Service	X	csrs.exe	Detected by Sophos as W32/Agobot-NI and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
boby	X	csrs.scr	Added by the BANCBAN-PC TROJAN!	No
dark	X	csrs.scr	Detected by Sophos as Troj/Bancban-GT or Troj/Bancban-GU and by Malwarebytes Anti-Malware as Trojan.Banker	No
Norton System	X	csrs.scr	Added by the BANLOA-AFM TROJAN!	No
System32-Driver	X	csrs32.exe	Added by the SDBOT-CP BACKDOOR!	No
csrsc	X	csrsc.exe	Added by the SILLYDC WORM!	No
svchost.exe	X	csrsc.exe	Added by the BUZUS.AAUP TROJAN!	No
Winsock2 driver	X	CSRSC.EXE	Added by the SPYBOT-CF WORM!	No
Microsoft Registry	X	csrse.exe	Added by the RBOT-PC WORM!	No
System Process	X	CSRSR.exe	Added by the AGOBOT-SQ WORM!	No
Client Server Run Time Proccess	X	csrsrv.exe	Added by a variant of W32/Sdbot.worm	No
csrss	X	csrss .exe	Detected by Dr.Web as Trojan.KillProc.19763 and by Malwarebytes Anti-Malware as Trojan.Agent	No
SystemDriver	X	csrss.exe	Detected by Symantec as Trojan.Ascetic.B and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer and note the space at the beginning of the "Startup Item" field	No
.svchost	X	CSRSS.EXE	Detected by Symantec as Trojan.Webus.F and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!	No
.TEXTCONV	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
.WMAudio	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
_SystemDriver	X	csrss.exe	Detected by Symantec as Trojan.Ascetic.B and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer	No
97335ed968c8d21501810d2516770677	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader8.24029 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
AdRotator.Application	X	csrss.exe	Detected by Sophos as Troj/Small-AQ and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the "drivers" subfolder	No
afrriiii	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
Application	X	csrss.exe	Detected by Symantec as W32.Beagle.EG@mm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
ASP.NET State Service	X	csrss.exe	Detected by Sophos as Troj/Dloader-QI and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
AtiSound	U	csrss.exe	WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder	No
AVManager	X	csrss.exe	Detected by Sophos as W32/Autorun-DV and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "~A~m~B~u~R~a~D~u~L~" subfolder	No
BagleAV	X	csrss.exe	Detected by Symantec as W32.Netsky.AB@mm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
bootstat	X	csrss.exe	Detected by Symantec as Trojan.Comrerop and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media	No
BuildLabs	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
ccpApps	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
ClickTheButton	X	csrss.exe	ClickTheButton adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder	No
Client Server Runtime Process	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader6.47266 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\System32	No
Client Server Runtime Process	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader6.51189 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
ComMessenger	X	csrss.exe	Detected by Dr.Web as Trojan.PWS.Siggen.40403 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\data	No
conime	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "wbem" subfolder	No
Console de Gerenciamento Microsoft	X	csrss.exe	Detected by Sophos as Troj/Bancban-ET and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "Central de Segurança" subfolder	No
CriticalSysResrc	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader6.61569 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
csrss	U	csrss.exe	BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Supremtec	No
Csrss	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
csrss	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This is located in %Windir% and %UserStartup% and %AllUsersStartup% and its presence there ensures it runs when Windows starts	No
csrss	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserTemp%	No
csrss	X	csrss.exe	Detected by Kaspersky as Trojan-Spy.Win32.Ardamax.dke and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserTemp%\tmp-3	No
csrss	X	csrss.exe	Detected by McAfee as Generic.dx!bd3d and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\Microsoft	No
csrss	X	csrss.exe	Detected by McAfee as Generic.dx!bdbc and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Common Files\Microsoft	No
csrss	X	csrss.exe	Detected by Sophos as Troj/Keylog-AQ and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Csrss	X	CSRSS.EXE	Detected by Sophos as W32/Punya-B and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %LocalAppData%\WINDOWS	No
Csrss	X	csrss.exe	Detected by Symantec as W32.Chod@mm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a random subfolder	No
csrss	X	csrss.exe	Detected by Symantec as Trojan.Syginre and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%	No
Csrss.exe	X	csrss.exe	Detected by Symantec as W32.Dalbug.Worm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
csrssLevel4	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located %Windir%\System\Level4	No
DIECOX	X	csrss.exe	Added by a variant of Backdoor.Hale and detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "qossrv" subfolder	No
Document Explorer3	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Documents	No
Download Manager3	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%\Downloads	No
e101a39ab5de59589562aa0ff3295ba5	X	csrss.exe	Detected by McAfee as Generic.tfr!cr and by Malwarebytes Anti-Malware as Trojan.MSIL. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%	No
Explorer.exe	X	csrss.exe	Detected by Sophos as W32/Juego-B and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\Microsoft	No
FiendlyType	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
FirewallActivies	X	csrss.exe	Detected by Sophos as Troj/Banker-AQ and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "3041" subfolder	No
Google Upd	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Google	No
HKCU	X	csrss.exe	Detected by Kaspersky as Trojan.Win32.Buzus.emmy and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "install" subfolder	No
HKLM	X	csrss.exe	Detected by Kaspersky as P2P-Worm.Win32.Palevo.ahmd and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winboot" subfolder	No
HKLM	X	csrss.exe	Detected by Kaspersky as Trojan.Win32.Buzus.emmy and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "install" subfolder	No
HKLN	X	csrss.exe	Detected by Kaspersky as P2P-Worm.Win32.Palevo.ahmd and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winboot" subfolder	No
Host-process Windows (Rundll32.exe)	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader6.47266 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\System32	No
Host-process Windows (Rundll32.exe)	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader6.51189 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
Intel	X	csrss.exe	Detected by Kaspersky as Trojan-Banker.Win32.Qhost.mmu and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
Java	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader4.11626 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\@off@	No
Java	X	csrss.exe	Detected by McAfee as Generic BackDoor!fj3 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\Java	No
KernellApps	X	csrss.exe	Detected by Sophos as Troj/Bancban-AC and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "System" subfolder	No
Key Logger	X	csrss.exe	Detected by Symantec as W32.Buchon.A@mm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%	No
Krnlcheck	X	csrss.exe	Detected by Symantec as Backdoor.Botnachala and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Logon<user>	X	CSRSS.EXE	Detected by Sophos as W32/Brontok-BH and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %LocalAppData%\WINDOWS	No
LogonAdministrator	X	CSRSS.EXE	Detected by Symantec as W32.Korron.B and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %LocalAppData%\WINDOWS	No
LOGONADMINISTRATOR.[ComputerName]	X	CSRSS.EXE	Detected by McAfee as Generic VB.i and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %LocalAppData%\WINDOWS	No
Logonrepclient1	X	CSRSS.EXE	Detected by Sophos as W32/Brontok-BT and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %LocalAppData%\WINDOWS	No
Logonsara	X	csrss.exe	Detected by Sophos as W32/Brontok-BS and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %LocalAppData%\WINDOWS	No
Microsoft Office Outlook	X	csrss.exe	Detected by McAfee as W32/Worm-FDN!F4D562C180AF and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\'\'	No
Microsoft Security Client	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Microsoft	No
Microsoft SourceSafe	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
Microsoft Update	X	Csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winfiles" subfolder	No
Microsoft Windows CSRSS	X	csrss.exe	Detected by Sophos as W32/Kalel-A and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
Microsoft Windows Hosting Service	X	csrss.exe	Detected by Dr.Web as Trojan.FakeAV.14105 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%	No
Microsoft Windows Update Client	X	csrss.exe	Detected by Sophos as W32/Kebede-G and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32	No
Microsoft Word Profissional	X	csrss.exe	Detected by Sophos as Troj/Bancban-DB and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "s1613" subfolder	No
Microsoft Word Profissional	X	csrss.exe	Detected by Sophos as Troj/Bancos-DP and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "JavaVM" subfolder	No
Microsoft Word Profissional	X	csrss.exe	Detected by Sophos as Troj/Banker-DJ and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "protect" subfolder	No
MSN	X	csrss.exe	Detected by McAfee as Generic PWS.y. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msapps	No
Mstask	X	csrss.exe	Detected by McAfee as Generic.bfr and by Malwarebytes Anti-Malware as Trojan.Agent	No
MSWUpdate	X	csrss.exe	Detected by Sophos as Mal/DrkBot-A and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
Norton Protect Activies	X	csrss.exe	Detected by Sophos as Troj/Banker-CZ and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolder	No
NTDLM	X	csrss.exe	Detected by Symantec as Backdoor.Hale and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "qossrv" subfolder	No
nvdisplay	X	csrss.exe	Detected by Sophos as W32/VB-FBO and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
PagefileManager	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Pagefile System Volume	No
Policies	X	csrss.exe	Detected by Kaspersky as Trojan.Win32.Buzus.emmy and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an "install" subfolder	No
Profile Manager3	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%	No
Prog	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
RegDone Ex	X	csrss.exe	Detected by Symantec as Trojan.Webus and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
RegWrite	X	csrss.exe	Detected by Symantec as Backdoor.Sokacaps and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media	No
Remote Registry Service	X	csrss.exe	Detected by Sophos as W32/IRCBot-AKB and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
RPCserv32g	X	CSRSS.EXE	Detected by Trend Micro as WORM_BOBAX.AD and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
rundll32	X	csrss.exe	Detected by Symantec as Trojan.Gutta and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Runner	X	csrss.exe	Detected by Sophos as Troj/AdClick-AG and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Runtime Process	X	Csrss.exe	Detected by Sophos as Troj/Ciadoor-J and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Runtime Server Subsystem	X	csrss.exe	Detected by Sophos as W32/IRCBot-XV and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!	No
SernellApp.pcx	X	csrss.exe	Detected by Sophos as Troj/Bancban-BJ and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "D5133" subfolder	No
Shockwave	X	csrss.exe	Detected by Symantec as W32.Sndog@mm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Skype	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.VBKrypt. Note - this is not a legitimate entry for the popular Skype VOIP software and also it is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
SOFICE	X	csrss.exe	Detected by McAfee as RDN/Generic.dx and by Malwarebytes Anti-Malware as Trojan.Agent.DPT. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %LocalAppData%\Google	No
State Service	X	csrss.exe	Detected by Sophos as Troj/Dadobra-CP and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
svchost	X	csrss.exe	Detected by Kaspersky as Trojan.Win32.Swisyn.bgkm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%	No
Sysinternals	X	csrss.exe	Guard Online rogue security software - not recommended, removal instructions here. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
System	X	csrss.exe	Detected by Symantec as Infostealer.Ldpinch.E and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
System Process	X	csrss.exe	Detected by Sophos as Troj/AdClick-AG and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
System32	X	csrss.exe	Detected by Symantec as W32.SillyFDC and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers" subfolder	No
SYSTEMSars32	X	csrss.exe	Detected by Symantec as W32.Ahlem.A@mm and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
TaskMrg	X	csrss.exe	Detected by Sophos as Troj/LdPinch-W and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Torjan Program	X	csrss.exe	Detected by Sophos as Troj/LegMir-BO and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Update	X	csrss.exe	Detected by Sophos as Troj/AdClick-AG and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Update	X	csrss.exe	Detected by Symantec as Trojan.Meheerwar and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winupdate" subfolder	No
UpDaTer	X	csrss.exe	Detected by Kaspersky as Worm.Win32.AutoRun.dib and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ï¿½ subfolder	No
WinDefender.exe	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
Windows 2004	X	csrss.exe	Detected by Sophos as Troj/Banker-DY and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Windows 2004\Tools	No
Windows Client Service 32	X	csrss.exe	Detected by Sophos as W32/Rbot-ALB and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "drivers\winsdriver" subfolder	No
Windows defender	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the "drivers" subfolder	No
Windows Explorer SP2	X	csrss.exe	Detected by Sophos as Troj/Banker-DM and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "JavaBeans" subfolder	No
Windows System Devices Manager	X	csrss.exe	Detected by Sophos as Troj/Inject-PX and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
Windows Update	X	csrss.exe	Detected by Sophos as Troj/Banker-HM and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
WindowsExplorer	X	csrss.exe	Messenger Blocker rogue security software - not recommended. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %CommonFiles%\System	No
WINDOWSHOSTED	X	csrss.exe	Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%	No
Windowsupdate Service	X	csrss.exe	Detected by Sophos as W32/Baba-B and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie, C:\)	No
Winlogon	X	csrss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%	No
winupdate	X	csrss.exe	Detected by Kaspersky as P2P-Worm.Win32.Palevo.ahmd and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "winboot" subfolder	No
WinUpdateAdministrator	X	CSRSS.EXE	Detected by Sophos as W32/Punya-A and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Application Data\WINDOWS	No
WinUpdateProtection	U	csrss.exe	EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a subfolder of C:\windowsupdate\ufp	No
WinXP	X	csrss.exe	Detected by Sophos as Troj/Bancos-AG and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP\Tools	No
WinXP-98	X	CSRSS.exe	Detected by Sophos as Troj~Banker-DS and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP-98\Tools	No
WOW64 Emulator	X	csrss.exe	Detected by Dr.Web as Trojan.DownLoader8.21350 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %CommonAppData%\WOW64	No
ZoneUpdate	U	csrss.exe	WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a "ComRoot" subfolder	No
27	X	csrss32.exe	Added by the SLSORVE-D TROJAN!	No
ALM	X	csrss32.exe	Added by the ANACON-D VIRUS!	No
Execution Control Services	X	csrss32.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.CSR. The file is located in %ProgramFiles%\Windows Service - see here	No
Microsoft CSRSS32 Protocol	X	csrss32.exe	Added by the RBOT.AAN WORM!	No
Microsoft Update Service	X	csrss32.exe	Added by the AGOBOT-HC WORM!	No
OCXSVC	X	csrss32.exe	Detected by McAfee as RDN/Generic.dx!b2g and by Malwarebytes Anti-Malware as Trojan.Downloader.OCX	No
Services	X	csrss32.exe	Added by the ANACON-D VIRUS!	No
System Log Event	X	csrss32.exe	Detected by Sophos as W32/Agobot-JI	No
System Update Service	X	csrss32.exe	Added by the AGOBOT-HI WORM!	No
Updater Service Process	X	csrss32.exe	Added by the AGOBOT-GP BACKDOOR!	No
Microsoft CSRSS386 Protocol	X	csrss386.exe	Added by a variant of the SPYBOT WORM!	No
Microsoft Client/Server Runtime Server Subsystem	X	csrssa.exe	Added by a variant of WORM_AGOBOT.GEN. Note the space at the beginning of the "Startup Item" field	No
Jnskdfmf9eldfd	X	csrssc.exe	Added by the AGENT.EBC TROJAN!	No
Opera	X	csrsse.exe	Added by the MDROP-DFQ TROJAN!	No
NAV Auto Updates	X	csrssp.exe	Added by the SDBOT.AQV WORM!	No
Microsoft Windows Hosting Service	X	csrssr.exe	Detected by Microsoft as Trojan:Win32/Pefsire.A and by Malwarebytes Anti-Malware as Trojan.MWF.Gen. The file is located in %Windir%	No
Microsoft Windows Hosting Service	X	csrssr.exe	Detected by Sophos as Troj/Agent-QRP and by Malwarebytes Anti-Malware as Backdoor.Bot. The file is located in %UserTemp%	No
Windows RPC Host Service	X	csrssr.exe	Detected by Sophos as Troj/Agent-QRP	No
Client Server Runtime Process	X	csrsss.exe	Added by the SDBOT-LD WORM!	No
CSRSS Loader	X	csrsss.exe	Detected by Trend Micro as WORM_AGOBOT.TX	No
Microsoft Winsock	X	csrsss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Sdbot. The file is located in %System%	No
CSRSSU	X	CSRSSU.exe	CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN!	No
Microsoft DLL Verifier	X	csrssv.exe	Added by the RBOT-ATK WORM!	No
CSRSSW	X	CSRSSW.EXE	Added by the CWS-F TROJAN!	No
argq32	X	csrss_32.exe	Added by the RBOT-CPM WORM!	No
csrsvc.exe	X	csrsvc.exe	Detected by McAfee as W32/Worm-FES!9150D3E9A7A8 and by Malwarebytes Anti-Malware as Worm.Agent.CS	No
WSAConfiguration	X	csrsvcs.exe	Detected by Trend Micro as WORM_AGOBOT.VI	No
System132	X	Csrtss.exe	Added by the LANFILT-I TROJAN!	No
csrvss	X	csrvss.exe	Added by a variant of the SDBOT BACKDOOR!	No
ProtocolEventTsk	X	csrwjd.exe	Added by the STINX-N TROJAN!	No
dab1c01d088e43d83122e84a5262c4d7	X	css.exe	Detected by Malwarebytes Anti-Malware as Trojan.MSIL. The file is located in %UserProfile%	No
WINHOST3	X	cssas.exe	Detected by McAfee as RDN/Generic BackDoor and by Malwarebytes Anti-Malware as Backdoor.Agent.DC	No
Client Security Solution	N	cssauth.exe	Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect	Yes
cssauth	N	cssauth.exe	Part of Thinkvantage Client Security Solution for Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect	Yes
cssauthe	N	cssauthe.exe	Part of Thinkvantage Client Security Solution for IBM/Lenovo ThinkPad notebooks and ThinkCentre desktops. Once configured via the associated setup screens this loads via winlogon.exe (and loads the password manager) and therefore disabling this entry has no effect	No
cssrs	X	cssrs.exe	Detected by Dr.Web as Trojan.MulDrop2.47868 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Windir%\HkN32	No
cssrs	X	cssrs.exe	Detected by Dr.Web as Trojan.FakeAV.10930 and by Malwarebytes Anti-Malware as Trojan.Inject. The file is located in %AppData%\Macromidia	No
cssrs	X	cssrs.exe	Detected by Sophos as Troj/Bancban-DW and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %System%	No
cssrs.exe	X	cssrs.exe	Detected by Dr.Web as Trojan.Siggen2.56871 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Temp%	No
cssrs.exe	X	cssrs.exe	Detected by Dr.Web as Trojan.DownLoader5.12384 and by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %AllUsersProfile%\uTorrent	No
ctfmen	X	cssrs.exe	Added by the STARTP-DC TROJAN!	No
Display Drivers	X	cssrs.exe	Detected by Trend Micro as WORM_AGOBOT.FX	No
JavaUpdatecda9	X	cssrs.exe	Detected by Kaspersky as Trojan-Downloader.Win32.Homa.etg and by Malwarebytes Anti-Malware as Trojan.Banker	No
Microsoft Corp	X	cssrs.exe	Detected by Kaspersky as Trojan.Win32.Scar.cpqv	No
Microsoft service	X	cssrs.exe	Added by the STARTP-DC TROJAN!	No
Nxvst	X	cssrs.exe	Detected by Microsoft as Worm:Win32/Gaobot.CD	No
ServicesActive	X	cssrs.exe	Added by the AGOBOT-GB BACKDOOR!	No
TINTIMG	X	cssrs.exe	Detected by Kaspersky as Trojan.Win32.Cossta.ndb and by Malwarebytes Anti-Malware as Trojan.StartPage	No
Verificador do sistema	X	cssrs.exe	Added by the MOCON WORM!	No
WinFX	X	cssrs.exe	Detected by Trend Micro as WORM_AGOBOT.FX	No
cssrss.exe	X	cssrss.exe	Malware installed by different rogue security software including SpyKillerPro	No
MSN ang	X	cssrss.exe	Added by the FORBOT-CE WORM!	No
WMDM PMSP Service	X	cssrss.exe	Added by the KNOCKIT-A TROJAN!	No
csss	X	Csss.exe	Added by the BALICK TROJAN!	No
CSS Server	U	CSSServer.exe	ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself	No
COMODO SafeSurf	Y	cssurf.exe	Comodo SafeSurf Toolbar by Comodo Group, Inc - installed with older versions of their firewall and "protects against data theft, computer crashes and system damage by preventing most types of Buffer Overflow attacks. This type of attack occurs when a malicious program or script deliberately sends more data to a target applications memory buffer than the buffer can handle - which can be exploited to create a back door to the system though which a hacker can gain access"	No
Win4Hosting	X	csszss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %UserTemp%	No
CSS_Central	U	CSS_1631.EXE	Part of Command AntiVirus for 9x/Me by Command Software Systems, Inc (who became Authentium and are now Commtouch)	No
SysW8	U	csta.exe	Clean Space internet evidence eliminator	No
ChineseStar	U	cstar.exe	Chinese language support software	No
nvsv32.exe	X	cstr.exe	Added by a variant of W32/Sdbot.worm	No
CC2KUI	X	CSTRAY.EXE	Comet Cursor adware	No
WindowsDiskLog	X	cstsm.exe	Added by the STINX-C or STINX-D TROJANS!	No
CleanSweep Useage Watch	N	CSUSEM32.EXE	Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time	No
CSV10P70	X	CSv10P070.exe	ClearSearch adware	No
CSV7P70	X	CSV7P070.exe	ClearSearch adware	No
CSV7P26	X	CSV7P26.exe	ClearSearch adware	No
CSV7P91	X	CSV7P91.exe	ClearSearch adware	No
csvdea	U	csvdea.exe	SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself	No
csvhost.exe	X	csvhost.exe	Added by the CIMUZ-BD TROJAN!	No
CompuSpy KeyLogger	U	cswin2008.exe	CompuSpy surveillance software. Uninstall this software unless you put it there yourself	No
NETServices	X	csxrs.exe	Added by a variant of W32/Sdbot.worm	No
LocalSysLite	X	csxss.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent. The file is located in %Root%\Users\Public	No
CardScan AutoSync	?	CSyncCfg.exe	Related to the CardScan business card reader range of products. May be related to synchronization with E-mail software and mobile devices (see here)?	No
System time updator	X	CSysTime.exe	Added by the RANDEX.S WORM!	No
Ashampoo Core Tuner	U	ct.exe	Ashampoo® Core Tuner - a utility which helps you to get the most out of a multi-processor (or dual core) computer. "For instant results you just need to select Auto-Optimize to optimize all the programs you are running or Boost to give more power to a single program." This entry loads Core Tuner with Windows (required if you use any optimized profiles) and gives System Tray access	Yes
checktime	U	ct.exe	Part of the "HP Learning Adventure" software installed HP's XP home user PCs which gives access to pre-installed software choices ranging from children's educational titles to family reference software that they can try before they buy. Consumers also receive one free software choice with each system they purchase. Required if you use this feature	No
ct	U	ct.exe	Part of the "HP Learning Adventure" software installed HP's XP home user PCs which gives access to pre-installed software choices ranging from children's educational titles to family reference software that they can try before they buy. Consumers also receive one free software choice with each system they purchase. Required if you use this feature	No
Microsoftctfmon	X	ct.exe	Detected by Dr.Web as Trojan.DownLoader6.9198 and by Malwarebytes Anti-Malware as Trojan.Agent	No
CTAPR2	U	CTAPR2.exe	Console Launcher for the Creative Sound Blaster X-Fi series	No
CTAVTray	N	CTAvTray.exe	For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ	No
ClickTheButton	X	CTB.EXE	ClickTheButton adware	No
CTCheck	U	CTCheck.exe	Associated with the ZEN range of MP3 players from Creative Technology Ltd. A visitor recommended the "U" status but what does it do?	No
CTCMonitor	U	CTCMonitor.exe	Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File → Print method of using Click-to-Convert. If converting directly from MS Office, it is not required	No
Creative MediaSource Go	U	CTCMSGo.exe	Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"	No
Creative MediaSource Go	U	CTCMSGoU.exe	Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which "enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"	No
Creative Detector U	N	CTDetctu.exe	Removable media detector for Creative products - such as the Zen media players - that launches version 5 of the MediaSource™ player organizer when compatible media is detected	No
Creative Detector	N	CTDetect.exe	Removable media detector for Creative products - such as the Zen media players - that launches the appropriate application (such as the MediaSource™ player organizer) when compatible media is detected	No
CTDVDDet	N	CTDVDDet.exe	Auto-detects and plays a DVD when using a Creative Soundblaster soundcard	No
CTStartup	N	CTEaxSpl.exe	Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard	No
WINDOWS SYSTEM	X	ctech.exe	Added by the MYTOB-KD WORM!	No
ctf.exe	X	ctf.exe	Added by a variant of the BIFROSE TROJAN!	No
Windows Firewall Updater	X	ctfcom.exe	Added by the RBOT-GCB WORM!	No
ctflog manager	X	ctflog.exe	Added by the DONBOMB.A TROJAN!	No
CTFMON.CPL	X	CTFM0N.CMD	Detected by Symantec as the SILLYFDC WORM! See here	No
compmgmt	X	CTFM0N.EXE	Added by the INJECT.PT TROJAN! Notice the digit "0" in the filename rather than the upper case "o"	No
CTFM0N.exe	X	CTFM0N.exe	Added by the STARTPAGE.P TROJAN! Notice the digit "0" in both columns rather than the upper case "o"	No
ctfmon.exe	X	CTFM0N.EXE	Added by the AUTORUN-AYX WORM! Notice the digit "0" in the filename rather than the upper case "o"	No
Windows file monitor	X	ctfm0n.exe	Detected by Trend Micro as WORM_MEPAOW.LX. Note the number "0" in place of a lower case "o" in the filename	No
PHIME2004C	X	CTFMDN.exe	Added by the DLOADR-AMV TROJAN!	No
ctfmgr	X	ctfmgr.exe	Added by the PWS-ATU TROJAN!	No
Windows Update Firewall System	X	ctfmom.exe	Detected by Symantec as W32.Spybot.ANDM and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
0e020ee62e36dea9d9476175e8ebf8d4	X	ctfmon.exe	Detected by Dr.Web as Trojan.DownLoader7.7428 and by Malwarebytes Anti-Malware as Backdoor.Agent.TRJ. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in %AppData%	No
CTFMon	U	ctfmon.exe	Family KeyLogger keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "CTF" sub-folder	No
ctfmon	X	ctfmon.exe	Added by the AUTORUN-G WORM! Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in a "1046" sub-folder	No
CTFMON	X	ctfmon.exe	Detected by Malwarebytes Anti-Malware as Worm.Agent. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in a "1126" sub-folder	No
CTFMON	X	ctfmon.exe	Detected by McAfee as Downloader.a!bql. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in an "InstallDir" sub-folder	No
ctfmon	X	ctfmon.exe	Detected by Sophos as Troj/Dloadr-DRL and by Malwarebytes Anti-Malware as Trojan.Backdoor.TJK. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in %UserStartup% and its presence there ensures it runs when Windows starts	No
ctfmon	U	ctfmon.exe	Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example	Yes
ctfmon.exe	U	ctfmon.exe	TotalSpy keystroke logger/monitoring program - remove unless you installed it yourself! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %ProgramFiles%\TS Trial	No
CTFMON.EXE	X	ctfmon.exe	Added by the VBSP-A WORM! Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in a "1126" sub-folder	No
ctfmon.exe	X	ctfmon.exe	Added by the RAIDYS TROJAN! Note - this overwrites the legitimate ctfmon.exe process associated with alternate text inputs which is located in %System%	No
ctfmon.exe	U	ctfmon.exe	Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example	Yes
ctfnnon	X	ctfmon.exe	Detected by Kaspersky as Backdoor.Win32.Turkojan.il. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%	No
DLLÝNSTALLS32	X	ctfmon.exe	Detected by Malwarebytes Anti-Malware as Spyware.Password. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "SYS32DLLS" sub-folder	No
Firewall	X	ctfmon.exe	Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Windir%	No
HKCU	X	ctfmon.exe	Detected by McAfee as Downloader.a!bql. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in an "InstallDir" sub-folder	No
HKLM	X	ctfmon.exe	Detected by McAfee as Downloader.a!bql. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in an "InstallDir" sub-folder	No
Microsoft CTF Loader	U	ctfmon.exe	Supports multiple languages and alternative method inputs in Windows and MS Office. The language bar is displayed alongside the System Tray if more than one keyboard layout is enabled (for switching input languages) or, for example, if speech is selected as an alternative input for MS Office or Notepad. Required to support advanced text services (such as right to left text) for East Asian users. Can be disabled via Start → Control Panel → Regional and Language Options → Languages → Text Services and Input Languages → Details → Advanced → System Configuration → Turn off advanced text services (which also turns off the language bar). See also here and here. Can also cause problems with some other programs if left enabled - see here for such an example	Yes
Microsoftctfmon	X	ctfmon.exe	Detected by Dr.Web as Trojan.DownLoader5.37566 and by Malwarebytes Anti-Malware as Trojan.Agent. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %Root%\fdst	No
ntuser	X	ctfmon.exe	Detected by Sophos as Troj/Agent-GSG. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %UserProfile%	No
QQPLUS	X	ctfmon.exe	Detected by McAfee as Generic BackDoor and by Malwarebytes Anti-Malware as Worm.AutoRun. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in %ProgramFiles%\MSFCache	No
Service Pack 2	X	ctfmon.exe	Detected by Kaspersky as Trojan-Downloader.Win32.Genome.anmr and by Malwarebytes Anti-Malware as Trojan.Banker.Gen. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in %Root%\Arquivos de programas\Internet Explorer	No
Service Pack 3	X	ctfmon.exe	Detected by Kaspersky as Trojan-Downloader.Win32.Genome.axxw and by Malwarebytes Anti-Malware as Trojan.Banker.Gen. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in %Root%\Arquivos de programas\Internet Explorer	No
Symantec Update	X	ctfmon.exe	Detected by Trend Micro as BKDR_GODIN.A and by Malwarebytes Anti-Malware as Backdoor.Agent.CTF. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in %UserProfile%\Local Settings	No
SYS32	X	ctfmon.exe	Detected by Malwarebytes Anti-Malware as Spyware.Password. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "SYS32DLLS" sub-folder	No
WÝNSYS32DLLS	X	ctfmon.exe	Detected by Malwarebytes Anti-Malware as Spyware.Password. Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "SYS32DLLS" sub-folder	No
WinDefender	X	ctfmon.exe	Detected by Dr.Web as Trojan.KillProc.9740 and by Malwarebytes Anti-Malware as Trojan.Agent.Gen. Note - this is not the legitimate ctfmon.exe process associated with alternate language and method inputs which is always located in %System%. This one is located in %AppData%\Adobe	No
Windows Live Messenger 8.12	X	ctfmon.exe	Added by the LIPARK-A WORM! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %UserProfile%	No
WinXPService	X	ctfmon.exe	Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a "ctf" sub-folder	No
ctfmon.exe	X	ctfmon.exe eminem.exe	Added by the BHARAT.A WORM!	No
Ctfmon.exe	X	ctfmon32.exe	CoolWebSearch Ctfmon32 parasite variant	No
CTFMON32	X	CTFMON32.EXE	CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN!	No
ctfmon32.exe	X	ctfmon32.exe	Detected by Dr.Web as Trojan.Siggen4.31693 and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%	No
User Input Services	X	CTFMON32.EXE	Added by the MANCSYN.AK TROJAN!	No
Windows Services M7	X	ctfmon32.exe	Added by the AGENT.WOH TROJAN!	No
Windows svchost	X	ctfmon32.exe	Added by a variant of the SPYBOT WORM! See here	No
ctfmona	X	ctfmona.exe	Added by the DLOADR-BME TROJAN!	No
CTF Device Loader	X	ctfmond.exe	Added by the AGOBOT-FO WORM!	No
Microsoftctfmon	X	ctfmonn.exe	Detected by Dr.Web as Trojan.DownLoader6.4115 and by Malwarebytes Anti-Malware as Trojan.Agent	No
CTFMONSS	X	CTFMONSS.EXE	Added by the CWS-F TROJAN!	No
Windows Update Firewall System	X	ctfmoom.exe	Detected by Sophos as W32/Rbot-GAN and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
ctfmoon.exe	X	ctfmoon.exe	Detected by Symantec as Trojan.Mowhorc	No
msn	X	ctfmoons.exe	Added by the SPYBOT.HI WORM!	No
ctfmun	X	ctfmun.exe	Added by the AGENT.ACEZ TROJAN!	No
ntuser	X	ctfmun.exe	Added by the SILLYFDC WORM!	No
ctfmom	X	ctfnom.exe	Added by the BCKDR-QTA BACKDOOR!	No
ctfnom	X	ctfnom.exe	Detected by Dr.Web as Win32.HLLW.Autoruner1.16472 and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%	No
ctfnom	X	ctfnom.exe	Detected by Kaspersky as Trojan.Win32.Cospet.hph and by Malwarebytes Anti-Malware as Backdoor.Agent. The file is located in %AppData%\Dir	No
twin	X	ctfnom.exe	Detected by Symantec as W32.Ogleon.A	No
Win Updator Services	X	ctfnom.exe	Added by a variant of the WOOTBOT WORM!	No
msconfigurator	X	ctfsdk.exe	Added by the DELF-ALS TROJAN!	No
load	X	ctftpscr32.exe	Added by the AGENT-FPN TROJAN!	No
cft_mon	X	ctf_mon.exe	Detected by Dr.Web as Trojan.MulDrop2.30269 and by Malwarebytes Anti-Malware as Trojan.Keylogger	No
ctf_mon	X	ctf_mon.exe	Detected by Dr.Web as Trojan.MulDrop2.30269 and by Malwarebytes Anti-Malware as Trojan.Keylogger	No
cthelp	X	cthelp.exe	Added by the SDBOT BACKDOOR!	No
CTHelper	X	cthelper.exe	Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name. Both files are found in %System% but this entry loads via the HKLM and HKCU "Run" and "RunServices" registry keys, whereas the Creative version only loads via the HKLM "Run" key	No
CTHelper	U	CTHELPER.EXE	CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it	No
WINDVDpatch	U	CTHELPER.EXE	CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it	No
Win32 FireWire Driver	X	CTHELPER32.EXE	Added by the WOOTBOT TROJAN!	No
CTin10	X	CTin10.exe	Added by the BANCOS.E TROJAN!	No
Creative Launcher	N	CTLauncher.exe	For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start → Programs	No
Creative Live! Cam Manager	U	CTLCMgr.exe	Creative Live! Cam Manager	No
ControlCenter	Y	ctlcntr.exe	Part of Lenovo's (IBM) ThinkVantage Fingerprint Software - used on laptops and keyboards with integrated fingerprint readers	No
TaskBar	N	CTLTask.exe	Creative SoundBlaster Audigy Taskbar - used to choose between different types of EAX Effects, not required in startup. NOTE: if you get a ctltask.exe error message while installing the Audigy drivers, see this Microsoft Knowledge Base article	No
Tasktray	N	CTLTray.exe	Installed with the Sound Blaster Audigy range of soundcards. Allows you to set EAX effects or equalizer settings for the Sound Blaster Audigy from a systray icon. Also allows you to launch the Taskbar via right-click → Show Taskbar. The tasktray can be accessed via Start → Programs → Creative → Sound Blaster Audigy → Taskbar	No
CreativeMixer	U	CTMIX32.EXE	Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon	No
ctmmon.exe	X	ctmmon.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.WTO. The file is located in %System%	No
CMSETTINGS	U	ctmn.exe	Part of NetNanny Chat Monitor	No
CtModule	X	CtModule.exe	Added by the CLICKER-EG TROJAN!	No
(Default)	X	ctmon.exe	Added by the BANCOS.AAN TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank	No
svcshare	X	CTMONTv.exe	Added by the FUJACKS-AJ WORM!	No
CTNMRUN	U	ctnmrun.exe	Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected	No
NOMAD Detector	U	ctnmrun.exe	Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected	No
CreativeDiscNotifier	N	CTNOTIFY.EXE	For Creative sound cards. Detects when you insert a CD, DVD, etc	No
Disc Detector	N	CtNotify.exe	For Creative sound cards. Detects when you insert a CD, DVD, etc	No
[various names]	X	CToolBar.exe	Fake startup entry created by the Wareout rogue spyware and dialer remover - not recommended, removal instructions here. Archived version of Andrew Clover's original page	No
CTPDPSRV	?	CTPDPSRV.EXE	Compaq A3000 printer driver (in the %System%\spool\DRIVERS\W32\X86 folder). Is it required?	No
pdp Server	U	ctpdpsrvr.exe	Included and setup with the drivers for my Compaq A3000 all-in-one printer/scanner - maybe for networking. Works fine without it - but may be needed when used over a network	No
ctpmon	X	ctpmon.exe	Registry Cleaner rogue - not recommended, removal instructions here	No
ctpop	X	ctpop.exe	Detected by Malwarebytes Anti-Malware as Adware.Korad. The file is located in %ProgramFiles%\ctpop	No
CTPerformanceUtility	N	CTPowUti.exe	Related to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problems	No
ctqmon.exe	X	ctqmon.exe	Detected by Dr.Web as Trojan.Disabler.84 and by Malwarebytes Anti-Malware as Backdoor.Sdbot. The file location varies	No
Microsoft task tray monitor	X	ctray.exe	Added by a variant of Win32/Rbot	No
CTRegRun	N	CTRegRun.exe	For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative	No
CtrlVol	U	CtrlVol.exe	Volume control key on Acer, Fujitsu and other laptops	No
CreativeTaskScheduler	?	CTSched.exe	Creative Task Scheduler. What does it do and is it required?	No
CTSched	?	CTSched.exe	Creative Task Scheduler. What does it do and is it required?	No
Speed racer	N	CTSRReg.exe	Part of the Creative PlayCenter for their range of soundcards - now replaced by Creative MediaSource	No
Windows LoL Layer	X	ctssjmn.exe	Added by the KOLAB.PBY WORM!	No
CT Control Settings	X	CTSVCCD.EXE	Detected by Sophos as W32/Rbot-YS	No
CTSVolFE	U	CTSVolFE.exe	Creative Labs Mixer applet for the Sound Blaster Audigy	No
CTSVolFE.exe	U	CTSVolFE.exe	Creative Labs Mixer applet for the Sound Blaster Audigy	No
CTSyncU.exe	N	CTSyncU.exe	Creative Sync Manager - synchronizes music tracks on your computer with your player	No
CTsysVol	U	CTSysVol.exe	Creative sound card volume controls	No
cttdpsrv	?	cttdpsrv.exe	??	No
CTUpdate	X	ctupdclt.exe	Added by the RBOT-ABG WORM!	No
Windows Tracking Client	X	ctwsvc.exe	Detected by Sophos as Troj/Agent-GMB	No
CTxfiHlp	N	CTXFIHLP.EXE	Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card	No
CTXFIREG	N	CTxfiReg.exe	Creative Labs sound card driver related. It appears that it isn't required and maybe registration related	No
*Microsoft Update	X	ctxma.exe	Added by the STMU TROJAN!	No
yazzz	X	ctxmon.exe	Detected by Symantec as W32.Yazz and by Malwarebytes Anti-Malware as Trojan.Agent	No
CTZDetec.exe	N	CTZDetec.exe	Auto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 player	No
ColdTurkey_notify	U	ct_notify.exe	Cold Turkey by Felix Belzile - "is a free/open source program that you can use to temporarily block yourself off of popular social media sites, addicting websites, online games and whatever else you want!"	No
cuagent	Y	CUAGENT.EXE	Part of Commtouch Command Antivirus (was Authentium)	No
cuagentExe	Y	Cuagent.exe	Part of Commtouch Command Antivirus (was Authentium)	No
wacult	X	CujPDQjoAw.exe	Detected by Dr.Web as Trojan.DownLoader4.15845 and by Malwarebytes Anti-Malware as Backdoor.Messa.Gen	No
Norton Update	X	cUpdate.exe	Added by the AGOBOT.APP BACKDOOR!	No
Start CurePCSolution	X	CurePCSolution.exe	CurePCSolution rogue spyware remover - not recommended, removal instructions here	No
curoqvocysyx	X	curoqvocysyx.exe	Detected by McAfee as Generic.tfr!cr and by Malwarebytes Anti-Malware as Trojan.Agent	No
CurseClient	N	CurseClient.exe	CurseClient add-on manager for World of Warcraft and Warhammer Online games	No
Intel Cursor	X	Cursor.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.JSM. The file is located in %MyDocuments%\Services	No
CursorFX	U	CursorFX.exe	CursorFX from Stardock Corporation - cursor editing and management utility. Required if you use any cursors or effects supplied with or created by CursorFX	Yes
CursorGizmo	U	CursorGizmo.exe	Cursor Gizmo - cursor management utility	No
CursorXP	U	CursorXP.exe	CursorXP (now replaced by CursorFX) from Stardock Corporation - cursor editing and management utility. Required if you use any cursors or effects supplied with or created by CursorXP	Yes
Stardock CursorXP	U	CursorXP.exe	CursorXP (now replaced by CursorFX) from Stardock Corporation - cursor editing and management utility. Required if you use any cursors or effects supplied with or created by CursorXP	Yes
Curtain	U	Curtain.exe	Curtain (from Chaotic Visions) - "is a Windows utility which gives you the power to hide any window or group of windows to your system tray"	No
System Monitoring	X	cute.exe	Added by the RAHIWI.A WORM!	No
CuteMX	N	CuteMX.EXE	File sharing utility	No
CleanUp Antivirus	X	CU[random].exe	Cleanup Antivirus rogue security software - not recommended, removal instructions here	No
Saggwwgg	X	CVAvwwd.exe	Added by the LIOTEN.HT WORM!	No
Configuration Loader	X	cvcd.exe	Added by the AGOBOT-DH BACKDOOR!	No
XPSoft	X	CVDAsDW.exe	Added by the SDBOT-SY WORM!	No
OfficeSyncProcess	U	CVH.EXE	Entry created when you save files to a server (such as SkyDrive) from Click-To-Run versions of MS Office and used local and server copies in sync	No
go	X	cvir.exe	Added by the SILOV-A WORM!	No
cvmonitor.exe	X	cvmonitor.exe	Added by the SDBOT.BV WORM!	No
CVPND	Y	cvpnd.exe	Sub-system used by Cisco VPN client for making a connection to a remote IPSec server	No
Windows media services	X	cvrsss.exe	Added by the RBOT-MW WORM!	No
Winamp Agent	X	cvscc.exe	Added by the AGOBOT-GK WORM!	No
smr	U	cvshost.exe	Silent Monitoring surveillance software. Uninstall this software unless you put it there yourself	No
Startup Update	X	Cvshost.exe	Detected by Symantec as W32.HLLW.Gaobot.AO	No
HKCU	X	cvshosts.exe	Detected by Malwarebytes Anti-Malware as Spyware.Password. The file is located in %Root%\install	No
HKLM	X	cvshosts.exe	Detected by Malwarebytes Anti-Malware as Spyware.Password. The file is located in %Root%\install	No
Microsoftservices	X	cvshosts.exe	Detected by Dr.Web as Trojan.DownLoader3.41142 and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
Policies	X	cvshosts.exe	Detected by Malwarebytes Anti-Malware as Spyware.Password. The file is located in %Root%\install	No
MSN Manager	X	cvss.exe	Added by a variant of the SPYBOT WORM!	No
Bron-Spizaetus	X	CVT.exe	Added by the RONTOKBRO WORM!	No
SystemGent	X	CVT.exe	Added by the BRONTOK-H WORM!	No
Windongs	X	cvtres.exe	Detected by Sophos as Troj/Mdrop-EYF and by Malwarebytes Anti-Malware as Backdoor.IRCBot	No
Windows Monitor	X	cvtres.exe	Detected by Malwarebytes Anti-Malware as Trojan.Agent.CV. The file is located in %Temp%	No
CWatch	U	cw.exe	ChatWatch - chat monitoring tool	No
CW	U	cw4.exe	Chat Watch "is a monitoring and logging software for online chat and instant messaging programs"	No
Client Access API Daemon	?	cwbappcd.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?	No
Client Access Check Version	N	cwbckver.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources	No
cwbckver	N	cwbckver.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources	No
Client Access Help Update	N	cwbinhlp.exe	Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries	No
cwbinhlp	N	cwbinhlp.exe	Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries	No
Client Access Service	N	CwbSvStr.Exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources	No
cwbsvstr	N	cwbsvstr.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources	No
Client Access Taskbar	?	cwbuitsk.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?	No
Client Access Express Welcome	?	cwbwlwiz.exe	Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?	No
cwbwlwiz	?	cwbwlwiz.exe	Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?	No
Cwcdschk.exe	?	Cwcdschk.exe	IBM Thinkpad related?	No
cwcptray	U	cwcptray.exe	Related to ContentWatch Parental Control internet filter	No
Crystal 3D Audio Control	?	CWD3DSND.EXE	Crystal 3D Audio sound driver. Is it required?	No
Microsoft Driver Setup	X	cwdrive32.exe	Added by the VBINJEC-BT TROJAN!	No
cwintool	X	cwintool.exe	Added by the SMALL.ZZJ TROJAN!	No
Coolwallpaper	N	cwm_tray.exe	Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers	No
cssms	X	cwrcp.exe	Detected by Sophos as Troj/Ransom-RF and by Malwarebytes Anti-Malware as Trojan.Agent.RNS	No
cwriter	X	cwriter.exe	Part of PcRaiser, SystemOptimizer2008, VelocidadSimple and other rogue optimization utilities - not recommended	No
Command WorkStation 4	U	cws 4.exe	EFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environments	No
WindowsNT CWServices	X	CWServices.com	Detected by Bitdefender as the AGENT.AGDK TROJAN! See here	No
cwupdate	U	cwupdate.exe	ContentProtect from ContentWatch - internet filter	No
Windows Service Agent	X	cxfrru.exe	Detected by Trend Micro as WORM_SDBOT.GAV	No
KV_HOST	X	cxjx.exe	Added by the LEGMIR-BB TROJAN!	No
*Microsoft Update	X	cxma.exe	Added by the STMU TROJAN!	No
[random name]	X	CXTPLS_LOADER.EXE	AproposMedia adware	No
Autoloaderaproposclient	X	cxtpls_loader.exe	AproposMedia adware	No
H2OWIBU	U	CXWibu.exe	Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware	No
cyadicon	X	cyadicon.exe	Detected by Dr.Web as Trojan.DownLoader3.61568 and by Malwarebytes Anti-Malware as Adware.K.CyadIcon	No
CYAK	X	cyakup.exe	CYAK rogue security software - not recommended, removal instructions here	No
C2K	U	CYB2K.EXE	CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser	No
cybansos	X	cyban.exe	Added by the TATERF-V WORM!	No
cyberboan	X	cyberboan_up.exe	CyberBoan rogue security software - not recommended, removal instructions here	No
Cyber	N	cyberchk.exe	Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed	No
CyberLat Ram Cleaner	U	CyberLat Ram Cleaner 1,1.exe	CyberLat RAM Cleaner - memory optimizer. No longer supported or available from the authors	No
24Online Client	U	CyberoamClient.exe	Related to Cyberroam from Elitecore Technologies Ltd	No
CyberWolf	X	CyberWolf.exe	Added by the KICKIN.A (or CYDOG.C) WORM!	No
Dos Prompt Loader	X	cygwin.exe	Added by the SDBOT-VV WORM!	No
CYNHKey	?	CYNHKey.exe	??	No
CyphTray	N	CyphTray.exe	Cypherus - encryption software	No
CypressLinkMon	U	CypressLinkMon.exe	Related to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC"	No
Windows Service Ag3nt	X	cyqwsb.exe	Added by the SDBOT.EZX TROJAN!	No
Klce	X	cyxevwtj.exe	Detected by Malwarebytes Anti-Malware as Trojan.Dropper. The file is located in %System%	No
run=	X	cyxid98.exe	Unidentified malware	No
ASDPLUGIN	X	czech.exe	AsdPlug premium rate adult content dialer	No
Windows Service Agent	X	czf.exe	Added by the RBOT-GAJ WORM!	No
czrss	X	czrss.exe	Added by the AGENT-PAR TROJAN!	No
Counterstrike Service Agent	X	czrzns.exe	Detected by Trend Micro as WORM_MEDBOT.AR	No
httpd	X	c_pan.exe	Added by a variant of the DELF-A TROJAN!	No

Notes & Warnings

If you can help identify new entries and verify/identify those entries with a "?" status (especially hardware specific - such as laptops and motherboards) then please E-mail us (startups_at_pacs-portal_dot_co_dot_uk).

"Status" key:

"Y" - Normally leave to run at start-up
"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

Variables:

%System% - refers to the System folder; by default this is
- C:\Windows\System32 (7/Vista/XP)
- C:\Winnt\System32 (2K)
- C:\Windows\System (Me/9x)
%Windir% - refers to the Windows installation folder; by default this is
- C:\Windows (7/Vista/XP/Me/9x)
- C:\Winnt (2K)
%ProgramFiles% - refers to the Program Files folder; typically the path is C:\Program Files
%CommonFiles% - refers to the Common Program Files folder; typically the path is C:\Program Files\Common Files
%Root% - refers to the highest directory level on a hard drive - i.e., C:\, D:\
%UserProfile% - refers to the current user's profile folder; by default this is
- C:\Users\{user} (7/Vista)
- C:\Documents and Settings\{user} (XP/2K)
%AllUsersProfile% - refers to the common profile folder for all users; by default this is
- C:\Users\All Users (7/Vista)
- C:\Documents and Settings\All Users (XP/2K)
%AppData% - refers to the current user's Application Data folder; by default this is
- C:\Users\{user}\AppData\Roaming (7/Vista)
- C:\Documents and Settings\{user}\Application Data (XP/2K)
%CommonAppData% - refers to the common Application Data folder for all users; by default this is
- C:\ProgramData (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Application Data (XP/2K)
%LocalAppData% - refers to the current user's Local Application Data folder; by default this is
- C:\Users\{user}\AppData\Local (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Application Data (XP/2K)
%MyDocuments% - refers to the current user's Documents folder; by default this is
- C:\Users\{user}\Documents (7/Vista)
- C:\Documents and Settings\{user}\My Documents (XP/2K)
%CommonDocuments% - refers to the current user's Documents folder; by default this is
- C:\Users\Public\Documents (7/Vista)
- C:\Documents and Settings\All Users\Documents (XP/2K)
%UserTemp% - refers to the current user's Temp folder; by default this is
- C:\Users\{user}\AppData\Local\Temp (7/Vista)
- C:\Documents and Settings\{user}\Local Settings\Temp (XP/2K)
%WinTemp% - refers to the Windows Temp folder; typically the path is C:\Windows\Temp
%Temp% - refers to either or both of the %UserTemp% and %WinTemp% folders where the location isn't specified, or %Root%\Temp
%Templates% - refers to the current user's Templates folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Templates (7/Vista)
- C:\Documents and Settings\{user}\Templates (XP/2K)
%UserStartup% - refers to the current user's Startup folder; by default this is
- C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista)
- C:\Documents and Settings\{user}\Start Menu\Programs\Startup (XP/2K)
%AllUsersStartup% - refers to the All User Startup folder; by default this is
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (7/Vista - Note: this directory is hidden by default)
- C:\Documents and Settings\All Users\Start Menu\Programs\Startup (XP/2K)

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. We will not be held responsible if changes you make cause a system failure.

WARNING: This is NOT a database of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a database of start-up applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at start-up. For a list of tasks/processes you should try the Process Library from Uniblue, the list at PC Pitstop or one of the many others now available. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSConfig or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

To avoid the database becoming too large, all malware entries are only shown using the registry version which is common to all Windows versions. Otherwise there would be multiple entries for popular filenames that viruses often use - such as "svchost.exe" above for example. Multiple malware can also use the same start-up entries, in this case only those with significant differences (such as file location) are repeated in this database.

As more than 15K entries in this database related to malware you should use a quality internet security package. Which ever you choose, keep it updated and get the latest version at least every two years.

There are a number of virus and malware entried listed in this database where specific removal instructions haven't been given. If this is the case then you could try ComboFix, a program written by sUBs that can remove many different types of Trojans and Worms. See here for a tutorial on how to use the program

NOTE: A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Norton eMail Protect" in the registry.

SERVICES: "Services" from the NT/2K/XP/Vista/7 operating systems are not included. We fully understand that some programs with these OS's use "Services" as an alternative to load their component parts at startup but these are handled in a different way. We recommend you try BlackViper for information on services for the relevant operating systems.

Copyright

Presentation, format & comments Copyright © 2001 - 2012 Pacman's Portal
Portions Copyright © Peter Forrest, Denny Denham, Sylvain Prevost, Tony Klein, CastleCops & Bleeping Computer
Powered by Malwarebytes
All rights reserved

Site Map

Home